CVE-2010-0831

2010-06-18 20:30:01 2013-04-19 04:59:21

Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

PARTIAL

Matthias klose Fastjar 0.98 (not an official CPE)

Matthias klose - Fastjar

Advisory	Patch	Confirmed	Link
			https://launchpad.net/bugs/540575
			https://bugzilla.redhat.com/show_bug.cgi?id=601823
			https://bugzilla.redhat.com/show_bug.cgi?id=594497
			ADV-2011-0121
			ADV-2010-1553
			41006
			RHSA-2011:0025
			65467
			MDVSA-2010:122
			GLSA-201209-21
			50786
			42892
			http://packages.debian.org/changelogs/pool/main/f/fastja...
			[oss-security] 20100608 Re: jar, fastjar directory trave...
			[oss-security] 20100608 Re: jar, fastjar directory trave...
			[oss-security] 20100608 jar, fastjar directory traversal...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)

Related CVE(s) 2 CVE-2005-1080 CVSS 5 CVE-2006-3619 CVSS 2.6