AOH :: HP Unsorted T :: B06-1515.HTM

Tugzip archive extraction directory traversal

TUGZip Archive Extraction Directory traversal
TUGZip Archive Extraction Directory traversal

TUGZip Archive Extraction Directory traversal 
TUGZip is a powerful award-winning freeware archiving
utility for Windows=C2=AE that provides support for a wide
range of compressed, encoded and disc-image files, as
well as many other very powerful features; all through
an easy to use application interface and Windows
Explorer integration. 
Supports ZIP, 7-ZIP, A, ACE, ARC, ARJ, BH, BZ2, CAB,
RPM, SQX, TAR, TGZ, TBZ, TAZ, YZ1 and ZOO archives. 
Create 7-ZIP, BH, BZ2, CAB, JAR, LHA (LZH), SQX, TAR,
TGZ, YZ1 and ZIP archives. 

The information has been provided by Hamid Ebadi and
Claus Berghammer

( Hamid Network Security Team) : admin[at]hamid[.]ir 
Claus Berghammer : office(at)cb-computerservice(dot)at

The original article can be found at : 

Vulnerable Systems:
TUGZip , TUGZip , TUGZip

Detail :

The vulnerability is caused due to an input validation
error when extracting files compressed with GZ (*.gz),
JAR(*.jar), RAR(*.rar), ZIP(*.zip) .
This makes it possible to have files extracted to
arbitrary locations outside the specified directory
using the "../" directory traversal sequence.

Do not extract untrusted  RAR and JAR and ZIP and GZ
To reduce the risk, never extract files as an
administrative user.

harmless exploit:
use HEAP [Hamid Evil Archive Pack]
you can download it from Hamid Network Security Team : 

want to know more ? 

Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH
We do not send spam. If you have received spam bearing an email address, please forward it with full headers to