GLSA-200702-04 : RAR, UnRAR: Buffer overflow
Medium Nessus Plugin ID 24353
SynopsisThe remote Gentoo host is missing one or more security-related patches.
DescriptionThe remote host is affected by the vulnerability described in GLSA-200702-04 (RAR, UnRAR: Buffer overflow)
RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow.
A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive.
There is no known workaround at this time.
SolutionAll UnRAR users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/unrar-3.7.3' All RAR users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=app-arch/rar-3.7.0_beta1'