oss-sec mailing list archives
CVE Request: File Roller path traversal
From: Tyler Hicks <tyhicks () canonical com>
Date: Wed, 7 Sep 2016 18:10:34 -0500
File Roller 3.5.4 through 3.20.2 was affected by a path traversal bug that could result in deleted files if a user were tricked into opening a malicious archive. 3.20.3 news: http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.20/file-roller-3.20.3.news 3.21.90 news: http://ftp.gnome.org/mirror/gnome.org/sources/file-roller/3.21/file-roller-3.21.90.news Distro bug: https://launchpad.net/bugs/1171236 Upstream bug: https://bugzilla.gnome.org/show_bug.cgi?id=698554 Introduced by: https://git.gnome.org/browse/file-roller/commit/?id=34b64f3a897c4b4e8e180c028f326bc921eb08ec Fixed by: https://git.gnome.org/browse/file-roller/commit/?id=f70be1f41688859ec8dbe266df35a1839ceb96c5 = Setup = Create /dev/shm/will-be-emptied/important.txt which will act as an important file that we wouldn't want to lose. $ mkdir -p /dev/shm/will-be-emptied/ $ echo data > /dev/shm/will-be-emptied/important.txt = Test = 1. Open the attached links.tar with File Roller $ file-roller links.tar 2. Double-click either of the "absolute" or "relative" files 3. Close the opened Nautilus window as well as the File Roller window 4. Check to see if /dev/shm/will-be-emptied/important.txt has been unintentionally deleted Tyler
Attachment:
links.tar
Description:
Attachment:
signature.asc
Description: OpenPGP digital signature
Current thread:
- CVE Request: File Roller path traversal Tyler Hicks (Sep 07)
- Re: CVE Request: File Roller path traversal cve-assign (Sep 07)