Date: Mon, 25 Jun 2001 20:57:07 +0400 From: 3APA3A <3APA3A@SECURITY.NNOV.RU> To: roshal@rarsoft.com, support@rarsoft.com Cc: ache@FreeBSD.org, ports@FreeBSD.ORG Subject: Re: rar bsd unsafe permissions Message-ID: <193115593344.20010625205707@SECURITY.NNOV.RU> In-Reply-To: <62107132848.20010625183606@SECURITY.NNOV.RU> References: <62107132848.20010625183606@SECURITY.NNOV.RU>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, sorry for wrong information. RAR 2.02 (both BSD and Windows version) _still_ vulnerable to directory traversal, but in slightly different fashion. It's possible to create path as .\..\filename, and file will be extracted level higher with 0777 permissions. I didn't tested latest Windows version. Sample file attached. --Monday, June 25, 2001, 6:36:06 PM, you wrote to roshal@rarsoft.com: 3> Hello roshal, 3> if default rar archive is extracted with `rar x` all files are created 3> with 0777 permissions. It's not good. 3> Latest available version is 2.02. 3> rar 2.0b has directory traversal bug, it allows to create 'trojaned' 3> archive which will place executable files anywhere the creator of 3> archive wants. This bug is patched in 2.02 but I found no information 3> on this in release notices/change log. 3> In conjunction, this 2 small problems create _very huge_ problem for 3> rar users. -- ~/3APA3A Патриотизм - это та же религия. (Твен) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?193115593344.20010625205707>