SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   unzoo Vendors:   Schoenert, Martin
unzoo Input Validation Flaw Lets Remote Users Create/Overwrite Files on the Target User's System
SecurityTracker Alert ID:  1011673
SecurityTracker URL:  http://securitytracker.com/id/1011673
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 14 2004
Impact:   Modification of system information, Modification of user information

Version(s): 4.4
Description:   An input validation vulnerability was reported in unzoo. A remote user can cause files to be overwritten when an archive is expanded.

doubles reported that a remote user can create a specially crafted archive that, when expanded by the target user, will create or overwrite files in arbitrary locations with the privileges of the target user.

Impact:   A remote user can cause files in arbitrary locations to be created or overwritten with the privileges of the target user when an archive is expanded.
Solution:   No solution was available at the time of this entry.
Cause:   Access control error, Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-Disclosure] unzoo 4.4 directory travels


ddaa  sseeccuurriittyy  ccoonnssuullttaannttee  ''''ddoouubblleess''''
aauuddiitttteedd  mmaannyy  mmoorree  aarrcchhiivveess  ssiinnssee
llaasstt  ttiimmee!!
uunnzzoooo  44..44  hhaavvee  ddiirreeccttoorryy  ttrraavveerrssaall
 bbuugg
ttoo!!  bbwwaahhaahhaahhaahh!!
ggiivvee  mmee  mmaannyy  sseeccuurriittyy  jjoobb  ooffffeerrss!!
oonnllyy  rriicchh  sseeccuurriittyy  ccoommppaannyyss  wwiitthh  oowwnn
sswwiimmiinnggppoooollss  ppllzz!!

ddoouubblleess




Concerned about your privacy? Follow this link to get
secure FREE email: http://www.hushmail.com/?l=2

Free, ultra-private instant messaging with Hush Messenger
http://www.hushmail.com/services-messenger?l=434

Promote security and make money with the Hushmail Affiliate Program: 
http://www.hushmail.com/about-affiliate?l=427

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC