Red Hat Bugzilla – Bug 138836
CAN-2004-1027 unarj directory traversal issue
Last modified: 2007-11-30 17:10:54 EST
This message was posted to full-disclosure
after decoding it, it basically says there is a directory traversal
hole in unarj.
It is possible for an attacker to create a specially crafted arj
archive, which when a user extracts with the x flag, it is possible
for a file to be placed anywhere the user running arj has write
Created attachment 106504 [details]
Demo exploit for this issue.
You have to give unarj the 'x' option to see the result of this exploit. It
will try to stick a file in /etc called foo.