• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Gnu GCC FastJar Archive Extraction Directory Traversal Vulnerability

The GNU gcc implementation of the 'fastjar' utility is prone to a directory-traversal vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied data.

An attacker can exploit this vulnerability to overwrite arbitrary files in the context of the user running the vulnerable application. Depending on the files overwritten, this could crash the system or facilitate unauthorized access; other attacks are also possible.