Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Sep 2016 18:10:34 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: "security@...ntu.com" <security@...ntu.com>,
 Paolo Bacchilega <paobac@....gnome.org>
Subject: CVE Request: File Roller path traversal

File Roller 3.5.4 through 3.20.2 was affected by a path traversal bug
that could result in deleted files if a user were tricked into opening a
malicious archive.

3.20.3 news:
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news
3.21.90 news:
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news
Distro bug: https://launchpad.net/bugs/1171236
Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=698554
Introduced by:
https://git.gnome.org/browse/file-roller/commit/?id=34b64f3a897c4b4e8e180c028f326bc921eb08ec
Fixed by:
https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5

= Setup =

Create /dev/shm/will-be-emptied/important.txt which will act as an
important file that we wouldn't want to lose.

$ mkdir -p /dev/shm/will-be-emptied/
$ echo data > /dev/shm/will-be-emptied/important.txt

= Test =

1. Open the attached links.tar with File Roller

  $ file-roller links.tar

2. Double-click either of the "absolute" or "relative" files

3. Close the opened Nautilus window as well as the File Roller window

4. Check to see if /dev/shm/will-be-emptied/important.txt has been
unintentionally deleted

Tyler

[ CONTENT OF TYPE application/x-tar SKIPPED ]

[ CONTENT OF TYPE application/pgp-signature SKIPPED ]

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ