Possible "new" CVE for Zoo directory traversal

[Kurt Seifried <kseifried () redhat com>]

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774453

Package: zoo
Version: 2.10-27+b1
Tags: security

Either the fix for CVE-2005-2349 (bug #309594) wasn't complete, or it
bit-rotted, because Zoo is still susceptible to directory traversal:

$ pwd
/home/jwilk

$ zoo x traversal.zoo
Zoo:  /tmp/moo       -- extracted

$ ls -l /tmp/moo
-rw-r--r-- 1 jwilk users 4 Jan  5  2015 /tmp/moo


The script I used to create the test case is available at:
https://bitbucket.org/jwilk/path-traversal-samples

-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages zoo depends on:
ii  libc6  2.19-13

-- 
Jakub Wilk


https://security-tracker.debian.org/tracker/CVE-2005-2349

-- 
Kurt Seifried -- Red Hat -- Product Security -- Cloud
PGP A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

Attachment: signature.asc
Description: OpenPGP digital signature