FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cabextract -- directory traversal with UTF-8 symbols in filenames

Affected packages
cabextract < 1.6

Details

VuXML ID cfb12f02-06e1-11e5-8fda-002590263bf5
Discovery 2015-02-18
Entry 2015-05-31

Cabextract ChangeLog reports:

It was possible for cabinet files to extract to absolute file locations, and it was possible on Cygwin to get around cabextract's absolute and relative path protections by using backslashes.

[source]

References

CVE Name CVE-2015-2060
Message http://www.openwall.com/lists/oss-security/2015/02/18/3
URL http://www.cabextract.org.uk/#changes

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.