[Forgot Password]
Login  Register Subscribe

30480

 
 

423868

 
 

252212

 
 

909

 
 

196748

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2002-0399Date: (C)2002-10-10   (M)2023-12-22


Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: PARTIAL
Availability: NONE
  
Reference:
SUNALERT-1000928
SECUNIA-19130
http://marc.info/?l=bugtraq&m=103419290219680&w=2
http://www.securityfocus.com/archive/1/archive/1/477731/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/477865/100/0/threaded
SECUNIA-26604
SECUNIA-26673
SECUNIA-26987
SUNALERT-47800
BID-5834
CLA-2002:538
ESA-20021003-022
MDKSA-2002:066
RHSA-2002:096
SUSE-SR:2006:005
SUSE-SR:2007:019
archive-extraction-directory-traversal(10224)
https://issues.rpath.com/browse/RPL-1631

CPE    1
cpe:/a:gnu:tar:1.13.25

© SecPod Technologies