Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.
References
Link | Resource |
---|---|
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html | Exploit Third Party Advisory VDB Entry |
http://seclists.org/fulldisclosure/2019/Jun/18 | Exploit Mailing List Third Party Advisory |
http://seclists.org/fulldisclosure/2020/Aug/20 | Exploit Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2015/10/21/7 | Mailing List Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1274215 | Issue Tracking Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html | Mailing List Third Party Advisory |
https://seclists.org/bugtraq/2019/Jun/14 | Exploit Mailing List Third Party Advisory |
https://usn.ubuntu.com/3935-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
19 Feb 2021, 15:57
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:esm:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
|
References | (FULLDISC) http://seclists.org/fulldisclosure/2020/Aug/20 - Exploit, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html - Mailing List, Third Party Advisory | |
References | (BUGTRAQ) https://seclists.org/bugtraq/2019/Jun/14 - Exploit, Mailing List, Third Party Advisory | |
References | (UBUNTU) https://usn.ubuntu.com/3935-1/ - Third Party Advisory | |
References | (MISC) http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html - Exploit, Third Party Advisory, VDB Entry | |
References | (FULLDISC) http://seclists.org/fulldisclosure/2019/Jun/18 - Exploit, Mailing List, Third Party Advisory | |
References | (MLIST) https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html - Mailing List, Third Party Advisory |
15 Feb 2021, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2017-08-07 17:29
Updated : 2023-12-10 12:15
NVD link : CVE-2011-5325
Mitre link : CVE-2011-5325
CVE.ORG link : CVE-2011-5325
JSON object : View
Products Affected
canonical
- ubuntu_linux
debian
- debian_linux
busybox
- busybox
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')