unzoo Input Validation Flaw Lets Remote Users Create/Overwrite Files on the Target User's System - SecurityTracker

	Keep Track of the Latest Vulnerabilities with SecurityTracker!

Home | View Topics | Search | Contact Us |

SecurityTracker
Archives

Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary

Instant Alerts

Buy our Premium Vulnerability Notification Service to receive customized, instant alerts

Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!

Become a Partner and License Our Database or Notification Service

Report a Bug

Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com

Category: Application (Generic) > unzoo

Vendors: Schoenert, Martin

unzoo Input Validation Flaw Lets Remote Users Create/Overwrite Files on the Target User's System

SecurityTracker Alert ID: 1011673

SecurityTracker URL: http://securitytracker.com/id/1011673

CVE Reference: GENERIC-MAP-NOMATCH (Links to External Site)

Date: Oct 14 2004

Impact: Modification of system information, Modification of user information

Version(s): 4.4

Description: An input validation vulnerability was reported in unzoo. A remote user can cause files to be overwritten when an archive is expanded.

doubles reported that a remote user can create a specially crafted archive that, when expanded by the target user, will create or overwrite files in arbitrary locations with the privileges of the target user.

Impact: A remote user can cause files in arbitrary locations to be created or overwritten with the privileges of the target user when an archive is expanded.

Solution: No solution was available at the time of this entry.

Cause: Access control error, Input validation error

Underlying OS: Linux (Any), UNIX (Any)

Message History: None.

Source Message Contents

Date: Wed, 13 Oct 2004 13:29:53 -0700
Subject: [Full-Disclosure] unzoo 4.4 directory travels


ddaa  sseeccuurriittyy  ccoonnssuullttaannttee  ''''ddoouubblleess''''
aauuddiitttteedd  mmaannyy  mmoorree  aarrcchhiivveess  ssiinnssee
llaasstt  ttiimmee!!
uunnzzoooo  44..44  hhaavvee  ddiirreeccttoorryy  ttrraavveerrssaall
 bbuugg
ttoo!!  bbwwaahhaahhaahhaahh!!
ggiivvee  mmee  mmaannyy  sseeccuurriittyy  jjoobb  ooffffeerrss!!
oonnllyy  rriicchh  sseeccuurriittyy  ccoommppaannyyss  wwiitthh  oowwnn
sswwiimmiinnggppoooollss  ppllzz!!

ddoouubblleess




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Go to the Top of This SecurityTracker Archive Page

Home | View Topics | Search | Contact Us
Copyright 2013, SecurityGlobal.net LLC