5

CVE-2013-4668

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
File Roller ProjectFile Roller SwPlatformgnome Version >= 3.6.0 < 3.6.4
File Roller ProjectFile Roller SwPlatformgnome Version >= 3.8.0 < 3.8.3
File Roller ProjectFile Roller SwPlatformgnome Version >= 3.9.1 < 3.9.3
CanonicalUbuntu Linux Version12.10
CanonicalUbuntu Linux Version13.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.31% 0.899
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:P/A:N
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html
Broken Link
http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html
Broken Link
http://secunia.com/advisories/54351
Third Party Advisory
Not Applicable
http://www.ocert.org/advisories/ocert-2013-001.html
Third Party Advisory
http://www.securityfocus.com/bid/61008
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-1906-1
Third Party Advisory
https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631
Patch
Third Party Advisory