Your submission was sent successfully! Close

CVE-2005-1918

Published: 31 December 2005

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

Priority

Unknown

Status

Package Release Status
tar
Launchpad, Ubuntu, Debian
Upstream Needs triage