Open-source ARJ archiver 3.10.22 does not properly remove leading slashes from paths, which allows remote attackers to conduct absolute path traversal attacks and write to arbitrary files via multiple leading slashes in a path in an ARJ archive.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:201 | vendor advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154605.html | vendor advisory |
| http://www.openwall.com/lists/oss-security/2015/01/05/9 | mailing list |
| https://security.gentoo.org/glsa/201612-15 | vendor advisory |
| http://www.openwall.com/lists/oss-security/2015/01/03/5 | mailing list |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/155011.html | vendor advisory |
| http://www.debian.org/security/2015/dsa-3213 | vendor advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-April/154518.html | vendor advisory |
| http://www.securityfocus.com/bid/71895 | vdb entry |
| https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774435 | exploit |