Mondoo Vulnerability Intelligence

Curated by Mondoo Research, enhanced with AI

Resources

Search Vulnerabilities
Trending CVEs
Browse Ecosystems
Terminology
Blog

Open Source

cnquery
cnspec

Star us on GitHub!

Company

Mondoo Platform
About
Contact

Vulnerability Intelligence

Customers

Vulnerability IntelligenceCVE-2011-5325

CVE-2011-5325

HIGH7.5

Directory traversal vulnerability in the BusyBox implementation of tar before 1

Published Aug 7, 2017

Modified 1 years ago

Details

Directory traversal vulnerability in the BusyBox implementation of tar before 1.22.0 v5 allows remote attackers to point to files outside the current working directory via a symlink.

References

WEB

http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html

WEB

http://seclists.org/fulldisclosure/2019/Jun/18

WEB

http://seclists.org/fulldisclosure/2020/Aug/20

WEB

http://www.openwall.com/lists/oss-security/2015/10/21/7

WEB

https://bugzilla.redhat.com/show_bug.cgi?id=1274215

WEB

https://lists.debian.org/debian-lts-announce/2018/07/msg00037.html

WEB

https://lists.debian.org/debian-lts-announce/2021/02/msg00020.html

WEB

https://seclists.org/bugtraq/2019/Jun/14

ADVISORY

https://usn.ubuntu.com/3935-1/

ADVISORY

https://www.cve.org/CVERecord?id=CVE-2011-5325

CVSS Analysis

CVSS v3.1

7.5

Exploitability

Attack Vector

NetworkAV:N

Attack Complexity

LowAC:L

Privileges Required

NonePR:N

User Interaction

NoneUI:N

Scope

UnchangedS:U

Impact

Confidentiality

NoneC:N

Integrity

HighI:H

Availability

NoneA:N

7.5/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Ecosystems

Timeline

PublishedAug 7, 2017

ModifiedAug 7, 2024

CVE-2011-5325 | Mondoo Vulnerability Intelligence