CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2007-4476 – GNU TAR 1.15.91 / CPIO 2.5.90 - 'safer_name_suffix' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-4476
Buffer overflow in the safer_name_suffix function in GNU tar has unspecified attack vectors and impact, resulting in a "crashing stack." Desbordamiento de búfer en la función safer_name_suffix en GNU tar tienen un vector de ataque sin especificar y un impacto, teniendo como resultado una "caida de pila". • https://www.exploit-db.com/exploits/30766 http://bugs.gentoo.org/show_bug.cgi?id=196978 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10691 http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705 http://secunia.com/advisories/26674 http://secunia.com/advisories/26987 http://secunia.com/advisories/27331 http://secunia.com/advisories/27453 http://secunia.com/advisories/27514 http://secunia.com/advisories/27681 http://secunia.com/advisories/27857 http:/&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.8EPSS: 5%CPEs: 23EXPL: 0CVE-2007-4131 – tar directory traversal vulnerability
https://notcve.org/view.php?id=CVE-2007-4131
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive. Vulnerabilidad de salto de directorio en la función contains_dot_dot de src/names.c en GNU tar permite a atacantes remotos con la complicidad del usuario sobre-escribir ficheros de su elección mediante determinadas secuencias //.. (barra barra punto punto) en los enlaces simbólicos de directorio en un fichero TAR. • http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=251921 http://docs.info.apple.com/article.html?artnum=307179 http://lists.apple.com/archives/security-announce/2007/Dec/msg00002.html http://secunia.com/advisories/26573 http://secunia.com/advisories/26590 http://secunia.com/advisories/26603 http://secunia.com/advisories/26604 http://secunia.com/advisories/26655 http://secunia.com/advisories/26673 http://secunia.com/advisories/26674 http://secunia.com/advisories/26781 http:&#x •
CVSS: 2.6EPSS: 0%CPEs: 13EXPL: 0CVE-2005-1918 – tar archive path traversal issue
https://notcve.org/view.php?id=CVE-2005-1918
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://secunia.com/advisories/18988 http://secunia.com/advisories/19130 http://secunia.com/advisories/19183 http://secunia.com/advisories/20397 http://securitytracker.com/id?1015655 http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm http://www.novell.com/linux/security/advisories/2006_05_sr.html http://www.redhat.com/support/errata/RHSA-2006-0195.html http://www.securityfocus.com/archive/1/4 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 5.0EPSS: 0%CPEs: 2EXPL: 0CVE-2002-1216
https://notcve.org/view.php?id=CVE-2002-1216
GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check. GNU tar 1.13.19 y otras versiones anteriores a 1.13.25 permite a atacantes remotos sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink), como resultado de una modificación que tiene como efecto desactivar la comprobación de seguridad. • http://marc.info/?l=bugtraq&m=103419290219680&w=2 http://www.iss.net/security_center/static/10224.php http://www.mandriva.com/security/advisories?name=MDKSA-2006:219 http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html http://www.redhat.com/support/errata/RHSA-2002-096.html https://access.redhat.com/security/cve/CVE-2002-1216 https://bugzilla.redhat.com/show_bug.cgi?id=1616858 •
CVSS: 5.0EPSS: 11%CPEs: 1EXPL: 0CVE-2002-0399
https://notcve.org/view.php?id=CVE-2002-0399
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. Vulnerabilidad desconocida en GNU tar 1.13.25 permite a atacantes sobreescribir ficheros arbitrarios durante la extracción de archivos usando un ataque similar al identificado como CAN-2001-1269. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 http://marc.info/?l=bugtraq&m=103419290219680&w=2 http://secunia.com/advisories/19130 http://secunia.com/advisories/26604 http://secunia.com/advisories/26673 http://secunia.com/advisories/26987 http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1 http://www.iss.net/security_center/static/10224.php http://www.linuxsecurity. •