Package: kgb
Version: 1.0b4+ds-13.2
Tags: security
kgb is susceptible to a directory traversal vulnerability. While
extracting an archive, it will happily use absolute paths taken from the
archive. This can be exploited by a malicious archive to write files
outside the current directory.
A sample archive could be prepared in the following way:
$ touch /tmp/abs
$ kgb -0 test.kgb /tmp/abs
$ rm /tmp/abs
Then check it works:
$ ls /tmp/abs
ls: cannot access /tmp/abs: No such file or directory
$ kgb test.kgb
Extracting archive KGB_arch -0 test.kgb ...
0KB /tmp/abs: extracted
0KB -> 0KB w 0.00s.
$ ls /tmp/abs
/tmp/abs
Notes:
- kgb already rejects paths with .. ;
- kgb doesn't handle symlinks at all.
--
Alexander Cherepanov
--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
