Home    |    View Topics    |    Search    |    Contact Us    |   



Category:   Application (Generic)  >   unzoo Vendors:   Schoenert, Martin
unzoo Input Validation Flaw Lets Remote Users Create/Overwrite Files on the Target User's System
SecurityTracker Alert ID:  1011673
SecurityTracker URL:
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 14 2004
Impact:   Modification of system information, Modification of user information

Version(s): 4.4
Description:   An input validation vulnerability was reported in unzoo. A remote user can cause files to be overwritten when an archive is expanded.

doubles reported that a remote user can create a specially crafted archive that, when expanded by the target user, will create or overwrite files in arbitrary locations with the privileges of the target user.

Impact:   A remote user can cause files in arbitrary locations to be created or overwritten with the privileges of the target user when an archive is expanded.
Solution:   No solution was available at the time of this entry.
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.

 Source Message Contents

Subject:  [Full-Disclosure] unzoo 4.4 directory travels

ddaa  sseeccuurriittyy  ccoonnssuullttaannttee  ''''ddoouubblleess''''
aauuddiitttteedd  mmaannyy  mmoorree  aarrcchhiivveess  ssiinnssee
llaasstt  ttiimmee!!
uunnzzoooo  44..44  hhaavvee  ddiirreeccttoorryy  ttrraavveerrssaall
ttoo!!  bbwwaahhaahhaahhaahh!!
ggiivvee  mmee  mmaannyy  sseeccuurriittyy  jjoobb  ooffffeerrss!!
oonnllyy  rriicchh  sseeccuurriittyy  ccoommppaannyyss  wwiitthh  oowwnn
sswwiimmiinnggppoooollss  ppllzz!!


Concerned about your privacy? Follow this link to get
secure FREE email:

Free, ultra-private instant messaging with Hush Messenger

Promote security and make money with the Hushmail Affiliate Program:

Full-Disclosure - We believe in it.


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, LLC