{
  "threat_severity" : "Moderate",
  "public_date" : "2005-08-04T00:00:00Z",
  "bugzilla" : {
    "description" : "tar: does not properly warn the user when extracting setuid or setgid files",
    "id" : "1974387",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1974387"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.0",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
    "status" : "draft"
  },
  "details" : [ "Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.", "A flaw was found in tar utility that can allow the root user to extract files with preserved setuid and setgid permissions without any warning. This behavior can lead to the creation of malicious setuid executables owned by root from a crafted tar file, posing significant security risks." ],
  "statement" : "Currently, there are no plans to change tar behaviour to strip setuid and setgid bits when extracting archives.\nThis vulnerability is considered moderate rather than important because the exploitation scenario requires specific conditions: the `tar` extraction must be performed by the root user, and the tarball itself must be crafted maliciously with setuid or setgid bits. In typical use cases, users do not routinely extract untrusted tar files as root, reducing the likelihood of exploitation. Additionally, non-root extractions do not preserve these bits unless explicitly requested with the `-p` option.",
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 10",
    "fix_state" : "Will not fix",
    "package_name" : "tar",
    "cpe" : "cpe:/o:redhat:enterprise_linux:10"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "tar",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Will not fix",
    "package_name" : "tar",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Will not fix",
    "package_name" : "tar",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Will not fix",
    "package_name" : "tar",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2005-2541\nhttps://nvd.nist.gov/vuln/detail/CVE-2005-2541" ],
  "name" : "CVE-2005-2541",
  "mitigation" : {
    "value" : "To mitigate the risks associated with this vulnerability, avoid extracting tar files as the root user, especially when dealing with untrusted sources. Instead, perform extractions as a non-root user or in a restricted environment. Use a dedicated, empty directory for extracting archives to prevent accidental exposure of sensitive files. After extraction, review the file permissions to check for unexpected setuid or setgid bits before granting access. When extraction as root is necessary, use the --no-same-permissions option to prevent preserving the setuid and setgid bits.",
    "lang" : "en:us"
  },
  "csaw" : false
}