CVE-2016-5725 – JCraft/JSch Java Secure Channel 0.1.53 - Recursive sftp-get Directory Traversal

https://notcve.org/view.php?id=CVE-2016-5725

Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command. Vulnerabilidad de salto de directorio en JCraft JSch en versiones anteriores a 0.1.54 en Windows, cuando el modo es ChannelSftp.OVERWRITE, permite a servidores SFTP remotos escribir a archivos arbitrarios a través de una .. \ (punto punto barra hacia atrás) en una respuesta a un comando GET recursivo. A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process. A malicious sftp server may force a client-side relative path traversal in jsch's implementation for recursive sftp-get allowing the server to write files outside the clients download basedir with effective permissions of the jsch sftp client process. • https://www.exploit-db.com/exploits/40411 http://packetstormsecurity.com/files/138809/jsch-0.1.53-Path-Traversal.html http://seclists.org/fulldisclosure/2016/Sep/53 http://www.jcraft.com/jsch/ChangeLog http://www.securityfocus.com/bid/93100 https://access.redhat.com/errata/RHSA-2017:3115 https://github.com/tintinweb/pub/tree/master/pocs/cve-2016-5725 https://lists.debian.org/debian-lts-announce/2020/04/msg00017.html https://www.oracle.com/security-alerts/cpuApr2021.html http • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •