• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

GNU Tar Hostile Destination Path Vulnerability

Bugtraq ID:	3024
Class:	Access Validation Error
CVE:	CVE-2001-1267 CVE-2001-1267
Remote:	Yes
Local:	No
Published:	Jul 12 2001 12:00AM
Updated:	Oct 01 2007 07:49PM
Credit:	Reported by 3APA3A <3APA3A@security.nnov.ru>.
Vulnerable:	S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. SUSE Linux Enterprise Server 9 SP3 S.u.S.E. SUSE Linux Enterprise Server 10 SP1 S.u.S.E. SUSE Linux Enterprise Server 10 S.u.S.E. SUSE Linux Enterprise Desktop 10 SP1 S.u.S.E. SUSE Linux Enterprise Desktop 10 S.u.S.E. SLE SDK 9 S.u.S.E. SLE SDK 10.SP1 S.u.S.E. SLE SDK 10 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Open-Enterprise-Server 1 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Office Server S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Novell Linux Desktop 1.0 S.u.S.E. Novell Linux Desktop 9 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 x86_64 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 x86_64 S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux Openexchange Server S.u.S.E. Linux Office Server S.u.S.E. Linux Enterprise Server SDK 9 S.u.S.E. Linux Enterprise Server for S/390 9.0 S.u.S.E. Linux Enterprise Server for S/390 S.u.S.E. Linux Enterprise Server 9-SP3 + Linux kernel 2.6.5 S.u.S.E. Linux Enterprise Server 9 S.u.S.E. Linux Enterprise Server 8 S.u.S.E. Linux Enterprise Server 10.SP1 S.u.S.E. Linux Enterprise Server 10 + Linux kernel 2.6.5 S.u.S.E. Linux Enterprise SDK 10 S.u.S.E. Linux Desktop 1.0 S.u.S.E. Linux Desktop 10 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc rPath rPath Linux 1 GNU tar 1.13.19 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha + RedHat Linux 6.2 + Sun Cobalt Qube 3 + Sun Cobalt RaQ 3 + Sun Cobalt RaQ 4 + Sun Cobalt RaQ 550 + Sun Cobalt RaQ XTR + Sun Linux 5.0.6 + Sun Linux 5.0.5 + Sun Linux 5.0.3 + Sun Linux 5.0 GNU tar 1.13.18 GNU tar 1.13.17 GNU tar 1.13.16 GNU tar 1.13.14 GNU tar 1.13.11 GNU tar 1.13.5 GNU tar 1.13 Foresight Linux Foresight Linux 1.1 Allot NetEnforcer 4.2.1 Allot NetEnforcer 4.2
Not Vulnerable:	GNU tar 1.13.25 + Conectiva Linux 8.0 + Conectiva Linux 7.0 + Conectiva Linux 6.0 + Gentoo Linux 1.4 _rc1 + Gentoo Linux 1.2 + HP Secure OS software for Linux 1.0 + MandrakeSoft Corporate Server 1.0.1 + MandrakeSoft Linux Mandrake 9.0 + MandrakeSoft Linux Mandrake 8.2 ppc + MandrakeSoft Linux Mandrake 8.2 + MandrakeSoft Linux Mandrake 8.1 ia64 + MandrakeSoft Linux Mandrake 8.1 + MandrakeSoft Linux Mandrake 8.0 ppc + MandrakeSoft Linux Mandrake 8.0 + MandrakeSoft Linux Mandrake 7.2 + MandrakeSoft Linux Mandrake 7.1 + MandrakeSoft Single Network Firewall 7.2 + RedHat Linux 7.3 i386 + RedHat Linux 7.3 + RedHat Linux 7.2 ia64 + RedHat Linux 7.2 i386 + RedHat Linux 7.2 alpha + RedHat Linux 7.2 + RedHat Linux 7.1 ia64 + RedHat Linux 7.1 i386 + RedHat Linux 7.1 alpha + RedHat Linux 7.1 + RedHat Linux 7.0 sparc + RedHat Linux 7.0 i386 + RedHat Linux 7.0 alpha + RedHat Linux 7.0 + RedHat Linux 6.2 sparc + RedHat Linux 6.2 i386 + RedHat Linux 6.2 alpha + RedHat Linux 6.2 + Sun Linux 5.0 Allot NetEnforcer 4.2.4