Dzip: Directory traversal vulnerability

2005-06-06T00:00:00
ID GLSA-200506-03
Type gentoo
Reporter Gentoo Foundation
Modified 2006-05-22T00:00:00

Description

Background

Dzip is a compressor and uncompressor especially made for demo recordings of id's Quake.

Description

Dzip is vulnerable to a directory traversal attack when extracting archives.

Impact

An attacker could exploit this vulnerability by creating a specially crafted archive to extract files to arbitrary locations.

Workaround

There is no known workaround at this time.

Resolution

All Dzip users should upgrade to the latest available version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=games-utils/dzip-2.9-r1"