lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 10 Apr 2006 04:35:05 -0700 (PDT)
From: h e <het_ebadi@...oo.com>
To: support@...unia.com,
	"bugs@...uritytracker.com" <bugs@...uritytracker.com>,
	"bugtraq@...urityfocus.com" <bugtraq@...urityfocus.com>,
	"content-editor@...urityfocus.com" <content-editor@...urityfocus.com>,
	"editor@...urityfocus.com" <editor@...urityfocus.com>,
	"expert@...uriteam.com" <expert@...uriteam.com>,
	"news-editor@...urityfocus.com" <news-editor@...urityfocus.com>,
	"vuldb@...urityfocus.com" <vuldb@...urityfocus.com>,
	"vuln@...unia.com" <vuln@...unia.com>,
	"webmaster@...unia.com" <webmaster@...unia.com>,
	"webmaster@...urityfocus.com" <webmaster@...urityfocus.com>
Subject: TUGZip Archive Extraction Directory traversal


TUGZip Archive Extraction Directory traversal 
TUGZip is a powerful award-winning freeware archiving
utility for Windows® that provides support for a wide
range of compressed, encoded and disc-image files, as
well as many other very powerful features; all through
an easy to use application interface and Windows
Explorer integration. 
Supports ZIP, 7-ZIP, A, ACE, ARC, ARJ, BH, BZ2, CAB,
CPIO, DEB, GCA, GZ, IMP, JAR, LHA (LZH), LIB, RAR,
RPM, SQX, TAR, TGZ, TBZ, TAZ, YZ1 and ZOO archives. 
Create 7-ZIP, BH, BZ2, CAB, JAR, LHA (LZH), SQX, TAR,
TGZ, YZ1 and ZIP archives. 
 
http://www.tugzip.com

Credit:
The information has been provided by Hamid Ebadi and
Claus Berghammer

( Hamid Network Security Team) : admin[at]hamid[.]ir 
Claus Berghammer : office(at)cb-computerservice(dot)at

The original article can be found at :
http://hamid.ir/security

Vulnerable Systems:
TUGZip 3.4.0.0 , TUGZip 3.3.0.0 , TUGZip 3.1.0.2

Detail :

The vulnerability is caused due to an input validation
error when extracting files compressed with GZ (*.gz),
JAR(*.jar), RAR(*.rar), ZIP(*.zip) .
This makes it possible to have files extracted to
arbitrary locations outside the specified directory
using the "../" directory traversal sequence.


Do not extract untrusted  RAR and JAR and ZIP and GZ
files.
To reduce the risk, never extract files as an
administrative user.

harmless exploit:
use HEAP [Hamid Evil Archive Pack]
you can download it from Hamid Network Security Team :

http://www.hamid.ir/tools/


want to know more ?
http://www.hamid.ir/paper






__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ