oss-sec mailing list archives
Re: unshield directory traversal
From: cve-assign () mitre org
Date: Tue, 27 Jan 2015 18:00:49 -0500 (EST)
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=776193 Package: unshield Version: 1.0-1 Tags: security unshield is vulnerable to directory traversal via "../" sequences. As a proof of concept, unpacking the attached InstallShield archive creates a file in /tmp: $ ls /tmp/moo ls: cannot access /tmp/moo: No such file or directory $ unshield x data1.cab Cabinet: data1.cab extracting: ./Bovine_Files/../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../tmp/moo -------- ------- 1 files $ ls /tmp/moo /tmp/moo -- System Information: Debian Release: 8.0 APT prefers unstable APT policy: (990, 'unstable'), (500, 'experimental') Architecture: i386 (x86_64) Foreign Architectures: amd64 Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores) Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: sysvinit (via /sbin/init) Versions of packages unshield depends on: ii libc6 2.19-13 ii libunshield0 1.0-1 ii zlib1g 1:1.2.8.dfsg-2+b1 -- Kurt Seifried -- Red Hat -- Product Security -- Cloud PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
Use CVE-2015-1386. --- CVE assignment team, MITRE CVE Numbering Authority M/S M300 202 Burlington Road, Bedford, MA 01730 USA [ PGP key available through http://cve.mitre.org/cve/request_id.html ]
Current thread:
- unshield directory traversal Kurt Seifried (Jan 25)
- Re: unshield directory traversal cve-assign (Jan 28)