PT-2015-4712 · Gnome+1 · Gcab+1

Stephen Kitt

Publicado

2015-01-09

Atualizado

2018-10-30

CVE-2015-0552

CVSS v2.0

6.4

Média

Vetor

AV:N/AC:L/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions gcab version 0.4

Description A directory traversal issue exists in the gcab folder extract function, allowing remote attackers to write to arbitrary files via a crafted path in a CAB file. This can be achieved by using a specially crafted path, such as "tmpmoo".

Recommendations For gcab version 0.4, consider restricting access to the gcab folder extract function until a patch is available, or avoid using this function with untrusted CAB files to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2015-1282

CVE-2015-0552

MGASA-2015-0018

OPENSUSE-SU-2024:10254-1

Produtos afetados

Alt Linux

Gcab

PT-2015-4712 · Gnome+1 · Gcab+1

CVE-2015-0552

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 15