lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Fri, 24 Feb 2006 06:00:33 -0800 (PST)
From: h e <het_ebadi@...oo.com>
To: bugtraq@...urityfocus.com, bugs@...uritytracker.com,
	support@...unia.com,
	"content-editor@...urityfocus.com" <content-editor@...urityfocus.com>,
	"editor@...urityfocus.com" <editor@...urityfocus.com>,
	"expert@...uriteam.com" <expert@...uriteam.com>,
	"news-editor@...urityfocus.com" <news-editor@...urityfocus.com>,
	"vuldb@...urityfocus.com" <vuldb@...urityfocus.com>,
	"vuln@...unia.com" <vuln@...unia.com>,
	"webmaster@...unia.com" <webmaster@...unia.com>,
	"webmaster@...urityfocus.com" <webmaster@...urityfocus.com>
Subject: SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1   Directory traversal


SpeedCommander 11.0 & ZipStar 5.1 & Squeez 5.1  
Directory traversal 

The StuffIt and ZipMagic Family of products is
designed to meet any level of compression needs; from
basic expansion to advanced archive manipulation,
to automating routine compression tasks, and even
building compression into a software application. Scan
the list of products below to find just the right
StuffIt for you! 
http://www.speedproject.de 

Credit:
The information has been provided by Hamid Ebadi
( Hamid Network Security Team) : admin@...id.ir.
The original article can be found at :
http://hamid.ir/security

Vulnerable Systems:
SpeedCommander 11.0 (Version 11.01.4450 )
ZipStar 5.1
Squeez 5.1


Detail :
Directory traversal while extracting (.JAR) (.ZIP) 

What is  Directory traversal in archivers?

that allowed one to create malicous archive files,
which would overwrite system files or place dangerous
files in defined directory(example :shell.php in
wwwroot directory)
This could be abused by sending an archive to a local
user who would unzip / untar an archive, the archive
would then be able to overwrite any file to which the
user has write permissions, thus it could also be
abused if a system ran som antivirus software which
automatically opened archive files.

harmless exploit:
use HEAP [Hamid Evil Archive Pack]
you can find it from Hamid Network Security Team:

http://www.hamid.ir/tools/

want to know more ?
http://www.hamid.ir/paper

Signature
 


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ