CVE-2001-1269

Name of the Vulnerable Software and Affected Versions tar versions prior to 1.13.25 UnZip versions 5.42 and earlier

Description The issue concerns the potential for disruption of protected information integrity due to multiple vulnerabilities in the tar package of Red Hat Linux and a vulnerability in Info-ZIP UnZip. The UnZip vulnerability allows attackers to overwrite arbitrary files during archive extraction by using filenames in the archive that begin with the '/' character. Exploitation of these vulnerabilities can be done remotely.

Recommendations For tar versions prior to 1.13.25, update to a version that contains a fix for this issue. For UnZip versions 5.42 and earlier, avoid using the software to extract archives from untrusted sources until a fixed version is available. As a temporary workaround, consider restricting the use of UnZip to minimize the risk of exploitation.