CVE-2013-4668 — MEDIUM (5.0)

Q: How severe is CVE-2013-4668?

CVE-2013-4668 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2013-4668?

Check the references section above for vendor advisories and patch information. Affected products include: File Roller Project File Roller, Canonical Ubuntu Linux.

Vulnerability Description

Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafted archive that is not properly handled in a "Keep directory structure" action, related to fr-archive-libarchive.c and fr-window.c.

CVSS Score

5.0

MEDIUM

AV:N/AC:L/Au:N/C:N/I:P/A:N

Confidentiality

NONE

Integrity

PARTIAL

Availability

NONE

Affected Products

Vendor	Product	Versions
File Roller Project	File Roller	>= 3.6.0, < 3.6.4
Canonical	Ubuntu Linux	12.10

Related Weaknesses (CWE)

CWE-22

References

http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.htmlBroken Link
http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.htmlBroken Link
http://secunia.com/advisories/54351Not ApplicableThird Party Advisory
http://www.ocert.org/advisories/ocert-2013-001.htmlThird Party Advisory
http://www.securityfocus.com/bid/61008Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1906-1Third Party Advisory
https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14PatchThird Party Advisory
http://archives.neohapsis.com/archives/bugtraq/2013-07/0039.htmlBroken Link
http://lists.opensuse.org/opensuse-updates/2013-07/msg00095.htmlBroken Link
http://secunia.com/advisories/54351Not ApplicableThird Party Advisory
http://www.ocert.org/advisories/ocert-2013-001.htmlThird Party Advisory
http://www.securityfocus.com/bid/61008Third Party AdvisoryVDB Entry
http://www.ubuntu.com/usn/USN-1906-1Third Party Advisory
https://git.gnome.org/browse/file-roller/commit/?id=b147281293a8307808475e102a14PatchThird Party Advisory

FAQ

What is CVE-2013-4668?

CVE-2013-4668 is a vulnerability with a CVSS score of 5.0 (MEDIUM). Directory traversal vulnerability in File Roller 3.6.x before 3.6.4, 3.8.x before 3.8.3, and 3.9.x before 3.9.3, when libarchive is used, allows remote attackers to create arbitrary files via a crafte...

How severe is CVE-2013-4668?

CVE-2013-4668 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4668?

Check the references section above for vendor advisories and patch information. Affected products include: File Roller Project File Roller, Canonical Ubuntu Linux.