Bug#774527: arc: directory traversal

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#774527: arc: directory traversal
From: Jakub Wilk <jwilk@debian.org>
Date: Sun, 4 Jan 2015 00:24:02 +0100
Message-id: <[🔎] 20150103232402.GA4058@jwilk.net>
Reply-to: Jakub Wilk <jwilk@debian.org>, 774527@bugs.debian.org

Package: arc
Version: 5.21q-1
Tags: security

arc is susceptible to directory traversal:

$ pwd
/home/jwilk

$ arc x traversal.arc
Extracting file: /tmp/moo

$ ls -l /tmp/moo
-rw-r--r-- 1 jwilk users 4 Jan  4  2015 /tmp/moo


The script I used to create the test case is available at:
https://bitbucket.org/jwilk/path-traversal-samples

-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)

Versions of packages arc depends on:
ii  libc6  2.19-13

--
Jakub Wilk

Attachment: traversal.arc
Description: Binary data

Reply to:

Prev by Date: Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr
Next by Date: Processing of lletters_0.1.95+gtk2-4_source.changes
Previous by thread: Bug#772008: CVE request: mpfr: buffer overflow in mpfr_strtofr
Next by thread: Processing of lletters_0.1.95+gtk2-4_source.changes
Index(es):
- Date
- Thread