TUGZip Remote Directory Traversal Vulnerability
BID:17432
Info
TUGZip Remote Directory Traversal Vulnerability
| Bugtraq ID: | 17432 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 10 2006 12:00AM |
| Updated: | Apr 11 2006 05:42PM |
| Credit: | Hamid Ebadi and Claus Berghammer are credited with the discovery of this vulnerability. |
| Vulnerable: |
TUGZip TUGZip 3.4 TUGZip TUGZip 3.3 TUGZip TUGZip 3.1 .2 |
| Not Vulnerable: | |
Discussion
TUGZip Remote Directory Traversal Vulnerability
Reportedly, an attacker can carry out attacks similar to directory traversals. These issues present themselves when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploitation may aid in further attacks.
Reportedly, an attacker can carry out attacks similar to directory traversals. These issues present themselves when the application processes malicious archives.
A successful attack can allow the attacker to place potentially malicious files and overwrite files on a computer in the context of the user running the affected application. Successful exploitation may aid in further attacks.
Exploit / POC
TUGZip Remote Directory Traversal Vulnerability
This issue can be exploited by creating a malicious archive file that includes files with directory traversal strings ('../') in the names.
This issue can be exploited by creating a malicious archive file that includes files with directory traversal strings ('../') in the names.
Solution / Fix
TUGZip Remote Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]
References
TUGZip Remote Directory Traversal Vulnerability
References:
References:
- TUGZip Archive Extraction Directory traversal (Hamid Ebadi)
- TUGZip Home Page (TUGZip)