Check Point Advisories

WinACE RAR and TAR Directory Traversal (CVE-2006-0981)

Check Point Reference: CPAI-2006-163
Date Published: 24 Feb 2010
Severity: Medium
Last Updated: Wednesday 24 February, 2010
Source:
Industry Reference:CVE-2006-0981
Protection Provided by:

Security Gateway
R81, R80, R77, R75
Who is Vulnerable?
Vulnerability Description WinACE Archiver is an application that can compress to and decompress from various archive formats. The compression mainly supports ACE, LZA, MS-CAB, ZIP archive formats, however the decompression support includes a wider range of compression formats including TAR, RAR, and others. There exists a directory traversal vulnerability in the WinACE application. The flaw is caused by an improper handling of the path name of archived files in TAR and RAR archives. By persuading a user to open a crafted archive with the affected application, an attacker may place files in arbitrary locations on the target system, which may lead to code execution. Exploitation of this vulnerability will generally result in the creation and/or overwriting of arbitrary files on the target file system. File system access is dependent on the privileges of the currently logged in user. The behavior of the target system highly depends on the intention of the attacker. If the currently logged in user has permission to overwrite system files, the operating system stability may be affected if critical system files are overwritten.

Protection Overview

This protection will detect and block attempts to exploit this vulnerability.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, click on Protection tab and select the version of your choice.

Security Gateway R80 / R77 / R75

  1. In the IPS tab, click Protections and find the WinACE RAR and TAR Directory Traversal protection using the Search tool and Edit the protection's settings.
  2. Install policy on all Security Gateways.

This protection's log will contain the following information:

Attack Name:  Content Protection Violation.
Attack Information:  WinACE RAR and TAR directory traversal

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK