CVE-2010-2322

Publication date 18 June 2010

Last updated 24 July 2024

Ubuntu priority

Absolute path traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a full pathname for a file within a .jar archive, a related issue to CVE-2010-0831. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619.

Read the notes from the security team

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
fastjar	10.04 LTS lucid	Fixed 2:0.98-1ubuntu0.10.04.1
	9.10 karmic	Fixed 2:0.98-1ubuntu0.9.10.1
	9.04 jaunty	Fixed 2:0.97-3ubuntu0.1
	8.04 LTS hardy	Fixed 2:0.95-1ubuntu2.1
	6.06 LTS dapper	Not in release

How can I get the fixes?
What do statuses mean?

Notes

kees

I think this was fixed along with CVE-2010-0831 in USN-953-1

mdeslaur

confirmed, it was fixed with USN-953-1 for jar in openjdk-6, see CVE-2005-1080

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2010-2322