CVE-2001-1268

Name of the Vulnerable Software and Affected Versions tar versions prior to 1.13.25 UnZip versions 5.42 and earlier

Description The issue concerns multiple vulnerabilities in the tar package and a directory traversal vulnerability in Info-ZIP UnZip. These vulnerabilities can be exploited remotely, potentially leading to the integrity of protected information being compromised. The directory traversal vulnerability in UnZip allows attackers to overwrite arbitrary files during archive extraction by using a .. (dot dot) in an extracted filename.

Recommendations For tar versions prior to 1.13.25, update to a version that contains a fix for this issue. For UnZip versions 5.42 and earlier, consider disabling the archive extraction feature until a patch is available, or restrict access to the archive extraction functionality to minimize the risk of exploitation.