CVE-2004-1027
CVSS5.0
发布时间 :2005-03-01 00:00:00
修订时间 :2008-09-05 16:40:08
NMCOS    

[原文]Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.


[CNNVD]ARJ Software 目录遍历漏洞(CNNVD-200503-030)

        unarj中的-x(抽取)命令行选项中存在目录遍历漏洞,远程攻击者可以通过文件名含有..序列的arj归档文件覆盖任意文件。

- CVSS (基础分值)

CVSS分值: 5 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/o:gentoo:linuxGentoo Linux
cpe:/a:arj_software_inc.:unarj:2.63_a
cpe:/a:arj_software_inc.:unarj:2.62
cpe:/a:arj_software_inc.:unarj:2.64
cpe:/a:arj_software_inc.:unarj:2.65

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1027
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-1027
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200503-030
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/11436
(VENDOR_ADVISORY)  BID  11436
http://xforce.iss.net/xforce/xfdb/17684
(VENDOR_ADVISORY)  XF  unarj-directory-traversal(17684)
http://www.redhat.com/support/errata/RHSA-2005-007.html
(UNKNOWN)  REDHAT  RHSA-2005:007
http://www.debian.org/security/2005/dsa-652
(UNKNOWN)  DEBIAN  DSA-652
http://www.debian.org/security/2005/dsa-628
(UNKNOWN)  DEBIAN  DSA-628
http://security.gentoo.org/glsa/glsa-200411-29.xml
(UNKNOWN)  GENTOO  GLSA-200411-29
http://lwn.net/Articles/121827/
(UNKNOWN)  FEDORA  FLSA:2272
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html
(UNKNOWN)  FULLDISC  20041010 unarj dir-transversal bug (../../../..)

- 漏洞信息

ARJ Software 目录遍历漏洞
中危 路径遍历
2005-03-01 00:00:00 2005-10-20 00:00:00
远程  
        unarj中的-x(抽取)命令行选项中存在目录遍历漏洞,远程攻击者可以通过文件名含有..序列的arj归档文件覆盖任意文件。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        ARJ Software Inc. UNARJ 2.43
        Debian unarj_2.43-3woody1_alpha.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_alpha.deb
        Debian unarj_2.43-3woody1_arm.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_arm.deb
        Debian unarj_2.43-3woody1_hppa.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_hppa.deb
        Debian unarj_2.43-3woody1_i386.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_i386.deb
        Debian unarj_2.43-3woody1_ia64.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_ia64.deb
        Debian unarj_2.43-3woody1_m68k.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_m68k.deb
        Debian unarj_2.43-3woody1_powerpc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_powerpc.deb
        Debian unarj_2.43-3woody1_s390.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_s390.deb
        Debian unarj_2.43-3woody1_sparc.deb
        Debian GNU/Linux 3.0 alias woody
        http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3woody1_sparc.deb
        RedHat unarj-2.63a-4.0.7.3.1.legacy.i386.rpm
        http://download.fedoralegacy.org/redhat/7.3/updates/i386/unarj-2.63a-4.0.7.3.1.legacy.i386.rpm
        ARJ Software Inc. UNARJ 2.63 a
        Fedora unarj-2.63a-7.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora unarj-2.63a-7.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora unarj-debuginfo-2.63a-7.i386.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        Fedora unarj-debuginfo-2.63a-7.x86_64.rpm
        RedHat Fedora Core 2
        http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
        RedHat unarj-2.63a-4.0.9.1.legacy.i386.rpm
        http://download.fedoralegacy.org/redhat/9/updates/i386/unarj-2.63a-4.0.9.1.legacy.i386.rpm
        RedHat unarj-2.63a-4.1.1.legacy.i386.rpm
        http://download.fedoralegacy.org/fedora/1/updates/i386/unarj-2.63a-4.1.1.legacy.i386.rpm

- 漏洞信息

10788
unarj Traversal Arbitrary File Overwrite
Local Access Required Input Manipulation
Loss of Availability
Exploit Public

- 漏洞描述

The unarj utility has been reported to have a vulnerability related to traversal style attacks (/../) and uncompressing an archive. As reported, this would allow an attacker to overwrite any file the victim user has permission to write to. unarj (or tar or zip) allows full/absolute paths in archives and could be used in the same fashion, regardless of using traversal notation. This is a non-issue.

- 时间线

2004-10-12 Unknow
Unknow Unknow

- 解决方案

The vulnerability reported is incorrect. No solution required.

- 相关参考

- 漏洞作者

- 漏洞信息

ARJ Software UNARJ Remote Directory Traversal Vulnerability
Input Validation Error 11436
Yes No
2004-10-16 12:00:00 2009-07-12 05:56:00
Disclosure of this issue is credited to Doubles.

- 受影响的程序版本

RedHat Enterprise Linux WS 2.1
RedHat Enterprise Linux ES 2.1
RedHat Advanced Workstation for the Itanium Processor 2.1
Red Hat Enterprise Linux AS 2.1
Gentoo Linux
Avaya CVLAN
ARJ Software Inc. UNARJ 2.65
ARJ Software Inc. UNARJ 2.64
+ Red Hat Fedora Core2
ARJ Software Inc. UNARJ 2.63 a
+ Red Hat Fedora Core2
+ Red Hat Fedora Core1
+ RedHat Linux 9.0 i386
+ RedHat Linux 7.3 i386
ARJ Software Inc. UNARJ 2.62
+ Red Hat Fedora Core2
ARJ Software Inc. UNARJ 2.43
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0

- 漏洞讨论

Reportedly ARJ Software UNARJ is affected by a remote directory traversal vulnerability. This issue is due to a failure of the application to properly sanitize or validate file names prior to compression or decompression.

This issue may allow an attacker to arbitrarily overwrite files with a user's privileges when a malicious compressed file is decompressed with the affected application.

- 漏洞利用

No exploit is required to leverage this issue.

- 解决方案

RedHat Fedora Linux has released advisory FEDORA-2004-414 along with fixes dealing with this and another issue. Please see the referenced advisory for more information.

Gentoo Linux has released advisory GLSA 200411-29 to address this issue. Users of affected packages are urged to execute the following commands with superuser privileges:
emerge --sync
emerge --ask --oneshot --verbose ">=app-arch/unarj-2.63a-r2"
Please see the referenced advisory for further information.

Red Hat has released an advisory (RHSA-2005:007-05) to address various issues in unarj. Please see the advisory in Web references for more information.

Debian has released an advisory (DSA 652-1) to address issues in unarj. Please see the advisory in the reference section for more information.

Avaya has released advisory ASA-2005-022 to document the affected versions of Avaya products. Please see the referenced advisory for further information.

Fedora has released an advisory (Fedora Legacy Update Advisory FLSA:2272) to address unarj issues in Red Hat Linux 7.3 - i386, Red Hat Linux 9 - i386, and Fedora Core 1 - i386. Please see the referenced advisory for more information.


ARJ Software Inc. UNARJ 2.43

ARJ Software Inc. UNARJ 2.63 a

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站