Arch Linux Security Advisory ASA-202107-35
=========================================
Severity: Medium
Date    : 2021-07-20
CVE-ID  : CVE-2021-33896
Package : dino
Type    : directory traversal
Remote  : Yes
Link    : https://security.archlinux.org/AVG-2043

Summary
======
The package dino before version 0.2.1-1 is vulnerable to directory
traversal.

Resolution
=========
Upgrade to 0.2.1-1.

# pacman -Syu "dino>=0.2.1-1"

The problem has been fixed upstream in version 0.2.1.

Workaround
=========
None.

Description
==========
It was discovered that when a user receives and downloads a file in
Dino before version 0.2.1, URI-encoded path separators in the file name
will be decoded, allowing an attacker to traverse directories and
create arbitrary files in the context of the user.

This vulnerability does not allow to overwrite or modify existing files
and the attacker cannot control the executable flag of created files.
However, third-party software may be affected by newly created
configuration files, potentially allowing for code execution.

The file name, including path separators, is displayed to the user,
however, long file names are ellipsized in the middle of the file name,
allowing the attacker to hide the malicious path separators, as long as
the resulting file name has sufficient length.

Impact
=====
A remote attacker could create files in arbitrary locations in the
context of the user by tricking the user into downloading a file with a
crafted file name.

References
=========
https://dino.im/security/cve-2021-33896/
https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994
https://security.archlinux.org/CVE-2021-33896

ArchLinux: 202107-35: dino: directory traversal

July 20, 2021

Summary

It was discovered that when a user receives and downloads a file in Dino before version 0.2.1, URI-encoded path separators in the file name will be decoded, allowing an attacker to traverse directories and create arbitrary files in the context of the user. This vulnerability does not allow to overwrite or modify existing files and the attacker cannot control the executable flag of created files. However, third-party software may be affected by newly created configuration files, potentially allowing for code execution.
The file name, including path separators, is displayed to the user, however, long file names are ellipsized in the middle of the file name, allowing the attacker to hide the malicious path separators, as long as the resulting file name has sufficient length.

Resolution

Upgrade to 0.2.1-1. # pacman -Syu "dino>=0.2.1-1"
The problem has been fixed upstream in version 0.2.1.

References

https://dino.im/security/cve-2021-33896/ https://github.com/dino/dino/commit/1eaad1ccfbd00c6e76650535496531c172453994 https://security.archlinux.org/CVE-2021-33896

Severity
Package : dino
Type : directory traversal
Remote : Yes
Link : https://security.archlinux.org/AVG-2043

Workaround

None.

Related News

23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
5.ShakingHands Esm H320
2 - 3 min read
At The Linux Foundation's Open Source Summit North America , Linus Torvalds, the creator of Linux, discussed various topics related to Linux
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved