[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Mtools] Security bug: Path traversal due to "/" in file names.
|
From: |
Timothy Baldwin |
|
Subject: |
[Mtools] Security bug: Path traversal due to "/" in file names. |
|
Date: |
Sun, 02 Sep 2007 16:27:49 +0100 |
|
User-agent: |
KNode/0.10.5 |
There is no check for "/" in filenames, so extracting files from a specially
crafted filesystem will result if files outside the target directory being
written.
For example, extracting from this image:
http://www.majoroak.f2s.com/tim/linux/dosfs-exploit.gz
With:
mkdir test
mcopy -sv -i image ::TEST test/
Results in following extra directories:
test/TEST2
test/TEST3
T
--
OpenPGP key fingerprint: D0A6 F403 9745 CED4 6B3B 94CC 8D74 8FC9 9F7F CFE4
| [Prev in Thread] |
Current Thread |
[Next in Thread] |
- [Mtools] Security bug: Path traversal due to "/" in file names.,
Timothy Baldwin <=