DescriptionThe original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
Overall state of this security issue: Resolved
This issue is currently rated as having low severity.
|National Vulnerability Database|
- SUSE-SR:2006:005, published Fri, 03 Mar 2006 15:00:00 +0000
List of released packages
|Product(s)||Fixed package version(s)||References|
|openSUSE Tumbleweed|| ||Patchnames: |
openSUSE Tumbleweed GA tar-1.34-2.2