Red Hat Local Security Checks : RedHat Security Advisory RHSA-2005:007

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51184

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2005:007

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2005:007.

The unarj program is an archiving utility which can extract ARJ-compatible
archives.

A buffer overflow bug was discovered in unarj when handling long file
names contained in an archive. An attacker could create a specially
crafted archive which could cause unarj to crash or possibly execute
arbitrary code when extracted by a victim. The Common Vulnerabilities and
Exposures project (cve.mitre.org) has assigned the name CVE-2004-0947 to
this issue.

Additionally, a path traversal vulnerability was discovered in unarj. An
attacker could create a specially crafted archive which would create files
in the parent (..) directory when extracted by a victim. When used
recursively, this vulnerability could be used to overwrite critical system
files and programs. The Common Vulnerabilities and Exposures project
(cve.mitre.org) has assigned the name CVE-2004-1027 to this issue.

Users of unarj should upgrade to this updated package which contains
backported patches and is not vulnerable to these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-007.html

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-0947
BugTraq ID: 11665
http://www.securityfocus.com/bid/11665
Debian Security Information: DSA-652 (Google Search)
http://www.debian.org/security/2005/dsa-652
http://lwn.net/Articles/121827/
http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml
http://www.redhat.com/support/errata/RHSA-2005-007.html
XForce ISS Database: unarj-longfilename-bo(18044)
https://exchange.xforce.ibmcloud.com/vulnerabilities/18044
Common Vulnerability Exposure (CVE) ID: CVE-2004-1027
BugTraq ID: 11436
http://www.securityfocus.com/bid/11436
Debian Security Information: DSA-628 (Google Search)
http://www.debian.org/security/2005/dsa-628
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html
http://security.gentoo.org/glsa/glsa-200411-29.xml
XForce ISS Database: unarj-directory-traversal(17684)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17684

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51184
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2005:007
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2005:007. The unarj program is an archiving utility which can extract ARJ-compatible archives. A buffer overflow bug was discovered in unarj when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0947 to this issue. Additionally, a path traversal vulnerability was discovered in unarj. An attacker could create a specially crafted archive which would create files in the parent (..) directory when extracted by a victim. When used recursively, this vulnerability could be used to overwrite critical system files and programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1027 to this issue. Users of unarj should upgrade to this updated package which contains backported patches and is not vulnerable to these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2005-007.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0947 BugTraq ID: 11665 http://www.securityfocus.com/bid/11665 Debian Security Information: DSA-652 (Google Search) http://www.debian.org/security/2005/dsa-652 http://lwn.net/Articles/121827/ http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml http://www.redhat.com/support/errata/RHSA-2005-007.html XForce ISS Database: unarj-longfilename-bo(18044) https://exchange.xforce.ibmcloud.com/vulnerabilities/18044 Common Vulnerability Exposure (CVE) ID: CVE-2004-1027 BugTraq ID: 11436 http://www.securityfocus.com/bid/11436 Debian Security Information: DSA-628 (Google Search) http://www.debian.org/security/2005/dsa-628 http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html http://security.gentoo.org/glsa/glsa-200411-29.xml XForce ISS Database: unarj-directory-traversal(17684) https://exchange.xforce.ibmcloud.com/vulnerabilities/17684
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com