| Name | CVE-2007-4559 |
| Description | Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267. |
| Source | CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more) |
| Debian Bugs | 440097, 440099 |
The information below is based on the following data on fixed versions.
| Package | Type | Release | Fixed Version | Urgency | Origin | Debian Bugs |
|---|
| python2.3 | source | (unstable) | (unfixed) | unimportant | | |
| python2.4 | source | (unstable) | (unfixed) | unimportant | | 440097 |
| python2.5 | source | (unstable) | (unfixed) | unimportant | | 440099 |
Notes
According to upstream this is the intended behaviour for the module.
Since this is a library interface to embed Tar functionality into applications
it is in order to not provide the full security safety belts one might
expect from an enduser application like tar(1). Plus, addressing this would
mean to diverge from upstream permanently and could break the behaviour
of external apps. Anyone who wants to see this "fixed" should rather file
a PEP on an improved tar interface with additional security guarantees
provided by design.
https://github.com/python/cpython/issues/45385