RHEL 2.1 : unarj (RHSA-2005:007)

This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.


Synopsis :

The remote Red Hat host is missing a security update.

Description :

An updated unarj package that fixes a buffer overflow vulnerability
and a directory traversal vulnerability is now available.

The unarj program is an archiving utility which can extract
ARJ-compatible archives.

A buffer overflow bug was discovered in unarj when handling long file
names contained in an archive. An attacker could create a specially
crafted archive which could cause unarj to crash or possibly execute
arbitrary code when extracted by a victim. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0947 to this issue.

Additionally, a path traversal vulnerability was discovered in unarj.
An attacker could create a specially crafted archive which would
create files in the parent ('..') directory when extracted by a
victim. When used recursively, this vulnerability could be used to
overwrite critical system files and programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1027 to this issue.

Users of unarj should upgrade to this updated package which contains
backported patches and is not vulnerable to these issues.

See also :

https://www.redhat.com/security/data/cve/CVE-2004-0947.html
https://www.redhat.com/security/data/cve/CVE-2004-1027.html
http://rhn.redhat.com/errata/RHSA-2005-007.html

Solution :

Update the affected unarj package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Red Hat Local Security Checks

Nessus Plugin ID: 16145 ()

Bugtraq ID:

CVE ID: CVE-2004-0947
CVE-2004-1027