FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

cabextract -- insecure directory handling

Affected packages
		cabextract	<	1.1

Details

VuXML ID	61480a9a-22b2-11d9-814e-0001020eed82
Discovery	2004-10-18
Entry	2004-10-20
Modified	2004-10-22

cabextract has insufficient checks for file names that contain ../. This can cause files to be extracted to the parent directory.

References

CVE Name	CVE-2004-0916
URL	http://www.kyz.uklinux.net/cabextract.php#changes

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.