Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redhatRedHatRHSA-2005:007
HistoryJan 12, 2005 - 12:00 a.m.

(RHSA-2005:007) unarj security update

2005-01-1200:00:00
access.redhat.com
9

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.1 Low

EPSS

Percentile

94.3%

JSON

The unarj program is an archiving utility which can extract ARJ-compatible
archives.

A buffer overflow bug was discovered in unarj when handling long file
names contained in an archive. An attacker could create a specially
crafted archive which could cause unarj to crash or possibly execute
arbitrary code when extracted by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to
this issue.

Additionally, a path traversal vulnerability was discovered in unarj. An
attacker could create a specially crafted archive which would create files
in the parent (“…”) directory when extracted by a victim. When used
recursively, this vulnerability could be used to overwrite critical system
files and programs. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CAN-2004-1027 to this issue.

Users of unarj should upgrade to this updated package which contains
backported patches and is not vulnerable to these issues.

OSVersionArchitecturePackageVersionFilename
RedHatanyi386unarj< 2.43-13unarj-2.43-13.i386.rpm
RedHatanyia64unarj< 2.43-13unarj-2.43-13.ia64.rpm

Related

openvas 11
osv 1
debian 2
nessus 7
mageia 1
gentoo 1
freebsd 2
debiancve 2
cve 2
openvas
openvas
Gentoo Security Advisory GLSA 200411-29 (unarj)
2008-09-24 00:00:00
Debian Security Advisory DSA 652-1 (unarj)
2008-01-17 00:00:00
Mageia: Security Advisory (MGASA-2023-0107)
2023-03-28 00:00:00
osv
osv
unarj
2005-01-21 00:00:00
debian
debian
[SECURITY] [DSA 652-1] New unarj packages fix several vulnerabilities
2005-01-21 08:40:22
[SECURITY] [DSA 652-1] New unarj packages fix several vulnerabilities
2005-01-21 08:40:22
nessus
nessus
GLSA-200411-29 : unarj: Long filenames buffer overflow and a path traversal vulnerability
2004-11-22 00:00:00
RHEL 2.1 : unarj (RHSA-2005:007)
2005-01-13 00:00:00
Debian DSA-652-1 : unarj - several vulnerabilities
2005-01-25 00:00:00
mageia
mageia
Updated unarj packages fix security vulnerability
2023-03-24 08:55:49
gentoo
gentoo
unarj: Long filenames buffer overflow and a path traversal vulnerability
2004-11-19 00:00:00
freebsd
freebsd
unarj -- long filename buffer overflow
2004-11-09 00:00:00
unarj -- directory traversal vulnerability
2004-10-10 00:00:00
debiancve
debiancve
CVE-2004-0947
2005-02-09 05:00:00
CVE-2004-1027
2005-03-01 05:00:00
cve
cve
CVE-2004-0947
2005-02-09 05:00:00
CVE-2004-1027
2005-03-01 05:00:00

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.1 Low

EPSS

Percentile

94.3%

JSON
Related for RHSA-2005:007
openvas11osv1debian2nessus7mageia1gentoo1freebsd2debiancve2cve2