+- Red Security (https://redsecurity.info/cc)
+-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1)
+--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4)
+--- Thread: News "Zip-Slip" Critical Vulnerability in Zip (/showthread.php?tid=586)
"Zip-Slip" Critical Vulnerability in Zip - Mad-Architect - 06-06-2018
A critical vulnerability was exploited in the last few days by security researchers that spans multiple coding libraries. The exploit was discovered within "Synk", the "Zip-Slip" as it is being called, occurred because of how users implemented libraries in plugins when they decompress an archived file. A lot of Archive formats are affected by this exploit, including tar, jar, war, cpio, apk, and 7z.
This specific bug is causing files to unzip in unattended locations. It can cause an arbitrary file overwrite and directory traversal. An attacker can unzip files outside of the intended location which is in some cases might overwrite sensitive files of an operation system which could allow the attacker to utilize a buffer overflow attack or crash critical programs.
"The two parts to this required for this exploit to work is a malicious archive and extraction code that does not perform validation checking" as reported by the Synk team a day or so ago.
The same team has also reported that some libraries attached to GitHub, these ones written in programming languages such as JavaScript, Python, Ruby, .NET, GoLang and Groovy. The bug mainly affects the Java ecosystem.
The Synk team has published a technical paper going over the the bug and how it affects systems.
---Sh7nk-Z0id