PT-2006-2708 · Christian Kindahl · Tugzip

Claus Berghammer

Published

2006-04-11

Updated

2018-10-18

CVE-2006-1715

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions: TUGZip versions 3.1.0.2 through 3.4.0.0

Description: The issue allows user-assisted attackers to create files in arbitrary directories via a .. (dot dot) in an archive pack with a crafted file, including .gz, .jar, .rar, or .zip files.

Recommendations: For versions 3.1.0.2 through 3.4.0.0, consider restricting the use of archive unpacking functionality until a patch is available. Avoid using the affected software to unpack archives from untrusted sources.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-1715

Affected Products

Tugzip

PT-2006-2708 · Christian Kindahl · Tugzip

CVE-2006-1715

Related Identifiers

Affected Products

References · 6