Bug#774171: marked as done (unrar: symlink directory traversal)

Debian Bug Tracking System Wed, 01 Apr 2015 14:42:53 -0700

Your message dated Wed, 01 Apr 2015 21:39:15 +0000
with message-id <[email protected]>
and subject line Bug#774171: fixed in unrar-nonfree 1:5.2.7-0.1
has caused the Debian Bug report #774171,
regarding unrar: symlink directory traversal
to be marked as done.


This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
774171: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774171
Debian Bug Tracking System
Contact [email protected] with problems

--- Begin Message ---

Package: unrar
Version: 1:5.0.10-1
Tags: security

UNRAR follows symlinks when unpacking stuff, even the symlinks that were created during the same unpack process. It is therefore possible to create a malicious RAR archive that will be unpacked into arbitrary directory outside cwd.


Proof of concept:

$ pwd
/home/jwilk

$ unrar x traversal.rar

UNRAR 5.00 beta 8 freeware      Copyright (c) 1993-2013 Alexander Roshal


Extracting from traversal.rar

Extracting  tmp                                                       OK
Extracting  tmp/moo                                                   OK
All OK

$ ls -l /tmp/moo
-rw-r--r-- 1 jwilk jwilk 4 Dec 29 21:41 /tmp/moo


-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/1 CPU core)
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages unrar depends on:
ii  libc6       2.19-13
ii  libgcc1     1:4.9.2-10
ii  libstdc++6  4.9.2-10

--
Jakub Wilk

traversal.rar
Description: application/rar

--- End Message ---

--- Begin Message ---

Source: unrar-nonfree
Source-Version: 1:5.2.7-0.1

We believe that the bug you reported is fixed in the latest version of
unrar-nonfree, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Felix Geyer <[email protected]> (supplier of updated unrar-nonfree package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Fri, 27 Mar 2015 22:44:26 +0100
Source: unrar-nonfree
Binary: unrar
Architecture: source
Version: 1:5.2.7-0.1
Distribution: unstable
Urgency: high
Maintainer: Martin Meredith <[email protected]>
Changed-By: Felix Geyer <[email protected]>
Description:
 unrar      - Unarchiver for .rar files (non-free version)
Closes: 774171
Changes:
 unrar-nonfree (1:5.2.7-0.1) unstable; urgency=high
 .
   * Non-maintainer upload.
   * New upstream release
     - Fixes a symlink directory traversal vulnerability (Closes: #774171)
Checksums-Sha1:
 2ec91bf4dffbbae3cdcf8ae53b00c15055e5df43 1767 unrar-nonfree_5.2.7-0.1.dsc
 4d5e067fcc0c7b2395f6decbfd738edc1fb3c2d4 218880 unrar-nonfree_5.2.7.orig.tar.gz
 b40e6e667a16b54bb9e6f5a48337eefe94ce4036 5624 
unrar-nonfree_5.2.7-0.1.debian.tar.xz
Checksums-Sha256:
 347db2aa5ff287712fce01b72684d0deb45aa3ecafc406a22bf635a3d6282d37 1767 
unrar-nonfree_5.2.7-0.1.dsc
 ef14757e943787b439fedf2c564c1f38d0db315528a928e0de170860717e2fac 218880 
unrar-nonfree_5.2.7.orig.tar.gz
 01c9fc01e84f3973db77d3d877782683e4d6b98b597dab86c5c1d0efa8d8e8f6 5624 
unrar-nonfree_5.2.7-0.1.debian.tar.xz
Files:
 263d0472a2fb111e12d54ea8cdc176f3 1767 non-free/utils optional 
unrar-nonfree_5.2.7-0.1.dsc
 0c145e1ac47d428553123462c0740279 218880 non-free/utils optional 
unrar-nonfree_5.2.7.orig.tar.gz
 233d3e6a49b4e8d9d1dd581553c2cd2c 5624 non-free/utils optional 
unrar-nonfree_5.2.7-0.1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJVHGDVAAoJEP4ixv2DE11FEucQAI2npGx9lCrhkwpGLq+AiQxJ
iniTDx30/CQ84jThHDA9wM3VrfUD/8F2gZtnYoRG42M4qoO3MHevWg3R13b9i7bV
mueE39cCw4atlFSzu+0YxlkwqAYn9IFA3xOyZXoT4Ptuc7pRRlWGWnuW5dvYAvLo
Cxx1e5hR9+3JNBpgCsiWzJQRe/Jxg72WqE2Ek8TS39A4ox/kQ5OF10J7ZclyUVZ3
33RvB0ffB61pI2QQStm0XLNLVdXP8nQJib/DnC8COSU28UQsNqjcCNPlKH1a0FJZ
olmcHOEKYz7bJGM9h3NfU1uD7z/EmdGn0SiugQtl8Abx3hM04MoAm/FhihJSDQaA
tKWaMbif0shV4pBzbnhdUTQ59jov7XtzVs0r/wii11hDxS78aiQGBGsJ9F5nA9FS
iSmadLKWewmQU0RjswaJ9ELneuqb8ZTtFCqZdNPYMW0II47387JX+M+/lZT6caYl
j4MPoGdCabLtYCURhNQVjhe670DBHb4pMjqOHYMZcCxTWQ86qU0vXxS9WclHP6gU
hpNo0+CLPmTsoVvJQFyx+I2QdPYoXFqteYgGIgByMIhdPwoBSD8UJ83huiM6BCFG
YhuFMBzptExNC0bdFYuS8wz4vqqMWNtS69bPHE6HdnVKeeAND1F8PuxiLgeFhmsd
ikrdDcy+fBH0KTnAs0cI
=zx+T
-----END PGP SIGNATURE-----

--- End Message ---

Bug#774171: marked as done (unrar: symlink directory traversal)

Reply via email to