|Package(s):||tar unzip||CVE #(s):||CAN-2001-1267 CAN-2001-1268 CAN-2001-1269 CAN-2002-0399|
|Created:||October 1, 2002||Updated:||April 10, 2006|
|Description:||The tar utility does not properly filter file names containing "../", meaning that a hostile archive can, if unpacked by an unsuspecting user, overwrite any file that is writable by that user. GNU tar versions 1.13.19 and earlier are vulnerable; unzip through version 5.42 has the same vulnerability.|
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds