Winace UnAce ACE Archive Remote Directory Traversal Vulnerability
BID:12628
Info
Winace UnAce ACE Archive Remote Directory Traversal Vulnerability
| Bugtraq ID: | 12628 |
| Class: | Input Validation Error |
| CVE: |
CVE-2005-0161 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2005 12:00AM |
| Updated: | May 17 2007 09:58PM |
| Credit: | Ulf Harnhammar is credited with the discovery of this issue. |
| Vulnerable: |
Winace UnAce 1.2 b Winace UnAce 1.1 Winace UnAce 1.0 SuSE SUSE Linux Enterprise Server 8 SuSE Linux Enterprise Server 9 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server for S/390 9.0 Pardus Linux 2007.1 Gentoo Linux Christian Ghisler Total Commander 0 |
| Not Vulnerable: |
Christian Ghisler Total Commander 6.54a |
Discussion
Winace UnAce ACE Archive Remote Directory Traversal Vulnerability
A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE format archives.
An attacker may leverage this issue by distributing malicious ACE archives to unsuspecting users. This issue will allow an attacker to write files to arbitrary locations on the filesystem with the privileges of an unsuspecting user that extracts the malicious ACE archive.
A remotely exploitable client-side directory-traversal vulnerability affects Winace unace. The application fails to properly sanitize file and directory names contained within malicious ACE format archives.
An attacker may leverage this issue by distributing malicious ACE archives to unsuspecting users. This issue will allow an attacker to write files to arbitrary locations on the filesystem with the privileges of an unsuspecting user that extracts the malicious ACE archive.
Exploit / POC
Winace UnAce ACE Archive Remote Directory Traversal Vulnerability
No exploit is required to leverage this issue. The following proof-of-concept examples have been made available. The referenced ZIP file contains two ACE format archives designed to test for the vulnerability. Note that Symantec has not verified the included ACE files.
No exploit is required to leverage this issue. The following proof-of-concept examples have been made available. The referenced ZIP file contains two ACE format archives designed to test for the vulnerability. Note that Symantec has not verified the included ACE files.
Solution / Fix
Winace UnAce ACE Archive Remote Directory Traversal Vulnerability
Solution:
Please see the referenced vendor advisories for more information.
Total Commander contains the affected RAR library. A new version has been released to address various issues. The latest version of Total Commander can be downloaded from:
http://www.ghisler.com/download.htm
Solution:
Please see the referenced vendor advisories for more information.
Total Commander contains the affected RAR library. A new version has been released to address various issues. The latest version of Total Commander can be downloaded from:
http://www.ghisler.com/download.htm
References
Winace UnAce ACE Archive Remote Directory Traversal Vulnerability
References:
References:
- Total Commander Home Page (Christian Ghisler)
- UnAce Homepage (Winace)