Red Hat Customer Portal

Skip to main content

CVE-2010-2322

Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

Details Source

Mitre

Statement

The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw.

Public Date

2010-06-06 00:00:00

Impact

Low

Bugzilla

CVE-2010-0831 CVE-2010-2322 fastjar: directory traversal vulnerabilities

Bugzilla ID

594 497

CVSS Status

verified

Base Score

2.60

Base Metrics

AV:N/AC:H/Au:N/C:N/I:P/A:N

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (gcc) RHSA-2011:0025 2011-01-13

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 gcc Not affected
Red Hat Enterprise Linux 5 gcc44 Not affected
Red Hat Enterprise Linux 4 gcc Will not fix
Red Hat Enterprise Linux 4 gcc4 Will not fix