Описание
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| unrar-nonfree | fixed | 1:5.5.8-1 | package | |
| unrar-nonfree | no-dsa | stretch | package | |
| unrar-nonfree | no-dsa | jessie | package | |
| unrar-nonfree | no-dsa | wheezy | package |
Примечания
https://www.openwall.com/lists/oss-security/2017/08/18/2
EPSS
Связанные уязвимости
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
UnRAR before 5.5.7 allows remote attackers to bypass a directory-traversal protection mechanism via vectors involving a symlink to the . directory, a symlink to the .. directory, and a regular file.
Уязвимость средства разархивирования файлов UnRAR, связанная с недостатками ограничения имени пути к каталогу, позволяющая нарушителю получить доступ к конфиденциальным данным
EPSS