CVE-2004-0947
CVSS10.0
发布时间 :2005-02-09 00:00:00
修订时间 :2008-09-05 16:39:53
NMCOS    

[原文]Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.


[CNNVD]ARJ软件UNARJ远程缓冲区溢出漏洞(CNNVD-200502-024)

        unarj是用来解压DOS下流行的.arj文件的程序。
        unarj 2.63a-r2之前的缓冲区溢出,可让远程攻击者通过包含长文件名的arj归档文件执行任意代码。

- CVSS (基础分值)

CVSS分值: 10 [严重(HIGH)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:arj_software_inc.:unarj:2.63_a
cpe:/a:arj_software_inc.:unarj:2.62
cpe:/o:suse:suse_linux:9.1SuSE SuSE Linux 9.1
cpe:/o:suse:suse_linux:9.0SuSE SuSE Linux 9.0
cpe:/a:arj_software_inc.:unarj:2.64
cpe:/o:suse:suse_linux:9.2SuSE SuSE Linux 9.2
cpe:/a:arj_software_inc.:unarj:2.65

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0947
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0947
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200502-024
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/11665
(VENDOR_ADVISORY)  BID  11665
http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200411-29
http://xforce.iss.net/xforce/xfdb/18044
(VENDOR_ADVISORY)  XF  unarj-longfilename-bo(18044)
http://www.redhat.com/support/errata/RHSA-2005-007.html
(UNKNOWN)  REDHAT  RHSA-2005:007
http://www.debian.org/security/2005/dsa-652
(UNKNOWN)  DEBIAN  DSA-652
http://lwn.net/Articles/121827/
(UNKNOWN)  FEDORA  FLSA:2272

- 漏洞信息

ARJ软件UNARJ远程缓冲区溢出漏洞
危急 缓冲区溢出
2005-02-09 00:00:00 2005-10-20 00:00:00
远程  
        unarj是用来解压DOS下流行的.arj文件的程序。
        unarj 2.63a-r2之前的缓冲区溢出,可让远程攻击者通过包含长文件名的arj归档文件执行任意代码。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        ARJ Software Inc. UNARJ 2.43
        Debian unarj_2.43-3woody1_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_alpha.deb
        Debian unarj_2.43-3woody1_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_arm.deb
        Debian unarj_2.43-3woody1_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_hppa.deb
        Debian unarj_2.43-3woody1_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_i386.deb
        Debian unarj_2.43-3woody1_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_ia64.deb
        Debian unarj_2.43-3woody1_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_m68k.deb
        Debian unarj_2.43-3woody1_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_powerpc.deb
        Debian unarj_2.43-3woody1_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_s390.deb
        Debian unarj_2.43-3woody1_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_sparc.deb
        RedHat unarj-2.63a-4.0.7.3.1.legacy.i386.rpm
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/unarj-2.63a-4 .0.7.3.1.legacy.i386.rpm
        ARJ Software Inc. UNARJ 2.63 a
        Fedora unarj-2.63a-7.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora unarj-2.63a-7.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora unarj-debuginfo-2.63a-7.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora unarj-debuginfo-2.63a-7.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat unarj-2.63a-4.0.9.1.legacy.i386.rpm
        http://download.fedoralegacy.org/redhat/9/updates/i386/unarj-2.63a-4.0 .9.1.legacy.i386.rpm
        RedHat unarj-2.63a-4.1.1.legacy.i386.rpm
        http://download.fedoralegacy.org/fedora/1/updates/i386/unarj-2.63a-4.1 .1.legacy.i386.rpm
        S.u.S.E. Linux Personal 9.0
        SuSE unarj-2.65-137.i586.rpm
        x86
        ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/unarj-2.65-137.i5 86.rpm
        SuSE unarj-2.65-137.x86_64.rpm
        x86
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/unarj-2.65-13 7.x86_64.rpm
        S.u.S.E. Linux Personal 9.1
        SuSE unarj-2.65-131.6.i586.rpm
        x86
        ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/unarj-2.65-131.6. i586.rpm
        SuSE unarj-2.65-131.6.x86_64.rpm
        x86-64
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/unarj-2.65-13 1.6.x86_64.rpm
        S.u.S.E. Linux Personal 9.2
        SuSE unarj-2.65-133.3.i586.rpm
        ix86 fix
        ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/unarj-2.65-133.3. i586.rpm
        SuSE unarj-2.65-133.3.x86_64.rpm
        x86-64 fix
        ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/unarj-2.65-13 3.3.x86_64.rpm
        

- 漏洞信息

11695
unarj Filename Handling Overflow
Input Manipulation
Loss of Integrity

- 漏洞描述

Unknown or Incomplete

- 时间线

2004-11-12 Unknow
Unknow Unknow

- 解决方案

Unknown or Incomplete

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

ARJ Software UNARJ Remote Buffer Overflow Vulnerability
Boundary Condition Error 11665
Yes No
2004-11-12 12:00:00 2009-07-12 08:06:00
The individual or individuals responsible for disclosure of these issues are currently unknown; these issues were disclosed in the referenced RedHat Fedora advisory.

- 受影响的程序版本

S.u.S.E. Linux Personal 9.2
S.u.S.E. Linux Personal 9.1
S.u.S.E. Linux Personal 9.0
RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1
Gentoo Linux
Avaya CVLAN
ARJ Software Inc. UNARJ 2.65
ARJ Software Inc. UNARJ 2.64
+ Red Hat Fedora Core2
ARJ Software Inc. UNARJ 2.63 a
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
ARJ Software Inc. UNARJ 2.62
+ Red Hat Fedora Core2
ARJ Software Inc. UNARJ 2.43
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

A remote buffer-overflow vulnerability affects ARJ Software's unarj. This issue is caused by the application's failure to carry out sufficient bounds checking on user-supplied strings prior to processing.

A remote attacker may leverage this issue to execute arbitrary code with the privileges of a user that processes a malicious file with the affected application. This may facilitate unauthorized access or privilege escalation.

- 漏洞利用

This vulnerability can be tested using the PIRANA exploitation framework available at the following location:

http://www.guay-leroux.com/projects/pirana-0.2.1.tar.gz

- 解决方案


Please see the referenced advisories for more information.


ARJ Software Inc. UNARJ 2.43

ARJ Software Inc. UNARJ 2.63 a

S.u.S.E. Linux Personal 9.0

S.u.S.E. Linux Personal 9.1

S.u.S.E. Linux Personal 9.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站