Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unace | E-merge | 1.2b (including) | 1.2b (including) |
| Unace | Ubuntu | dapper | * |
| Unace | Ubuntu | devel | * |
| Unace | Ubuntu | edgy | * |
| Unace | Ubuntu | feisty | * |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html
- http://secunia.com/advisories/14359
- http://www.novell.com/linux/security/advisories/2005_16_sr.html
- http://www.securityfocus.com/bid/12628
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html
- http://secunia.com/advisories/14359
- http://www.novell.com/linux/security/advisories/2005_16_sr.html
- http://www.securityfocus.com/bid/12628