Bug 1098354 - (CVE-2018-1002209) VUL-0: CVE-2018-1002209: quazip: arbitrary file write vulnerability achieved by using a specially crafted zip archive
(CVE-2018-1002209)
VUL-0: CVE-2018-1002209: quazip: arbitrary file write vulnerability achieved ...
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE Distribution
Classification: openSUSE
Component: Security
Leap 15.1
Other Other
: P3 - Medium : Normal (vote)
: ---
Assigned To: Cristian Rodríguez
Security Team bot
https://smash.suse.de/issue/208490/
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2018-06-20 08:13 UTC by Alexander Bergmann
Modified: 2022-04-18 07:02 UTC (History)
1 user (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2018-06-20 08:13:13 UTC
rh#1593011

A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Of course if an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. This affects multiple libraries that lacks of a high level APIs that provide the archive extraction functionality.


References:
https://snyk.io/research/zip-slip-vulnerability

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1593011
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-1002209
Comment 1 Christophe Giboudeaux 2022-04-18 07:02:01 UTC
Addressed years ago. None of the supported openSUSE version ships quazip < 0.7.6