Информационная безопасность
[RU] switch to English


Обратный путь в директориях во многих архиваторах (directory traversal)
дополнено с 11 июля 2001 г.
Опубликовано:27 августа 2007 г.
Источник:
SecurityVulns ID:1320
Тип:клиент
Уровень опасности:
5/10
Описание:Обратный путь позволяет записать файл по любому расположению при раскрытии архива.
Затронутые продукты:GNU : tar 1.13
 INFOZIP : UnZip 5.42
 RARSOFT : rar 2.02
 PKWARE : pkzip 4.00
 SUN : JDK 1.4
 GNU : cpio 2.5
 WINZIP : WinZip 8.1
 PKWARE : PKZip 5.00
 ALADDIN : ZipMagic 4.0
 RARSOFT : WinRAR 3.00
 SPEEDPROJECT : Squeez 4.0
 SPEEDPROJECT : Squeez 4.1
 SPEEDPROJECT : SpeedCommander 8.1
 SPEEDPROJECT : SpeedCommander 9.0
 GAMESPY : Arcade
 STAR : star 1.5
 MICROSOFT : CabArc
 UNZOO : unzoo 4.4
 CABEXTRACT : cabextract 0.2
 ZIPGENIUS : ZipGenius 5.5
 RARSOFT : WinRAR 3.42
 UNACE : UNACE 1.2
 SUN : JDK 1.5
 DZIP : dzip 2.9
 SPEEDCOMMANDER : SpeedCommander 11.0
 TUGZIP : TUGZip 3.4
 PEAR : Archive_Tar 1.2
 WINACE : WinAce 2.6
 STUFFIT : StuffIt 9.0
 STUFFIT : ZipMagic 9.0
 ZIPSTAR : ZipStar 5.1
 SQUEEZ : Squeez 5.1
 UNALZ : unalz 0.53
 WINHKI : WinHKI 1.6
 KGB Archiver 1.1
 BITZIPPER : BitZipper 4.1
 MIMARSINAN : CompreXX 4.1
 ARCHIVEXPERT : ArchiveXpert 2.02
 ACUBIX : PicoZip 4.02
CVE:CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.)
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.)
 CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.)
 CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.)
 CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file.)
 CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.)
 CVE-2001-1267 (Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).)
Оригинальный текстdocumentRPATH, rPSA-2007-0172-1 tar (27.08.2007)
 documenth e, BitZipper Archive Extraction Directory traversal (23.05.2006)
 documenth e, TUGZip Archive Extraction Directory traversal (10.04.2006)
 documentSECUNIA, [SA19511] KGB Archiver Directory Traversal Vulnerability (04.04.2006)
 documentSECUNIA, [SA19296] WinHKI Multiple Archive Directory Traversal Vulnerability (20.03.2006)
 documentSECUNIA, Secunia Research: unalz Filename Handling Directory Traversal Vulnerability (13.03.2006)
 documenth e, SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal (25.02.2006)
 documenth e, StuffIt and ZipMagic Family of products Directory traversal (25.02.2006)
 documenth e, WinAce Archiver v2.6 Directory traversal (25.02.2006)
 documenth e, Archive_Tar v 1.2(Tested) (Tar file management class) Directory traversal (25.02.2006)
 documentSUN, [SA14902] Sun Java JDK/SDK Jar Directory Traversal Vulnerability (11.04.2005)
 documentHärnhammar, Ulf, [Full-Disclosure] unace-1.2b multiple buffer overflows and directory traversal bugs (24.02.2005)
 documentRipe, 7a69Adv#21 - WinRAR unpack one-folder path disclosure (04.02.2005)
 documentRipe, 7a69Adv#19 - ZipGenius unpack path disclosure (04.02.2005)
 documentDEBIAN, [SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal (30.10.2004)
 documentdoubles_(at)_hush.com, [Full-Disclosure] unzoo 4.4 directory travels (14.10.2004)
 documentjelmer, Microsoft cabarc directory traversal (13.10.2004)
 documentdoubles_(at)_hush.com, [Full-Disclosure] unarj dir-transversal bug (../../../..) (11.10.2004)
 documentMike Kristovich, GameSpy Arcade Arbitrary File Writing Vulnerability (31.07.2003)
 documentFlorian Schafferhans, Directory traversal vulnerabilities in several archivers processing .tar (17.12.2002)
 document3APA3A, SECURITY.NNOV: directory traversal and path globbing in multiple archivers (11.07.2001)
Файлы:RAR directory traversal demo
 ZIP directory traversal demo
 another one ZIP directory traversal demo
 TAR directory traversal demo
 another one TAR directory traversal demo
 yet another one TAR directory traversal demo
 tar-1.13.19 directory traversal patch
 unzip-5.42 directory traversal patch
 Multiple archivers directory traversal and path globbing

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород