Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 02 Jan 2015 17:06:24 -0700
From: Kurt Seifried <>
To: "" <>,
        Assign a CVE Identifier <>
Subject: Possible "new" CVE for Zoo directory traversal

Package: zoo
Version: 2.10-27+b1
Tags: security

Either the fix for CVE-2005-2349 (bug #309594) wasn't complete, or it
bit-rotted, because Zoo is still susceptible to directory traversal:

$ pwd

$ zoo x traversal.zoo
Zoo:  /tmp/moo       -- extracted

$ ls -l /tmp/moo
-rw-r--r-- 1 jwilk users 4 Jan  5  2015 /tmp/moo

The script I used to create the test case is available at:

-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages zoo depends on:
ii  libc6  2.19-13

Jakub Wilk

Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ