CVE-2011-5325

February 15, 2021

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

Summary:

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

Reference Links(if available):

  • https://bugzilla.redhat.com/show_bug.cgi?id=1274215
  • http://www.openwall.com/lists/oss-security/2015/10/21/7
  • https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html
  • https://usn.ubuntu.com/3935-1/
  • http://seclists.org/fulldisclosure/2019/Jun/18

    • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:P/A:N

    v3: / HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

    Links to Exploits(if available)

  • You may have missed

    hackerone

    HackerOne Bug Bounty Disclosure: user-can-copy-locked-folders-and-gain-access-to-the-contents-maccs

    November 16, 2024
    image

    [BLACKSUIT] – Ransomware Victim: brandywinecoachworks[.]com

    November 16, 2024
    image

    [BLACKSUIT] – Ransomware Victim: kapurinc[.]com

    November 16, 2024
    image

    [RHYSIDA] – Ransomware Victim: American Addiction Centers

    November 16, 2024
    image

    [LYNX] – Ransomware Victim: Grupo_Trisan

    November 16, 2024