Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sleuth Kit tsk_recover Path Traversal
Vulnerability Description
The Sleuth Kit through 4.14.0 contains a path traversal vulnerability in tsk_recover that allows an attacker to write files to arbitrary locations outside the intended recovery directory via crafted filenames or directory paths with path traversal sequences in a filesystem image. An attacker can craft a malicious filesystem image with embedded /../ sequences in filenames that, when processed by tsk_recover, writes files outside the output directory, potentially achieving code execution by overwriting shell configuration or cron entries.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
The Sleuth Kit(TSK) 路径遍历漏洞
Vulnerability Description
The Sleuth Kit(TSK)是Brian Carrier个人开发者的一套数据取证工具集合。该工具能够分析FAT、NTFS、UFS等文件系统,并提供文件系统的详细信息。 The Sleuth Kit(TSK) 4.14.0及之前版本存在路径遍历漏洞,该漏洞源于tsk_recover 组件中程序对文件系统镜像中的文件名与路径校验不足,攻击者可通过构造恶意路径遍历序列实现目录越权,导致任意文件写入。
CVSS Information
N/A
Vulnerability Type
N/A