| ID |
CVE-2002-0399
|
| Summary |
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267. |
| References |
|
| Vulnerable Configurations |
|
| CVSS |
| Base: | 5.0 (as of 19-10-2018 - 15:29) |
| Impact: | |
| Exploitability: | |
|
| CWE |
NVD-CWE-Other |
| CAPEC |
|
| Access |
| Vector | Complexity | Authentication |
| NETWORK |
LOW |
NONE |
|
| Impact |
| Confidentiality | Integrity | Availability |
| NONE |
PARTIAL |
NONE |
|
| cvss-vector
via4
|
AV:N/AC:L/Au:N/C:N/I:P/A:N
|
| redhat
via4
|
|
| refmap
via4
|
| bid | 5834 | | bugtraq | - 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)
- 20070825 rPSA-2007-0172-1 tar
- 20070827 FLEA-2007-0049-1 tar
| | conectiva | CLA-2002:538 | | confirm | https://issues.rpath.com/browse/RPL-1631 | | engarde | ESA-20021003-022 | | mandrake | MDKSA-2002:066 | | secunia | | | sunalert | | | suse | - SUSE-SR:2006:005
- SUSE-SR:2007:019
| | xf | archive-extraction-directory-traversal(10224) |
|
| Last major update |
19-10-2018 - 15:29 |
| Published |
10-10-2002 - 04:00 |
| Last modified |
19-10-2018 - 15:29 |
