Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0399

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2002-0399
Last Modified 25 May 2010 12:12:12
Published 10 Oct 2002 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0399

Summary

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

Vulnerable Systems

Application

  • Gnu Tar 1.13.25


References

REDHAT - RHSA-2002:096

ENGARDE - ESA-20021003-022

XF - archive-extraction-directory-traversal(10224)

SUNALERT - 1000928

CONFIRM - https://issues.rpath.com/browse/RPL-1631

BID - 5834

BUGTRAQ - 20070827 FLEA-2007-0049-1 tar

BUGTRAQ - 20070825 rPSA-2007-0172-1 tar

SUSE - SUSE-SR:2007:019

SUSE - SUSE-SR:2006:005

MANDRAKE - MDKSA-2002:066

SUNALERT - 47800

SECUNIA - 26987

SECUNIA - 26673

SECUNIA - 26604

SECUNIA - 19130

BUGTRAQ - 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)

CONECTIVA - CLA-2002:538


Last Updated: 27 May 2016 10:36:54