SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |    Help    |   

SecurityTracker
Archives


Welcome to SecurityTracker!
 
Click to Sign Up
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com
Sign Up!





Category:  Application (Generic)  >  unzoo Vendors:  Schoenert, Martin
unzoo Input Validation Flaw Lets Remote Users Create/Overwrite Files on the Target User's System
SecurityTracker Alert ID:  1011673
SecurityTracker URL:  http://securitytracker.com/id?1011673
CVE Reference:  GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 14 2004
Impact:  Modification of system information, Modification of user information
Version(s): 4.4
Description:  An input validation vulnerability was reported in unzoo. A remote user can cause files to be overwritten when an archive is expanded.

doubles reported that a remote user can create a specially crafted archive that, when expanded by the target user, will create or overwrite files in arbitrary locations with the privileges of the target user.
Impact:  A remote user can cause files in arbitrary locations to be created or overwritten with the privileges of the target user when an archive is expanded.
Solution:  No solution was available at the time of this entry.
Cause:  Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)
Reported By:  <doubles@hush.com>
Message History:   None.

 Source Message Contents
Date:  Wed, 13 Oct 2004 13:29:53 -0700
From:  <doubles@hush.com>
Subject:  [Full-Disclosure] unzoo 4.4 directory travels

 

ddaa  sseeccuurriittyy  ccoonnssuullttaannttee  ''''ddoouubblleess''''
aauuddiitttteedd  mmaannyy  mmoorree  aarrcchhiivveess  ssiinnssee
llaasstt  ttiimmee!!
uunnzzoooo  44..44  hhaavvee  ddiirreeccttoorryy  ttrraavveerrssaall
 bbuugg
ttoo!!  bbwwaahhaahhaahhaahh!!
ggiivvee  mmee  mmaannyy  sseeccuurriittyy  jjoobb  ooffffeerrss!!
oonnllyy  rriicchh  sseeccuurriittyy  ccoommppaannyyss  wwiitthh  oowwnn
sswwiimmiinnggppoooollss  ppllzz!!

ddoouubblleess




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us   |    Help

Copyright 2004, SecurityGlobal.net LLC