Описание
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
| Релиз | Статус | Примечание |
|---|---|---|
| dapper | released | 1.15.1-2ubuntu2.2 |
| devel | released | 1.18-2ubuntu1 |
| edgy | released | 1.15.91-2ubuntu0.4 |
| feisty | released | 1.16-2ubuntu0.1 |
| upstream | needs-triage |
Показывать по
EPSS
6.8 Medium
CVSS2
Связанные уязвимости
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
Directory traversal vulnerability in the contains_dot_dot function in ...
Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.
ELSA-2007-0860: Moderate: tar security update (MODERATE)
EPSS
6.8 Medium
CVSS2