GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Mon Aug 21, 2017 1:26 am Post subject: [ GLSA 201708-05 ] RAR and UnRAR |
|
|
Gentoo Linux Security Advisory
Title: RAR and UnRAR: User-assisted execution of arbitrary code (GLSA 201708-05)
Severity: normal
Exploitable: remote
Date: 2017-08-21
Bug(s): #622342, #622382
ID: 201708-05
Synopsis
An integer overflow in RAR and UnRAR might allow remote attackers
to execute arbitrary code.
Background
RAR and UnRAR provide command line interfaces for compressing and
decompressing RAR files.
Affected Packages
Package: app-arch/rar
Vulnerable: < 5.5.0_beta4_p20170628
Unaffected: >= 5.5.0_beta4_p20170628
Architectures: All supported architectures
Package: app-arch/unrar
Vulnerable: < 5.5.5
Unaffected: >= 5.5.5
Architectures: All supported architectures
Description
A VMSF_DELTA memory corruption was discovered in which an integer
overflow can be caused in DataSize+CurChannel. The result is a negative
value of the “DestPos” variable which allows writing out of bounds
when setting Mem[DestPos].
Impact
A remote attacker, by enticing a user to open a specially crafted
archive, could execute arbitrary code with the privileges of the process.
Workaround
There is no known workaround at this time.
Resolution
All RAR users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose
">=app-arch/rar-5.5.0_beta4_p20170628"
| All UnRAR users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unrar-5.5.5"
|
References
CVE-2012-6706
Last edited by GLSA on Fri Sep 29, 2017 4:16 am; edited 1 time in total |
|