PT-2006-1993 · Unalz · Unalz
Tan Chew Keong
·
Published
2006-03-13
·
Updated
2018-10-18
·
CVE-2006-0950
CVSS v2.0
2.6
Low
| Vector | AV:N/AC:H/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
unalz version 0.53
Description
The issue allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.
Recommendations
For unalz version 0.53, consider avoiding the use of ALZ archives with ".." sequences in filenames until a patch is available. As a temporary workaround, restrict the ability to create or extract ALZ archives to minimize the risk of exploitation.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Unalz