Vulnerability Name:

CVE-2005-1918 (CCN-10224)

Assigned:2001-07-02
Published:2001-07-02
Updated:2018-10-19
Summary:The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:2.6 Low (CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): High
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-22
Vulnerability Consequences:File Manipulation
References:Source: CCN
Type: GNU FTP site
gnu/tar/

Source: SGI
Type: UNKNOWN
20060301-01-U

Source: CCN
Type: BugTraq Mailing List, Thu Sep 26 2002 - 19:11:07 CDT
Allot Netenforcer problems, GNU TAR flaw

Source: CCN
Type: Gentoo Linux Security Announcement 2002-10-01 12:30 UTC
tar: directory-traversal vulnerability

Source: CCN
Type: EnGarde Secure Linux Security Advisory ESA-20021003-022
tar: directory traversal vulnerability.

Source: CCN
Type: Full-Disclosure Mailing List, Tue Oct 01 2002 - 05:38:05 CDT
GLSA: unzip

Source: CCN
Type: Conectiva Linux Announcement CLSA-2002:538
tar/unzip

Source: MITRE
Type: CNA
CVE-2001-1267

Source: MITRE
Type: CNA
CVE-2001-1268

Source: MITRE
Type: CNA
CVE-2001-1269

Source: MITRE
Type: CNA
CVE-2001-1270

Source: MITRE
Type: CNA
CVE-2001-1271

Source: MITRE
Type: CNA
CVE-2002-0399

Source: MITRE
Type: CNA
CVE-2002-1216

Source: MITRE
Type: CNA
CVE-2005-1918

Source: CCN
Type: RHSA-2002-096
Updated unzip and tar packages fix vulnerabilities

Source: CCN
Type: RHSA-2002-138
unzip security update

Source: CCN
Type: RHSA-2003-218
Updated unzip and tar packages that fix vulnerabilities are now available

Source: CCN
Type: RHSA-2006-0195
tar security update

Source: SECUNIA
Type: Patch, Vendor Advisory
18988

Source: SECUNIA
Type: Vendor Advisory
19130

Source: SECUNIA
Type: Patch, Vendor Advisory
19183

Source: CCN
Type: SA20397
Avaya Products "tar" Directory Traversal Vulnerability

Source: SECUNIA
Type: Vendor Advisory
20397

Source: CCN
Type: SECTRACK ID: 1015655
Tar on Red Hat Enterprise Linux Lets Remote Users Write Files

Source: SECTRACK
Type: Patch
1015655

Source: CCN
Type: Sun Alert ID: 47800
Sun Linux Vulnerabilities in "unzip" and GNU "tar" During File Extraction

Source: CONFIRM
Type: UNKNOWN
http://support.avaya.com/elmodocs2/security/ASA-2006-110.htm

Source: CCN
Type: ASA-2006-110
tar security update (RHSA-2006-0195)

Source: CCN
Type: CIAC Information Bulletin N-041
Sun Linux Vulnerabilities in "unzip" and GNU "tar" Commands

Source: CCN
Type: Info-ZIP Web site
InfoZIP's UnZip

Source: SUSE
Type: Vendor Advisory
SUSE-SR:2006:005

Source: CCN
Type: OpenPKG-SA-2006.038
GNU tar

Source: CCN
Type: OSVDB ID: 8974
PKZip pkzipc -rec Option Double Dot Arbitrary File Overwrite

Source: CCN
Type: OSVDB ID: 8975
rar Archive Extraction Double Dot Arbitrary File Overwrite

Source: CCN
Type: PKWARE Inc. Web site
PKWARE - Home of Genuine PKZIP Products

Source: REDHAT
Type: Patch, Vendor Advisory
RHSA-2006:0195

Source: CCN
Type: SECURITY.NNOV Advisory July, 2, 2001
Directory traversal and path globbing in multiple archivers

Source: FEDORA
Type: UNKNOWN
FLSA:183571-1

Source: CCN
Type: BID-3024
GNU Tar Hostile Destination Path Vulnerability

Source: BID
Type: Patch
5834

Source: CCN
Type: BID-5834
GNU Tar Hostile Destination Path Variant Vulnerability

Source: CCN
Type: BID-5835
Info-ZIP UnZip Hostile Destination Path Vulnerability

Source: CCN
Type: BID-5933
PKWare PKZip Hostile Destination Path Vulnerability

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=140589

Source: XF
Type: UNKNOWN
archive-extraction-directory-traversal(10224)

Source: OVAL
Type: UNKNOWN
oval:org.mitre.oval:def:9946

Source: CCN
Type: SUSE-SR:2006:005
SUSE Security Summary Report

Source: CCN
Type: SUSE-SR:2007:019
SUSE Security Summary Report

Vulnerable Configuration:Configuration 1:
  • cpe:/a:gnu:tar:1.13.25:*:*:*:*:*:*:*

    • Configuration 2:
  • cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:advanced_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:enterprise_server_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:workstation_ia64:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:advanced_servers:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:enterprise_server:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3.0:*:workstation:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux_desktop:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/o:redhat:enterprise_linux:3:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:info-zip:unzip:5.42:*:*:*:*:*:*:*
  • OR cpe:/a:rarsoft:rar:2.02:*:*:*:*:*:*:*
  • OR cpe:/a:pkware:pkzip:4.00:*:*:*:*:*:*:*
  • AND
  • cpe:/o:suse:suse_linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:6.2:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:6.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:1.0.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_single_network_firewall:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:7.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.2:*:*:*:*:*:*:*
  • OR cpe:/o:engardelinux:secure_linux:-:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:*:*:*:*:*:*
  • OR cpe:/o:conectiva:linux:8.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.3:*:*:*:*:*:*:*
  • OR cpe:/a:openpkg:openpkg:current:*:*:*:*:*:*:*
  • OR cpe:/o:gentoo:linux:*:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:9.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:2.1:*:ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::ws:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::es:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::as:*:*:*:*:*
  • OR cpe:/o:redhat:enterprise_linux:3::desktop:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*
  • OR cpe:/o:redhat:linux_advanced_workstation:2.1:*:itanium:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2006:*:x86-64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2007:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:pseries:*
  • OR cpe:/o:redhat:linux:7.1:*:*:*:*:*:iseries:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.0:*:ppc:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.1:*:ia64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:8.2:*:ppc:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20051918
    V
    		CVE-2005-1918
    2023-02-11
    oval:org.opensuse.security:def:113480
    P
    		tar-1.34-2.2 on GA media (Moderate)
    2022-01-17
    oval:org.opensuse.security:def:106877
    P
    		tar-1.34-2.2 on GA media (Moderate)
    2021-10-01
    oval:org.mitre.oval:def:9946
    V
    		The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".
    2013-04-29
    oval:com.redhat.rhsa:def:20060195
    P
    		RHSA-2006:0195: tar security update (Low)
    2006-02-21
    BACK
    gnu tar 1.13.25
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux 3.0
    redhat enterprise linux desktop 3.0
    redhat linux advanced workstation 2.1
    redhat linux advanced workstation 2.1
    info-zip unzip 5.42
    rarsoft rar 2.02
    pkware pkzip 4.00
    suse suse linux *
    redhat linux 6.2
    mandrakesoft mandrake linux 7.1
    redhat linux 7
    mandrakesoft mandrake linux 7.2
    conectiva linux 6.0
    mandrakesoft mandrake linux corporate server 1.0.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake single network firewall 7.2
    conectiva linux 7.0
    mandrakesoft mandrake linux 8.1
    redhat linux 7.2
    engardelinux secure linux -
    mandrakesoft mandrake linux 8.2
    conectiva linux 8.0
    redhat linux 7.3
    openpkg openpkg current
    gentoo linux *
    mandrakesoft mandrake linux 9.0
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 2.1
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    redhat enterprise linux 3
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake multi network firewall 2.0
    redhat linux advanced workstation 2.1
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2006
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux 2007
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    redhat linux 7.1
    redhat linux 7.1
    mandrakesoft mandrake linux 8.0
    mandrakesoft mandrake linux 8.1
    mandrakesoft mandrake linux 8.2