Damn Vulnerable Linux - The most vulnerable and exploitable operating system ever - DVL includes CVE-2007-4131 tar directory traversal vulnerability

The No.1 Training Environment for IT-Security in Academia & Industry! Proven during University Lectures and Organizational Training! DVL is for IT-Security educational purposes ONLY! By downloading DVL you agree not to do any illegal actions!

DVL 1.5 has now left planning status. Bug Fixing started!

DVL 1.5 has now left planning status. Bug Fixing started! Some new additions: Lazarus IDE, ArgoUML, BlueJ, Firefox Plugins updated. The DVL Wargame makes progresses as well!

DVL 1.5 now in planning status

DVL 1.5 has now the status "planning". Beside this we work on the concept for 2008. More information, more training and better videos (those which are 100% related to DVL). Stay tuned!

VMWare Player

Damn Vulnerable Linux is prepared to run under VMWare player!

Statistics

Members: 9099
News: 95
Web Links: 0
Visitors: 451492

DVL includes CVE-2007-4131 tar directory traversal vulnerability

Written by DVL Team
Directory traversal vulnerability was discovered in GNU tar. Vulnerability can be exploited by specially crafted tar archive to overwrite arbitrary file writable by user running tar. Problem occurs in contains_dot_dot function, which does not properly check names of directory symlinks.

DVL Project Tracker

DVL 1.5 (Infectious Desease)

95 %

References

IITAC - International Institute (Certification and Training)
University of Bielefeld, Germany, Technical Faculty
Leibnitz University of Hannover, Germany (Secure Software Development Lecture)
University of Applied Sciences and Arts Hannover, Germany (Secure Software Development Lecture)
East Tennessee State University, U.S (Ethical Hacking Class)
University of the Basque Country, Spain (Computer Security Class)
University of Florida, U.S. (Student Infosec Team)
Institute Superieur Maritim, Algeria

License

License for Damn Vulnerable Linux distribution

This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 License.

License for training material including all texts, audios and videos

This work is licensed under a Creative Commons NonCommercial Sampling Plus 1.0 License.

VMWare Player

Who's Online

Statistics

DVL Project Tracker

References

License