Your message dated Tue, 29 Aug 2017 11:25:37 +0100
with message-id 
<cakdqwucqtvux_emczcvgq-aqf_pkfbhxumf99afpwvd5fft...@mail.gmail.com>
and subject line Seems to be patched
has caused the Debian Bug report #774172,
regarding rar: CVE-2014-9983: symlink directory traversal
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
774172: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774172
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: rar
Version: 2:4.2.0-1
Tags: security

RAR follows symlinks when unpacking stuff, even the symlinks that were created during the same unpack process. It is therefore possible to create a malicious RAR archive that will be unpacked into arbitrary directory outside cwd.

Proof of concept:

$ pwd
/home/jwilk

$ rar x traversal.rar

RAR 4.20   Copyright (c) 1993-2012 Alexander Roshal   9 Jun 2012
Trial version             Type RAR -? for help


Extracting from traversal.rar

Extracting  tmp                                                       OK
Extracting  tmp/moo                                                   OK
All OK

$ ls -l /tmp/moo
-rw-r--r-- 1 jwilk jwilk 4 Dec 29 21:41 /tmp/moo


-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

--
Jakub Wilk

Attachment: traversal.rar
Description: application/rar


--- End Message ---
--- Begin Message ---
fixed 2:5.4.0+dfsg.1-0.1
thanks

Just looking over this - and I can't reproduce this in in current versions.

I'm closing this - but please, feel free to re-open and send me further
details if there's a further fix.

--- End Message ---

Reply via email to