CVE-2002-1425

NameCVE-2002-1425
DescriptionDirectory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-141
NVD severitymedium (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
mpack (PTS)wheezy, jessie1.6-8fixed
stretch1.6-8.1fixed
buster, sid1.6-8.2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
mpacksource(unstable)1.5-9medium
mpacksourcewoody1.5-7woody2mediumDSA-141

Search for package or bug name: Reporting problems