FreeBSD : unzoo -- Directory Traversal Vulnerability (5a945904-73b1-11db-91d2-0002a5c2f4ef)
Medium Nessus Plugin ID 23663
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionSecunia reports :
Doubles has discovered a vulnerability in Unzoo, which potentially can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to an input validation error when unpacking archives. This can be exploited via a directory traversal attack to overwrite files outside the directory, where the files are extracted to, if a user is tricked into extracting a malicious archive using Unzoo.
SolutionUpdate the affected package.