Star '//' Pathname Validation Flaw Lets Remote Users Create/Ovewrite Files
|
|
SecurityTracker Alert ID: 1018646 |
|
SecurityTracker URL: http://securitytracker.com/id/1018646
|
|
CVE Reference:
CVE-2007-4134
(Links to External Site)
|
Date: Sep 4 2007
|
Impact:
Modification of system information, Modification of user information
|
Fix Available: Yes Vendor Confirmed: Yes Exploit Included: Yes
|
Version(s): prior to 1.5a84
|
Description:
A vulnerability was reported in Star. A remote user can create or overwrite files on the target system.
The software does not properly validate user-supplied input in filenames. A remote user can create a specially crafted archive with filenames containing double dots and double slashes to cause files on the target system to be to created or overwritten when the archive is extracted.
The vulnerability resides in the has_dotdot() function in 'extract.c'. The function fails to detect the '../' string when the string contains double slashes (e.g., 'foo//..//bar').
|
Impact:
A remote user can view create or overwrite files on the target system.
|
Solution:
The vendor has issued a fixed alpha version (1.5a84), available at:
ftp://ftp.berlios.de/pub/star/alpha/
The vendor's advisory is available at:
ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84
|
Vendor URL: developer.berlios.de/projects/star (Links to External Site)
|
Cause:
Input validation error
|
Underlying OS:
Linux (Any), UNIX (Any)
|
|
Message History:
This archive entry has one or more follow-up message(s) listed below.
|
Source Message Contents
|
Date: Tue, 4 Sep 2007 14:33:55 -0400
Subject: Star
|
CVE-2007-4134
Fixed in 1.5a84
|
|
