Vulnerabilities > CVE-2021-29488 - Relative Path Traversal vulnerability in Sabnzbd

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

sabnzbd

CWE-23

NVD

Published: 2021-05-07

Updated: 2021-05-19

Summary

SABnzbd is an open source binary newsreader. A vulnerability was discovered in SABnzbd that could trick the `filesystem.renamer()` function into writing downloaded files outside the configured Download Folder via malicious PAR2 files. A patch was released as part of SABnzbd 3.2.1RC1. As a workaround, limit downloads to NZBs without PAR2 files, deny write permissions to the SABnzbd process outside areas it must access to perform its job, or update to a fixed version.

Vulnerable Configurations

Part	Description	Count
Application	Sabnzbd Sabnzbd Sabnzbd - Sabnzbd Sabnzbd 0.6.0 Sabnzbd Sabnzbd 0.6.1 Sabnzbd Sabnzbd 0.6.2 Sabnzbd Sabnzbd 0.6.3 Sabnzbd Sabnzbd 0.6.4 Sabnzbd Sabnzbd 0.6.5 Sabnzbd Sabnzbd 0.6.6 Sabnzbd Sabnzbd 0.6.7 Sabnzbd Sabnzbd 0.6.8 Sabnzbd Sabnzbd 0.6.9 Sabnzbd Sabnzbd 0.6.10 Sabnzbd Sabnzbd 0.6.11 Sabnzbd Sabnzbd 0.6.12 Sabnzbd Sabnzbd 0.6.14 Sabnzbd Sabnzbd 0.6.15 Sabnzbd Sabnzbd 0.7.0 Sabnzbd Sabnzbd 0.7.1 Sabnzbd Sabnzbd 0.7.2 Sabnzbd Sabnzbd 0.7.3 Sabnzbd Sabnzbd 0.7.4 Sabnzbd Sabnzbd 0.7.5 Sabnzbd Sabnzbd 0.7.6 Sabnzbd Sabnzbd 0.7.7 Sabnzbd Sabnzbd 0.7.8 Sabnzbd Sabnzbd 0.7.9 Sabnzbd Sabnzbd 0.7.10 Sabnzbd Sabnzbd 0.7.11 Sabnzbd Sabnzbd 0.7.12 Sabnzbd Sabnzbd 0.7.13 Sabnzbd Sabnzbd 0.7.14 Sabnzbd Sabnzbd 0.7.15 Sabnzbd Sabnzbd 0.7.16 Sabnzbd Sabnzbd 0.7.17 Sabnzbd Sabnzbd 0.7.18 Sabnzbd Sabnzbd 0.7.19 Sabnzbd Sabnzbd 0.7.20 Sabnzbd Sabnzbd 1.0.0 Sabnzbd Sabnzbd 1.0.1 Sabnzbd Sabnzbd 1.0.2 Sabnzbd Sabnzbd 1.0.3 Sabnzbd Sabnzbd 1.1.0 Sabnzbd Sabnzbd 1.1.1 Sabnzbd Sabnzbd 1.2.0 Sabnzbd Sabnzbd 1.2.1 Sabnzbd Sabnzbd 1.2.2 Sabnzbd Sabnzbd 1.2.3 Sabnzbd Sabnzbd 2.0.0 Sabnzbd Sabnzbd 2.0.1 Sabnzbd Sabnzbd 2.1.0 Sabnzbd Sabnzbd 2.2.0 Sabnzbd Sabnzbd 2.2.1 Sabnzbd Sabnzbd 2.3.0 Sabnzbd Sabnzbd 2.3.1 Sabnzbd Sabnzbd 2.3.2 Sabnzbd Sabnzbd 2.3.3 Sabnzbd Sabnzbd 2.3.4 Sabnzbd Sabnzbd 2.3.5 Sabnzbd Sabnzbd 2.3.6 Sabnzbd Sabnzbd 2.3.7 Sabnzbd Sabnzbd 2.3.8 Sabnzbd Sabnzbd 2.3.9 Sabnzbd Sabnzbd 3.0.0 Sabnzbd Sabnzbd 3.0.1 Sabnzbd Sabnzbd 3.0.2 Sabnzbd Sabnzbd 3.1.0 Sabnzbd Sabnzbd 3.1.1 Sabnzbd Sabnzbd 3.2.0	202
OS	Microsoft Microsoft Windows -	1
OS	Apple Apple Macos -	1
OS	Linux Linux Linux Kernel -	1

Common Weakness Enumeration (CWE)

CWE-23 - Relative Path Traversal

Common Attack Pattern Enumeration and Classification (CAPEC)

File System Function Injection, Content Based
An attack of this type exploits the host's trust in executing remote content including binary files. The files are poisoned with a malicious payload (targeting the file systems accessible by the target software) by the attacker and may be passed through standard channels such as via email, and standard web content like PDF and multimedia files. The attacker exploits known vulnerabilities or handling routines in the target processes. Vulnerabilities of this type have been found in a wide variety of commercial applications from Microsoft Office to Adobe Acrobat and Apple Safari web browser. When the attacker knows the standard handling routines and can identify vulnerabilities and entry points they can be exploited by otherwise seemingly normal content. Once the attack is executed, the attackers' program can access relative directories such as C:\Program Files or other standard system directories to launch further attacks. In a worst case scenario, these programs are combined with other propagation logic and work as a virus.
Manipulating Input to File System Calls
An attacker manipulates inputs to the target software which the target software passes to file system calls in the OS. The goal is to gain access to, and perhaps modify, areas of the file system that the target software did not intend to be accessible.

References

https://github.com/sabnzbd/sabnzbd/security/advisories/GHSA-jwj3-wrvf-v3rp