CVE-2005-2541
CVE Details
Visit the official vulnerability details page for CVE-2005-2541 to learn more.
Initial Publication
08/18/2025
Last Update
09/17/2025
Third Party Dependency
tar
NIST CVE Summary
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges.
CVE Severity
Our Official Summary
This is a privilege escalation vulnerability in GNU Tar version 1.15.1 where the utility does not properly warn users when extracting setuid or setgid files from archives. This behavior may allow local users or remote attackers to gain elevated privileges by tricking users into extracting specially crafted tar archives containing files with elevated permission bits set.
The vulnerability affects a couple of containers packaging kubectl across both Vertex and Palette products spanning versions from 4.4.20 through 4.7.16. However, this is a legacy vulnerability from 2005 affecting a very old version of tar (1.15.1) that has been extensively documented and mitigated in modern systems through updated tar versions and container security practices.
The risk of exploitation is considered very low in containerized environments, as containers typically run with restricted privileges, limited file system access, and do not allow setuid/setgid execution. Additionally, tar operations in production environments are generally automated and do not involve extracting untrusted archives. The impact if compromised is considered low due to container isolation and privilege restrictions that prevent effective privilege escalation.
Upstream patches addressing this issue will be adopted as and when they become available.
Status
Ongoing
Affected Products & Versions
| Version | Palette Enterprise | Palette Enterprise Airgap | VerteX | VerteX Airgap |
|---|---|---|---|---|
| 4.7.16 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ⚠️ Impacted |
| 4.6.41 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.5.22 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
| 4.4.20 | ⚠️ Impacted | ✅ No Impact | ⚠️ Impacted | ✅ No Impact |
Revision History
| Date | Revision |
|---|---|
| 09/17/2025 | Status changed from Open to Ongoing |
| 09/17/2025 | Official summary added |