Vulnerability Name:

CVE-2005-3030 (CCN-22297)

Assigned:2005-09-15
Published:2005-09-15
Updated:2016-10-18
Summary:Directory traversal vulnerability in the archive decompression library in AhnLab V3Pro 2004 build 6.0.0.383, V3 VirusBlock 2005 build 6.0.0.383, and V3Net for Windows Server 6.0 build 6.0.0.383 allows remote attackers to write arbitrary files via a .. (dot dot) in the filename in a compressed archive.
CVSS v3 Severity:7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): Low
Integrity (I): Low
Availibility (A): Low
CVSS v2 Severity:5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
7.5 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
Vulnerability Type:CWE-Other
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2005-2986

Source: MITRE
Type: CNA
CVE-2005-3029

Source: MITRE
Type: CNA
CVE-2005-3030

Source: CCN
Type: AhnLab V3Pro Web site
AhnLab V3Pro

Source: CCN
Type: ASEC Advisory SA-2005-001
AhnLab V3 Compressed File Directory Traversal and Privilege Escalation Vulnerability

Source: CONFIRM
Type: Patch, Vendor Advisory
http://info.ahnlab.com/english/advisory/01.html

Source: BUGTRAQ
Type: UNKNOWN
20050915 Secunia Research: Ahnlab V3 Antivirus Multiple Vulnerabilities

Source: CCN
Type: SA15674
AhnLab V3 Antivirus Multiple Vulnerabilities

Source: SECUNIA
Type: Patch, Vendor Advisory
15674

Source: MISC
Type: Patch, Vendor Advisory
http://secunia.com/secunia_research/2005-17/advisory/

Source: CCN
Type: OSVDB ID: 19414
AhnLab V3 Anti-Virus v3flt2k.sys DeviceIoControl() Local Privilege Escalation

Source: CCN
Type: OSVDB ID: 19415
AhnLab V3 Anti-Virus ACE Archive Decompression Long Filename Overflow

Source: CCN
Type: OSVDB ID: 19416
AhnLab V3 Anti-Virus Archive Decompression Traversal Arbitrary File Write

Source: CCN
Type: BID-14844
Ahnlab V3 Antivirus ACE Archive Handling Remote Buffer Overflow Vulnerability

Source: CCN
Type: BID-14847
AEwebworks aeDating Search_Result.PHP SQL Injection Vulnerability

Source: BID
Type: Patch
14848

Source: CCN
Type: BID-14848
Ahnlab V3 Antivirus ACE Archive Handling Directory Traversal Vulnerability

Source: CCN
Type: BID-14850
Ahnlab V3 Antivirus Privilege Escalation Vulnerability

Source: XF
Type: UNKNOWN
ahnlab-v3flt2k-gain-privilege(22297)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:ahnlab:v3_virusblock_2005:6.0.0.383:*:*:*:*:*:*:*
  • OR cpe:/a:ahnlab:v3net:6.0.0.383:*:win_server:*:*:*:*:*
  • OR cpe:/a:ahnlab:v3pro_2004:6.0.0.383:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    BACK
    ahnlab v3 virusblock 2005 6.0.0.383
    ahnlab v3net 6.0.0.383
    ahnlab v3pro 2004 6.0.0.383