cabextract before 1.6 does not properly check for leading slashes when extracting files, which allows remote attackers to conduct absolute directory traversal attacks via a malformed UTF-8 character that is changed to a UTF-8 encoded slash.
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
| Link | Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2015/02/18/3 | mailing list exploit third party advisory |
| http://www.openwall.com/lists/oss-security/2015/02/23/16 | mailing list third party advisory mitigation |
| http://www.openwall.com/lists/oss-security/2015/02/23/24 | mailing list third party advisory mitigation |
| http://www.cabextract.org.uk/ | vendor advisory |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151147.html | issue tracking third party advisory patch |
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/151145.html | issue tracking third party advisory patch |
| http://www.mandriva.com/security/advisories?name=MDVSA-2015:064 | broken link |