漏洞信息详情
GNU Tar目标路径变化漏洞
- CNNVD编号:CNNVD-200210-242
- 危害等级: 中危
![图片[1]-GNU Tar目标路径变化漏洞-一一网](https://www.proyy.com/skycj/data/images/2021-04-26/30f462579bec41fc25e0b1d57503e6d6.png)
- CVE编号:
CVE-2002-0399
- 漏洞类型:
路径遍历
- 发布时间:
2002-10-10
- 威胁类型:
远程
- 更新时间:
2005-10-31
- 厂 商:
gnu - 漏洞来源:
This variant issue… -
漏洞简介
GNU tar 1.13.19版本到1.13.25版本,以及可能之后的版本存在目录遍历漏洞。攻击者可以借助清除前斜杠但是留下\”..\”的(1) \”/..\”或(2) \”./..\”字符串在归档文件提取期间覆盖任意文件,该漏洞是CVE-2001-1267的变体。
漏洞公告
Please see the referenced vendor advisories for details on obtaining and applying the appropriate updates.
GNU tar 1.13.25
-
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmCorporate Server 1.0.1
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 7.1
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 7.2
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 8.0
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 8.1
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 8.2
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmMandrake Linux 9.0
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.i586.rpmSingle Network Firewall 7.2
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.ia64.rpmMandrake Linux 8.1/ia64
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.ppc.rpmMandrake Linux 8.0/ppc
http://www.mandrakesecure.net/en/ftp.php -
MandrakeSoft tar-1.13.25-6.2mdk.ppc.rpmMandrake Linux 8.2/ppc
http://www.mandrakesecure.net/en/ftp.php -
Red Hat tar-1.13.25-1.6.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/tar-1.13.25-1.6.alpha.rpm -
Red Hat tar-1.13.25-1.6.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/tar-1.13.25-1.6.i386.rpm -
Red Hat tar-1.13.25-1.6.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/tar-1.13.25-1.6.sparc.rpm -
Red Hat tar-1.13.25-4.7.1.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm -
Red Hat tar-1.13.25-4.7.1.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/tar-1.13.25-4.7.1.alpha.rpm -
Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/tar-1.13.25-4.7.1.i386.rpm -
Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/tar-1.13.25-4.7.1.i386.rpm -
Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/tar-1.13.25-4.7.1.i386.rpm -
Red Hat tar-1.13.25-4.7.1.i386.rpm
ftp://updates.redhat.com/7.3/en/os/i386/tar-1.13.25-4.7.1.i386.rpm -
Red Hat tar-1.13.25-4.7.1.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm -
Red Hat tar-1.13.25-4.7.1.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/tar-1.13.25-4.7.1.ia64.rpm -
Sun Qube3-All-Security-4.0.1-16170.pkg
http://sunsolve.sun.com/patches/cobalt/ -
Sun RaQ3-All-Security-5.0.1-16170.pkg
http://sunsolve.sun.com/patches/cobalt/ -
Sun RaQ4-All-Security-2.0.2-16170.pkg
http://sunsolve.sun.com/patches/cobalt/ -
Sun RaQ550-All-Security-0.0.1-16170.pkg
http://sunsolve.sun.com/patches/cobalt/ -
Sun RaQXTR-All-Security-1.0.1-16170.pkg
http://sunsolve.sun.com/patches/cobalt/ -
Sun tar-1.13.25-4.7.1.i386.rpm
http://sunsolve.sun.com/patches/linux/security.html
参考网址
来源: REDHAT
名称: RHSA-2002:096
链接:http://www.redhat.com/support/errata/RHSA-2002-096.html
来源: ENGARDE
名称: ESA-20021003-022
链接:http://www.linuxsecurity.com/advisories/other_advisory-2400.html
来源: XF
名称: archive-extraction-directory-traversal(10224)
链接:http://www.iss.net/security_center/static/10224.php
来源: SUNALERT
名称: 1000928
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1
来源: issues.rpath.com
链接:https://issues.rpath.com/browse/RPL-1631
来源: BID
名称: 5834
链接:http://www.securityfocus.com/bid/5834
来源: BUGTRAQ
名称: 20070827 FLEA-2007-0049-1 tar
链接:http://www.securityfocus.com/archive/1/archive/1/477865/100/0/threaded
来源: BUGTRAQ
名称: 20070825 rPSA-2007-0172-1 tar
链接:http://www.securityfocus.com/archive/1/archive/1/477731/100/0/threaded
来源: SUSE
名称: SUSE-SR:2007:019
链接:http://www.novell.com/linux/security/advisories/2007_19_sr.html
来源: SUSE
名称: SUSE-SR:2006:005
链接:http://www.novell.com/linux/security/advisories/2006_05_sr.html
来源: MANDRAKE
名称: MDKSA-2002:066
链接:http://www.mandriva.com/security/advisories?name=MDKSA-2002:066
来源: SUNALERT
名称: 47800
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
来源: SECUNIA
名称: 26987
链接:http://secunia.com/advisories/26987
来源: SECUNIA
名称: 26673
链接:http://secunia.com/advisories/26673
来源: SECUNIA
名称: 26604
链接:http://secunia.com/advisories/26604
来源: SECUNIA
名称: 19130
链接:http://secunia.com/advisories/19130
来源: BUGTRAQ
名称: 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)
链接:http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2
来源: CONECTIVA
名称: CLA-2002:538
链接:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
![[桜井宁宁]COS和泉纱雾超可爱写真福利集-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/4d3cf227a85d7e79f5d6b4efb6bde3e8.jpg)
![[桜井宁宁] 爆乳奶牛少女cos写真-一一网](https://www.proyy.com/skycj/data/images/2020-12-13/d40483e126fcf567894e89c65eaca655.jpg)
