Gentoo Linux Security Advisory 201209-21 - Two directory traversal vulnerabilities have been found in fastjar, allowing remote attackers to create or overwrite arbitrary files. Versions less than 0.98-r1 are affected.
e022f028e4ef4c5107668a4131cb86d99c9e544d46e31e5cbe4ca059d16246b7Ubuntu Security Notice 953-1 - Dan Rosenberg discovered that fastjar incorrectly handled file paths containing ".." when unpacking archives. If a user or an automated system were tricked into unpacking a specially crafted jar file, arbitrary files could be overwritten with user privileges.
c522fc3e3fe5c9822122c33072c335308b6b3a4a2403c724a3b7a2aaf63b999eMandriva Linux Security Advisory 2010-122 - Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a dot dot in a non-initial pathname component in a filename within a.jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619. Packages for 2008.0 and 2009.0 are provided as of the Extended https://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue.
b82809ea224e294751768de3ce88e0859356cf95d5d413486343b1d55c8e84f8
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed