CVE-2005-1918

CWE-22 — Path Traversal9 documents7 sources

Severity

2.6LOW

EPSS

2.1%

top 16.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU TAR Redhat Enterprise Linux Redhat Enterprise Linux Desktop +1 more

Timeline

PublishedDec 31

Latest updateMay 3

Description

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

CVSS vector

AV:N/AC:H/C:N/I:P/A:NExploitability: 4.9 | Impact: 2.9

Affected Packages4 packages

▶NVDredhat/enterprise_linux_desktop3.0

▶NVDredhat/linux_advanced_workstation2.1

▶Debiantar< 1.14-2.2+3

▶NVDgnu/tar1.13.25

Also affects: Enterprise Linux 2.1, 3.0

Patches

Patch: secunia.com ↗Patch: secunia.com ↗Patch: securitytracker.com ↗

🔴Vulnerability Details

GHSA

GHSA-vf44-2j68-pjgj: The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2↗2022-05-03

▶

CVEList

CVE-2005-1918: The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2↗2006-02-21

▶

OSV

CVE-2005-1918: The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2↗2005-12-31

▶

📋Vendor Advisories

Debian

CVE-2005-1918: tar - The original patch for a GNU tar directory traversal vulnerability (CVE-2002-039...↗2005

▶

Red Hat

tar archive path traversal issue↗2003-07-21

▶

💬Community

Bugzilla

Multiple tar issues (CVE-2005-1918, CVE-2006-0300)↗2006-03-02

▶

Bugzilla

CVE-2005-1918 tar archive path traversal issue↗2004-11-23

▶

Bugzilla

CVE-2005-1918 tar archive path traversal issue↗2004-11-23

▶