CVE-2005-1918

2005-12-3105:00:00

CWE-22

[email protected]

web.nvd.nist.gov

CVSS2

2.6

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:N/I:P/A:N

AI Score

6.3

Confidence

Low

EPSS

0.112

Percentile

95.3%

JSON

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an “incorrect optimization” that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving “/…/” sequences with a leading “/”.

Affected configurations

Nvd

Node

gnutarMatch1.13.25

Node

redhatenterprise_linuxMatch2.1advanced_server

redhatenterprise_linuxMatch2.1advanced_server_ia64

redhatenterprise_linuxMatch2.1enterprise_server

redhatenterprise_linuxMatch2.1enterprise_server_ia64

redhatenterprise_linuxMatch2.1workstation

redhatenterprise_linuxMatch2.1workstation_ia64

redhatenterprise_linuxMatch3.0advanced_servers

redhatenterprise_linuxMatch3.0enterprise_server

redhatenterprise_linuxMatch3.0workstation

redhatenterprise_linux_desktopMatch3.0

redhatlinux_advanced_workstationMatch2.1ia64

redhatlinux_advanced_workstationMatch2.1itanium

VendorProductVersionCPE
gnutar1.13.25cpe:2.3:a:gnu:tar:1.13.25:*:*:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
redhatenterprise_linux2.1cpe:2.3:o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
redhatenterprise_linux3.0cpe:2.3:o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	tar	1.13.25	cpe:2.3:a:gnu:tar:1.13.25:::::::*
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::advanced_server_ia64:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::enterprise_server_ia64:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation:::::
redhat	enterprise_linux	2.1	cpe:2.3:o:redhat:enterprise_linux:2.1::workstation_ia64:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::advanced_servers:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::enterprise_server:::::
redhat	enterprise_linux	3.0	cpe:2.3:o:redhat:enterprise_linux:3.0::workstation:::::