发布时间 :2005-02-09 00:00:00
修订时间 :2008-09-05 16:39:53

[原文]Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.


        unarj 2.63a-r2之前的缓冲区溢出,可让远程攻击者通过包含长文件名的arj归档文件执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:gentoo:linuxGentoo Linux
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  unarj-longfilename-bo(18044)

- 漏洞信息

危急 缓冲区溢出
2005-02-09 00:00:00 2005-10-20 00:00:00
        unarj 2.63a-r2之前的缓冲区溢出,可让远程攻击者通过包含长文件名的arj归档文件执行任意代码。

- 公告与补丁

        ARJ Software Inc. UNARJ 2.43
        Debian unarj_2.43-3woody1_alpha.deb
        Debian GNU/Linux 3.0 alias woody oody1_alpha.deb
        Debian unarj_2.43-3woody1_arm.deb
        Debian GNU/Linux 3.0 alias woody oody1_arm.deb
        Debian unarj_2.43-3woody1_hppa.deb
        Debian GNU/Linux 3.0 alias woody oody1_hppa.deb
        Debian unarj_2.43-3woody1_i386.deb
        Debian GNU/Linux 3.0 alias woody oody1_i386.deb
        Debian unarj_2.43-3woody1_ia64.deb
        Debian GNU/Linux 3.0 alias woody oody1_ia64.deb
        Debian unarj_2.43-3woody1_m68k.deb
        Debian GNU/Linux 3.0 alias woody oody1_m68k.deb
        Debian unarj_2.43-3woody1_powerpc.deb
        Debian GNU/Linux 3.0 alias woody oody1_powerpc.deb
        Debian unarj_2.43-3woody1_s390.deb
        Debian GNU/Linux 3.0 alias woody oody1_s390.deb
        Debian unarj_2.43-3woody1_sparc.deb
        Debian GNU/Linux 3.0 alias woody oody1_sparc.deb
        RedHat unarj-2.63a- .
        ARJ Software Inc. UNARJ 2.63 a
        Fedora unarj-2.63a-7.i386.rpm
        RedHat Fedora Core 2
        Fedora unarj-2.63a-7.x86_64.rpm
        RedHat Fedora Core 2
        Fedora unarj-debuginfo-2.63a-7.i386.rpm
        RedHat Fedora Core 2
        Fedora unarj-debuginfo-2.63a-7.x86_64.rpm
        RedHat Fedora Core 2
        RedHat unarj-2.63a- .9.1.legacy.i386.rpm
        RedHat unarj-2.63a-4.1.1.legacy.i386.rpm .1.legacy.i386.rpm
        S.u.S.E. Linux Personal 9.0
        SuSE unarj-2.65-137.i586.rpm
        x86 86.rpm
        SuSE unarj-2.65-137.x86_64.rpm
        x86 7.x86_64.rpm
        S.u.S.E. Linux Personal 9.1
        SuSE unarj-2.65-131.6.i586.rpm
        x86 i586.rpm
        SuSE unarj-2.65-131.6.x86_64.rpm
        x86-64 1.6.x86_64.rpm
        S.u.S.E. Linux Personal 9.2
        SuSE unarj-2.65-133.3.i586.rpm
        ix86 fix i586.rpm
        SuSE unarj-2.65-133.3.x86_64.rpm
        x86-64 fix 3.3.x86_64.rpm

- 漏洞信息

unarj Filename Handling Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-11-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ARJ Software UNARJ Remote Buffer Overflow Vulnerability
Boundary Condition Error 11665
Yes No
2004-11-12 12:00:00 2009-07-12 08:06:00
The individual or individuals responsible for disclosure of these issues are currently unknown; these issues were disclosed in the referenced RedHat Fedora advisory.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1
Gentoo Linux
ARJ Software Inc. UNARJ 2.65
ARJ Software Inc. UNARJ 2.64
+ Red Hat Fedora Core2
ARJ Software Inc. UNARJ 2.63 a
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
ARJ Software Inc. UNARJ 2.62
+ Red Hat Fedora Core2
ARJ Software Inc. UNARJ 2.43
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

A remote buffer-overflow vulnerability affects ARJ Software's unarj. This issue is caused by the application's failure to carry out sufficient bounds checking on user-supplied strings prior to processing.

A remote attacker may leverage this issue to execute arbitrary code with the privileges of a user that processes a malicious file with the affected application. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用

This vulnerability can be tested using the PIRANA exploitation framework available at the following location:

- 解决方案

Please see the referenced advisories for more information.

ARJ Software Inc. UNARJ 2.43

ARJ Software Inc. UNARJ 2.63 a

S.u.S.E. Linux Personal 9.0

S.u.S.E. Linux Personal 9.1

S.u.S.E. Linux Personal 9.2

- 相关参考