[UNIX] unalz Filename Handling Directory Traversal
- From: SecuriTeam <support@xxxxxxxxxxxxxx>
- Date: 21 Mar 2006 11:37:27 +0200
The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
- - promotion
The SecuriTeam alerts list - Free, Accurate, Independent.
Get your security news from a reliable source.
http://www.securiteam.com/mailinglist.html
- - - - - - - - -
unalz Filename Handling Directory Traversal
------------------------------------------------------------------------
SUMMARY
"unalz tool is the utility used for decompressing alzip format file. It
mainly operates on files with names ending in '.alz'."
With a specially crafted address it is possible to cause a directory
traversal and extract archive files in arbitrary locations.
DETAILS
Vulnerable Systems:
* unalz version 0.53
Immune Systems:
* unalz version 0.55
The vulnerability is caused due to an input validation error when
extracting an ALZ archive. This makes it possible to have files extracted
to arbitrary locations outside the specified directory using the "../"
directory traversal sequence.
CVE Information:
<http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0950>
CVE-2006-0950
Disclosure Timeline:
02/03/2006 - Initial vendor notification.
10/03/2006 - Initial vendor reply.
13/03/2006 - Public disclosure.
ADDITIONAL INFORMATION
The information has been provided by <mailto:remove-vuln@xxxxxxxxxxx>
Secunia Research.
The original article can be found at:
<http://secunia.com/secunia_research/2006-16/advisory/>
http://secunia.com/secunia_research/2006-16/advisory/
========================================
This bulletin is sent to members of the SecuriTeam mailing list.
To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@xxxxxxxxxxxxxx
In order to subscribe to the mailing list, simply forward this email to: list-subscribe@xxxxxxxxxxxxxx
====================
====================
DISCLAIMER:
The information in this bulletin is provided "AS IS" without warranty of any kind.
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.
- Prev by Date: [UNIX] X.Org Privilege Escalation
- Next by Date: [EXPL] X.Org X11 (X11R6.9.0/X11R7.0) Local Root Privilege Escalation (Exploit)
- Previous by thread: [UNIX] X.Org Privilege Escalation
- Next by thread: [EXPL] X.Org X11 (X11R6.9.0/X11R7.0) Local Root Privilege Escalation (Exploit)
- Index(es):
Relevant Pages
- [NT] Multiple Vendor ISO Image Directory Traversal
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Multiple Vendor ISO Image Directory
Traversal ... directly edit the CD/DVD image file and extract files and folders from
it, ... "Thanks for your message and the sample ISO image. ... (Securiteam) - [NEWS] Multiple Antivirus DoS During Processing of Malformed Compressed Archives
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... to extract an archive that
contains intentionally malformed content in it. ... Usually files within archives are ...
for your AV scanner as it may try to Quarantine the virus by extracting ... (Securiteam) - [TOOL] Fast SYN Scanner (libnet, libpcap)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... struct bpf_program cfilter;
... const unsigned char *packet; ... In no event shall we be liable for any damages
whatsoever including direct, indirect, incidental, consequential, loss of business profits or special
damages. ... (Securiteam) - [NT] NetFile FTP Denial of Service (Nonexisting Username)
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... multi-threaded FTP/HTTP server
combined, featuring automatic virtual ... * Net File version 6.5.1 and prior ...
In no event shall we be liable for any damages whatsoever including direct, indirect, incidental,
consequential, loss of business profits or special damages. ... (Securiteam) - [TOOL] P0f - Passive OS Fingerprinting Tool
... The following security advisory is sent to the securiteam mailing list, and can be
found at the SecuriTeam web site: http://www.securiteam.com ... Machines that connect to
your box, ... Official SYN+ACK fingerprinting support ... In no event shall we be
liable for any damages whatsoever including direct, indirect, incidental, consequential, loss
of business profits or special damages. ... (Securiteam)
