CVE-2002-1216

Reference Links

• http://www.redhat.com/support/errata/RHSA-2002-096.html
• http://www.iss.net/security_center/static/10224.php
• http://www.mandriva.com/security/advisories?name=MDKSA-2006:219
• http://www.openpkg.com/security/advisories/OpenPKG-SA-2006.038.html
• http://marc.info/?l=bugtraq&m=103419290219680&w=2
• https://bugzilla.redhat.com/show_bug.cgi?id=1616858
• https://www.cve.org/CVERecord?id=CVE-2002-1216 https://nvd.nist.gov/vuln/detail/CVE-2002-1216
• https://access.redhat.com/errata/RHSA-2002:138
• https://access.redhat.com/errata/RHSA-2002:096
• https://access.redhat.com/errata/RHSA-2003:218
• https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2002-1216.json

Parent vulnerabilities

(Appears in the following advisories)

• RHSA-2002:138
• RHSA-2002:096
• RHSA-2003:218

Frequently Asked Questions

• What is the severity of CVE-2002-1216?

  CVE-2002-1216 has a high severity rating due to the potential for arbitrary file overwriting by remote attackers.

• How do I fix CVE-2002-1216?

  To fix CVE-2002-1216, upgrade GNU tar to version 1.13.25 or later to restore the necessary security checks.

• Which versions of GNU tar are affected by CVE-2002-1216?

  GNU tar versions 1.13.19 and below are affected by CVE-2002-1216.

• What type of attack does CVE-2002-1216 involve?

  CVE-2002-1216 involves a symlink attack allowing remote attackers to overwrite arbitrary files.

• Are there any workarounds for CVE-2002-1216?

  The main workaround for CVE-2002-1216 is to disable the use of symlinks in operations that use GNU tar until an upgrade can be applied.