Family: Debian Local Security Checks --> Category: infos
[DSA652] DSA-652-1 unarj Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Several vulnerabilities have been discovered in unarj, a non-free ARJ
unarchive utility. The Common Vulnerabilities and Exposures Project
identifies the following vulnerabilities:
A buffer overflow has been discovered when handling long file
names contained in an archive. A possible hacker could create a
specially crafted archive which could cause unarj to crash or
possibly execute arbitrary code when being extracted by a victim.
A directory traversal vulnerability has been found so that an
attacker could create a specially crafted archive which would
create files in the parent directory when being extracted by a
victim. When used recursively, this vulnerability could be used
to overwrite critical system files and programs.
For the stable distribution (woody) these problems have been fixed in
For the unstable distribution (sid) these problems don't apply since
unstable/non-free does not contain the unarj package.
We recommend that you upgrade your unarj package.
Solution : http://www.debian.org/security/2005/dsa-652
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.