CVE-2002-0399

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 10 October 2002

Summary

Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.

References

http://sunsolve.sun.com/search/document.do?assetkey=1-26-...

vendor-advisoryx_refsource_SUNALERT

http://secunia.com/advisories/26673

third-party-advisoryx_refsource_SECUNIA

http://www.redhat.com/support/errata/RHSA-2002-096.html

vendor-advisoryx_refsource_REDHAT

Timeline

Vulnerability published
Oct 10, 2002
Vulnerability Reserved
Jun 2, 2002