tar vulnerability

ID USN-506-1
Type ubuntu
Reporter Ubuntu
Modified 2007-08-28T00:00:00


Dmitry V. Levin discovered that tar did not correctly detect the “..” file path element when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted tar file, arbitrary files could be overwritten with user privileges.