Signature Detail

HTTP: Perl Archive Tar and ZIP Arbitrary File Overwrite

This signature detects an attempt to exploit an arbitrary file overwrite vulnerability which has been reported in the Perl Archive::Tar and Archive::Zip module. Successful exploitation could result in arbitrary file overwrite in the target user's system.

Extended Description

In Perl through 5.26.2, the Archive::Tar module allows remote attackers to bypass a directory-traversal protection mechanism, and overwrite arbitrary files, via an archive file containing a symlink and a regular file with the same name.

Affected Products

• Apple mac_os_x -
• Apple mac_os_x 10.0
• Apple mac_os_x 10.0.0
• Apple mac_os_x 10.0.1
• Apple mac_os_x 10.0.2
• Apple mac_os_x 10.0.3
• Apple mac_os_x 10.0.4
• Apple mac_os_x 10.1
• Apple mac_os_x 10.1.0
• Apple mac_os_x 10.10.0
• Apple mac_os_x 10.10.1
• Apple mac_os_x 10.10.2
• Apple mac_os_x 10.10.3
• Apple mac_os_x 10.10.4
• Apple mac_os_x 10.10.5
• Apple mac_os_x 10.1.1
• Apple mac_os_x 10.11.0
• Apple mac_os_x 10.11.1
• Apple mac_os_x 10.11.2
• Apple mac_os_x 10.11.3
• Apple mac_os_x 10.11.4
• Apple mac_os_x 10.11.5
• Apple mac_os_x 10.11.6
• Apple mac_os_x 10.12
• Apple mac_os_x 10.1.2
• Apple mac_os_x 10.12.0
• Apple mac_os_x 10.12.1
• Apple mac_os_x 10.12.2
• Apple mac_os_x 10.12.3
• Apple mac_os_x 10.12.4
• Apple mac_os_x 10.12.5
• Apple mac_os_x 10.12.6
• Apple mac_os_x 10.13
• Apple mac_os_x 10.1.3
• Apple mac_os_x 10.13.0
• Apple mac_os_x 10.13.1
• Apple mac_os_x 10.13.2
• Apple mac_os_x 10.13.3
• Apple mac_os_x 10.13.4
• Apple mac_os_x 10.13.5
• Apple mac_os_x 10.13.6
• Apple mac_os_x 10.14
• Apple mac_os_x 10.1.4
• Apple mac_os_x 10.14.1
• Apple mac_os_x 10.14.2
• Apple mac_os_x 10.1.5
• Apple mac_os_x 10.2
• Apple mac_os_x 10.2.0
• Apple mac_os_x 10.2.1
• Apple mac_os_x 10.2.2
• Apple mac_os_x 10.2.3
• Apple mac_os_x 10.2.4
• Apple mac_os_x 10.2.5
• Apple mac_os_x 10.2.6
• Apple mac_os_x 10.2.7
• Apple mac_os_x 10.2.8
• Apple mac_os_x 10.3
• Apple mac_os_x 10.3.0
• Apple mac_os_x 10.3.1
• Apple mac_os_x 10.3.2
• Apple mac_os_x 10.3.3
• Apple mac_os_x 10.3.4
• Apple mac_os_x 10.3.5
• Apple mac_os_x 10.3.6
• Apple mac_os_x 10.3.7
• Apple mac_os_x 10.3.8
• Apple mac_os_x 10.3.9
• Apple mac_os_x 10.4
• Apple mac_os_x 10.4.0
• Apple mac_os_x 10.4.1
• Apple mac_os_x 10.4.10
• Apple mac_os_x 10.4.11
• Apple mac_os_x 10.4.2
• Apple mac_os_x 10.4.3
• Apple mac_os_x 10.4.4
• Apple mac_os_x 10.4.5
• Apple mac_os_x 10.4.6
• Apple mac_os_x 10.4.7
• Apple mac_os_x 10.4.8
• Apple mac_os_x 10.4.9
• Apple mac_os_x 10.5
• Apple mac_os_x 10.5.0
• Apple mac_os_x 10.5.1
• Apple mac_os_x 10.5.2
• Apple mac_os_x 10.5.3
• Apple mac_os_x 10.5.4
• Apple mac_os_x 10.5.5
• Apple mac_os_x 10.5.6
• Apple mac_os_x 10.5.7
• Apple mac_os_x 10.5.8
• Apple mac_os_x 10.6.0
• Apple mac_os_x 10.6.1
• Apple mac_os_x 10.6.2
• Apple mac_os_x 10.6.3
• Apple mac_os_x 10.6.4
• Apple mac_os_x 10.6.5
• Apple mac_os_x 10.6.6
• Apple mac_os_x 10.6.7
• Apple mac_os_x 10.6.8
• Apple mac_os_x 10.7.0
• Apple mac_os_x 10.7.1
• Apple mac_os_x 10.7.2
• Apple mac_os_x 10.7.3
• Apple mac_os_x 10.7.4
• Apple mac_os_x 10.7.5
• Apple mac_os_x 10.8.0
• Apple mac_os_x 10.8.1
• Apple mac_os_x 10.8.2
• Apple mac_os_x 10.8.3
• Apple mac_os_x 10.8.4
• Apple mac_os_x 10.8.5
• Apple mac_os_x 10.9
• Apple mac_os_x 10.9.1
• Apple mac_os_x 10.9.2
• Apple mac_os_x 10.9.3
• Apple mac_os_x 10.9.4
• Apple mac_os_x 10.9.5
• Archive::tar_project archive::tar 2.28
• Canonical ubuntu_linux 12.04
• Canonical ubuntu_linux 14.04
• Canonical ubuntu_linux 16.04
• Canonical ubuntu_linux 17.10
• Canonical ubuntu_linux 18.04
• Debian debian_linux 8.0
• Debian debian_linux 9.0
• Netapp data_ontap_edge -
• Netapp oncommand_workflow_automation -
• Netapp snap_creator_framework -
• Netapp snapdrive -
• Perl perl 5.26.2

References

• BugTraq: 104423
• CVE: CVE-2018-12015
• CVE: CVE-2018-10860