First published: Sat Dec 31 2005(Updated: )
The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
GNU tar | =1.13.25 | |
Redhat Enterprise Linux | =2.1 | |
Redhat Enterprise Linux Desktop | =3.0 | |
Redhat Linux Advanced Workstation | =2.1 | |
Redhat Enterprise Linux | =3.0 | |
Redhat Enterprise Linux | =2.1 | |
Redhat Linux Advanced Workstation | =2.1 | |
Redhat Enterprise Linux | =2.1 | |
Redhat Enterprise Linux | =3.0 | |
Redhat Enterprise Linux | =2.1 | |
Redhat Enterprise Linux | =3.0 | |
Redhat Enterprise Linux | =2.1 | |
Redhat Enterprise Linux | =2.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.