#VU67583 Path traversal in Python


Published: 2022-12-12

Vulnerability identifier: #VU67583

Vulnerability risk: High

CVSSv3.1: 8.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N/E:P/RL:O/RC:C]

CVE-ID: CVE-2007-4559

CWE-ID: CWE-22

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Python
Universal components / Libraries / Scripting languages

Vendor: Python.org

Description

The vulnerability allows a remote attacker to compromise the affected system.

The vulnerability exists due to improper validation of filenames in the tarfile module in Python. A remote attacker can create a specially crafted archive with symbolic links inside or filenames that contain directory traversal characters (e.g. "..") and overwrite arbitrary files on the system.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Python: 2.5 - 2.5.150

External links
http://mail.python.org/pipermail/python-dev/2007-August/074290.html
http://mail.python.org/pipermail/python-dev/2007-August/074292.html
http://bugzilla.redhat.com/show_bug.cgi?id=263261
http://bugs.python.org/issue1044

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Red Hat Migration Toolkit for Containers (MTC) 1.8
Multiple vulnerabilities in IBM Operational Decision Manager
Multiple vulnerabilities in IBM Cloud Pak for Business Automation
Multiple vulnerabilities in Red Hat OpenShift GitOps
Multiple vulnerabilities in Red Hat OpenShift GitOps
Multiple vulnerabilities in Service Telemetry Framework 1.5
Fedora 39 update for python3.6
Fedora 38 update for python3.6
Fedora 40 update for python3.6
Fedora 41 update for python3.6