TUGZip Archive Extraction Directory traversal

2006-04-11 / 2006-04-12
Risk: Medium
Local: Yes
Remote: Yes
CWE: CWE-Other


Ogólna skala CVSS: 5/10
Znaczenie: 2.9/10
Łatwość wykorzystania: 10/10
Wymagany dostęp: Zdalny
Złożoność ataku: Niska
Autoryzacja: Nie wymagana
Wpływ na poufność: Brak
Wpływ na integralność: Częściowy
Wpływ na dostępność: Brak

TUGZip Archive Extraction Directory traversal TUGZip is a powerful award-winning freeware archiving utility for Windows® that provides support for a wide range of compressed, encoded and disc-image files, as well as many other very powerful features; all through an easy to use application interface and Windows Explorer integration. Supports ZIP, 7-ZIP, A, ACE, ARC, ARJ, BH, BZ2, CAB, CPIO, DEB, GCA, GZ, IMP, JAR, LHA (LZH), LIB, RAR, RPM, SQX, TAR, TGZ, TBZ, TAZ, YZ1 and ZOO archives. Create 7-ZIP, BH, BZ2, CAB, JAR, LHA (LZH), SQX, TAR, TGZ, YZ1 and ZIP archives. http://www.tugzip.com Credit: The information has been provided by Hamid Ebadi and Claus Berghammer ( Hamid Network Security Team) : admin[at]hamid[.]ir Claus Berghammer : office(at)cb-computerservice(dot)at The original article can be found at : http://hamid.ir/security Vulnerable Systems: TUGZip 3.4.0.0 , TUGZip 3.3.0.0 , TUGZip 3.1.0.2 Detail : The vulnerability is caused due to an input validation error when extracting files compressed with GZ (*.gz), JAR(*.jar), RAR(*.rar), ZIP(*.zip) . This makes it possible to have files extracted to arbitrary locations outside the specified directory using the "../" directory traversal sequence. Do not extract untrusted RAR and JAR and ZIP and GZ files. To reduce the risk, never extract files as an administrative user. harmless exploit: use HEAP [Hamid Evil Archive Pack] you can download it from Hamid Network Security Team : http://www.hamid.ir/tools/ want to know more ? http://www.hamid.ir/paper


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top