Unalz Hostile Destination Path Vulnerability
BID:17105
Info
Unalz Hostile Destination Path Vulnerability
| Bugtraq ID: | 17105 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-0950 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 14 2006 12:00AM |
| Updated: | Mar 16 2006 09:45AM |
| Credit: | Tan Chew Keong is credited with the discovery of this vulnerability. |
| Vulnerable: |
www.kipple.pe.kr unalz 0.53 |
| Not Vulnerable: |
www.kipple.pe.kr unalz 0.55 |
Discussion
Unalz Hostile Destination Path Vulnerability
The 'unalz' tool contains a vulnerability in the handling of pathnames for archived files.
By specifying a path for an archived item that points outside the expected destination directory, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem, possibly including paths containing system binaries and other sensitive or confidential information.
Presumably, an attacker could use this to create or overwrite binaries in any desired location, using the privileges of the invoking user.
Version 0.53 is vulnerable; other versions may also be affected.
The 'unalz' tool contains a vulnerability in the handling of pathnames for archived files.
By specifying a path for an archived item that points outside the expected destination directory, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem, possibly including paths containing system binaries and other sensitive or confidential information.
Presumably, an attacker could use this to create or overwrite binaries in any desired location, using the privileges of the invoking user.
Version 0.53 is vulnerable; other versions may also be affected.
Exploit / POC
Unalz Hostile Destination Path Vulnerability
An exploit is not required.
An exploit is not required.
Solution / Fix
Unalz Hostile Destination Path Vulnerability
Solution:
The vendor has released version 0.55 to address this issue.
www.kipple.pe.kr unalz 0.53
Solution:
The vendor has released version 0.55 to address this issue.
www.kipple.pe.kr unalz 0.53
-
www.kipple.pe.kr unalz-0.55.tgz
http://www.kipple.pe.kr/win/unalz/unalz-0.55.tgz
References
Unalz Hostile Destination Path Vulnerability
References:
References:
- unalz Filename Handling Directory Traversal Vulnerability (Secunia)
- unalz Web Site (www.kipple.pe.kr)