Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)

• Previous message: idlabs-advisories_at_idefense.com: "[Full-Disclosure] iDEFENSE Security Advisory 10.11.04: Squid Web Proxy Cache Remote Denial of Service Vulnerability"
• In reply to: Chris Umphress: "Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)"
• Next in thread: Chris Umphress: "Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)"
• Reply: Chris Umphress: "Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: Full-disclosure <full-disclosure@lists.netsys.com>
Date: Tue, 12 Oct 2004 01:29:40 +0200

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Chris Umphress wrote:
> chris@chris:~/test$ unarj x test.arj
> UNARJ (Demo version) 2.30 Copyright (c) 1991 Robert K Jung
>
> Processing archive: test.arj
> Archive date : 2012-11-10 27:44:04
> Can't open ../../usr/local/bin/test.txt
> 0 file(s)
>
> Found 1 error(s)!

hm, strange. i have:

evil@sheep:~$ unarj x test.arj
ARJ32 v 3.10, Copyright (c) 1998-2004, ARJ Software Russia. [27 Jun 2004]

Processing archive: test.arj
Archive created: 2004-10-12 01:15:49, modified: 2004-10-12 01:15:49
usr/bin/namei, Create this directory? Yes
Extracting ../usr/bin/namei to usr/bin/namei OK
     1 file(s)

so it's not taking all the ../ into account and also an .arj created with
full path is created in $PWD. arj + unarj are both v3.10.

> Apart from it removing one "../" from the filename I gave it, it
> worked exactly as I expected.

...somehow i don't expect programs to mess with /usr. not as a user and
not as root.

/me wonders about which version of arj/unarj "doubles" is talking about....

- --
BOFH excuse #303:

fractal radiation jamming the backbone
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFBaxdjC/PVm5+NVoYRAgBNAJ9tUbGF0NCqM4sIY9mWHsNvGrd9NwCfb+qj
F+w1GfecVnGP7R0TQoQFC+I=
=eEJw
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: idlabs-advisories_at_idefense.com: "[Full-Disclosure] iDEFENSE Security Advisory 10.11.04: Squid Web Proxy Cache Remote Denial of Service Vulnerability"
• In reply to: Chris Umphress: "Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)"
• Next in thread: Chris Umphress: "Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)"
• Reply: Chris Umphress: "Re: [Full-Disclosure] unarj dir-transversal bug (../../../..)"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]