CVE-2005-2541

Published: August 10, 2005Last modified: November 10, 2023

Description

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

Status

References

• http://marc.info/?l=bugtraq&m=112327628230258&w=2
• https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c%40%3Cissues.guacamole.apache.org%3E