Vulnerability Details : CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack."
Vulnerability category: Overflow
Products affected by CVE-2007-4476
- cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:tar:*:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:*
Threat overview for CVE-2007-4476
Top countries where our scanners detected CVE-2007-4476
Top open port discovered on systems with this issue
5555
IPs affected by CVE-2007-4476 121
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2007-4476!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2007-4476
0.68%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 80 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2007-4476
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2007-4476
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2007-4476
-
Red Hat 2010-03-15This issue was addressed in Red Hat Enterprise Linux 4 and 5 via https://rhn.redhat.com/errata/RHSA-2010-0141.html for tar. It did not affect the version of tar as shipped with Red Hat Enterprise Linux 3. This issue was also addressed in Red Hat Enterprise Linux 5 via https://rhn.redhat.com/errata/RHSA-2010-0144.html for cpio. It did not affect the version of cpio as shipped with Red Hat Enterprise Linux 3 and 4.
References for CVE-2007-4476
-
http://www.novell.com/linux/security/advisories/2007_19_sr.html
404 Page Not Found | SUSEBroken Link
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:233
MandrivaBroken Link
-
https://www.redhat.com/archives/fedora-package-announce/2007-November/msg00073.html
[SECURITY] Fedora Core 6 Update: tar-1.15.1-27.fc6Third Party Advisory
-
http://www.novell.com/linux/security/advisories/2007_18_sr.html
Security - Support | SUSEBroken Link
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9336
404 Not FoundThird Party Advisory
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Juniper Networks - 2015-10 Security Bulletin: CTPView: Multiple Vulnerabilities in CTPViewThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0144.html
SupportThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/0628
Webmail | OVH- OVHPermissions Required
-
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691
Juniper Networks - 2015-07 Security Bulletin: CTPView: Multiple vulnerabilities in CTPViewThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7114
404 Not FoundThird Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2010-0141.html
SupportThird Party Advisory
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8599
404 Not FoundThird Party Advisory
-
http://www.vupen.com/english/advisories/2010/0629
Webmail | OVH- OVHPermissions Required
-
http://www.ubuntu.com/usn/usn-650-1
USN-650-1: cpio vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://www.mandriva.com/security/advisories?name=MDKSA-2007:197
MandrivaBroken Link
-
http://security.gentoo.org/glsa/glsa-200711-18.xml
Cpio: Buffer overflow (GLSA 200711-18) — Gentoo securityThird Party Advisory
-
https://issues.rpath.com/browse/RPL-1861
Broken Link
-
http://bugs.gentoo.org/show_bug.cgi?id=196978
196978 – (CVE-2007-4476) app-arch/cpio safer_name_suffix buffer overflow (CVE-2007-4476)Third Party Advisory
-
http://www.debian.org/security/2007/dsa-1438
[SECURITY] [DSA 1438-1] New tar packages fix several vulnerabilitiesThird Party Advisory
-
https://www.redhat.com/archives/fedora-package-announce/2007-October/msg00370.html
[SECURITY] Fedora 7 Update: tar-1.15.1-28.fc7Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=280961
280961 – (CVE-2007-4476) CVE-2007-4476 tar/cpio stack crashing in safer_name_suffixIssue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/26445
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/usn-709-1
USN-709-1: tar vulnerability | Ubuntu security notices | UbuntuThird Party Advisory
-
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1021680.1-1
Broken Link
-
http://www.debian.org/security/2008/dsa-1566
[SECURITY] [DSA 1566-1] New cpio packages fix denial of serviceThird Party Advisory
Jump to