|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200411-29] unarj: Long filenames buffer overflow and a path traversal vulnerability Vulnerability Scan
Vulnerability Scan Summary unarj: Long filenames buffer overflow and a path traversal vulnerability
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200411-29
(unarj: Long filenames buffer overflow and a path traversal vulnerability)
unarj has a bounds checking vulnerability within the handling of
long filenames in archives. It also fails to properly sanitize paths
when extracting an archive (if the "x" option is used to preserve
paths).
Impact
A possible hacker could trigger a buffer overflow or a path traversal by
enticing a user to open an archive containing specially-crafted path
names, potentially resulting in the overwrite of files or execution of
arbitrary code with the permissions of the user running unarj.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0947
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1027
Solution:
All unarj users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unarj-2.63a-r2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|