What is CVE-2005-2541?

CVE-2005-2541 is a vulnerability in Gnu Tar. Published 2005-08-10.

Is CVE-2005-2541 known to be exploited?

33 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Gnu Tar

CVE-2005-2541

Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.

EPSS: 0.040 (89.2th percentile) — read the EPSS interpretation.

Affected products

Gnu Tar — versions 1.15.1
N/a — versions n/a

Public proof-of-concept exploits

ARPSyndicate/cvemon
CodingSimia/jenkins-shiftleft
Dalifo/wik-dvs-tp02
Dariani223/DevOpsFinal
Giovanni26101982/Grupo4_
GoogleCloudPlatform/aactl
GrigGM/05-virt-04-docker-hw
Myash-New/05-virt-04-docker-in-practice
Oscar112248/Grupo4_
PajakAlexandre/wik-dps-tp02

References

cve@mitre.org (mailing-list, x_refsource_BUGTRAQ)
cve@mitre.org (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2005-2541?: CVE-2005-2541 is a vulnerability in Gnu Tar. Published 2005-08-10.
Is CVE-2005-2541 known to be exploited?: 33 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.