Vulnerability CVE-2010-0831

Vulnerability Name:

CVE-2010-0831 (CCN-59712)

Assigned:

2010-06-06

Published:

2010-06-06

Updated:

2013-04-19

Summary:

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080.
Note: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

CVSS v2 Severity:

5.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P)
5.0 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:P/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): Partial

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
4.3 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

2.6 Low (REDHAT CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N)
2.2 Low (REDHAT Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

CWE-22

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2010-0831

Source: MLIST
Type: UNKNOWN
[oss-security] 20100608 jar, fastjar directory traversal vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20100608 Re: jar, fastjar directory traversal vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20100608 Re: jar, fastjar directory traversal vulnerabilities

Source: CONFIRM
Type: UNKNOWN
http://packages.debian.org/changelogs/pool/main/f/fastjar/fastjar_0.98-3/changelog

Source: CCN
Type: RHSA-2011-0025
Low: gcc security and bug fix update

Source: SECUNIA
Type: UNKNOWN
42892

Source: SECUNIA
Type: UNKNOWN
50786

Source: GENTOO
Type: UNKNOWN
GLSA-201209-21

Source: CCN
Type: SourceForge.net
FastJar

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2010:122

Source: OSVDB
Type: UNKNOWN
65467

Source: CCN
Type: OSVDB ID: 65467
FastJar jartool.c extract_jar Function Traversal Arbitrary File Overwrite

Source: REDHAT
Type: UNKNOWN
RHSA-2011:0025

Source: BID
Type: UNKNOWN
41006

Source: CCN
Type: BID-41006
FastJar 'extract_jar()' Archive Extraction Directory Traversal Vulnerability

Source: VUPEN
Type: UNKNOWN
ADV-2010-1553

Source: VUPEN
Type: UNKNOWN
ADV-2011-0121

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=594497

Source: CCN
Type: Red Hat Bugzilla Bug 601823
CVE-2010-0831 jar, fastjar: directory traversal vulnerabilities [fedora-all]

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.redhat.com/show_bug.cgi?id=601823

Source: XF
Type: UNKNOWN
fastjat-extractjar-directory-traversal(59712)

Source: CONFIRM
Type: Exploit
https://launchpad.net/bugs/540575

Vulnerable Configuration:

Configuration 1:

cpe:/a:matthias_klose:fastjar:0.98:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:5:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:5::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:5::client_workstation:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:5::server:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20100831	V	CVE-2010-0831	2022-09-02
oval:org.opensuse.security:def:33791	P	Security update for MozillaFirefox (Important) (in QA)	2022-01-14
oval:org.opensuse.security:def:33758	P	Security update for xorg-x11-server (Important)	2021-12-20
oval:org.opensuse.security:def:32243	P	Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:32244	P	Security update for the Linux Kernel (Live Patch 37 for SLE 12 SP3) (Important)	2021-12-14
oval:org.opensuse.security:def:29459	P	Security update for MozillaFirefox (Important)	2021-12-12
oval:org.opensuse.security:def:30159	P	Security update for mozilla-nss (Important)	2021-12-06
oval:org.opensuse.security:def:33750	P	Security update for openssh (Important)	2021-12-02
oval:org.opensuse.security:def:33047	P	Security update for webkit2gtk3 (Important)	2021-11-23
oval:org.opensuse.security:def:26171	P	Security update for postgresql10 (Important)	2021-11-22
oval:org.opensuse.security:def:33041	P	Security update for qemu (Important)	2021-11-10
oval:org.opensuse.security:def:26160	P	Security update for binutils (Moderate)	2021-11-09
oval:org.opensuse.security:def:26159	P	Security update for systemd (Moderate)	2021-11-04
oval:org.opensuse.security:def:33734	P	Security update for binutils (Moderate)	2021-11-02
oval:org.opensuse.security:def:30140	P	Security update for qemu (Important)	2021-10-28
oval:org.opensuse.security:def:33029	P	Security update for ncurses (Moderate)	2021-10-20
oval:org.opensuse.security:def:33030	P	Security update for fetchmail (Moderate)	2021-10-20
oval:org.opensuse.security:def:26152	P	Security update for postgresql10 (Important)	2021-10-20
oval:org.opensuse.security:def:32199	P	Security update for apache2 (Important)	2021-10-06
oval:org.opensuse.security:def:34543	P	Security update for xen (Moderate)	2021-09-21
oval:org.opensuse.security:def:33006	P	Security update for openssl (Low)	2021-09-20
oval:org.opensuse.security:def:33711	P	Security update for xen (Important)	2021-09-03
oval:org.opensuse.security:def:33709	P	Security update for libesmtp (Important)	2021-09-02
oval:org.opensuse.security:def:31675	P	Security update for bind (Moderate)	2021-08-30
oval:org.opensuse.security:def:29410	P	Security update for java-1_8_0-openjdk (Important)	2021-08-20
oval:org.opensuse.security:def:34503	P	Security update for the Linux Kernel (Important)	2021-08-10
oval:org.opensuse.security:def:26098	P	Security update for webkit2gtk3 (Important)	2021-08-03
oval:org.opensuse.security:def:32967	P	Security update for systemd (Important)	2021-07-21
oval:org.opensuse.security:def:29398	P	Security update for the Linux Kernel (Important)	2021-07-20
oval:org.opensuse.security:def:30101	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:42530	P	fastjar-0.95-1.24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36123	P	fastjar-0.95-1.24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:36399	P	fastjar-0.95-1.24.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:29374	P	Security update for gstreamer-plugins-bad (Important)	2021-06-07
oval:org.opensuse.security:def:30203	P	Security update for polkit (Important)	2021-06-03
oval:org.opensuse.security:def:32918	P	Security update for djvulibre (Important)	2021-05-19
oval:org.opensuse.security:def:33652	P	Security update for libxml2 (Important)	2021-05-19
oval:org.opensuse.security:def:33638	P	Security update for MozillaFirefox (Important)	2021-04-27
oval:org.opensuse.security:def:26024	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:30052	P	Security update for MozillaFirefox (Important)	2021-03-31
oval:org.opensuse.security:def:28963	P	Security update for openssl (Moderate)	2021-03-24
oval:org.opensuse.security:def:34037	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:29482	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:33086	P	Security update for ImageMagick (Moderate)	2021-02-25
oval:org.opensuse.security:def:33073	P	Security update for wpa_supplicant (Important)	2021-02-15
oval:org.opensuse.security:def:32255	P	Security update for the Linux Kernel (Important)	2021-02-12
oval:org.opensuse.security:def:28924	P	Security update for openvswitch (Important)	2021-02-03
oval:org.opensuse.security:def:29399	P	Security update for MozillaFirefox (Important)	2021-01-29
oval:org.opensuse.security:def:28875	P	Security update for cyrus-sasl (Important)	2020-12-28
oval:org.opensuse.security:def:33880	P	Security update for openssl-1_1 (Important)	2020-12-10
oval:org.opensuse.security:def:28234	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26482	P	Security update for ffmpeg-4 (Low)	2020-12-01
oval:org.opensuse.security:def:26704	P	g3utils on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26957	P	libneon27 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27054	P	wireshark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31956	P	Security update for gtk2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:30878	P	Security update for fastjar	2020-12-01
oval:org.opensuse.security:def:25948	P	Security update for libraw (Moderate)	2020-12-01
oval:org.opensuse.security:def:25748	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:34183	P	Security update for openswan	2020-12-01
oval:org.opensuse.security:def:34890	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:28245	P	Security update for libxml2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26563	P	gvim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26855	P	OpenEXR on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26996	P	nfs-client on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27692	P	Security update for xorg-x11-libXv	2020-12-01
oval:org.opensuse.security:def:31807	P	Security update for apache2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32043	P	Security update for krb5 (Moderate)	2020-12-01
oval:org.opensuse.security:def:32304	P	Security update for python (Important)	2020-12-01
oval:org.opensuse.security:def:32409	P	Security update for wget (Moderate)	2020-12-01
oval:org.opensuse.security:def:25949	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:25876	P	Security update for libssh (Moderate)	2020-12-01
oval:org.opensuse.security:def:26351	P	Security update for mongodb (Moderate)	2020-12-01
oval:org.opensuse.security:def:26448	P	Security update for phpMyAdmin (Important)	2020-12-01
oval:org.opensuse.security:def:34930	P	Security update for fastjar	2020-12-01
oval:org.opensuse.security:def:29019	P	Security update for pacemaker (Moderate)	2020-12-01
oval:org.opensuse.security:def:28312	P	Security update for openssl (Important)	2020-12-01
oval:org.opensuse.security:def:28585	P	Security update for libvirt	2020-12-01
oval:org.opensuse.security:def:26908	P	gnutls on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27010	P	pcsc-lite on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27727	P	Security update for fastjar	2020-12-01
oval:org.opensuse.security:def:31899	P	Security update for MozillaFirefox, firefox-glib2, firefox-gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:32343	P	Security update for spice (Important)	2020-12-01
oval:org.opensuse.security:def:25960	P	Security update for gimp (Moderate)	2020-12-01
oval:org.opensuse.security:def:25957	P	Security update for webkit2gtk3 (Important)	2020-12-01
oval:org.opensuse.security:def:26249	P	Security update for libtomcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26390	P	Security update for ark (Low)	2020-12-01
oval:org.opensuse.security:def:27086	P	ark on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29020	P	Security update for resource-agents (Important)	2020-12-01
oval:org.opensuse.security:def:28443	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:28669	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29024	P	Security update for LibVNCServer (Critical)	2020-12-01
oval:org.opensuse.security:def:32332	P	Security update for samba (Important)	2020-12-01
oval:org.opensuse.security:def:32618	P	xorg-x11-Xvnc on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32365	P	Security update for supportutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:26014	P	Security update for mariadb (Important)	2020-12-01
oval:org.opensuse.security:def:26302	P	Security update for python-PyYAML (Moderate)	2020-12-01
oval:org.opensuse.security:def:26404	P	Security update for irssi (Moderate)	2020-12-01
oval:org.opensuse.security:def:27121	P	fastjar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29031	P	Security update for MozillaFirefox (Important)	2020-12-01
oval:org.opensuse.security:def:28528	P	Security update for ImageMagick	2020-12-01
oval:org.opensuse.security:def:28821	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:29662	P	Security update for CVS	2020-12-01
oval:org.opensuse.security:def:32467	P	Security update for xorg-x11-libs (Moderate)	2020-12-01
oval:org.opensuse.security:def:32705	P	libarchive2 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26374	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26627	P	perl-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26724	P	kdebase3-runtime on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29100	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:28980	P	Security update for tidy (Low)	2020-12-01
oval:org.opensuse.security:def:29698	P	Security update for fastjar	2020-12-01
oval:org.opensuse.security:def:32561	P	libpng12-0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:32861	P	foomatic-filters on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26233	P	Security update for python-reportlab (Important)	2020-12-01
oval:org.opensuse.security:def:26525	P	avahi on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26666	P	amavisd-new on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27362	P	OpenEXR-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29231	P	Security update for python (Moderate)	2020-12-01
oval:org.opensuse.security:def:29715	P	Security update for Mozilla Firefox	2020-12-01
oval:org.opensuse.security:def:29816	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:33408	P	Security update for cobbler (Moderate)	2020-12-01
oval:org.opensuse.security:def:33120	P	kde4-kgreeter-plugins on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33407	P	Security update for SUSE Manager Client Tools (Critical)	2020-12-01
oval:org.opensuse.security:def:33821	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:26278	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:26235	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26501	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26578	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26680	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27397	P	fastjar on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:29317	P	Security update for IBM Java 1.4.2	2020-12-01
oval:org.opensuse.security:def:29612	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29754	P	Security update for ghostscript-library (Important)	2020-12-01
oval:org.opensuse.security:def:30454	P	Security update for ImageMagick	2020-12-01
oval:org.opensuse.security:def:33409	P	Security update for cobbler (Important)	2020-12-01
oval:org.opensuse.security:def:33255	P	shim on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:33495	P	Security update for libvorbis	2020-12-01
oval:org.opensuse.security:def:33865	P	Security update for jasper (Moderate)	2020-12-01
oval:org.opensuse.security:def:26279	P	Security update for gimp (Low)	2020-12-01
oval:org.opensuse.security:def:26363	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26585	P	libexif on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26838	P	w3m on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26935	P	lcms on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31589	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:29758	P	Security update for ghostscript-library (Moderate)	2020-12-01
oval:org.opensuse.security:def:29666	P	Security update for cyrus-imapd (Low)	2020-12-01
oval:org.opensuse.security:def:29772	P	Security update for glibc (Important)	2020-12-01
oval:org.opensuse.security:def:30491	P	Security update for fastjar	2020-12-01
oval:org.opensuse.security:def:25672	P	Security update for java-1_7_0-openjdk (Important)	2020-12-01
oval:org.opensuse.security:def:33420	P	Security update for OpenEXR	2020-12-01
oval:org.opensuse.security:def:33350	P	Security update for openssh-openssl1 (Moderate)	2020-12-01
oval:org.opensuse.security:def:33797	P	Security update for gcc48 (Moderate)	2020-12-01
oval:org.opensuse.security:def:26290	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:26444	P	Security update for mumble (Moderate)	2020-12-01
oval:org.opensuse.security:def:26736	P	libQtWebKit4-32bit on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26877	P	cups on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27573	P	texlive on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:31590	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:29614	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29844	P	Security update for Kernel	2020-12-01
oval:org.opensuse.security:def:25673	P	Security update for openldap2 (Important)	2020-12-01
oval:org.opensuse.security:def:33502	P	Security update for mutt	2020-12-01
oval:org.opensuse.security:def:34095	P	Security update for microcode_ctl (Important)	2020-12-01
oval:org.opensuse.security:def:34208	P	Security update for perl-DBI (Important)	2020-12-01
oval:org.opensuse.security:def:28233	P	Security update for libvirt (Moderate)	2020-12-01
oval:org.opensuse.security:def:26354	P	Security update for chromium (Important)	2020-12-01
oval:org.opensuse.security:def:26620	P	openssh on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26789	P	ntp on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:26891	P	evolution-data-server on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:27608	P	Security update for fastjar	2020-12-01
oval:org.opensuse.security:def:31601	P	Security update for tomcat6 (Moderate)	2020-12-01
oval:org.opensuse.security:def:29701	P	Security update for MozillaFirefox	2020-12-01
oval:org.opensuse.security:def:29997	P	Security update for libtirpc (Moderate)	2020-12-01
oval:org.opensuse.security:def:30841	P	Security update for curl	2020-12-01
oval:org.opensuse.security:def:25684	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.opensuse.security:def:34144	P	Security update for openldap2	2020-12-01
oval:org.opensuse.security:def:34252	P	Security update for postgresql10 (Important)	2020-12-01
oval:org.mitre.oval:def:25713	P	SUSE-SU-2013:1632-1 -- Security update for fastjar	2014-09-08
oval:org.mitre.oval:def:13036	P	USN-953-1 -- fastjar vulnerability	2014-06-30
oval:org.mitre.oval:def:23176	P	ELSA-2011:0025: gcc security and bug fix update (Low)	2014-05-26
oval:org.mitre.oval:def:21917	P	RHSA-2011:0025: gcc security and bug fix update (Low)	2014-02-24
oval:com.redhat.rhsa:def:20110025	P	RHSA-2011:0025: gcc security and bug fix update (Low)	2011-01-13

BACK