Computer Security
[EN] securityvulns.ru no-pyccku


Directory traversal and absolute path in multiple archivers
updated since 11.07.2001
Published:27.08.2007
Source:
SecurityVulns ID:1320
Type:client
Threat Level:
5/10
Description:Directory traversal and absolute path allow to overwrite any file during archive extraction.
Affected:GNU : tar 1.13
 INFOZIP : UnZip 5.42
 RARSOFT : rar 2.02
 PKWARE : pkzip 4.00
 SUN : JDK 1.4
 GNU : cpio 2.5
 WINZIP : WinZip 8.1
 PKWARE : PKZip 5.00
 ALADDIN : ZipMagic 4.0
 RARSOFT : WinRAR 3.00
 SPEEDPROJECT : Squeez 4.0
 SPEEDPROJECT : Squeez 4.1
 SPEEDPROJECT : SpeedCommander 8.1
 SPEEDPROJECT : SpeedCommander 9.0
 GAMESPY : Arcade
 STAR : star 1.5
 MICROSOFT : CabArc
 UNZOO : unzoo 4.4
 CABEXTRACT : cabextract 0.2
 ZIPGENIUS : ZipGenius 5.5
 RARSOFT : WinRAR 3.42
 UNACE : UNACE 1.2
 SUN : JDK 1.5
 DZIP : dzip 2.9
 SPEEDCOMMANDER : SpeedCommander 11.0
 TUGZIP : TUGZip 3.4
 PEAR : Archive_Tar 1.2
 WINACE : WinAce 2.6
 STUFFIT : StuffIt 9.0
 STUFFIT : ZipMagic 9.0
 ZIPSTAR : ZipStar 5.1
 SQUEEZ : Squeez 5.1
 UNALZ : unalz 0.53
 WINHKI : WinHKI 1.6
 KGB Archiver 1.1
 BITZIPPER : BitZipper 4.1
 MIMARSINAN : CompreXX 4.1
 ARCHIVEXPERT : ArchiveXpert 2.02
 ACUBIX : PicoZip 4.02
CVE:CVE-2007-4134 (Directory traversal vulnerability in extract.c in star before 1.5a84 allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.)
 CVE-2007-4131 (Directory traversal vulnerability in the contains_dot_dot function in src/names.c in GNU tar allows user-assisted remote attackers to overwrite arbitrary files via certain //.. (slash slash dot dot) sequences in directory symlinks in a TAR archive.)
 CVE-2007-2058 (Directory traversal vulnerability in Acubix PicoZip 4.02 allows user-assisted remote attackers to overwrite arbitrary files via a .. (dot dot) sequence in the file path in an (1) GZ, (2) TAR, (3) RAR, (4) JAR, or (5) ZIP archive.)
 CVE-2007-2012 (Multiple directory traversal vulnerabilities in MimarSinan CompreXX 4.1 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .rar, (2) .jar or (3) .zip archive.)
 CVE-2007-1954 (Multiple directory traversal vulnerabilities in ArchiveXpert 2.02 build 80 allow remote attackers to create files in arbitrary directories via a .. (dot dot) in a (1) .gz, (2) .jar, (3) .rar, (4) .tar.gz, (5) .zip, or (6) .tar file.)
 CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, and possibly later versions, allows attackers to overwrite arbitrary files during archive extraction via a (1) "/.." or (2) "./.." string, which removes the leading slash but leaves the "..", a variant of CVE-2001-1267.)
 CVE-2001-1267 (Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).)
Original documentdocumentRPATH, rPSA-2007-0172-1 tar (27.08.2007)
 documenth e, BitZipper Archive Extraction Directory traversal (23.05.2006)
 documenth e, TUGZip Archive Extraction Directory traversal (10.04.2006)
 documentSECUNIA, [SA19511] KGB Archiver Directory Traversal Vulnerability (04.04.2006)
 documentSECUNIA, [SA19296] WinHKI Multiple Archive Directory Traversal Vulnerability (20.03.2006)
 documentSECUNIA, Secunia Research: unalz Filename Handling Directory Traversal Vulnerability (13.03.2006)
 documenth e, SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1 Directory traversal (25.02.2006)
 documenth e, StuffIt and ZipMagic Family of products Directory traversal (25.02.2006)
 documenth e, WinAce Archiver v2.6 Directory traversal (25.02.2006)
 documenth e, Archive_Tar v 1.2(Tested) (Tar file management class) Directory traversal (25.02.2006)
 documentSUN, [SA14902] Sun Java JDK/SDK Jar Directory Traversal Vulnerability (11.04.2005)
 documentHärnhammar, Ulf, [Full-Disclosure] unace-1.2b multiple buffer overflows and directory traversal bugs (24.02.2005)
 documentRipe, 7a69Adv#21 - WinRAR unpack one-folder path disclosure (04.02.2005)
 documentRipe, 7a69Adv#19 - ZipGenius unpack path disclosure (04.02.2005)
 documentDEBIAN, [SECURITY] [DSA 574-1] New cabextract packages fix unintended directory traversal (30.10.2004)
 documentdoubles_(at)_hush.com, [Full-Disclosure] unzoo 4.4 directory travels (14.10.2004)
 documentjelmer, Microsoft cabarc directory traversal (13.10.2004)
 documentdoubles_(at)_hush.com, [Full-Disclosure] unarj dir-transversal bug (../../../..) (11.10.2004)
 documentMike Kristovich, GameSpy Arcade Arbitrary File Writing Vulnerability (31.07.2003)
 documentFlorian Schafferhans, Directory traversal vulnerabilities in several archivers processing .tar (17.12.2002)
 document3APA3A, SECURITY.NNOV: directory traversal and path globbing in multiple archivers (11.07.2001)
Files:TAR directory traversal demo
 another one TAR directory traversal demo
 yet another one TAR directory traversal demo
 RAR directory traversal demo
 ZIP directory traversal demo
 another one ZIP directory traversal demo
 Multiple archivers directory traversal and path globbing
 tar-1.13.19 directory traversal patch
 unzip-5.42 directory traversal patch

clamav-milter shell characters vulnerability
Published:27.08.2007
Source:
SecurityVulns ID:8092
Type:remote
Threat Level:
7/10
Description:Insecure popen() call with user-controlled value.
Affected:CLAMAV : ClamAV 0.91
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory (27.08.2007)
Files:Sendmail w/ clamav-milter Remote Root Exploit

Sophos Antivirus multiple security vulnerabilities
Published:27.08.2007
Source:
SecurityVulns ID:8093
Type:remote
Threat Level:
6/10
Description:Infinite loop on bzip parsing, integer overflow on UPX parsing.
Affected:SOPHOS : Sophos Anti-virus 2.47
Original documentdocumentsecurity_(at)_nruns.com, n.runs-SA-2007.026 - Sophos Antivirus BZip parsing Infinite Loop Advisory (27.08.2007)
 documentsecurity_(at)_nruns.com, n.runs-SA-2007.027 - Sophos Antivirus UPX parsing Arbitrary CodeExecution Advisory (27.08.2007)

BufferZone buffer overflow
Published:27.08.2007
Source:
SecurityVulns ID:8096
Type:local
Threat Level:
5/10
Description:Buffer overflow on FsSetVolumeInformation IOCTL.
Affected:BUFFERZONE : BufferZone 2.5
Original documentdocumentseppi_(at)_seppig.de, Security vulnerability in BufferZone 2.5 (27.08.2007)

SIDVault multiple security vulnerabilities
Published:27.08.2007
Source:
SecurityVulns ID:8098
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows in LDAP server authentication.
Affected:SIDVAULT : SIDVault 2.0
Original documentdocumentJose Antonio, SIDVault LDAP Server Remote Buffer Overflow (27.08.2007)
Files:Alpha Centauri Software SIDVault LDAP Server remote root exploit (0days)

VMWare multiple security vulnerabilities
updated since 27.08.2007
Published:31.08.2007
Source:
SecurityVulns ID:8097
Type:local
Threat Level:
5/10
Description:Multiple vulnerabilities allow unprivileged user of host system to control guest systems.
Affected:VMWARE : VMWare Workstation 6.0
 VMWARE : VMWare Player 2.0
Original documentdocumentVMWARE, VMware poor guest isolation design (31.08.2007)
 documentM. Burnett, VMWare poor guest isolation design (27.08.2007)
 documentM. Burnett, More on VMWare poor guest isolation design (27.08.2007)
 documentseppi_(at)_seppig.de, security vulnerability in VMware (27.08.2007)

Asterisk malformed MIME boundary multiple buffer overflows and DoS
updated since 27.08.2007
Published:12.10.2007
Source:
SecurityVulns ID:8094
Type:remote
Threat Level:
6/10
Description:Multiple buffer overflows and crash on malformed MIME boundary if IMAP storage is used for Voicemail.
Affected:DIGIUM : Asterisk 1.4
CVE:CVE-2007-4521 (Asterisk Open Source 1.4.5 through 1.4.11, when configured to use an IMAP voicemail storage backend, allows remote attackers to cause a denial of service via an e-mail with an "invalid/corrupted" MIME body, which triggers a crash when the recipient listens to voicemail.)
Original documentdocumentASTERISK, AST-2007-022: Buffer overflows in voicemail when using IMAP storage (12.10.2007)
 documentASTERISK, AST-2007-021: Crash from invalid/corrupted MIME bodies when using voicemail with IMAP storage (27.08.2007)

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod