Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 01 Jan 2015 13:04:49 +0300
From: Alexander Cherepanov <cherepan@...me.ru>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: Re: cve request: miniunzip directory traversal

On 2015-01-01 00:44, Michael Gilbert wrote:
> Jakub Wilk discovered a directory traversal issue in the miniunzip
> tool [0], which is part of minizip [1].  Attached is a proposed
> solution.

Attached patch seems to deal with absolute paths only. What about 
relative ones?

$ touch ../file

$ zip test.zip ../file
   adding: ../file (stored 0%)

$ rm ../file

$ miniunzip test.zip
MiniUnz 1.01b, demo of zLib + Unz package written by Gilles Vollant
more info at http://www.winimage.com/zLibDll/unzip.html

test.zip opened
  extracting: ../file

$ ls ../file
../file

-- 
Alexander Cherepanov

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ