Symlink Attack Vulnerability in GNU Tar by GNU Project
CVE-2002-1216
Currently unrated
Summary
GNU Tar versions prior to 1.13.25 are vulnerable to a symlink attack that allows remote attackers to overwrite arbitrary files. This vulnerability arises from a security check modification that was improperly implemented, making it possible for attackers to exploit this flaw without proper validation of file paths during extraction. Users of affected versions should upgrade to mitigate the risk associated with file overwrites and unauthorized access.
References
Timeline
Vulnerability published
Vulnerability Reserved