漏洞信息详情
GNU Tar敌对目标路径漏洞
- CNNVD编号:CNNVD-200107-075
- 危害等级: 低危
![图片[1]-GNU Tar敌对目标路径漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-05-09/fa6998ac850c38cb90c47a02e5a8652c.png)
- CVE编号:
CVE-2001-1267
- 漏洞类型:
路径遍历
- 发布时间:
2001-07-12
- 威胁类型:
本地
- 更新时间:
2007-08-28
- 厂 商:
gnu - 漏洞来源:
Reported by 3APA3A… -
漏洞简介
GNU tar 1.13.19及其早期版本存在目录遍历漏洞。本地用户可以在提取存档期间借助文件名包含..(点 点)的tar文件覆盖任意文件。
漏洞公告
NOTE: Allot NetEnforcer includes a vulnerable version of GNU tar. The vendor has addressed this issue in NetEnforcer 4.2.4 by using GNU cpio instead. The vendor has also announced that Allot NetEnforcer will include updated tar packages as soon as GNU provides them.
Please see the referenced advisories for more information.
GNU tar 1.13
-
GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
GNU tar 1.13.11
-
GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
GNU tar 1.13.14
-
GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
GNU tar 1.13.16
-
GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
GNU tar 1.13.17
-
GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
GNU tar 1.13.18
-
GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
GNU tar 1.13.19
-
Conectiva tar-1.13.25-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/tar-1.13.25-1U60_1cl.i386
.rpm -
Conectiva tar-1.13.25-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/tar-1.13.25-1U70_1cl.i386
.rpm -
Conectiva tar-1.13.25-2U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/tar-1.13.25-2U80_1cl.i386.r
pm -
GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmCorporate Server 1.0.1
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 7.1
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 7.2
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 8.0
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 8.1
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 8.2
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 9.0
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmSingle Network Firewall 7.2
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.ia64.rpmMandrake Linux 8.1/ia64
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.ppc.rpmMandrake Linux 8.0/ppc
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.ppc.rpmMandrake Linux 8.2/ppc
http://www.mandrakesecure.net/en/ftp.php -
Red Hat tar-1.13.25-1.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tar-1.13.25-1.6.alpha.rpm -
Red Hat tar-1.13.25-1.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tar-1.13.25-1.6.i386.rpm -
Red Hat tar-1.13.25-1.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tar-1.13.25-1.6.sparc.rpm -
Red Hat tar-1.13.25-4.7.1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm -
Red Hat tar-1.13.25-4.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm -
Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tar-1.13.25-4.7.1.i386.rpm -
Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tar-1.13.25-4.7.1.i386.rpm -
Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tar-1.13.25-4.7.1.i386.rpm -
Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/tar-1.13.25-4.7.1.i386.rpm -
Red Hat tar-1.13.25-4.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm -
Red Hat tar-1.13.25-4.7.1.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm
GNU tar 1.13.5
-
GNU tar-1.13.25.tar.gz
ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
参考网址
来源: REDHAT
名称: RHSA-2002:096
链接:http://www.redhat.com/support/errata/RHSA-2002-096.html
来源: BUGTRAQ
名称: 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
链接:http://online.securityfocus.com/archive/1/196445
来源: BID
名称: 3024
链接:http://www.securityfocus.com/bid/3024
来源: REDHAT
名称: RHSA-2003:218
链接:http://www.redhat.com/support/errata/RHSA-2003-218.html
来源: REDHAT
名称: RHSA-2002:138
链接:http://www.redhat.com/support/errata/RHSA-2002-138.html
来源: MANDRAKE
名称: MDKSA-2002:066
链接:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066
来源: XF
名称: archive-extraction-directory-traversal(10224)
链接:http://www.iss.net/security_center/static/10224.php
来源: SUNALERT
名称: 47800
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
来源: HP
名称: HPSBTL0209-068
链接:http://online.securityfocus.com/advisories/4514
来源: CONECTIVA
名称: CLA-2002:538
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
来源: alpha.gnu.org
链接:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
