CVE-2002-1425

NameCVE-2002-1425
DescriptionDirectory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-141

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mpack (PTS)bullseye1.6-17fixed
bookworm, sid, trixie1.6-18fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mpacksourcewoody1.5-7woody2DSA-141
mpacksource(unstable)1.5-9
Search for package or bug name: Reporting problems