Symlink Attack Vulnerability in GNU Tar by GNU Project
CVE-2002-1216

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
28 October 2002

Summary

GNU Tar versions prior to 1.13.25 are vulnerable to a symlink attack that allows remote attackers to overwrite arbitrary files. This vulnerability arises from a security check modification that was improperly implemented, making it possible for attackers to exploit this flaw without proper validation of file paths during extraction. Users of affected versions should upgrade to mitigate the risk associated with file overwrites and unauthorized access.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.