Vulnerabilities > CVE-2005-2541 - Unspecified vulnerability in GNU TAR 1.15.1

CVSS 0.0 - NONE

Attack vector

UNKNOWN

Attack complexity

UNKNOWN

Privileges required

UNKNOWN

Confidentiality impact

UNKNOWN

Integrity impact

UNKNOWN

Availability impact

UNKNOWN

gnu

NVD

Published: 2005-08-10

Updated: 2023-11-07

Summary

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Vulnerable Configurations

Part	Description	Count
Application	Gnu GNU TAR 1.15.1	1

Statements

contributor	Mark J Cox
lastmodified	2006-08-30
organization	Red Hat
statement	This is the documented and expected behaviour of tar.

References

http://marc.info/?l=bugtraq&m=112327628230258&w=2
https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E