FreeBSD : p7zip -- directory traversal vulnerability (8f5c9dd6-5cac-11e5-9ad8-14dae9d210b8)

This script is Copyright (C) 2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Alexander Cherepanov reports :

7z (and 7zr) is susceptible to a directory traversal vulnerability.
While extracting an archive, it will extract symlinks and then follow
them if they are referenced in further entries. This can be exploited
by a rogue archive to write files outside the current directory.

See also :

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774660
http://www.openwall.com/lists/oss-security/2015/01/11/2
http://sourceforge.net/p/p7zip/bugs/147/
http://www.nessus.org/u?1da8aa9e

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 85966 ()

Bugtraq ID:

CVE ID: CVE-2015-1038

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now