Computer Security

Directory traversal and absolute path in multiple archivers
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Directory traversal and absolute path in multiple archivers
updated since 11.07.2001
Published:27.08.2007
Source:3APA3A
SecurityVulns ID:1320
Type:client
Level:5/10
Description:Directory traversal and absolute path allow to overwrite any file during archive extraction.
Affected:GNU : tar 1.13
 INFOZIP : UnZip 5.42
 RARSOFT : rar 2.02
 PKWARE : pkzip 4.00
 SUN : JDK 1.4
 GNU : cpio 2.5
 WINZIP : WinZip 8.1
 PKWARE : PKZip 5.00
 ALADDIN : ZipMagic 4.0
 RARSOFT : WinRAR 3.00
 SPEEDPROJECT : Squeez 4.0
 SPEEDPROJECT : Squeez 4.1
 SPEEDPROJECT : SpeedCommander 8.1
 SPEEDPROJECT : SpeedCommander 9.0
 GAMESPY : Arcade
 STAR : star 1.5
 MICROSOFT : CabArc
 UNZOO : unzoo 4.4
 CABEXTRACT : cabextract 0.2
 ZIPGENIUS : ZipGenius 5.5
 RARSOFT : WinRAR 3.42
 UNACE : unace 1.2
 SUN : JDK 1.5
 DZIP : dzip 2.9
 SPEEDCOMMANDER : SpeedCommander 11.0
 TUGZIP : TUGZip 3.4
 PEAR : Archive_Tar 1.2
 WINACE : WinAce 2.6
 STUFFIT : StuffIt 9.0
 STUFFIT : ZipMagic 9.0
 ZIPSTAR : ZipStar 5.1
 SQUEEZ : Squeez 5.1
 UNALZ : unalz 0.53
 WINHKI : WinHKI 1.6
 KGB Archiver 1.1
 BITZIPPER : BitZipper 4.1
 MIMARSINAN : CompreXX 4.1
 ARCHIVEXPERT : ArchiveXpert 2.02
 ACUBIX : PicoZip 4.02
CVE:CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.)
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.)
 CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.)
 CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.)
 CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file.)
 CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.)
 CVE-2001-1267 (Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).)
Original documentdocumentRPATH, rPSA-2007-0172-1 tar (27.08.2007)
 documenth e, BitZipper Archive Extraction Directory traversal (23.05.2006)
 documenth e, TUGZip Archive Extraction Directory traversal (10.04.2006)
 documentSECUNIA, [SA19511] KGB Archiver Directory Traversal Vulnerability (04.04.2006)
 documentSECUNIA, [SA19296] WinHKI Multiple Archive Directory Traversal Vulnerability (20.03.2006)
 documentSECUNIA, Secunia Research: unalz Filename Handling Directory Traversal Vulnerability (13.03.2006)
 documenth e, SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal (25.02.2006)
 documenth e, StuffIt and ZipMagic Family of products Directory traversal (25.02.2006)
 documenth e, WinAce Archiver v2.6 Directory traversal (25.02.2006)
 documenth e, Archive_Tar v 1.2(Tested) (Tar file management class) Directory traversal (25.02.2006)
 documentSUN, [SA14902] Sun Java JDK/SDK Jar Directory Traversal Vulnerability (11.04.2005)
 documentHärnhammar, Ulf, [Full-Disclosure] unace-1.2b multiple buffer overflows and directory traversal bugs (24.02.2005)
 documentRipe, 7a69Adv#21 - WinRAR unpack one-folder path disclosure (04.02.2005)
 documentRipe, 7a69Adv#19 - ZipGenius unpack path disclosure (04.02.2005)
 documentDEBIAN, [SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal (30.10.2004)
 documentdoubles_(at)_hush.com, [Full-Disclosure] unzoo 4.4 directory travels (14.10.2004)
 documentjelmer, Microsoft cabarc directory traversal (13.10.2004)
 documentdoubles_(at)_hush.com, [Full-Disclosure] unarj dir-transversal bug (../../../..) (11.10.2004)
 documentMike Kristovich, GameSpy Arcade Arbitrary File Writing Vulnerability (31.07.2003)
 documentFlorian Schafferhans, Directory traversal vulnerabilities in several archivers processing .tar (17.12.2002)
 document3APA3A, SECURITY.NNOV: directory traversal and path globbing in multiple archivers (11.07.2001)
Files:RAR directory traversal demo
 ZIP directory traversal demo
 another one ZIP directory traversal demo
 TAR directory traversal demo
 another one TAR directory traversal demo
 yet another one TAR directory traversal demo
 Multiple archivers directory traversal and path globbing
 tar-1.13.19 directory traversal patch
 unzip-5.42 directory traversal patch
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server