CVE-2010-2322

2010-06-18 20:30:01 2013-04-19 05:03:34

Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

Vector

NETWORK

Complexity

HIGH

Authentication

NONE

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Matthias klose Fastjar 0.98 (not an official CPE)

Matthias klose - Fastjar

Advisory	Patch	Confirmed	Link
			https://launchpad.net/bugs/540575
			https://bugzilla.redhat.com/show_bug.cgi?id=601823
			https://bugzilla.redhat.com/show_bug.cgi?id=594497
			ADV-2011-0121
			41009
			RHSA-2011:0025
			65467
			GLSA-201209-21
			50786
			42892
			http://packages.debian.org/changelogs/pool/main/f/fastja...
			[oss-security] 20100608 jar, fastjar directory traversal...

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (ID 22)

Related CAPEC 7 Relative Path Traversal (CAPEC-ID 139) Directory Traversal (CAPEC-ID 213) File System Function Injection, Content Based (CAPEC-ID 23) Using Slashes and URL Encoding Combined to Bypass Validation Logic (CAPEC-ID 64) Manipulating Input to File System Calls (CAPEC-ID 76) Using Escaped Slashes in Alternate Encoding (CAPEC-ID 78) Using Slashes in Alternate Encoding (CAPEC-ID 79)

Related CVE(s) 2 CVE-2010-0831 CVSS 5.8 CVE-2006-3619 CVSS 2.6