FreeBSD : unarj -- long filename buffer overflow (a163baff-3fe1-11d9-a9e7-0001020eed82)

critical Nessus Plugin ID 19053

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Ludwig Nussel has discovered a buffer overflow vulnerability in unarj's handling of long filenames which could potentially lead to execution of arbitrary code with the permissions of the user running unarj.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?5e56d3cb

Plugin Details

Severity: Critical

ID: 19053

File Name: freebsd_pkg_a163baff3fe111d9a9e70001020eed82.nasl

Version: 1.16

Type: local

Published: 7/13/2005

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:unarj, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/26/2004

Vulnerability Publication Date: 11/9/2004

Reference Information

CVE: CVE-2004-0947

BID: 11665