CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
EPSS
Percentile
75.4%
A buffer overflow in the unace compression library may allow a remote attacker to execute arbitrary code.
The unace compression library is used to decompress ace archives (*.ace file extension). A lack of input validation on filenames in an ace archive may allow a buffer overflow to occur. If an attacker supplies the unace library with a specially crafted compressed ace archive, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code with the privileges of the application linked to unace.
If a remote attacker can convince a user to access a specially crafted ace archive, that attacker may be able to execute arbitrary code. In addition, this vulnerability may prevent security software, such as anti-virus software, from detecting a malicious ace archive.
Apply patches from your vendor
The unace compression library is freely available and used by many vendors in a wide variety of applications. As a result, any one of these applications may contain this vulnerability. Users are encouraged to contact their vendors to determine if they are vulnerable and what action to take.
Do not accept ace archives from untrusted sources
Exploitation occurs by accessing a specially crafted ace archive. By only accessing ace archives from trusted or known sources, the chances of exploitation are reduced.
215006
Filter by status: All Affected Not Affected Unknown
Filter by content: __ Additional information available
__ Sort by: Status Alphabetical
Expand all
Javascript is disabled. Click here to view vendors.
Notified: September 21, 2005 Updated: October 03, 2005
Affected
unace is available in the FreeBSD Ports Collection. Please see
<http://vuxml.freebsd.org/1d3a2737-7eb7-11d9-acf7-000854d03344.html>
for details regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Updated: October 21, 2005
Affected
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Please see <http://www.gentoo.org/security/en/glsa/glsa-200502-32.xml>
If you have feedback, comments, or additional information about this vulnerability, please send us [email](<mailto:[email protected]?Subject=VU%23215006 Feedback>).
Notified: September 21, 2005 Updated: September 23, 2005
Affected
Vulnerable versions of unace were available from NetBSD’s pkgsrc 3rd party software system. The affected versions have been marked as vulnerable. Users running the audit-packages tool have already been notified.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 26, 2005
Affected
We are affected by this problem and have released updates for this issue on 16th of June 2005.
They are referenced in our Summary Report 2005-16 under this URL: <http://www.novell.com/linux/security/advisories/2005_16_sr.html>
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: October 28, 2005
Not Affected
Apple does not ship unace in any products.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 26, 2005
Not Affected
Debian has fixed this problem in February already so there are no vulnerable versions left in the archive. It has been fixed in version 1.2b-3.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 23, 2005
Not Affected
F-Prot Antivirus does not use this library/program to extract the contents of .ACE archives. As far as we can tell from a code review of our own ACE unpacker then F-Prot Antivirus is not vulnerable.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 22, 2005
Not Affected
Hitachi HI-UX/WE2 and Hitachi’s middle software products are NOT Vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 28, 2005
Not Affected
Hi, Jeff. No Mandriva product ships with the unace program so Mandriva is not vulnerable to this issue.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 26, 2005
Not Affected
No Nokia Enterprise Solutions products are affected by VU#215006.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 22, 2005
Not Affected
Openwall GNU/*/Linux is not vulnerable. We do not package unace.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 26, 2005
Not Affected
No Red Hat products contain unace.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 23, 2005
Unknown
No statement is currently available from the vendor regarding this vulnerability.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
Notified: September 21, 2005 Updated: September 21, 2005
Unknown
We have not received a statement from the vendor.
The vendor has not provided us with any further information regarding this vulnerability.
View all 57 vendors __View less vendors __
Group | Score | Vector |
---|---|---|
Base | ||
Temporal | ||
Environmental |
This vulnerability was reported by Ulf Harnhammar.
This document was written by Jeff Gennari.
CVE IDs: | CVE-2005-0160 |
---|---|
Severity Metric: | 4.50 Date Public: |