CVE-2005-1918

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 31 December 2005

Summary

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

References

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

http://www.securityfocus.com/bid/5834

vdb-entryx_refsource_BID

http://www.novell.com/linux/security/advisories/2006_05_s...

vendor-advisoryx_refsource_SUSE

Timeline

Vulnerability published
Dec 31, 2005
Vulnerability Reserved
Jun 8, 2005