Overview
This repository provides samples of archive files in various formats that attempt to exploit (hypothetical) directory travesal bugs:
Leading slash:
-rw-r--r-- /tmp/moo
Multiple leading slashes:
-rw-r--r-- //tmp/moo
Leading dot-dot:
-rw-r--r-- ../moo
Non-leading dot-dot:
-rw-r--r-- tmp/../../moo
File symlink:
lrwxrwxrwx moo -> /tmp/moo -rw-r--r-- moo
Directory symlink:
lrwxrwxrwx tmp -> /tmp -rw-r--r-- tmp/moo
Two directory symlinks (variant A):
lrwxrwxrwx cur -> . lrwxrwxrwx par -> cur/.. -rw-r--r-- par/moo
Two directory symlinks (variant B):
lrwxrwxrwx cur -> . lrwxrwxrwx cur/par -> .. -rw-r--r-- par/moo
Found bugs
The samples helped find the following bugs:
- ARJ:
- https://bugs.debian.org/774434 [CVE-2015-0556]
- https://bugs.debian.org/774435 [CVE-2015-0557]
- https://bugs.debian.org/867520
- Zoo:
- ARC:
- https://bugs.debian.org/774527 [CVE-2015-9275]
- gcab:
- https://bugs.debian.org/774580 [CVE-2015-0552]
- UnRAR:
- https://www.openwall.com/lists/oss-security/2017/08/14/3 [CVE-2017-12938]
- Perl (Archive::Tar):
- https://bugs.debian.org/900834 [CVE-2018-12015]
- GNOME Nautilus:
- Ark:
- archiver: