CVE-2016-7162

Опубликовано: 07 сент. 2016

Источник: redhat

CVSS3: 5.5

CVSS2: 4.3

Описание

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

A path traversal flaw was found in file-roller. If a user were tricked into opening a specially crafted archive and clicking on a symbolic link, file deletion could occur.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 5	file-roller	Not affected
Red Hat Enterprise Linux 6	file-roller	Not affected
Red Hat Enterprise Linux 7	file-roller	Will not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=1374275file-roller: Path traversal vulnerability when opening crafted archive

5.5 Medium

CVSS3

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-7162

CVSS3: 7.5

ubuntu

больше 9 лет назад

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

CVE-2016-7162

CVSS3: 7.5

nvd

больше 9 лет назад

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

CVE-2016-7162

CVSS3: 7.5

debian

больше 9 лет назад

The _g_file_remove_directory function in file-utils.c in File Roller 3 ...

openSUSE-SU-2016:2338-1

suse-cvrf

больше 9 лет назад

Security update for file-roller

GHSA-g3mg-grgw-vqfv

CVSS3: 7.5

github

больше 3 лет назад

The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

5.5 Medium

CVSS3

4.3 Medium

CVSS2