This site is deprecated. Please
CLICK HERE for latest updates
Short Name |
HTTP:PERL-TAR-ZIP-FO
|
Severity |
Major
|
Recommended |
Yes
|
Recommended Action |
Drop
|
Category |
HTTP
|
Keywords |
Perl Archive Tar and ZIP Arbitrary File Overwrite
|
Release Date |
2018/10/18
|
Update Number |
3111
|
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+
|
HTTP: Perl Archive Tar and ZIP Arbitrary File Overwrite
This signature detects an attempt to exploit an arbitrary file overwrite vulnerability which has been reported in the Perl Archive::Tar and Archive::Zip module. Successful exploitation could result in arbitrary file overwrite in the target user's system.
Extended Description
In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.
Affected Products
- Apple mac_os_x -
- Apple mac_os_x 10.0
- Apple mac_os_x 10.0.0
- Apple mac_os_x 10.0.1
- Apple mac_os_x 10.0.2
- Apple mac_os_x 10.0.3
- Apple mac_os_x 10.0.4
- Apple mac_os_x 10.1
- Apple mac_os_x 10.1.0
- Apple mac_os_x 10.10.0
- Apple mac_os_x 10.10.1
- Apple mac_os_x 10.10.2
- Apple mac_os_x 10.10.3
- Apple mac_os_x 10.10.4
- Apple mac_os_x 10.10.5
- Apple mac_os_x 10.1.1
- Apple mac_os_x 10.11.0
- Apple mac_os_x 10.11.1
- Apple mac_os_x 10.11.2
- Apple mac_os_x 10.11.3
- Apple mac_os_x 10.11.4
- Apple mac_os_x 10.11.5
- Apple mac_os_x 10.11.6
- Apple mac_os_x 10.12
- Apple mac_os_x 10.1.2
- Apple mac_os_x 10.12.0
- Apple mac_os_x 10.12.1
- Apple mac_os_x 10.12.2
- Apple mac_os_x 10.12.3
- Apple mac_os_x 10.12.4
- Apple mac_os_x 10.12.5
- Apple mac_os_x 10.12.6
- Apple mac_os_x 10.13
- Apple mac_os_x 10.1.3
- Apple mac_os_x 10.13.0
- Apple mac_os_x 10.13.1
- Apple mac_os_x 10.13.2
- Apple mac_os_x 10.13.3
- Apple mac_os_x 10.13.4
- Apple mac_os_x 10.13.5
- Apple mac_os_x 10.13.6
- Apple mac_os_x 10.14
- Apple mac_os_x 10.1.4
- Apple mac_os_x 10.14.1
- Apple mac_os_x 10.14.2
- Apple mac_os_x 10.1.5
- Apple mac_os_x 10.2
- Apple mac_os_x 10.2.0
- Apple mac_os_x 10.2.1
- Apple mac_os_x 10.2.2
- Apple mac_os_x 10.2.3
- Apple mac_os_x 10.2.4
- Apple mac_os_x 10.2.5
- Apple mac_os_x 10.2.6
- Apple mac_os_x 10.2.7
- Apple mac_os_x 10.2.8
- Apple mac_os_x 10.3
- Apple mac_os_x 10.3.0
- Apple mac_os_x 10.3.1
- Apple mac_os_x 10.3.2
- Apple mac_os_x 10.3.3
- Apple mac_os_x 10.3.4
- Apple mac_os_x 10.3.5
- Apple mac_os_x 10.3.6
- Apple mac_os_x 10.3.7
- Apple mac_os_x 10.3.8
- Apple mac_os_x 10.3.9
- Apple mac_os_x 10.4
- Apple mac_os_x 10.4.0
- Apple mac_os_x 10.4.1
- Apple mac_os_x 10.4.10
- Apple mac_os_x 10.4.11
- Apple mac_os_x 10.4.2
- Apple mac_os_x 10.4.3
- Apple mac_os_x 10.4.4
- Apple mac_os_x 10.4.5
- Apple mac_os_x 10.4.6
- Apple mac_os_x 10.4.7
- Apple mac_os_x 10.4.8
- Apple mac_os_x 10.4.9
- Apple mac_os_x 10.5
- Apple mac_os_x 10.5.0
- Apple mac_os_x 10.5.1
- Apple mac_os_x 10.5.2
- Apple mac_os_x 10.5.3
- Apple mac_os_x 10.5.4
- Apple mac_os_x 10.5.5
- Apple mac_os_x 10.5.6
- Apple mac_os_x 10.5.7
- Apple mac_os_x 10.5.8
- Apple mac_os_x 10.6.0
- Apple mac_os_x 10.6.1
- Apple mac_os_x 10.6.2
- Apple mac_os_x 10.6.3
- Apple mac_os_x 10.6.4
- Apple mac_os_x 10.6.5
- Apple mac_os_x 10.6.6
- Apple mac_os_x 10.6.7
- Apple mac_os_x 10.6.8
- Apple mac_os_x 10.7.0
- Apple mac_os_x 10.7.1
- Apple mac_os_x 10.7.2
- Apple mac_os_x 10.7.3
- Apple mac_os_x 10.7.4
- Apple mac_os_x 10.7.5
- Apple mac_os_x 10.8.0
- Apple mac_os_x 10.8.1
- Apple mac_os_x 10.8.2
- Apple mac_os_x 10.8.3
- Apple mac_os_x 10.8.4
- Apple mac_os_x 10.8.5
- Apple mac_os_x 10.9
- Apple mac_os_x 10.9.1
- Apple mac_os_x 10.9.2
- Apple mac_os_x 10.9.3
- Apple mac_os_x 10.9.4
- Apple mac_os_x 10.9.5
- Archive::tar_project archive::tar 2.28
- Canonical ubuntu_linux 12.04
- Canonical ubuntu_linux 14.04
- Canonical ubuntu_linux 16.04
- Canonical ubuntu_linux 17.10
- Canonical ubuntu_linux 18.04
- Debian debian_linux 8.0
- Debian debian_linux 9.0
- Netapp data_ontap_edge -
- Netapp oncommand_workflow_automation -
- Netapp snap_creator_framework -
- Netapp snapdrive -
- Perl perl 5.26.2
References