Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 02 Jan 2015 17:06:24 -0700
From: Kurt Seifried <kseifried@...hat.com>
To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com>,
        Assign a CVE Identifier <cve-assign@...re.org>
Subject: Possible "new" CVE for Zoo directory traversal

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774453

Package: zoo
Version: 2.10-27+b1
Tags: security

Either the fix for CVE-2005-2349 (bug #309594) wasn't complete, or it
bit-rotted, because Zoo is still susceptible to directory traversal:

$ pwd
/home/jwilk

$ zoo x traversal.zoo
Zoo:  /tmp/moo       -- extracted

$ ls -l /tmp/moo
-rw-r--r-- 1 jwilk users 4 Jan  5  2015 /tmp/moo


The script I used to create the test case is available at:
https://bitbucket.org/jwilk/path-traversal-samples

-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages zoo depends on:
ii  libc6  2.19-13

-- 
Jakub Wilk


https://security-tracker.debian.org/tracker/CVE-2005-2349

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993


[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ