GNU tar directory traversal vulnerability in Red Hat Enterprise Linux 3 and 2.1

GNU tar directory traversal vulnerability in Red Hat Enterprise Linux 3 and 2.1

CVE-2005-1918 · LOW Severity

AV:N/AC:H/AU:N/C:N/I:P/A:N

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.