Bug#774172: rar: symlink directory traversal

2017-08-29 Thread Salvatore Bonaccorso
This should be fixed in 5.21 upstream: + Version 5.21 + + 1. While previous versions could produce RAR5 volumes of slightly + smaller than requested size sometimes, such situation is less + likely now. In most cases volume size equals to specified by user. + + 2. Now by default RAR

Bug#774172: rar: symlink directory traversal

2016-12-27 Thread Martin Meredith
This has been passed on upstream, with no responses as it should have been marked. On 27 Dec 2016 3:21 p.m., "Moritz Mühlenhoff" wrote: > On Mon, Dec 29, 2014 at 10:29:28PM +0100, Jakub Wilk wrote: > > Package: rar > > Version: 2:4.2.0-1 > > Tags: security > > > > RAR follows symlinks when unpac

Bug#774172: rar: symlink directory traversal

2016-12-27 Thread Moritz Mühlenhoff
On Mon, Dec 29, 2014 at 10:29:28PM +0100, Jakub Wilk wrote: > Package: rar > Version: 2:4.2.0-1 > Tags: security > > RAR follows symlinks when unpacking stuff, even the symlinks that were > created during the same unpack process. > It is therefore possible to create a malicious RAR archive that wi

Bug#774172: rar: symlink directory traversal

2014-12-29 Thread Jakub Wilk
Package: rar Version: 2:4.2.0-1 Tags: security RAR follows symlinks when unpacking stuff, even the symlinks that were created during the same unpack process. It is therefore possible to create a malicious RAR archive that will be unpacked into arbitrary directory outside cwd. Proof of concept