Vulnerability CVE-2015-0556: Information

Description

Open-source ARJ archiver 3.10.22 allows remote attackers to conduct directory traversal attacks via a symlink attack in an ARJ archive.

Severity: MEDIUM (5.8)

URL: https://nvd.nist.gov/vuln/detail/CVE-2015-0556

Published: April 8, 2015

Modified: July 1, 2017

Error type identifier: CWE-59

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
arj	sisyphus	3.10.22-alt8	3.10.22-alt9	ALT-PU-2022-2889-1	308725	Fixed
arj	sisyphus_e2k	3.10.22-alt8	3.10.22-alt9	ALT-PU-2022-6685-1	-	Fixed
arj	sisyphus_mipsel	3.10.22-alt8	3.10.22-alt9	ALT-PU-2022-6732-1	-	Fixed
arj	sisyphus_riscv64	3.10.22-alt8	3.10.22-alt9	ALT-PU-2022-6736-1	-	Fixed
arj	p10	3.10.22-alt9	3.10.22-alt9	ALT-PU-2022-2941-1	308983	Fixed
arj	p10_e2k	3.10.22-alt9	3.10.22-alt9	ALT-PU-2022-6796-1	-	Fixed
arj	c10f1	3.10.22-alt9	3.10.22-alt9	ALT-PU-2022-2941-1	308983	Fixed
arj	c9f2	3.10.22-alt9	3.10.22-alt9	ALT-PU-2022-3067-1	309706	Fixed

Hyperlink	Resource
[oss-security] 20150105 Re: CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash	Exploit
[oss-security] 20150103 CVE Request: arj: symlink directory traversal and directory traversal via //multiple/leading/slash	Exploit
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=774434	Exploit
DSA-3213
MDVSA-2015:201
FEDORA-2015-5603
FEDORA-2015-5546
FEDORA-2015-5524
71860
GLSA-201612-15

Version: v24.4.2