| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 22 May 2006 03:59:10 -0700 (PDT) From: h e <het_ebadi@...oo.com> To: bugtraq@...urityfocus.com Subject: BitZipper Archive Extraction Directory traversal BitZipper Archive Extraction Directory traversal BitZipper is an advanced data compression tool for Windows that enables you to unzip 18 different compression and encoding formats with superior ease-of-use. Create 8 different types of compressed files http://www.bitzipper.com Credit: The information has been provided by Hamid Ebadi admin[at]hamid[dot]ir. The original article can be found at : http://hamid.ir/security Vulnerable Systems: BitZipper4.1.2 (and below) [ 3.2 , 3.2.1 , 3.3 ,3.4 ,3.4.1,4.0 ,4.1,4.1 Service Release 1 ] Detail : The vulnerability is caused due to an input validation error when extracting files compressed with RAR (.rar) or TAR (.tar) or ZIP (.zip) or TAR.GZ (tar.gz) or GZ (.gz) or JAR(.jar) This makes it possible to have files extracted to arbitrary locations outside the specified directory using the "../" directory traversal sequence. Solution: Do not extract untrusted RAR and TAR and JAR and GZ and ZIP and TAR.GZ files. To reduce the risk, never extract files as an administrative user. harmless exploit: use HEAP [Hamid Evil Archive Pack] you can download it from Hamid Network Security Team : http://www.hamid.ir/tools/ want to know more ? http://www.hamid.ir/paper/ __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Powered by blists - more mailing lists