Paolo Bacchilega file-roller up to 3.9.2 fr-archive-libarchive.c extract_archive_thread path traversal
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 5.2 | $0-$5k | 0.00 |
Summary
A vulnerability, which was classified as problematic, has been found in Paolo Bacchilega file-roller up to 3.9.2. This impacts the function extract_archive_thread of the file fr-archive-libarchive.c. Performing a manipulation results in path traversal.
This vulnerability is identified as CVE-2013-4668. There is not any exploit available.
It is advisable to upgrade the affected component.
Details
A vulnerability, which was classified as problematic, was found in Paolo Bacchilega file-roller up to 3.9.2. This affects the function extract_archive_thread of the file fr-archive-libarchive.c. The manipulation with an unknown input leads to a path traversal vulnerability. CWE is classifying the issue as CWE-22. The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. This is going to have an impact on confidentiality, and integrity. The summary by CVE is:
Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.
The weakness was released 07/08/2013 by Yorick Koster with Akita Software Security as not defined mailinglist post (oss-sec). The advisory is shared at seclists.org. The public release was coordinated with Paolo Bacchilega. This vulnerability is uniquely identified as CVE-2013-4668 since 06/24/2013. The exploitability is told to be easy. It is possible to initiate the attack remotely. The successful exploitation needs a authentication. Technical details are known, but no exploit is available. MITRE ATT&CK project uses the attack technique T1006 for this issue.
The vulnerability scanner Nessus provides a plugin with the ID 68897 (Fedora 19 : file-roller-3.8.3-1.fc19 (2013-12667)), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Fedora Local Security Checks. The commercial vulnerability scanner Qualys is able to test this issue with plugin 166098 (SUSE Security Update for file-roller (openSUSE-SU-2013:1281-1)).
Upgrading to version 3.6.4 eliminates this vulnerability. Applying a patch is able to eliminate this problem. The bugfix is ready for download at git.gnome.org. The best possible mitigation is suggested to be upgrading to the latest version. A possible mitigation has been published even before and not after the disclosure of the vulnerability.
The vulnerability is also documented in the databases at X-Force (85483), Tenable (68897), SecurityFocus (BID 61008†), OSVDB (94939†) and Secunia (SA53853†). If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 5.4VulDB Meta Temp Score: 5.2
VulDB Base Score: 5.4
VulDB Temp Score: 5.2
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Path traversalCWE: CWE-22
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 68897
Nessus Name: Fedora 19 : file-roller-3.8.3-1.fc19 (2013-12667)
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 866414
OpenVAS Name: Fedora Update for file-roller FEDORA-2013-12653
OpenVAS File: 🔍
OpenVAS Family: 🔍
Qualys ID: 🔍
Qualys Name: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: UpgradeStatus: 🔍
0-Day Time: 🔍
Upgrade: file-roller 3.6.4
Patch: git.gnome.org
Timeline
06/17/2013 🔍06/24/2013 🔍
07/08/2013 🔍
07/08/2013 🔍
07/08/2013 🔍
07/08/2013 🔍
07/10/2013 🔍
07/16/2013 🔍
07/18/2013 🔍
07/23/2013 🔍
12/25/2024 🔍
Sources
Advisory: seclists.orgResearcher: Yorick Koster
Organization: Akita Software Security
Status: Confirmed
Confirmation: 🔍
Coordinated: 🔍
CVE: CVE-2013-4668 (🔍)
GCVE (CVE): GCVE-0-2013-4668
GCVE (VulDB): GCVE-100-9381
OVAL: 🔍
X-Force: 85483
SecurityFocus: 61008 - File Roller CVE-2013-4668 Multiple Directory Traversal Vulnerabilities
Secunia: 53853 - File Roller Archive Handling Directory Traversal Vulnerability, Less Critical
OSVDB: 94939
Vulnerability Center: 40661 - File Roller 3.6.0 - 3.6.3, 3.8.0 - 3.8.2, 3.9.0 - 3.9.2 Remote Directory Traversal Vulnerability, Medium
Entry
Created: 07/10/2013 12:59Updated: 12/25/2024 13:33
Changes: 07/10/2013 12:59 (85), 05/18/2021 07:44 (3), 12/25/2024 13:33 (22)
Complete: 🔍
Committer:
Cache ID: 216::103
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
No comments yet. Languages: en.
Please log in to comment.