ALZip ARJ/ZIP/UUE/XXE Archive Handling Overflow

2005-10-05T07:10:18
ID OSVDB:19890
Type osvdb
Reporter Tan Chew Keong(vuln@secunia.com)
Modified 2005-10-05T07:10:18

Description

Vulnerability Description

A remote overflow exists in ALZib. The application fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted ARJ, ZIP, UUE or XXE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

Solution Description

Upgrade to version 6.13 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

A remote overflow exists in ALZib. The application fails to perform proper bounds checking resulting in a heap-based buffer overflow. With a specially crafted ARJ, ZIP, UUE or XXE archive containing a compressed file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

References:

Vendor URL: http://www.altools.net/ Security Tracker: 1015003 Secunia Advisory ID:16847 Related OSVDB ID: 19889 Other Advisory URL: http://secunia.com/secunia_research/2005-49/advisory/ Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0097.html CVE-2005-3194 Bugtraq ID: 15010