Vulnerabilities > CVE-2007-6610 - Remote Arbitrary Shell Command Injection vulnerability in Debian UNP 1.0.12
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
unp 1.0.12, and other versions before 1.0.14, does not properly escape file names, which might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument. NOTE: this might only be a vulnerability when unp is invoked by a third party product.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family | Gentoo Local Security Checks |
NASL id | GENTOO_GLSA-200801-01.NASL |
description | The remote host is affected by the vulnerability described in GLSA-200801-01 (unp: Arbitrary command execution) Erich Schubert from Debian discovered that unp does not escape file names properly before passing them to calls of the shell. Impact : A remote attacker could entice a user or automated system to unpack a compressed archive with a specially crafted file name, leading to the execution of shell commands from within the filename. That code will be executed with the privileges of the user running unp. Workaround : There is no known workaround at this time. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 29905 |
published | 2008-01-10 |
reporter | This script is Copyright (C) 2008-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/29905 |
title | GLSA-200801-01 : unp: Arbitrary command execution |
code |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 27182 CVE(CAN) ID: CVE-2007-6610 unp是用于在Debian平台下使用的压缩解压文档的perl脚本。 unp处理文件名时存在漏洞,本地攻击者可能利用此漏洞通过诱使用户执行特定操作来提升权限。 unp没有正确地转义文件名,如果执行以下操作的话: touch empty zip \`ls\`.zip empty unp \`ls\`.zip 就会给出目录列表。这意味着任何使用unp进行解压的应用程序都受基于文件名的命令注入攻击的影响。 DebianHelp unp < 1.0.14 厂商补丁: Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200801-01)以及相应补丁: GLSA-200801-01:unp: Arbitrary command execution 链接:<a href=http://security.gentoo.org/glsa/glsa-200801-01.xml target=_blank>http://security.gentoo.org/glsa/glsa-200801-01.xml</a> 所有unp用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/unp-1.0.14" DebianHelp ---------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://www.debianhelp.co.uk/unp.htm target=_blank>http://www.debianhelp.co.uk/unp.htm</a> |
id | SSV:2799 |
last seen | 2017-11-19 |
modified | 2008-01-10 |
published | 2008-01-10 |
reporter | Root |
title | unp文件名远程任意Shell命令注入漏洞 |