#zipslip

Kizer knives version of the UK legal ZipSlip slipjoint by Michael Vagnino in Nc690

via @heinniehaynes

On April 15th in 2018, a cybersecurity research team (going by the name Snyk), privately disclosed a vulnerability to multiple projects that had a vulnerability.

The vulnerability went by the name of Zipslip. Snyk’s website (snyk.io) says the following: “Zip Slip is a form of directory traversal that can be exploited by extracting files from an archive. The premise of the directory traversal vulnerability is that an attacker can gain access to parts of the file system outside of the target folder in which they should reside. The attacker can then overwrite executable files and either invoke them remotely or wait for the system or user to call them, thus achieving remote command execution on the victim’s machine.”

Zipslip is a vulnerability that takes advantage of parent directory’s (accessed by using “../” when navigating in paths). It basically names a folder (i.e.) “../../../../../windows/” & puts a file in it named “someimportantfile.dll”. This will go up 5 folders to then (in the folder it got itself into) open the folder “windows” and then overwrites the file “someimportantfile.dll” to put its own version in it. This way, criminals can break your computer, or they could replace your firefox.exe with a version that also contains malware.

Although this method has been known about for very long, it became an issue when Snyk found out a lot of big tools hadn’t resolved this problem yet.

The issue became even more common in stuff that was writing in Java because that language didn’t offer a “central library containing high level processing of archive files”. This means that the language doesn’t make it all that easy to defend yourself against this attack when designing the software.

Zip Slip