Bug 166440 - app-arch/{un,}rar- remotely exploitable stack based buffer overflow (CVE-2007-0855)
Bug#: 166440 Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: normal Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: carlo@gentoo.org
Component: Vulnerabilities
URL: 
Summary: app-arch/{un,}rar- remotely exploitable stack based buffer overflow (CVE-2007-0855)
Keywords:  
Status Whiteboard: A2 [glsa] Falco
Opened: 2007-02-11 23:40 0000
Description:   Opened: 2007-02-11 23:40 0000 
Exploitation of the vulnerability could allow an attacker to execute arbitrary
code with the privileges of the user opening the file. Exploitation would
require that an attacker hosts a maliciously crafted document on a website and
entice users to visit the site. An attacker could also e-mail the malicious
document and use social engineering techniques to trick the e-mail recipient
into opening the document.

There are several mitigating factors for this vulnerability. Nearly all Windows
users will use the GUI based WinRAR to open archives, and it is not vulnerable.
If users are using the vulnerable command line based unrar, they still need to
interact with the program in order to trigger the vulnerability. They must
respond to the prompt asking for the password, after which the vulnerability
will be triggered. They do not need to enter a correct password, but they must
at least push the enter key.


http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472

Reproducible: Always

------- Comment #1 From Raphael Marichez 2007-02-12 12:58:04 0000 ------- 
Thanks Carsten, this vuln went out of my scope :(

base-system, could you bump unrar version 3.7.0 please? thanks

------- Comment #2 From SpanKY 2007-02-12 13:15:13 0000 ------- 
rar-3.7.0_beta1 and unrar-3.7.3 now in portage

------- Comment #3 From Raphael Marichez 2007-02-12 15:25:12 0000 ------- 
Thanks vapier for the very quick bump, and for unrar too.

hi arches, please test and mark stable :

rar-3.7.0_beta1  for AMD64 and X86

unrar-3.7.3  for all arches

------- Comment #4 From Jeroen Roovers 2007-02-12 16:01:37 0000 ------- 
Stable for HPPA.

------- Comment #5 From Gustavo Zacarias (RETIRED) 2007-02-12 16:20:31 0000 ------- 
sparc stable.

------- Comment #6 From Raúl Porcel 2007-02-12 16:24:54 0000 ------- 
both rar and unrar x86 stable

------- Comment #7 From Simon Stelling (RETIRED) 2007-02-12 16:49:12 0000 ------- 
both stable on amd64

------- Comment #8 From Tobias Scherbaum 2007-02-12 19:04:22 0000 ------- 
ppc stable

------- Comment #9 From Markus Rothe 2007-02-13 11:08:26 0000 ------- 
ppc64 stable

------- Comment #10 From Andre Meyer 2007-02-13 13:57:44 0000 ------- 
this may be the wrong place to report, but i think there is a dependency to
glibc 2.4 missing

/lib/libc.so.6: version `GLIBC_2.4' not found (required by /opt/bin/rar)

i can only use sys-libs/glibc-2.3.6-r5

Portage 2.1.2-r9 (selinux/2005.1/x86/hardened, gcc-3.4.6, glibc-2.3.6-r5,
2.6.18-hardened i686)

------- Comment #11 From Chris Gianelloni (RETIRED) 2007-02-13 22:14:27 0000 ------- 
alpha done

------- Comment #12 From Raphael Marichez 2007-02-13 23:56:05 0000 ------- 
GLSA 200702-04, thanks to everybody. ARM, IA64, S390, don't forget to mark
stable.

------- Comment #13 From Raúl Porcel 2007-03-31 18:24:46 0000 ------- 
arm/ia64/s390 done