Vigil@nce - FastJar: file extraction outside current directory
July 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can create a malicious jar archive, and invite the
victim to open it with FastJar, in order to create files outside
the current directory.
Severity: 2/4
Creation date: 07/07/2010
DESCRIPTION OF THE VULNERABILITY
The FastJar program extracts JAR archives. It is included in the
gcc suite.
When a JAR archive contains a filename starting by "../", FastJar
detects it and forbids it. However, if the filename contains
"/../" (for example "dir/../../file"), FastJar creates the file
outside the current directory.
An attacker can therefore create a malicious jar archive, and
invite the victim to open it with FastJar, in order to create
files outside the current directory.
This vulnerability is different from VIGILANCE-VUL-6019
(https://vigilance.fr/tree/1/6019).
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FastJar-file-extraction-outside-current-directory-9744