From owner-freebsd-ports  Mon Jun 25  7: 0:26 2001
Delivered-To: freebsd-ports@freebsd.org
Received: from adm.sci-nnov.ru (adm.sci-nnov.ru [195.122.226.2])
	by hub.freebsd.org (Postfix) with ESMTP
	id 1561637B410; Mon, 25 Jun 2001 07:00:13 -0700 (PDT)
	(envelope-from 3APA3A@SECURITY.NNOV.RU)
Received: from anonymous.sandy.ru (anonymous.sandy.ru [195.122.226.40]) by adm.sci-nnov.ru (8.9.3/Dmiter-4.1-AGK-0.5) with ESMTP id RAA27858; Mon, 25 Jun 2001 17:48:35 +0400 (MSD)
Date: Mon, 25 Jun 2001 17:48:36 +0400
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
X-Mailer: The Bat! (v1.51)
Reply-To: 3APA3A <3APA3A@SECURITY.NNOV.RU>
Organization: http://www.security.nnov.ru
X-Priority: 3 (Normal)
Message-ID: <12104282149.20010625174836@SECURITY.NNOV.RU>
To: Zip-Bugs@lists.wku.edu
Cc: ache@FreeBSD.org, ports@FreeBSD.ORG
Subject: Fwd: UnZip 5.40 port directory traversal
MIME-Version: 1.0
Content-Type: text/plain; charset=Windows-1251
Content-Transfer-Encoding: 8bit
Sender: owner-freebsd-ports@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-ports.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo?subject=subscribe%20freebsd-ports>
List-Unsubscribe: <mailto:majordomo?subject=unsubscribe%20freebsd-ports>
X-Loop: FreeBSD.org


I  can  confirm  same  behavior  with  latest  5.42  version  which is
currently in FreeBSD ports (maintainer is Andrey Chernov).

There  is  a  same  bug  in  rar  2.0b (it was included in few FreeBSD
collection ports). Latest rar 2.02 hasn't this problem.

rar  2.02  and  PKWare's  pkzipc  strip  ..\,  WinZIP warns user about
directory traversal.

I  will  be  grateful  for  any  kind  of reply. SECURITY.NNOV follows
RFPolicy http://www.wiretrip.net/rfp/policy.html


--This is a forwarded message
From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
To: Zip-Bugs@lists.wku.edu <Zip-Bugs@lists.wku.edu>
Date: Friday, June 22, 2001, 3:31:59 PM
Subject: UnZip 5.40 port directory traversal

===8<==============Original message text===============
Hello Zip-Bugs,

 Sorry  if this is known problem or you do not consider this behaviour
 as abnormal.

 unzip  5.40 (I was unable to download and test latest version because
 freesoftware.com is unavailable) is vulnerable to directory traversal
 (dot-dot bug).

 If  filename  inside  archive  contains  '\..' file will be extracted
 level  higher  than  expected  by user. User will be warned if target
 file  exists  (if  -o  not  given),  but i think you can understand a
 danger of creating of some kind of files.

  unzip test.zip

 to test.



-- 
http://www.security.nnov.ru
         /\_/\
        { . . }     |\
+--oQQo->{ ^ }<-----+ \
|  3APA3A  U  3APA3A   }
+-------------o66o--+ /
                    |/
You know my name - look up my number (The Beatles)

===8<===========End of original message text===========


-- 
~/3APA3A
ÝÍÈÀÊàì - ïî ìîðäå!  (Ëåì)



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message