发布时间 :2005-03-01 00:00:00
修订时间 :2008-09-05 16:40:08

[原文]Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

[CNNVD]ARJ Software 目录遍历漏洞(CNNVD-200503-030)


- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:gentoo:linuxGentoo Linux

- OVAL (用于检测的技术细节)


- 官方数据库链接
(官方数据源) MITRE
(官方数据源) NVD
(官方数据源) CNNVD

- 其它链接及资源
(VENDOR_ADVISORY)  XF  unarj-directory-traversal(17684)
(UNKNOWN)  FULLDISC  20041010 unarj dir-transversal bug (../../../..)

- 漏洞信息

ARJ Software 目录遍历漏洞
中危 路径遍历
2005-03-01 00:00:00 2005-10-20 00:00:00

- 公告与补丁

        ARJ Software Inc. UNARJ 2.43
        Debian unarj_2.43-3woody1_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        Debian unarj_2.43-3woody1_arm.deb
        Debian GNU/Linux 3.0 alias woody
        Debian unarj_2.43-3woody1_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        Debian unarj_2.43-3woody1_i386.deb
        Debian GNU/Linux 3.0 alias woody
        Debian unarj_2.43-3woody1_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        Debian unarj_2.43-3woody1_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        Debian unarj_2.43-3woody1_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        Debian unarj_2.43-3woody1_s390.deb
        Debian GNU/Linux 3.0 alias woody
        Debian unarj_2.43-3woody1_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        RedHat unarj-2.63a-
        ARJ Software Inc. UNARJ 2.63 a
        Fedora unarj-2.63a-7.i386.rpm
        RedHat Fedora Core 2
        Fedora unarj-2.63a-7.x86_64.rpm
        RedHat Fedora Core 2
        Fedora unarj-debuginfo-2.63a-7.i386.rpm
        RedHat Fedora Core 2
        Fedora unarj-debuginfo-2.63a-7.x86_64.rpm
        RedHat Fedora Core 2
        RedHat unarj-2.63a-
        RedHat unarj-2.63a-4.1.1.legacy.i386.rpm

- 漏洞信息

unarj Traversal Arbitrary File Overwrite
Local Access Required Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

The unarj utility has been reported to have a vulnerability related to traversal style attacks (/../) and uncompressing an archive. As reported, this would allow an attacker to overwrite any file the victim user has permission to write to. unarj (or tar or zip) allows full/absolute paths in archives and could be used in the same fashion, regardless of using traversal notation. This is a non-issue.

- 时间线

2004-10-12 Unknow
Unknow Unknow

- 解决方案

The vulnerability reported is incorrect. No solution required.

- 相关参考

- 漏洞作者

- 漏洞信息

ARJ Software UNARJ Remote Directory Traversal Vulnerability
Input Validation Error 11436
Yes No
2004-10-16 12:00:00 2009-07-12 05:56:00
Disclosure of this issue is credited to Doubles.

- 受影响的程序版本

RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1
Gentoo Linux
ARJ Software Inc. UNARJ 2.65
ARJ Software Inc. UNARJ 2.64
+ Red Hat Fedora Core2
ARJ Software Inc. UNARJ 2.63 a
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
ARJ Software Inc. UNARJ 2.62
+ Red Hat Fedora Core2
ARJ Software Inc. UNARJ 2.43
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

Reportedly ARJ Software UNARJ is affected by a remote directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize or validate file names prior to compression or decompression.

This issue may allow an attacker to arbitrarily overwrite files with a user's privileges when a malicious compressed file is decompressed with the affected application.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

RedHat Fedora Linux has released advisory FEDORA-2004-414 along with fixes dealing with this and another issue. Please see the referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200411-29 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=app-arch/unarj-2.63a-r2"
Please see the referenced advisory for further information.

Red Hat has released an advisory (RHSA-2005:007-05) to address various issues in unarj. Please see the advisory in Web references for more information.

Debian has released an advisory (DSA 652-1) to address issues in unarj. Please see the advisory in the reference section for more information.

Avaya has released advisory ASA-2005-022 to document the affected versions of Avaya products. Please see the referenced advisory for further information.

Fedora has released an advisory (Fedora Legacy Update Advisory FLSA:2272) to address unarj issues in Red Hat Linux 7.3 - i386, Red Hat Linux 9 - i386, and Fedora Core 1 - i386. Please see the referenced advisory for more information.

ARJ Software Inc. UNARJ 2.43

ARJ Software Inc. UNARJ 2.63 a

- 相关参考