Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 537976 (CVE-2015-1386) - <app-arch/unshield-1.4: directory traversal
Summary: <app-arch/unshield-1.4: directory traversal
Status: RESOLVED FIXED
Alias: CVE-2015-1386
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL: https://bugzilla.redhat.com/show_bug....
Whiteboard: B4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2015-01-27 13:33 UTC by Agostino Sarubbo
Modified: 2017-01-01 18:51 UTC (History)
3 users (show)

See Also:
Package list:
=app-arch/unshield-1.4
Runtime testing required: ---
kensington: sanity-check+


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-01-27 13:33:12 UTC
From ${URL} :

Jakub Wilk reports:

Package: unshield
Version: 1.0-1
Tags: security

unshield is vulnerable to directory traversal via "../" sequences. As a 
proof of concept, unpacking the attached InstallShield archive creates a 
file in /tmp:

$ ls /tmp/moo
ls: cannot access /tmp/moo: No such file or directory

$ unshield x data1.cab
Cabinet: data1.cab
 extracting: ./Bovine_Files/../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../../tmp/moo
--------  -------
         1 files

$ ls /tmp/moo
/tmp/moo


-- System Information:
Debian Release: 8.0
 APT prefers unstable
 APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64

Kernel: Linux 3.2.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)


@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Michael Orlitzky gentoo-dev 2016-08-25 15:02:40 UTC
This is still unresolved upstream:

  https://github.com/twogood/unshield/issues/42

I am going to commit a new version of this package anyway; then, when a fix is released, it should be easy to do another bump.
Comment 2 Michael Orlitzky gentoo-dev 2016-12-26 23:30:31 UTC
This is fixed in v1.4, which I've just added to the tree. I can remove the old versions after stabilization.
Comment 3 Thomas Deutschmann gentoo-dev Security 2016-12-26 23:39:43 UTC
@ Arches,

please test and mark stable: =app-arch/unshield-1.4
Comment 4 Aaron Bauman Gentoo Infrastructure gentoo-dev Security 2016-12-28 12:38:57 UTC
amd64 stable
Comment 5 Agostino Sarubbo gentoo-dev 2016-12-29 10:45:46 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please vote.
Comment 6 Michael Orlitzky gentoo-dev 2016-12-29 14:38:36 UTC
The old versions have been removed.
Comment 7 Thomas Deutschmann gentoo-dev Security 2017-01-01 18:51:51 UTC
@ Arches & maintainer(s): Thank you for your work.

GLSA Vote: No