漏洞信息详情

GNU Tar敌对目标路径漏洞

  • CNNVD编号:CNNVD-200107-075
  • 危害等级: 低危
  • CVE编号: CVE-2001-1267
  • 漏洞类型: 路径遍历
  • 发布时间: 2001-07-12
  • 威胁类型: 本地
  • 更新时间: 2007-08-28
  • 厂        商: gnu
  • 漏洞来源: Reported by 3APA3A...

漏洞简介

GNU tar 1.13.19及其早期版本存在目录遍历漏洞。本地用户可以在提取存档期间借助文件名包含..(点 点)的tar文件覆盖任意文件。

漏洞公告

NOTE: Allot NetEnforcer includes a vulnerable version of GNU tar. The vendor has addressed this issue in NetEnforcer 4.2.4 by using GNU cpio instead. The vendor has also announced that Allot NetEnforcer will include updated tar packages as soon as GNU provides them. Please see the referenced advisories for more information. GNU tar 1.13

GNU tar 1.13.11 GNU tar 1.13.14 GNU tar 1.13.16 GNU tar 1.13.17 GNU tar 1.13.18 GNU tar 1.13.19 GNU tar 1.13.5

参考网址

来源: REDHAT 名称: RHSA-2002:096 链接:http://www.redhat.com/support/errata/RHSA-2002-096.html 来源: BUGTRAQ 名称: 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers 链接:http://online.securityfocus.com/archive/1/196445 来源: BID 名称: 3024 链接:http://www.securityfocus.com/bid/3024 来源: REDHAT 名称: RHSA-2003:218 链接:http://www.redhat.com/support/errata/RHSA-2003-218.html 来源: REDHAT 名称: RHSA-2002:138 链接:http://www.redhat.com/support/errata/RHSA-2002-138.html 来源: MANDRAKE 名称: MDKSA-2002:066 链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 来源: XF 名称: archive-extraction-directory-traversal(10224) 链接:http://www.iss.net/security_center/static/10224.php 来源: SUNALERT 名称: 47800 链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1 来源: HP 名称: HPSBTL0209-068 链接:http://online.securityfocus.com/advisories/4514 来源: CONECTIVA 名称: CLA-2002:538 链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 来源: alpha.gnu.org 链接:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz

受影响实体

补丁

    暂无

漏洞信息快速查询

相关漏洞

更多