CVE-2013-4668

Related Files

Ubuntu Security Notice USN-1906-1

Posted Jul 17, 2013

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 1906-1 - Yorick Koster discovered that File Roller incorrectly sanitized paths. If a user were tricked into extracting a specially-crafted archive, an attacker could create and overwrite files outside of the extraction directory.

tags | advisory

systems | linux, ubuntu

advisories | CVE-2013-4668

SHA-256 | 583492944776fbd0fbf5cc8cbacdc74c2df30d412ffaaa166afb48b3960e0321

Download | Favorite | View

File Roller Path Traversal

Posted Jul 8, 2013

Authored by Open Source CERT, Yorick Koster

The File Roller archive manager for the GNOME desktop suffers from a path traversal vulnerability caused by insufficient path sanitization. A specially crafted archive file can be used to trigger creation of arbitrary files in any location, writable by the user executing the extraction, outside the current working directory. This behavior is triggered when the option 'Keep directory structure' is selected from the application 'Extract' dialog.

tags | advisory, arbitrary

advisories | CVE-2013-4668

SHA-256 | f6e7eec5337ffaec3b1e39f19c1e07cbe65ea4c169f65204d92f2634cdcc1947

Download | Favorite | View