Directory Traversal Vulnerability in GNU Tar by GNU
CVE-2001-1267

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 12 July 2001

Summary

A directory traversal vulnerability exists in GNU Tar versions 1.13.19 and earlier, allowing local users to manipulate file paths in a tar file. By including special directory traversal characters (..) in the filenames, attackers can overwrite arbitrary files on the system during the extraction process. This vulnerability poses significant risk as it can lead to unauthorized file modifications and data loss.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://www.redhat.com/support/errata/RHSA-2002-096.html

vendor-advisoryx_refsource_REDHAT

http://online.securityfocus.com/archive/1/196445

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability Reserved
May 1, 2002
Vulnerability published
Jul 12, 2001