CVE-2005-2541

Description

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

How to fix CVE-2005-2541

No fixed version has been published yet. Mitigate by removing the affected package or applying upstream guidance from the references below.

• Debian/tar—no fix listed

Is CVE-2005-2541 being exploited?

Low — EPSS is 3.8%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2005-2541