Lucene search

[email protected]CVE-2005-2541

HistoryAug 10, 2005 - 4:00 a.m.

CVE-2005-2541

2005-08-1004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-2541

tar

extraction

vulnerability

privilege escalation

nvd

9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.8%

JSON

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

CPENameOperatorVersion
gnu:targnu tareq1.15.1

CPE	Name	Operator	Version
gnu:tar	gnu tar	eq	1.15.1

References

marc.info/?l=bugtraq&m=112327628230258&w=2

lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E

9 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.006 Low

EPSS

Percentile

78.8%

JSON

Related for CVE-2005-2541

debiancve1 avleonov1