WinACE RAR/TAR Archive Traversal Arbitrary File Overwrite

2006-02-24T10:32:34
ID OSVDB:23464
Type osvdb
Reporter Hamid Ebadi(het_ebadi@yahoo.com)
Modified 2006-02-24T10:32:34

Description

Vulnerability Description

WinACE contains a flaw that allows a remote attacker to overwrite files outside of the extraction target path. The issue is due to the programs not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via a manipulated RAR or TAR archive.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

WinACE contains a flaw that allows a remote attacker to overwrite files outside of the extraction target path. The issue is due to the programs not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via a manipulated RAR or TAR archive.

References:

Vendor URL: http://www.winace.com/ Secunia Advisory ID:19013 Other Advisory URL: http://hamid.ir/security/winace.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-02/0443.html FrSIRT Advisory: ADV-2006-0730 CVE-2006-0981 Bugtraq ID: 16800