CVE

Id
4791  
CVE No.
CVE-2002-0399  
Status
Candidate  
Description
Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.  
Phase
Modified (20100521)  
Votes
ACCEPT(3) Armstrong, Cole, Green | MODIFY(1) Cox | NOOP(1) Christey  
Comments
Christey> MANDRAKE:MDKSA-2002:066 | Cox> Addref: RHSA-2002:138  

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
24322 4791 CVE-2002-0399 BUGTRAQ:20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)  View
24323 4791 CVE-2002-0399 URL:http://marc.info/?l=bugtraq&m=103419290219680&w=2  View
24324 4791 CVE-2002-0399 BUGTRAQ:20070825 rPSA-2007-0172-1 tar  View
24325 4791 CVE-2002-0399 URL:http://www.securityfocus.com/archive/1/archive/1/477731/100/0/threaded  View
24326 4791 CVE-2002-0399 BUGTRAQ:20070827 FLEA-2007-0049-1 tar  View
24327 4791 CVE-2002-0399 URL:http://www.securityfocus.com/archive/1/archive/1/477865/100/0/threaded  View
24328 4791 CVE-2002-0399 CONFIRM:https://issues.rpath.com/browse/RPL-1631  View
24329 4791 CVE-2002-0399 REDHAT:RHSA-2002:096  View
24330 4791 CVE-2002-0399 URL:http://www.redhat.com/support/errata/RHSA-2002-096.html  View
24331 4791 CVE-2002-0399 MANDRAKE:MDKSA-2002:066  View
24332 4791 CVE-2002-0399 URL:http://www.mandriva.com/security/advisories?name=MDKSA-2002:066  View
24333 4791 CVE-2002-0399 CONECTIVA:CLA-2002:538  View
24334 4791 CVE-2002-0399 URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538  View
24335 4791 CVE-2002-0399 ENGARDE:ESA-20021003-022  View
24336 4791 CVE-2002-0399 URL:http://www.linuxsecurity.com/advisories/other_advisory-2400.html  View
24337 4791 CVE-2002-0399 SUNALERT:47800  View
24338 4791 CVE-2002-0399 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1  View
24339 4791 CVE-2002-0399 SUNALERT:1000928  View
24340 4791 CVE-2002-0399 URL:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1  View
24341 4791 CVE-2002-0399 SUSE:SUSE-SR:2006:005  View
24342 4791 CVE-2002-0399 URL:http://www.novell.com/linux/security/advisories/2006_05_sr.html  View
24343 4791 CVE-2002-0399 SUSE:SUSE-SR:2007:019  View
24344 4791 CVE-2002-0399 URL:http://www.novell.com/linux/security/advisories/2007_19_sr.html  View
24345 4791 CVE-2002-0399 BID:5834  View
24346 4791 CVE-2002-0399 URL:http://www.securityfocus.com/bid/5834  View
24347 4791 CVE-2002-0399 SECUNIA:19130  View
24348 4791 CVE-2002-0399 URL:http://secunia.com/advisories/19130  View
24349 4791 CVE-2002-0399 SECUNIA:26604  View
24350 4791 CVE-2002-0399 URL:http://secunia.com/advisories/26604  View
24351 4791 CVE-2002-0399 SECUNIA:26673  View
24352 4791 CVE-2002-0399 URL:http://secunia.com/advisories/26673  View
24353 4791 CVE-2002-0399 SECUNIA:26987  View
24354 4791 CVE-2002-0399 URL:http://secunia.com/advisories/26987  View
24355 4791 CVE-2002-0399 XF:archive-extraction-directory-traversal(10224)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
63789 JVNDB-2002-000116 Tar ユーティリティのアーカイブ抽出処理における (/.. ./..) 任意のファイルが上書きされる脆弱性 ------------ CVE-2002-0399 4791 5 http://jvndb.jvn.jp/ja/contents/2002/JVNDB-2002-000116.html  View