#VU56306 Path traversal in squashfs-tools
Vulnerability identifier: #VU56306
Vulnerability risk: Medium
CVSSv3.1: 7.1 [CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID:
CWE-ID:
CWE-22
Exploitation vector: Network
Exploit availability: No
Vulnerable software:
squashfs-tools
Other software /
Other software solutions
Vendor: plougher
Description
The vulnerability allows a remote user to compromise the affected system.
The vulnerability exists due to input validation error when processing directory traversal sequences within the squashfs_opendir in unsquash-1.c. A remote user can store the filename in the directory entry, which later is used by unsquashfs to create the new file during the unsquash. As a result, it is possible to write files to locations outside of the destination.
Mitigation
Install update from vendor's website.
Vulnerable software versions
squashfs-tools: 4.4 - 4.5
External links
http://bugs.launchpad.net/ubuntu/+source/squashfs-tools/+bug/1941790
http://github.com/plougher/squashfs-tools/commit/79b5a555058eef4e1e7ff220c344d39f8cd09646
http://github.com/plougher/squashfs-tools/issues/72
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RAOZ4BKWAC4Y3U2K5MMW3S77HWWXHQDL/
http://lists.debian.org/debian-lts-announce/2021/08/msg00030.html
http://www.debian.org/security/2021/dsa-4967
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
