Privilege Escalation Vulnerability in Tar by GNU
CVE-2005-2541

Currently unrated

Key Information:

Vendor: Gnu
Status: Tar
Vendor: CVE Published:; 10 August 2005

Summary

The Tar utility version 1.15.1 fails to appropriately notify users when extracting files with the setuid or setgid bits set. This oversight can enable both local users and remote attackers to execute unauthorized actions, potentially leading to elevated privileges on the system. Users should be cautious when extracting archives that may contain such files to prevent exploitation of this vulnerability.

References

http://marc.info/?l=bugtraq&m=112327628230258&w=2

mailing-listx_refsource_BUGTRAQ

https://lists.apache.org/thread.html/rc713534b10f9daeee2e...

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Aug 10, 2005
Vulnerability Reserved
Aug 10, 2005