VULHUB ™

A vulnerability has been discovered in Aladdin Systems ZipMagic when handling malicious .tar archives. The problem lies in the handling of pathnames. By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.

A vulnerability has been discovered in Aladdin Systems ZipMagic when handling malicious .tar archives. The problem lies in the handling of pathnames. By specifying a path for an archived item which points outside the expected directory scope, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem. An attacker may take advantage of this vulnerability to cause malicious files to be placed anywhere on a target filesystem.