The _g_file_remove_directory function in file-utils.c in File Roller 3.5.4 through 3.20.2 allows remote attackers to delete arbitrary files via a symlink attack on a folder in an archive.

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - file-roller: Path traversal vulnerability when opening crafted archive (CVE-2016-7162)

  - An issue was discovered in GNOME file-roller before 3.29.91. It allows a single ./../ path traversal via a     filename contained in a TAR archive, possibly overwriting a file during extraction. (CVE-2019-16680)

  - fr-archive-libarchive.c in GNOME file-roller through 3.36.1 allows Directory Traversal during extraction     because it lacks a check of whether a file's parent is a symlink to a directory outside of the intended     extraction location. (CVE-2020-11736)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

This plugin has been deprecated as it does not adhere to established standards for this style of check.

According to the version of the file-roller packages installed, the EulerOS installation on the remote host is affected by the following vulnerability :

  - The _g_file_remove_directory function in file-utils.c     in File Roller 3.5.4 through 3.20.2 allows remote     attackers to delete arbitrary files via a symlink     attack on a folder in an archive.(CVE-2016-7162)

Note that Tenable Network Security has extracted the preceding description block directly from the EulerOS security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

reports :

File Roller 3.5.4 through 3.20.2 was affected by a path traversal bug that could result in deleted files if a user were tricked into opening a malicious archive.

This update for file-roller fixes the following issue :

  - CVE-2016-7162: Do not follow symlinks when deleting a     folder recursively. (boo#997822, bgo#698554)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-3074-1 advisory.

    It was discovered that File Roller incorrectly handled symlinks. If a user were tricked into extracting a     specially-crafted archive, an attacker could delete files outside of the extraction directory.

Tenable has extracted the preceding description block directly from the Ubuntu security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
199811	RHEL 7 : file-roller (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
195790	RHEL 7 : file-roller (Unpatched Vulnerability) (deprecated)	Nessus	Red Hat Local Security Checks	high
140902	EulerOS 2.0 SP3 : file-roller (EulerOS-SA-2020-2135)	Nessus	Huawei Local Security Checks	high
93988	FreeBSD : file-roller -- path traversal vulnerability (ad479f89-9020-11e6-a590-14dae9d210b8)	Nessus	FreeBSD Local Security Checks	high
93599	openSUSE Security Update : file-roller (openSUSE-2016-1097)	Nessus	SuSE Local Security Checks	high
93398	Ubuntu 14.04 LTS / 16.04 LTS : File Roller vulnerability (USN-3074-1)	Nessus	Ubuntu Local Security Checks	high

Detections

Analytics

CVE-2016-7162

high

Tenable Plugins

high

high

high

high

high

high