Info

Disclosure

Oct 12, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

The unarj utility has been reported to have a vulnerability related to traversal style attacks (/../) and uncompressing an archive. As reported, this would allow an attacker to overwrite any file the victim user has permission to write to. unarj (or tar or zip) allows full/absolute paths in archives and could be used in the same fashion, regardless of using traversal notation. This is a non-issue.

Classification

Location: Local Access Required
Attack Type: Input Manipulation
Impact: Loss of Availability
Exploit: Exploit Available
OSVDB: Myth/Fake

Solution

The vulnerability reported is incorrect. No solution required.

Products

ARJ Software, Inc.

unarj

2.65

References

Security Tracker: 1011610
Bugtraq ID: 11436
Secunia Advisory ID: 12788 13231 13395 13836 13951
ISS X-Force ID: 17684
CVE ID: 2004-1027 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-10/thread.html#298
Vendor URL: http://linux.maruhn.com/sec/unarj.html
http://www.arjsoftware.com/
Vendor Specific Advisory URL: http://www.debian.org/security/2005/dsa-652
Other Advisory URL: http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml
RedHat RHSA: RHSA-2005:007

Credit

doubles - doubleshush.com -

Direct URL: http://osvdb.org/36218