CVE-2006-0950 - Vulnerability Details - OpenCVE

unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with ".." (dot dot) sequences in a filename.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Unalz	Unalz

Configuration 1 [-]

cpe:2.3:a:unalz:unalz:0.53:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://marc.info/?l=full-disclosure&m=114226632422033&w=2
http://secunia.com/advisories/19063
http://secunia.com/secunia_research/2006-16/
http://securityreason.com/securityalert/575
http://securitytracker.com/id?1015780
http://www.osvdb.org/23835
http://www.securityfocus.com/archive/1/427475/100/0/threaded
http://www.securityfocus.com/bid/17105
http://www.vupen.com/english/advisories/2006/0938
https://exchange.xforce.ibmcloud.com/vulnerabilities/25171

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2006-03-13T19:00:00

Updated: 2024-08-07T16:56:14.681Z

Reserved: 2006-03-01T00:00:00

Link: CVE-2006-0950

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2006-03-13T19:34:00.000

Modified: 2025-04-03T01:03:51.193

Link: CVE-2006-0950

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-03-13T00:00:00", "descriptions": [{"lang": "en", "value": "unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with \"..\" (dot dot) sequences in a filename."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2006-0938", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/0938"}, {"name": "20060313 Secunia Research: unalz Filename Handling", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://marc.info/?l=full-disclosure&m=114226632422033&w=2"}, {"name": "17105", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/17105"}, {"name": "23835", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/23835"}, {"name": "19063", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/19063"}, {"name": "575", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/575"}, {"name": "1015780", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1015780"}, {"name": "unalz-archive-directory-traversal(25171)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25171"}, {"tags": ["x_refsource_MISC"], "url": "http://secunia.com/secunia_research/2006-16/"}, {"name": "20060313 Secunia Research: unalz Filename Handling Directory TraversalVulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/427475/100/0/threaded"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-0950", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with \"..\" (dot dot) sequences in a filename."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2006-0938", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/0938"}, {"name": "20060313 Secunia Research: unalz Filename Handling", "refsource": "FULLDISC", "url": "http://marc.info/?l=full-disclosure&m=114226632422033&w=2"}, {"name": "17105", "refsource": "BID", "url": "http://www.securityfocus.com/bid/17105"}, {"name": "23835", "refsource": "OSVDB", "url": "http://www.osvdb.org/23835"}, {"name": "19063", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/19063"}, {"name": "575", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/575"}, {"name": "1015780", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1015780"}, {"name": "unalz-archive-directory-traversal(25171)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25171"}, {"name": "http://secunia.com/secunia_research/2006-16/", "refsource": "MISC", "url": "http://secunia.com/secunia_research/2006-16/"}, {"name": "20060313 Secunia Research: unalz Filename Handling Directory TraversalVulnerability", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/427475/100/0/threaded"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T16:56:14.681Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2006-0938", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/0938"}, {"name": "20060313 Secunia Research: unalz Filename Handling", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://marc.info/?l=full-disclosure&m=114226632422033&w=2"}, {"name": "17105", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/17105"}, {"name": "23835", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/23835"}, {"name": "19063", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/19063"}, {"name": "575", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/575"}, {"name": "1015780", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1015780"}, {"name": "unalz-archive-directory-traversal(25171)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25171"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://secunia.com/secunia_research/2006-16/"}, {"name": "20060313 Secunia Research: unalz Filename Handling Directory TraversalVulnerability", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/427475/100/0/threaded"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-0950", "datePublished": "2006-03-13T19:00:00", "dateReserved": "2006-03-01T00:00:00", "dateUpdated": "2024-08-07T16:56:14.681Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:unalz:unalz:0.53:*:*:*:*:*:*:*", "matchCriteriaId": "08E4DF9C-395D-47D9-8279-02A8EC696A84", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "unalz 0.53 allows user-assisted attackers to overwrite arbitrary files via an ALZ archive with \"..\" (dot dot) sequences in a filename."}, {"lang": "es", "value": "unalz 0.53 permite a atacantes asistidos por usuario sobrescribir archivos arbitrarios a trav\u00e9s de un archivo ALZ con una secuencia \"..\" (punto punto) en un nombre de archivo."}], "id": "CVE-2006-0950", "lastModified": "2025-04-03T01:03:51.193", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2006-03-13T19:34:00.000", "references": [{"source": "cve@mitre.org", "url": "http://marc.info/?l=full-disclosure&m=114226632422033&w=2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19063"}, {"source": "cve@mitre.org", "url": "http://secunia.com/secunia_research/2006-16/"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/575"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1015780"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/23835"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/427475/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/17105"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0938"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25171"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://marc.info/?l=full-disclosure&m=114226632422033&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "http://secunia.com/advisories/19063"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/secunia_research/2006-16/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/575"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1015780"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/23835"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/427475/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/17105"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2006/0938"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25171"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}