Vulnerability 10888 - CERT Civis.Net

Vulnerability Name:

CCN-10888

Published:

2002-12-16

Updated:

2002-12-16

Summary:

Multiple vendor file archivers (GNU cpio, Winzip Computing WinZip, PKWare PKZIP, Aladdin Systems (formerly Ontrack) ZipMagic, Eugene Roshal's WinRAR, Speedproject Squeez, and Speedproject (SpeedCommander) are vulnerable to a directory traversal that could allow a local attacker to overwrite and create files on the system. If an archived .tar file contains "dot dot" sequences or other path specifying characters in the file name, a local attacker could traverse directories on the system when the archive is extracted to overwrite and corrupt files or create Trojans on the system.

CVSS v3 Severity:

5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

3.6 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

Vulnerability Consequences:

File Manipulation

References:

Vulnerable Configuration:

Configuration CCN 1:

cpe:/a:gnu:cpio:2.5:*:*:*:*:*:*:*

OR cpe:/a:winzip:winzip:8.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

BACK