2.6

CVE-2005-1918

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuTar Version1.13.25
RedhatEnterprise Linux Version2.1 Editionadvanced_server
RedhatEnterprise Linux Version2.1 Editionadvanced_server_ia64
RedhatEnterprise Linux Version2.1 Editionenterprise_server
RedhatEnterprise Linux Version2.1 Editionenterprise_server_ia64
RedhatEnterprise Linux Version2.1 Editionworkstation
RedhatEnterprise Linux Version2.1 Editionworkstation_ia64
RedhatEnterprise Linux Version3.0 Editionadvanced_servers
RedhatEnterprise Linux Version3.0 Editionenterprise_server
RedhatEnterprise Linux Version3.0 Editionworkstation
RedhatLinux Advanced Workstation Version2.1 Editionia64
RedhatLinux Advanced Workstation Version2.1 Editionitanium
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.86% 0.849
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 2.6 4.9 2.9
AV:N/AC:H/Au:N/C:N/I:P/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://secunia.com/advisories/19130
Vendor Advisory
http://www.novell.com/linux/security/advisories/2006_05_sr.html
Vendor Advisory
http://www.securityfocus.com/bid/5834
Patch
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
http://secunia.com/advisories/19183
Patch
Vendor Advisory
http://secunia.com/advisories/18988
Patch
Vendor Advisory
http://secunia.com/advisories/20397
Vendor Advisory
http://securitytracker.com/id?1015655
Patch
http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm
http://www.redhat.com/support/errata/RHSA-2006-0195.html
Patch
Vendor Advisory
http://www.securityfocus.com/archive/1/430297/100/0/threaded
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140589
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9946