FreeBSD : p7zip -- directory traversal vulnerability (8f5c9dd6-5cac-11e5-9ad8-14dae9d210b8)

Medium Nessus Plugin ID 85966


The remote FreeBSD host is missing a security-related update.


Alexander Cherepanov reports :

7z (and 7zr) is susceptible to a directory traversal vulnerability.
While extracting an archive, it will extract symlinks and then follow them if they are referenced in further entries. This can be exploited by a rogue archive to write files outside the current directory.


Update the affected package.

See Also

Plugin Details

Severity: Medium

ID: 85966

File Name: freebsd_pkg_8f5c9dd65cac11e59ad814dae9d210b8.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2015/09/17

Modified: 2015/09/17

Dependencies: 12634

Risk Information

Risk Factor: Medium


Base Score: 5.8

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:p7zip, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 2015/09/16

Vulnerability Publication Date: 2015/01/05

Reference Information

CVE: CVE-2015-1038