Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » Conectiva CLA-2003:724: unzip directory transversal vulnerability

Conectiva CLA-2003:724: unzip directory transversal vulnerability

by Nikola Strahija on August 18th, 2003 A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. By exploiting this vulnerability, an attacker can overwrite arbitrary files if the user unpacking such an archive has sufficient filesystem permissions to do so.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- --------------------------------------------------------------------------

PACKAGE : unzip
SUMMARY : Directory transversal vulnerability [UPDATE]
DATE : 2003-08-18 19:52:00
ID : CLA-2003:724
RELEVANT
RELEASES : 7.0, 8, 9

- -------------------------------------------------------------------------

DESCRIPTION
unzip is a program widely used for the distribution of multiple files
concatenated/compacted (a file commonly known as an "archive").

This is a reedition of the announcement CLSA-2003:672[1].

A vulnerability[2] has been found in the way unzip extracts files
with invalid characters between two '.' (dot) characters in their
path/names. These characters are filtered and result in a ".."
sequence (indicating the parent directory). By exploiting this
vulnerability, an attacker can overwrite arbitrary files if the user
unpacking such an archive has sufficient filesystem permissions to do
so.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0282 to this issue[3].

[Updated 2003-Aug-18]
Ben Laurie found that the original patch for this vulnerability was
missing a case where the file name/path contains a quoted slash. This
update includes a new patch that fix this issue.


SOLUTION
All unzip users should upgrade.


REFERENCES:
1.http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000672&idioma=en
2.http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175
3.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/unzip-5.50-1U70_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/unzip-5.50-1U70_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/unzip-5.50-1U80_3cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/unzip-5.50-1U80_3cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/unzip-5.50-13860U90_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/unzip-5.50-13860U90_2cl.src.rpm


ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:

- run: apt-get update
- after that, execute: apt-get upgrade

Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: [email protected]
unsubscribe: [email protected]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE/QVjp42jd0JmAcZARAq4qAKC3smo1dl6ohsiT8KNRVng3fwBfBgCfUXgj
5Y2yA9jaLP5sDf9FDkn28f0=
=ySTr
-----END PGP SIGNATURE-----


Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »