CVE-2013-4668

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html	Broken Link
http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html	Broken Link
http://secunia.com/advisories/54351	Not Applicable Third Party Advisory
http://www.ocert.org/advisories/ocert-2013-001.html	Third Party Advisory
http://www.securityfocus.com/bid/61008	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1906-1	Third Party Advisory
https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631	Patch Third Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html	Broken Link
http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html	Broken Link
http://secunia.com/advisories/54351	Not Applicable Third Party Advisory
http://www.ocert.org/advisories/ocert-2013-001.html	Third Party Advisory
http://www.securityfocus.com/bid/61008	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1906-1	Third Party Advisory
https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631	Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:file_roller_project:file_roller::::::gnome::*
	cpe:2.3:a:file_roller_project:file_roller::::::gnome::*
	cpe:2.3:a:file_roller_project:file_roller::::::gnome::*

Configuration 2 (hide)

OR	cpe:2.3:o:canonical:ubuntu_linux:12.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:13.04:::::::*

History

21 Nov 2024, 01:56

Type	Values Removed	Values Added
References	~~() http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html - Broken Link~~	() http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.html - Broken Link
References	~~() http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html - Broken Link~~	() http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.html - Broken Link
References	~~() http://secunia.com/advisories/54351 - Not Applicable, Third Party Advisory~~	() http://secunia.com/advisories/54351 - Not Applicable, Third Party Advisory
References	~~() http://www.ocert.org/advisories/ocert-2013-001.html - Third Party Advisory~~	() http://www.ocert.org/advisories/ocert-2013-001.html - Third Party Advisory
References	~~() http://www.securityfocus.com/bid/61008 - Third Party Advisory, VDB Entry~~	() http://www.securityfocus.com/bid/61008 - Third Party Advisory, VDB Entry
References	~~() http://www.ubuntu.com/usn/USN-1906-1 - Third Party Advisory~~	() http://www.ubuntu.com/usn/USN-1906-1 - Third Party Advisory
References	~~() https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631 - Patch, Third Party Advisory~~	() https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14857055f81631 - Patch, Third Party Advisory

Information

Published : 2013-07-18 16:51

Updated : 2024-11-21 01:56

NVD link : CVE-2013-4668

Mitre link : CVE-2013-4668

CVE.ORG link : CVE-2013-4668

JSON object : View

Products Affected

canonical

ubuntu_linux

file_roller_project

file_roller

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

5.0 /10