Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
References
Link | Resource |
---|---|
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html | Third Party Advisory |
http://lwn.net/Articles/121827/ | Third Party Advisory |
http://security.gentoo.org/glsa/glsa-200411-29.xml | Third Party Advisory |
http://www.debian.org/security/2005/dsa-628 | Third Party Advisory |
http://www.debian.org/security/2005/dsa-652 | Third Party Advisory |
http://www.redhat.com/support/errata/RHSA-2005-007.html | Third Party Advisory |
http://www.securityfocus.com/bid/11436 | Patch Third Party Advisory VDB Entry Vendor Advisory |
https://exchange.xforce.ibmcloud.com/vulnerabilities/17684 | VDB Entry |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
30 Oct 2023, 17:03
Type | Values Removed | Values Added |
---|---|---|
First Time |
Arjsoftware
Arjsoftware unarj Debian debian Linux Debian |
|
References | (DEBIAN) http://www.debian.org/security/2005/dsa-652 - Third Party Advisory | |
References | (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/17684 - VDB Entry | |
References | (GENTOO) http://security.gentoo.org/glsa/glsa-200411-29.xml - Third Party Advisory | |
References | (FEDORA) http://lwn.net/Articles/121827/ - Third Party Advisory | |
References | (FULLDISC) http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html - Third Party Advisory | |
References | (REDHAT) http://www.redhat.com/support/errata/RHSA-2005-007.html - Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/11436 - Patch, Third Party Advisory, VDB Entry, Vendor Advisory | |
References | (DEBIAN) http://www.debian.org/security/2005/dsa-628 - Third Party Advisory | |
CPE | cpe:2.3:a:arj_software_inc.:unarj:2.63_a:*:*:*:*:*:*:* cpe:2.3:a:arj_software_inc.:unarj:2.62:*:*:*:*:*:*:* cpe:2.3:a:arj_software_inc.:unarj:2.64:*:*:*:*:*:*:* |
cpe:2.3:a:arjsoftware:unarj:2.63:a:*:*:*:*:*:* cpe:2.3:a:arjsoftware:unarj:2.65:*:*:*:*:*:*:* cpe:2.3:a:arjsoftware:unarj:2.64:*:*:*:*:*:*:* cpe:2.3:a:arjsoftware:unarj:2.62:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:* |
Information
Published : 2005-03-01 05:00
Updated : 2024-02-28 10:42
NVD link : CVE-2004-1027
Mitre link : CVE-2004-1027
CVE.ORG link : CVE-2004-1027
JSON object : View
Products Affected
debian
- debian_linux
arjsoftware
- unarj
gentoo
- linux
CWE