CVE-2005-1918

tar archive path traversal issue

Severity Score

2.6

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

*Credits: N/A

CVSS Scores

NISTv2 2.6

Attack Vector

Network

Attack Complexity

High

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2005-06-08 CVE Reserved
2005-12-31 CVE Published
2023-07-17 EPSS Updated
2024-08-07 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (15)

URL	Tag	Source
http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm	X_refsource_confirm
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140589	X_refsource_confirm
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9946	Signature

URL	Date	SRC

URL	Date	SRC
http://secunia.com/advisories/18988	2018-10-19
http://secunia.com/advisories/19183	2018-10-19
http://securitytracker.com/id?1015655	2018-10-19
http://www.redhat.com/support/errata/RHSA-2006-0195.html	2018-10-19
http://www.securityfocus.com/bid/5834	2018-10-19

URL	Date	SRC
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc	2018-10-19
http://secunia.com/advisories/19130	2018-10-19
http://secunia.com/advisories/20397	2018-10-19
http://www.novell.com/linux/security/advisories/2006_05_sr.html	2018-10-19
http://www.securityfocus.com/archive/1/430297/100/0/threaded	2018-10-19
https://access.redhat.com/security/cve/CVE-2005-1918	2006-02-21
https://bugzilla.redhat.com/show_bug.cgi?id=140589	2006-02-21

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Tar Search vendor "Gnu" for product "Tar"				1.13.25 Search vendor "Gnu" for product "Tar" and version "1.13.25"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"		advanced_server		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"		advanced_server_ia64		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"		enterprise_server		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"		enterprise_server_ia64		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"		workstation		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				2.1 Search vendor "Redhat" for product "Enterprise Linux" and version "2.1"		workstation_ia64		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0"		advanced_servers		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0"		enterprise_server		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Search vendor "Redhat" for product "Enterprise Linux"				3.0 Search vendor "Redhat" for product "Enterprise Linux" and version "3.0"		workstation		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				3.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "3.0"		-		Affected
Redhat Search vendor "Redhat"		Linux Advanced Workstation Search vendor "Redhat" for product "Linux Advanced Workstation"				2.1 Search vendor "Redhat" for product "Linux Advanced Workstation" and version "2.1"		ia64		Affected
Redhat Search vendor "Redhat"		Linux Advanced Workstation Search vendor "Redhat" for product "Linux Advanced Workstation"				2.1 Search vendor "Redhat" for product "Linux Advanced Workstation" and version "2.1"		itanium		Affected