Home page logo

bugtraq logo Bugtraq mailing list archives

unzip directory traversal revisited
From: "jelmer" <jelmer () kuperus xs4all nl>
Date: Sat, 10 May 2003 00:39:24 +0200

unzip directory traversal revisited


well I kinda stumbled over this when i was looking for something else
A while back some fuss was made over the use of .. sequences in archives
because it allows you to craft
an archive which will trojan your system on extraction
the creators of unzip fixed this but apperently didn't cover all bases

when an archive contains a file like ../JELMER.TXT it will skip it and print
out a message like this

warning:  skipped "../" path component(s) in jelmer.zip
  inflating: JELMER.TXT

however when i call it . \003 ./JELMER.txt it extracts it just fine or  \001

unzip jelmer.zip
Archive:  jelmer.zip
 extracting: ../JELMER.TXT

as it basicly ignores these characters


i attached a zip file that illustrates the problem
it was hacked up using a hex editor

vendor status:

i just emailed Zip-Bugs () lists wku edu

tested on :

UnZip 5.50 on a gentoo linux and freebsd

Attachment: jelmer.zip

  By Date           By Thread  

Current thread:
  • unzip directory traversal revisited jelmer (May 10)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]