Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2001-1267

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2001-1267
Last Modified 05 Sep 2008 04:26:06
Published 12 Jul 2001 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2001-1267

Summary

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).

Vulnerable Systems

Application

  • Gnu Tar 1.13.19


References

REDHAT - RHSA-2002:096

BUGTRAQ - 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers

BID - 3024

REDHAT - RHSA-2003:218

REDHAT - RHSA-2002:138

MANDRAKE - MDKSA-2002:066

XF - archive-extraction-directory-traversal(10224)

SUNALERT - 47800

HP - HPSBTL0209-068

CONECTIVA - CLA-2002:538

CONFIRM - ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz


Last Updated: 27 May 2016 10:36:36