GNU tar Extraction Arbitrary File Overwrite

2001-07-02T00:00:00
ID OSVDB:9063
Type osvdb
Reporter OSVDB
Modified 2001-07-02T00:00:00

Description

Technical Description

Red Hat Linux attempted to correct this flaw shortly after disclosure but did not implement it correctly. This same vulnerability was discovered several years later and Red Hat backported the fix correctly.

References:

Vendor Specific Advisory URL Vendor Specific Advisory URL Vendor Specific Advisory URL Security Tracker: 1015655 Secunia Advisory ID:19130 Secunia Advisory ID:19183 Secunia Advisory ID:26987 Secunia Advisory ID:20397 Other Advisory URL: http://lists.opensuse.org/opensuse-security-announce/2007-09/msg00003.html Keyword: Directory Traversal ISS X-Force ID: 10224 CVE-2001-1267 CVE-2005-1918 CVE-2002-0399 CIAC Advisory: n-041 Bugtraq ID: 5834