Symlink Attack Vulnerability in GNU Tar by GNU Project
CVE-2002-1216

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 28 October 2002

Summary

GNU Tar versions prior to 1.13.25 are vulnerable to a symlink attack that allows remote attackers to overwrite arbitrary files. This vulnerability arises from a security check modification that was improperly implemented, making it possible for attackers to exploit this flaw without proper validation of file paths during extraction. Users of affected versions should upgrade to mitigate the risk associated with file overwrites and unauthorized access.

References

http://www.redhat.com/support/errata/RHSA-2002-096.html

vendor-advisoryx_refsource_REDHAT

http://marc.info/?l=bugtraq&m=103419290219680&w=2

mailing-listx_refsource_BUGTRAQ

http://www.iss.net/security_center/static/10224.php

vdb-entryx_refsource_XF

Timeline

Vulnerability published
Oct 28, 2002
Vulnerability Reserved
Oct 15, 2002