PT-2015-4717 · Open Source+1 · Arj Archiver+1

Jakub Wilk

Publicado

2015-04-06

Atualizado

2022-11-13

CVE-2015-0557

CVSS v2.0

5.8

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions Open-source ARJ archiver version 3.10.22

Description The issue allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive. This occurs because the Open-source ARJ archiver does not properly remove leading slashes from paths.

Recommendations For version 3.10.22, consider restricting the use of ARJ archives from untrusted sources until a patch is available. As a temporary workaround, manually inspect and remove any multiple leading slashes in paths within ARJ archives to minimize the risk of exploitation.

Exploit

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-22

Identificadores relacionados

ALT-PU-2022-2889

ALT-PU-2022-2920

ALT-PU-2022-2941

ALT-PU-2022-3067

CVE-2015-0557

DLA-188-1

DSA-3213-1

MGASA-2015-0150

Produtos afetados

Alt Linux

Arj Archiver

PT-2015-4717 · Open Source+1 · Arj Archiver+1

CVE-2015-0557

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 31