FastJar 'extract_jar()' Absolute Path Archive Extraction Directory Traversal Vulnerability

FastJar is prone to a directory-traversal vulnerability because the utility fails to properly sanitize user-supplied data.

An attacker can exploit this vulnerability to overwrite arbitrary files in the context of the user running the vulnerable application. Depending on the files overwritten, this could cause the system to crash or could facilitate unauthorized access; other attacks are also possible.

NOTE: This issue is due to an incomplete fix for the vulnerability described in BID 15669 (Fastjar Archive Extraction Directory Traversal Vulnerability).


 

Privacy Statement
Copyright 2010, SecurityFocus