The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted malicious users to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gnu tar 1.13.25 |
||
redhat enterprise linux 2.1 |
||
redhat enterprise linux desktop 3.0 |
||
redhat linux advanced workstation 2.1 |
||
redhat enterprise linux 3.0 |