Lucene search

[email protected]CVE-2002-1216

HistoryOct 28, 2002 - 5:00 a.m.

CVE-2002-1216

2002-10-2805:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

gnu

tar

symlink attack

security vulnerability

cve-2002-1216

nvd

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.3%

JSON

GNU tar 1.13.19 and other versions before 1.13.25 allows remote attackers to overwrite arbitrary files via a symlink attack, as the result of a modification that effectively disabled the security check.

CPENameOperatorVersion
gnu:targnu tareq1.13.19
gnu:targnu tarle1.13.25

CPE	Name	Operator	Version
gnu:tar	gnu tar	eq	1.13.19
gnu:tar	gnu tar	le	1.13.25

References

marc.info/?l=bugtraq&m=103419290219680&w=2

www.iss.net/security_center/static/10224.php

www.mandriva.com/security/advisories?name=MDKSA-2006:219

www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html

www.redhat.com/support/errata/RHSA-2002-096.html

6.6 Medium

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:N/I:P/A:N

0.002 Low

EPSS

Percentile

59.3%

JSON

Related for CVE-2002-1216

debiancve2 cve1 nessus4 ubuntucve1