Directory Traversal Vulnerability in GNU Tar by GNU
CVE-2002-0399

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 10 October 2002

Summary

A directory traversal flaw exists in GNU Tar versions from 1.13.19 to 1.13.25, allowing attackers to manipulate file paths during the extraction of archives. By exploiting this vulnerability, it is possible for an attacker to overwrite arbitrary files on the system. This occurs when attackers use path traversing techniques, such as including '/..' or './..' in the file paths, which can lead to unintended file modifications. Proper sanitization of input paths is crucial to prevent such vulnerabilities during archive extraction.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/26673

third-party-advisoryx_refsource_SECUNIA

http://www.redhat.com/support/errata/RHSA-2002-096.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Oct 10, 2002
Vulnerability Reserved
Jun 2, 2002