Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Wed, 7 Sep 2016 18:10:34 -0500
From: Tyler Hicks <tyhicks@...onical.com>
To: oss-security@...ts.openwall.com
Cc: "security@...ntu.com" <security@...ntu.com>,
 Paolo Bacchilega <paobac@....gnome.org>
Subject: CVE Request: File Roller path traversal

File Roller 3.5.4 through 3.20.2 was affected by a path traversal bug
that could result in deleted files if a user were tricked into opening a
malicious archive.

3.20.3 news:
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news
3.21.90 news:
http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news
Distro bug: https://launchpad.net/bugs/1171236
Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=698554
Introduced by:
https://git.gnome.org/browse/file-roller/commit/?id=34b64f3a897c4b4e8e180c028f326bc921eb08ec
Fixed by:
https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5

= Setup =

Create /dev/shm/will-be-emptied/important.txt which will act as an
important file that we wouldn't want to lose.

$ mkdir -p /dev/shm/will-be-emptied/
$ echo data > /dev/shm/will-be-emptied/important.txt

= Test =

1. Open the attached links.tar with File Roller

  $ file-roller links.tar

2. Double-click either of the "absolute" or "relative" files

3. Close the opened Nautilus window as well as the File Roller window

4. Check to see if /dev/shm/will-be-emptied/important.txt has been
unintentionally deleted

Tyler

Download attachment "links.tar" of type "application/x-tar" (10240 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (820 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.