GNU Tar Hostile Destination Path Vulnerability

Bugtraq ID: 3024
Class: Access Validation Error
CVE: CVE-2001-1267
CVE-2001-1267
Remote: Yes
Local: No
Published: Jul 12 2001 12:00AM
Updated: Oct 01 2007 07:49PM
Credit: Reported by 3APA3A <3APA3A@security.nnov.ru>.
Vulnerable: SuSE SUSE Linux Enterprise Server SDK 9
SuSE SUSE Linux Enterprise Server 9 SP3
SuSE SUSE Linux Enterprise Server 8
+ Linux kernel 2.4.21
+ Linux kernel 2.4.19
SuSE SUSE Linux Enterprise Server 10 SP1
SuSE SUSE Linux Enterprise Server 10
SuSE SUSE Linux Enterprise SDK 9
SuSE SUSE Linux Enterprise SDK 10.SP1
SuSE SUSE Linux Enterprise SDK 10
SuSE SUSE Linux Enterprise SDK 10
SuSE SUSE Linux Enterprise Desktop 10 SP1
SuSE SUSE Linux Enterprise Desktop 10
SuSE Linux Professional 10.2 x86_64
SuSE Linux Personal 10.2 x86_64
S.u.S.E. UnitedLinux 1.0
S.u.S.E. SuSE Linux Standard Server 8.0
S.u.S.E. SuSE Linux School Server for i386
S.u.S.E. SUSE LINUX Retail Solution 8.0
S.u.S.E. SuSE Linux Openexchange Server 4.0
S.u.S.E. openSUSE 10.2
S.u.S.E. Open-Enterprise-Server 9.0
S.u.S.E. Open-Enterprise-Server 1
S.u.S.E. Open-Enterprise-Server 0
S.u.S.E. Office Server
S.u.S.E. Novell Linux POS 9
S.u.S.E. Novell Linux Desktop 9.0
S.u.S.E. Novell Linux Desktop 1.0
S.u.S.E. Novell Linux Desktop 9
S.u.S.E. Linux Professional 10.0 OSS
S.u.S.E. Linux Professional 10.0
S.u.S.E. Linux Professional 10.2
S.u.S.E. Linux Professional 10.1
S.u.S.E. Linux Personal 10.0 OSS
S.u.S.E. Linux Personal 10.2
S.u.S.E. Linux Personal 10.1
S.u.S.E. Linux Openexchange Server
S.u.S.E. Linux Office Server
S.u.S.E. Linux Enterprise Server for S/390 9.0
S.u.S.E. Linux Enterprise Server for S/390
S.u.S.E. Linux Enterprise Server 9-SP3
+ Linux kernel 2.6.5
S.u.S.E. Linux Enterprise Server 9
S.u.S.E. Linux Enterprise Server 10.SP1
S.u.S.E. Linux Enterprise Server 10
+ Linux kernel 2.6.5
S.u.S.E. Linux Desktop 1.0
S.u.S.E. Linux Desktop 10
S.u.S.E. Linux 10.1 x86-64
S.u.S.E. Linux 10.1 x86
S.u.S.E. Linux 10.1 ppc
S.u.S.E. Linux 10.0 x86-64
S.u.S.E. Linux 10.0 x86
S.u.S.E. Linux 10.0 ppc
rPath rPath Linux 1
GNU tar 1.13.19
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ RedHat Linux 6.2 sparc
 + RedHat Linux 6.2 i386
 + RedHat Linux 6.2 alpha
 + RedHat Linux 6.2
+ Sun Cobalt Qube 3
+ Sun Cobalt RaQ 3
+ Sun Cobalt RaQ 4
+ Sun Cobalt RaQ 550
+ Sun Cobalt RaQ XTR
+ Sun Linux 5.0.6
+ Sun Linux 5.0.5
+ Sun Linux 5.0.3
+ Sun Linux 5.0
GNU tar 1.13.18
GNU tar 1.13.17
GNU tar 1.13.16
GNU tar 1.13.14
GNU tar 1.13.11
GNU tar 1.13.5
GNU tar 1.13
Foresight Linux Foresight Linux 1.1
Allot NetEnforcer 4.2.1
Allot NetEnforcer 4.2
Not Vulnerable: GNU tar 1.13.25
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Gentoo Linux 1.4 _rc1
 + Gentoo Linux 1.2
+ HP Secure OS software for Linux 1.0
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
 + Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
 + Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ RedHat Linux 7.3 i386
 + RedHat Linux 7.3
+ RedHat Linux 7.2 ia64
 + RedHat Linux 7.2 i386
 + RedHat Linux 7.2 alpha
 + RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
 + RedHat Linux 7.1 i386
 + RedHat Linux 7.1 alpha
 + RedHat Linux 7.1
+ RedHat Linux 7.0 sparc
 + RedHat Linux 7.0 i386
 + RedHat Linux 7.0 alpha
 + RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
 + RedHat Linux 6.2 i386
 + RedHat Linux 6.2 alpha
 + RedHat Linux 6.2
+ Sun Linux 5.0
Allot NetEnforcer 4.2.4


 

Privacy Statement
Copyright 2010, SecurityFocus