This issue is still unsolved upstream. Upstream asked for pull requests
with a fix, but according to the SuSe bug report,
https://bugzilla.novell.com/show_bug.cgi?id=CVE-2015-1386 >, it is
not straight forward to figure out how to fix it.
--
Happy hacking
Petter Reinholdtsen
Control: retitle -1 unshield: CVE-2015-1386: directory traversal
Hi,
On Sun, Jan 25, 2015 at 11:14:46AM +0100, Jakub Wilk wrote:
> Package: unshield
> Version: 1.0-1
> Tags: security
>
> unshield is vulnerable to directory traversal via "../" sequences. As a
> proof of concept, unpacking the att
Package: unshield
Version: 1.0-1
Tags: security
unshield is vulnerable to directory traversal via "../" sequences. As a
proof of concept, unpacking the attached InstallShield archive creates a
file in /tmp:
$ ls /tmp/moo
ls: cannot access /tmp/moo: No such file or directory
$ unshield x data
3 matches
Mail list logo
