This script is Copyright (C) 2005-2014 Tenable Network Security, Inc.
The remote Red Hat host is missing a security update.
An updated unarj package that fixes a buffer overflow vulnerability
and a directory traversal vulnerability is now available.
The unarj program is an archiving utility which can extract
A buffer overflow bug was discovered in unarj when handling long file
names contained in an archive. An attacker could create a specially
crafted archive which could cause unarj to crash or possibly execute
arbitrary code when extracted by a victim. The Common Vulnerabilities
and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-0947 to this issue.
Additionally, a path traversal vulnerability was discovered in unarj.
An attacker could create a specially crafted archive which would
create files in the parent ('..') directory when extracted by a
victim. When used recursively, this vulnerability could be used to
overwrite critical system files and programs. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the
name CVE-2004-1027 to this issue.
Users of unarj should upgrade to this updated package which contains
backported patches and is not vulnerable to these issues.
See also :
Update the affected unarj package.
Risk factor :
Critical / CVSS Base Score : 10.0