unarj file extraction directory traversal
| unarj-directory-traversal (17684) |  Medium Risk |
Description:
unarj is vulnerable to a directory traversal that could allow a remote attacker to overwrite and create files on the system, caused by improper validation of user-supplied input. If an archived file contains "dot dot" sequences (/../) in the file name, a remote attacker could traverse directories on the system when the archive is extracted using the x command to overwrite and corrupt files on the system with privileges of the user.
Platforms Affected:
- Debian, Debian Linux 3.0
- Gentoo, Linux
- RedHat, Enterprise Linux 2.1 AS
- RedHat, Enterprise Linux 2.1 ES
- RedHat, Enterprise Linux 2.1 WS
- RedHat, Linux Advanced Workstation 2.1 Itanium
- Robert K Jung, unarj 2.43-3
- Robert K Jung, unarj 2.63 and 2.65
Remedy:
For Gentoo Linux:
Upgrade to the latest version of unarj (2.63a-r2 or later), as listed in GLSA 200411-29. See References.
For Debian GNU/Linux 3.0(woody):
Upgrade to the latest version of unarj (version 2.43-3woody1 or later), as listed in DSA 652-1. See References.
For Red Hat Linux:
Refer to RHSA-2005:007-05 for patch, upgrade, or suggested workaround information. See References.
For other distributions:
Contact your vendor for upgrade or patch information.
Consequences:
File Manipulation
References:
- Full-Disclosure Mailing List, Sun Oct 10 2004 - 17:43:10 CDT, unarj dir-transversal bug (../../../..) at http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0298.html.
- Linux Software Directory, Unarj - Decompressor for .arj format archives at http://linux.maruhn.com/sec/unarj.html.
- BID-11436: ARJ Software UNARJ Remote Directory Traversal Vulnerability
- CVE-2004-1027: Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
- DSA-652: unarj -- several vulnerabilities
- GLSA-200411-29: unarj: Long filenames buffer overflow and a path traversal vulnerability
- RHSA-2005-007: unarj security update
Reported:
Oct 11, 2004
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.
For corrections or additions please email xforce@iss.net