Bug 606442 (CVE-2005-1080)

Summary: CVE-2005-1080 jar: directory traversal vulnerability
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: ahughes, aph, bressers, dbhole, jerboaa, jpechane, jvanek, langel, lkundrak, mark, omajid, rruss, vkaigoro
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard: impact=low,public=20050104,reported=20100520,source=oss-security,cvss2=2.6/AV:N/AC:H/Au:N/C:N/I:P/A:N,cwe=CWE-22,rhel-5/java-1.6.0-openjdk=affected,rhel-6/java-1.6.0-openjdk=affected,rhel-7/java-1.6.0-openjdk=affected,rhel-5/java-1.7.0-openjdk=affected,rhel-6/java-1.7.0-openjdk=affected,rhel-7/java-1.7.0-openjdk=affected,rhel-6/java-1.8.0-openjdk=affected,rhel-7/java-1.8.0-openjdk=affected,rhel-5/java-1.6.0-sun=affected,rhel-6/java-1.6.0-sun=affected,rhel-7/java-1.6.0-sun=affected,rhel-5/java-1.7.0-oracle=affected,rhel-6/java-1.7.0-oracle=affected,rhel-7/java-1.7.0-oracle=affected,rhel-6/java-1.8.0-oracle=affected,rhel-7/java-1.8.0-oracle=affected,rhel-5/java-1.5.0-ibm=affected,rhel-6/java-1.5.0-ibm=affected,rhel-5/java-1.6.0-ibm=affected,rhel-6/java-1.6.0-ibm=affected,rhel-5/java-1.7.0-ibm=affected,rhel-6/java-1.7.1-ibm=affected,rhel-7/java-1.7.1-ibm=affected
Fixed In Version: IcedTea6 1.13.7, IcedTea7 2.5.5 Doc Type: Bug Fix
Doc Text:
A directory traversal flaw was found in the way the jar tool extracted JAR archive files. A specially crafted JAR archive could cause jar to overwrite arbitrary files writable by the user running jar when the archive was extracted.
Story Points: ---
Clone Of: Environment:
Last Closed: 2015-05-20 16:39:37 EDT Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Bug Depends On: 601816, 601824    
Bug Blocks: 1180590, 1209063    

Description Vincent Danen 2010-06-21 11:52:15 EDT
Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2, 1.5 allows remote attackers to write arbitrary files via a .. (dot dot) in filenames in a .jar file.

Initially the directory traversal flaw was reported for fastjar (see bug #594497) but was later found to also affect jar.  The vulnerability in jar was reported in January 2005 but was never corrected upstream (CVE-2005-1080).  Bug #594497 has a test script to determine if the vulnerability is present in jar as well as fastjar.
Comment 2 Vincent Danen 2010-06-21 12:00:23 EDT
Created java-1.6.0-openjdk tracking bugs for this issue

Affects: fedora-all [bug 601824]
Comment 3 Vincent Danen 2010-06-21 12:00:34 EDT
Statement:

(none)
Comment 4 Tomas Hoger 2015-04-14 15:59:39 EDT
*** Bug 1180589 has been marked as a duplicate of this bug. ***
Comment 5 errata-xmlrpc 2015-04-14 16:18:45 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5

Via RHSA-2015:0807 https://rhn.redhat.com/errata/RHSA-2015-0807.html
Comment 6 errata-xmlrpc 2015-04-15 11:16:04 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:0809 https://rhn.redhat.com/errata/RHSA-2015-0809.html
Comment 7 errata-xmlrpc 2015-04-15 12:58:00 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:0808 https://rhn.redhat.com/errata/RHSA-2015-0808.html
Comment 8 errata-xmlrpc 2015-04-15 12:58:28 EDT
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 7
  Red Hat Enterprise Linux 6

Via RHSA-2015:0806 https://rhn.redhat.com/errata/RHSA-2015-0806.html
Comment 9 Tomas Hoger 2015-04-16 08:40:20 EDT
This issue was fixed in Oracle Java SE 6u95, 7u79, and 8u45, released with the Oracle Critical Patch Update - April 2015.  Oracle assigned different / duplicate CVE id for this issue - CVE-2015-0480 (bug 1211504).

http://www.oracle.com/technetwork/topics/security/cpuapr2015-2365600.html#AppendixJAVA
Comment 11 errata-xmlrpc 2015-04-17 06:29:07 EDT
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2015:0854 https://rhn.redhat.com/errata/RHSA-2015-0854.html
Comment 12 errata-xmlrpc 2015-04-20 10:08:31 EDT
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2015:0857 https://rhn.redhat.com/errata/RHSA-2015-0857.html
Comment 13 errata-xmlrpc 2015-04-20 10:28:15 EDT
This issue has been addressed in the following products:

  Oracle Java for Red Hat Enterprise Linux 5
  Oracle Java for Red Hat Enterprise Linux 7
  Oracle Java for Red Hat Enterprise Linux 6

Via RHSA-2015:0858 https://rhn.redhat.com/errata/RHSA-2015-0858.html
Comment 14 errata-xmlrpc 2015-05-13 09:33:23 EDT
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:1007 https://rhn.redhat.com/errata/RHSA-2015-1007.html
Comment 15 errata-xmlrpc 2015-05-13 09:35:24 EDT
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 5

Via RHSA-2015:1006 https://rhn.redhat.com/errata/RHSA-2015-1006.html
Comment 16 errata-xmlrpc 2015-05-20 14:36:35 EDT
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 5
  Supplementary for Red Hat Enterprise Linux 6

Via RHSA-2015:1021 https://rhn.redhat.com/errata/RHSA-2015-1021.html
Comment 17 errata-xmlrpc 2015-05-20 15:06:09 EDT
This issue has been addressed in the following products:

  Supplementary for Red Hat Enterprise Linux 6
  Supplementary for Red Hat Enterprise Linux 7

Via RHSA-2015:1020 https://rhn.redhat.com/errata/RHSA-2015-1020.html
Comment 18 errata-xmlrpc 2015-06-11 09:21:45 EDT
This issue has been addressed in the following products:

  Red Hat Satellite Server v 5.6
  Red Hat Satellite Server v 5.7

Via RHSA-2015:1091 https://rhn.redhat.com/errata/RHSA-2015-1091.html