关联漏洞
标题:
Python tarfile 模块路径遍历漏洞
(CVE-2007-4559)
描述:Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python tarfile模块中的(1)extract和(2)extractall函数存在路径遍历漏洞,该漏洞允许用户辅助远程攻击者通过..TAR存档文件中文件名中的(dot dot)序列,该漏洞与CVE-2001-1267相关。
介绍
# PoC or Exploit for CVE-2007-4559
A malicious TAR archive can include file paths like ../../../../etc/passwd, which try to "climb up" out of the intended extraction folder.
If a Python script uses tarfile.extract() or extractall() without checking the file paths, it will unpack files to those locations — even if they point outside the target directory.
That means a hacker could overwrite sensitive or system files, especially if the user runs the script with elevated permissions.
# Vulnerable
As of 2025, both Debian 11–12 and Ubuntu 24 are still affected by this vulnerability. Other operating systems haven’t been tested, but these two are among the most widely used, so that alone is concerning. Even though this vulnerability dates back to 2007, it’s still present in LTS (long-term support) versions — and the vulnerable software isn’t patched automatically through a standard apt upgrade.
# Proof
文件快照
[4.0K] /data/pocs/3beb6ca03441136a885f372923f6ce7182b47cb0
├── [1.9K] CVE-2007-4559-PoC.py
└── [1.0K] README.md
0 directories, 2 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。