[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] unshield directory traversal
From: cve-assign () mitre ! org
Date: 2015-01-27 23:00:49
Message-ID: Pine.LNX.4.64.1501271800060.11165 () beijing ! mitre ! org
[Download RAW message or body]
> https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776193
>
> Package: unshield
> Version: 1.0-1
> Tags: security
>
> unshield is vulnerable to directory traversal via "../" sequences. As a
> proof of concept, unpacking the attached InstallShield archive creates a
> file in /tmp:
>
> $ ls /tmp/moo
> ls: cannot access /tmp/moo: No such file or directory
>
> $ unshield x data1.cab
> Cabinet: data1.cab
> extracting:
> ./Bovine_Files/../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../tmp/moo
>
> -------- -------
> 1 files
>
> $ ls /tmp/moo
> /tmp/moo
>
>
> -- System Information:
> Debian Release: 8.0
> APT prefers unstable
> APT policy: (990, 'unstable'), (500, 'experimental')
> Architecture: i386 (x86_64)
> Foreign Architectures: amd64
>
> Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
> Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
> Shell: /bin/sh linked to /bin/dash
> Init: sysvinit (via /sbin/init)
>
> Versions of packages unshield depends on:
> ii libc6 2.19-13
> ii libunshield0 1.0-1
> ii zlib1g 1:1.2.8.dfsg-2+b1
>
> --
> Kurt Seifried -- Red Hat -- Product Security -- Cloud
> PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Use CVE-2015-1386.
---
CVE assignment team, MITRE CVE Numbering Authority M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic