CVE-2005-2541
ADVISORY - debianSummary
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
This is intended behaviour, after all tar is an archiving tool and you need to give -p as a command line flag
- tar (bug https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328228; unimportant)
Debian
CREATED
UPDATED
ADVISORY IDCVE-2005-2541
EXPLOITABILITY SCORE
-
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
CVSS SCORE
N/Alow| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| debian/tar | deb | debian | 12 | >=1.34+dfsg-1.2+deb12u1 | Not yet available |
| debian/tar | deb | debian | 13 | >=1.35+dfsg-3.1 | Not yet available |
| debian/tar | deb | debian | 11 | >=1.34+dfsg-1+deb11u1 | Not yet available |
| debian/tar | deb | debian | unstable | >=1.35+dfsg-3.1 | Not yet available |
Severity and metrics
No CVSS data available from this advisory.
NIST
CREATED
UPDATED
ADVISORY IDCVE-2005-2541
EXPLOITABILITY SCORE
10
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CVSS SCORE
10highRed Hat
CREATED
UPDATED
ADVISORY IDCVE-2005-2541
EXPLOITABILITY SCORE
1.0
EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-