GNU tar directory traversal vulnerability in Red Hat Enterprise Linux
CVE-2005-1918

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 31 December 2005

Summary

A vulnerability in GNU tar allows user-assisted attackers to exploit a flaw in the patch for a prior directory traversal issue. By crafting a malicious tar file that manipulates path sequences, an attacker can overwrite arbitrary files on the system. This occurs due to an incorrect optimization in the original patch, which fails to fully mitigate the risk associated with path traversal, thus potentially leading to significant security breaches.

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/5834

vdb-entryx_refsource_BID

http://www.novell.com/linux/security/advisories/2006_05_s...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Dec 31, 2005
Vulnerability Reserved
Jun 8, 2005