GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Wed Feb 14, 2007 1:26 am Post subject: [ GLSA 200702-04 ] RAR, UnRAR: Buffer overflow |
 |
|
Gentoo Linux Security Advisory
Title: RAR, UnRAR: Buffer overflow (GLSA 200702-04)
Severity: normal
Exploitable: remote
Date: February 13, 2007
Updated: February 14, 2007
Bug(s): #166440
ID: 200702-04
Synopsis
RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary code.
Background
RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.
Affected Packages
Package: app-arch/rar
Vulnerable: < 3.7.0_beta1
Unaffected: >= 3.7.0_beta1
Architectures: All supported architectures
Package: app-arch/unrar
Vulnerable: < 3.7.3
Unaffected: >= 3.7.3
Architectures: All supported architectures
Description
RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow.
Impact
A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive.
Workaround
There is no known workaround at this time.
Resolution
All UnRAR users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3" |
All RAR users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1" |
References
CVE-2007-0855
Last edited by GLSA on Thu Feb 15, 2007 4:18 am; edited 1 time in total |
|
News & Announcements
