SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Generic)  >   Star Vendors:   Schilling, J.
Star '//' Pathname Validation Flaw Lets Remote Users Create/Ovewrite Files
SecurityTracker Alert ID:  1018646
SecurityTracker URL:  http://securitytracker.com/id/1018646
CVE Reference:   CVE-2007-4134   (Links to External Site)
Date:  Sep 4 2007
Impact:   Modification of system information, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): prior to 1.5a84
Description:   A vulnerability was reported in Star. A remote user can create or overwrite files on the target system.

The software does not properly validate user-supplied input in filenames. A remote user can create a specially crafted archive with filenames containing double dots and double slashes to cause files on the target system to be to created or overwritten when the archive is extracted.

The vulnerability resides in the has_dotdot() function in 'extract.c'. The function fails to detect the '../' string when the string contains double slashes (e.g., 'foo//..//bar').

Impact:   A remote user can view create or overwrite files on the target system.
Solution:   The vendor has issued a fixed alpha version (1.5a84), available at:

ftp://ftp.berlios.de/pub/star/alpha/

The vendor's advisory is available at:

ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84

Vendor URL:  developer.berlios.de/projects/star (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 4 2007 (Red Hat Issues Fix) Star '//' Pathname Validation Flaw Lets Remote Users Create/Ovewrite Files
Red Hat has released a fix for Red Hat Enterprise Linux 3, 4, and 5.



 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC