Vulners
Lucene search
GLSA-201701-69 : Ark: Unintended execution of scripts and executable files
| Reporter | Title | Published | Views | Family All 20 |
|---|---|---|---|---|
 | [ASA-201701-18] ark: arbitrary command execution | 13 Jan 201700:00 | – | archlinux |
 | KDE Ark Arbitrary Code Execution Vulnerability | 13 Jan 201700:00 | – | cnvd |
 | CVE-2017-5330 | 27 Mar 201715:00 | – | cve |
 | CVE-2017-5330 | 27 Mar 201715:00 | – | cvelist |
 | CVE-2017-5330 | 27 Mar 201715:00 | – | debiancve |
 | EUVD-2017-14435 | 7 Oct 202500:30 | – | euvd |
 | [SECURITY] Fedora 25 Update: ark-16.08.3-2.fc25 | 19 Jan 201705:57 | – | fedora |
 | Fedora 25 : ark (2017-77ab791c90) | 19 Jan 201700:00 | – | nessus |
| openSUSE Security Update : ark (openSUSE-2017-92) | 17 Jan 201700:00 | – | nessus |
 | Ark: Unintended execution of scripts and executable files | 29 Jan 201700:00 | – | gentoo |
10
| Source | Link |
|---|---|
| security | www.security.gentoo.org/glsa/201701-69 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 201701-69.
#
# The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(96855);
script_version("3.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/02");
script_cve_id("CVE-2017-5330");
script_xref(name:"GLSA", value:"201701-69");
script_name(english:"GLSA-201701-69 : Ark: Unintended execution of scripts and executable files");
script_set_attribute(attribute:"synopsis", value:
"The remote Gentoo host is missing one or more security-related
patches.");
script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-201701-69
(Ark: Unintended execution of scripts and executable files)
A vulnerability was discovered in how Ark handles executable files while
browsing a compressed archive. A user could unintentionally execute a
malicious script which has the executable bit set inside of the archive.
This is due to Ark not displaying what files are executable and running
the associated applications for the file type upon execution.
Impact :
A remote attacker, by coercing a user to browse a malicious archive file
within Ark and execute certain files, could execute arbitrary code with
the privileges of the user.
Workaround :
There is no known workaround at this time.");
script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/201701-69");
script_set_attribute(attribute:"solution", value:
"All Ark users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=kde-apps/ark-16.08.3-r1'");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-5330");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"patch_publication_date", value:"2017/01/29");
script_set_attribute(attribute:"plugin_publication_date", value:"2017/01/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:ark");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gentoo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2017-2026 Tenable Network Security, Inc.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (qpkg_check(package:"kde-apps/ark", unaffected:make_list("ge 16.08.3-r1"), vulnerable:make_list("lt 16.08.3-r1"))) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
else security_warning(0);
exit(0);
}
else
{
tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Ark");
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
02 Jan 2026 00:00Current
7.9High risk
Vulners AI Score7.9
CVSS 26.8
CVSS 37.8
EPSS0.00523