Page 3 of 15 results (0.005 seconds)

CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://secunia.com/advisories/18988 http://secunia.com/advisories/19130 http://secunia.com/advisories/19183 http://secunia.com/advisories/20397 http://securitytracker.com/id?1015655 http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm http://www.novell.com/linux/security/advisories/2006_05_sr.html http://www.redhat.com/support/errata/RHSA-2006-0195.html http://www.securityfocus.com/archive/1/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. • http://marc.info/?l=bugtraq&m=112327628230258&w=2 https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E •

CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. GNU tar 1.13.19 y otras versiones anteriores a 1.13.25 permite a atacantes remotos sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink), como resultado de una modificación que tiene como efecto desactivar la comprobación de seguridad. • http://marc.info/?l=bugtraq&m=103419290219680&w=2 http://www.iss.net/security_center/static/10224.php http://www.mandriva.com/security/advisories?name=MDKSA-2006:219 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html http://www.redhat.com/support/errata/RHSA-2002-096.html https://access.redhat.com/security/cve/CVE-2002-1216 https://bugzilla.redhat.com/show_bug.cgi?id=1616858 •

CVSS: 5.0EPSS: 11%CPEs: 1EXPL: 0

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. Vulnerabilidad desconocida en GNU tar 1.13.25 permite a atacantes sobreescribir ficheros arbitrarios durante la extracción de archivos usando un ataque similar al identificado como CAN-2001-1269. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 http://marc.info/?l=bugtraq&m=103419290219680&w=2 http://secunia.com/advisories/19130 http://secunia.com/advisories/26604 http://secunia.com/advisories/26673 http://secunia.com/advisories/26987 http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1 http://www.iss.net/security_center/static/10224.php http://www.linuxsecurity. •

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 1

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot). • ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 http://online.securityfocus.com/advisories/4514 http://online.securityfocus.com/archive/1/196445 http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1 http://www.iss.net/security_center/static/10224.php http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 http://www.redhat.com/support/errata/RHSA-2002-096.html http://www.redhat.co •