[PLUTO-security] [Fwd: unzip directory traversal revisited]
Tom aka 'Dido'
tom at pluto.linux.it
Tue May 13 10:58:59 CEST 2003
Giro in lista anche questo.....
Dido
-----Forwarded Message-----
> From: jelmer <jelmer a kuperus.xs4all.nl>
> Subject: unzip directory traversal revisited
> Date: 10 May 2003 00:39:24 +0200
>
> unzip directory traversal revisited
>
> problem:
>
> well I kinda stumbled over this when i was looking for something else
> A while back some fuss was made over the use of .. sequences in archives
> because it allows you to craft
> an archive which will trojan your system on extraction
> the creators of unzip fixed this but apperently didn't cover all bases
>
> when an archive contains a file like ../JELMER.TXT it will skip it and print
> out a message like this
>
> jelmer.zip
> warning: skipped "../" path component(s) in jelmer.zip
> inflating: JELMER.TXT
>
> however when i call it . \003 ./JELMER.txt it extracts it just fine or \001
> etc
>
> unzip jelmer.zip
> Archive: jelmer.zip
> extracting: ../JELMER.TXT
>
> as it basicly ignores these characters
>
> example:
>
> i attached a zip file that illustrates the problem
> it was hacked up using a hex editor
>
> vendor status:
>
> i just emailed Zip-Bugs a lists.wku.edu
>
> tested on :
>
> UnZip 5.50 on a gentoo linux and freebsd
>
>
>
-------------- parte successiva --------------
Un allegato non testuale è stato rimosso....
Nome: jelmer.zip
Tipo: application/octet-stream
Dimensione: 207 bytes
Descrizione: non disponibile
Url: /pipermail/pluto-security/attachments/20030513/2ce693e1/jelmer.a
More information about the pluto-security
mailing list