How to Buy
This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated unarj package that fixes a buffer overflow vulnerability
and a directory traversal vulnerability is now available.
The unarj program is an archiving utility which can extract
A buffer overflow bug was discovered in unarj when handling long file
names contained in an archive. An attacker could create a specially
crafted archive which could cause unarj to crash or possibly execute
arbitrary code when extracted by a victim. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0947 to this issue.
Additionally, a path traversal vulnerability was discovered in unarj.
An attacker could create a specially crafted archive which would
create files in the parent ('..') directory when extracted by a
victim. When used recursively, this vulnerability could be used to
overwrite critical system files and programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1027 to this issue.
Users of unarj should upgrade to this updated package which contains
backported patches and is not vulnerable to these issues.
See also :
Update the affected unarj package.
Risk factor :
Critical / CVSS Base Score : 10.0
Family: Red Hat Local Security Checks
Nessus Plugin ID: 16145 ()
CVE ID: CVE-2004-0947CVE-2004-1027
Nessus Professional: Scan unlimited IPs, run compliance checks & moreNessus Cloud: The power of Nessus for teams – from the cloud
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.