CVE-2007-4559 PoC — Python tarfile 模块路径遍历漏洞

Source

https://github.com/luigigubello/trellix-tarslip-patch-bypass

Associated Vulnerability

Title:Python tarfile 模块路径遍历漏洞 (CVE-2007-4559)
Description:Directory traversal vulnerability in the (1) extract and (2) extractall functions in the tarfile module in Python allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in filenames in a TAR archive, a related issue to CVE-2001-1267.

Description

Bypass for CVE-2007-4559 Trellix patch

Readme

# trellix-tarslip-patch-bypass

In 2023, Trellix announced [1] that they patched +61,000 open-source projects for [CVE-2007-4559](https://nvd.nist.gov/vuln/detail/CVE-2007-4559), an old path traversal vulnerability. Analyzing their patch, it's easy to notice that it can be bypassed using a symlink.

Symlink path traversal is an old technique, and it has also been shown in LiveOverflow's video [ Critical .zip vulnerabilities? - Zip Slip and ZipperDown](https://www.youtube.com/watch?v=Ry_yb5Oipq0).

[1] [Trellix Advanced Research Center Patches 61,000 Vulnerable Open-Source Projects](https://www.trellix.com/blogs/research/trellix-advanced-research-center-patches-vulnerable-open-source-projects/)

### PoC

```
docker build -t tarslip . 
docker run -it tarslip bash
python poc.py
cat evil.txt
```

File Snapshot


 [4.0K]  /data/pocs/4b06d88876c026fa96dde9348f1cb1211233583b
├── [ 160]  bypass.tar.gz
├── [  51]  Dockerfile
├── [1.1K]  poc.py
└── [ 803]  README.md

0 directories, 4 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!