Executive Summary
| Summary | |
|---|---|
| Title | New cabextract packages fix unintended directory traversal |
| Informations | |||
|---|---|---|---|
| Name | DSA-574 | First vendor Publication | 2004-10-28 |
| Vendor | Debian | Last vendor Modification | 2004-10-28 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 5 | Attack Range | Network |
| Cvss Impact Score | 2.9 | Attack Complexity | Low |
| Cvss Expoit Score | 10 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| The upstream developers discovered a problem in cabextract, a tool to extract cabinet files. The program was able to overwrite files in upper directories. This could lead an attacker to overwrite arbitrary files. For the stable distribution (woody) this problem has been fixed in version 0.2-2b. For the unstable distribution (sid) this problem has been fixed in version 1.1-1. We recommend that you upgrade your cabextract package. |
Original Source
| Url : http://www.debian.org/security/2004/dsa-574 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 3 |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2008-09-04 | Name : FreeBSD Ports: cabextract File : nvt/freebsd_cabextract.nasl |
| 2008-01-17 | Name : Debian Security Advisory DSA 574-1 (cabextract) File : nvt/deb_574_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 10953 | cabextract Traversal Arbitrary File Overwrite cabextract contains a flaw that allows a remote attacker to overwrite arbitrary files outside of the extraction path. The issue is due to the program not properly sanitizing cabinet files containing "./", "../", and ".." as part of the filename. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2009-04-23 | Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_61480a9a22b211d9814e0001020eed82.nasl - Type : ACT_GATHER_INFO |
| 2004-11-10 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-574.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:33:32 |
|
