New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
unzip: Directory traversal vulnerability may lead to command execution / privilege escalation #3992
Labels
Comments
bblenard
pushed a commit
to bblenard/serenity
that referenced
this issue
Mar 10, 2021
This change validates the filenames within a tar/zip archive during extraction. If the filename within a the archive is outside of the current working directory the file will be skipped and not extracted onto the host system. Closes SerenityOS#3991 Closes SerenityOS#3992
|
Also commented on this issue but I'll cross post here:
|
bblenard
pushed a commit
to bblenard/serenity
that referenced
this issue
Mar 10, 2021
This change validates the filenames within a tar/zip archive during extraction. If the filename within a the archive is outside of the current working directory the file will be skipped and not extracted onto the host system. Closes SerenityOS#3991 Closes SerenityOS#3992
bblenard
pushed a commit
to bblenard/serenity
that referenced
this issue
Mar 12, 2021
This change validates the filenames within a tar/zip archive during extraction. If the filename within a the archive is outside of the current working directory the file will be skipped and not extracted onto the host system. Closes SerenityOS#3991 Closes SerenityOS#3992
bblenard
pushed a commit
to bblenard/serenity
that referenced
this issue
Mar 18, 2021
This change validates the filenames within a tar/zip archive during extraction. If the filename within a the archive is outside of the current working directory the file will be skipped and not extracted onto the host system. Closes SerenityOS#3991 Closes SerenityOS#3992
bblenard
pushed a commit
to bblenard/serenity
that referenced
this issue
Mar 18, 2021
This change validates the filenames within a tar/zip archive during extraction. If the filename within a the archive is outside of the current working directory the file will be skipped and not extracted onto the host system. Closes SerenityOS#3991 Closes SerenityOS#3992
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Same issue as #3991 in
tar.This could also be used to gain command execution on the host, or elevate privileges to the
anonuser from a lower privileged user, in the event thatanonextracts a malicious tar file.Command execution via
/etc/shellrc(asroot) or/home/anon/.config/Terminal.ini(asanon).The text was updated successfully, but these errors were encountered: