Subject: unalz: directory traversal bug Package: unalz Version: 0.52-1 Severity: important Tags: security
Hello, Secunia Research has found a directory traversal security bug in unalz: o http://secunia.com/secunia_research/2006-16/advisory/ "Rating: Less Critical Impact: System access Where: Remote [..] The vulnerability is caused due to an input validation error when extracting an ALZ archive. This makes it possible to have files extracted to arbitrary locations outside the specified directory using the "../" directory traversal sequence." Perhaps an update for this bug and the buffer overflow that I found quite a while ago could be in order? // Ulf Harnhammar -- _______________________________________________ Surf the Web in a faster, safer and easier way: Download Opera 8 at http://www.opera.com Powered by Outblaze
