Date: Mon, 25 Jun 2001 17:48:36 +0400 From: 3APA3A <3APA3A@SECURITY.NNOV.RU> To: Zip-Bugs@lists.wku.edu Cc: ache@FreeBSD.org, ports@FreeBSD.ORG Subject: Fwd: UnZip 5.40 port directory traversal Message-ID: <12104282149.20010625174836@SECURITY.NNOV.RU>
next in thread | raw e-mail | index | archive | help
I can confirm same behavior with latest 5.42 version which is currently in FreeBSD ports (maintainer is Andrey Chernov). There is a same bug in rar 2.0b (it was included in few FreeBSD collection ports). Latest rar 2.02 hasn't this problem. rar 2.02 and PKWare's pkzipc strip ..\, WinZIP warns user about directory traversal. I will be grateful for any kind of reply. SECURITY.NNOV follows RFPolicy http://www.wiretrip.net/rfp/policy.html --This is a forwarded message From: 3APA3A <3APA3A@SECURITY.NNOV.RU> To: Zip-Bugs@lists.wku.edu <Zip-Bugs@lists.wku.edu> Date: Friday, June 22, 2001, 3:31:59 PM Subject: UnZip 5.40 port directory traversal ===8<==============Original message text=============== Hello Zip-Bugs, Sorry if this is known problem or you do not consider this behaviour as abnormal. unzip 5.40 (I was unable to download and test latest version because freesoftware.com is unavailable) is vulnerable to directory traversal (dot-dot bug). If filename inside archive contains '\..' file will be extracted level higher than expected by user. User will be warned if target file exists (if -o not given), but i think you can understand a danger of creating of some kind of files. unzip test.zip to test. -- http://www.security.nnov.ru /\_/\ { . . } |\ +--oQQo->{ ^ }<-----+ \ | 3APA3A U 3APA3A } +-------------o66o--+ / |/ You know my name - look up my number (The Beatles) ===8<===========End of original message text=========== -- ~/3APA3A ÝÍÈÀÊàì - ïî ìîðäå! (Ëåì) To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?12104282149.20010625174836>