SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   unarj Vendors:   Jung, Robert K.
unarj Input Validation Bug May Let Remote Users Create Files on the Target User's System
SecurityTracker Alert ID:  1011610
SecurityTracker URL:  http://securitytracker.com/id/1011610
CVE Reference:   CVE-2004-1027   (Links to External Site)
Updated:  Nov 17 2004
Original Entry Date:  Oct 11 2004
Impact:   Modification of system information, Modification of user information
Exploit Included:  Yes  
Version(s): 2.65; possibly other versions
Description:   An input validation vulnerability was reported in unarj. A remote user can create a malicious archive that, when expanded by a target user, will write arbitrary files on the target user's system.

doubles reported that a remote user can create a specially crafted archive that contains files with the '../' directory traversal characters in the path. When the target user expands the archive using the unarj 'x' command parameter, files on the target user's system may be created or potentially overwritten with the privileges of the target user.

From testing on version 2.43, it appears that files can be created using directory traversal characters but not overwritten.

Impact:   A remote user can create an archive that, when expanded by the target user, will create files on the target user's system with the privileges of the target user.

[Editor's note: It is not clear whether this flaw allows file overwriting. Some users claim so, others dispute the claim. Our testing of version 2.43 showed that only file creation was possible with that particular version.]

Solution:   No solution was available at the time of this entry.
Cause:   Access control error, Input validation error
Underlying OS:  Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Nov 12 2004 (Fedora Issues Fix for FC2) unarj Input Validation Bug May Let Remote Users Create/Overwrite Files on the Target User's System
Fedora has released a fix for Fedora Core 2.
Nov 19 2004 (Gentoo Issues Fix) unarj Input Validation Bug May Let Remote Users Create Files on the Target User's System
Gentoo has released a fix.
Jan 13 2005 (Red Hat Issues Fix) unarj Input Validation Bug May Let Remote Users Create Files on the Target User's System
Red Hat has released a fix.
Jan 21 2005 (Debian Issues Fix) unarj Input Validation Bug May Let Remote Users Create Files on the Target User's System
Debian has released a fix.



 Source Message Contents

Subject:  [Full-Disclosure] unarj dir-transversal bug (../../../..)


yyoo  wwaassssuupppp????????????????  ddoouubblleess  iiss  hheerree
 ttoo
rroocckk  ddaa  hhoouussee  nndd  ttoo  tthhrrooww  uunnaarrjj  ddiirr-
-
ttrraannssvveerrssaall  bbuugg  iinn  yyaarr  ffaaccee!!  ''''uunnaarrjj
ee''''  uunnppaacckkss  aallll  ddaa  sshhiitt  ttoo  ddaa  ccuurrrreenntt
ddiirr  ''''uunnaarrjj  xx''''  uunnppaacckkss  ttoo  mmaannyy  ddiirrss
 nndd
iitt  aaiinntt  ggoonnnnaa  cczzeecchh  iiff  yyoouu  hhaavvee  ddaa
 eevviill
''''....//....//....//....//....//....''''  sshhiitt  iinn  ddaa  ppaatthh!!
ddoouubblleess




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC