Lucene search

Gentoo FoundationMGASA-2023-0107

HistoryMar 24, 2023 - 8:55 a.m.

Updated unarj packages fix security vulnerability

2023-03-2408:55:49

Gentoo Foundation

advisories.mageia.org

unix

unarj

security vulnerability

buffer overflow

directory traversal

remote attackers

arbitrary code

execute

cve-2004-0947

cve-2004-1027

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.1

Percentile

94.9%

JSON

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. (CVE-2004-0947) Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain … (dot dot) sequences. (CVE-2004-1027)

OSVersionArchitecturePackageVersionFilename
Mageia8noarchunarj< 2.65-6.1unarj-2.65-6.1.mga8.tainted

OS	Version	Architecture	Package	Version	Filename
Mageia	8	noarch	unarj	< 2.65-6.1	unarj-2.65-6.1.mga8.tainted

References

bugs.mageia.org/show_bug.cgi?id=31546

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.1

Percentile

94.9%

JSON

Related for MGASA-2023-0107