Summary: | app-arch/unrar Local Stack-based Overflow exploit | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Srdjan Rakic <srki80> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | base-system |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://packetstormsecurity.org/files/view/103743/unrar-overflow.txt | ||
Whiteboard: | B2 [upstream] | ||
Package list: | Runtime testing required: | --- |
Description
Srdjan Rakic
2011-08-07 08:27:45 UTC
The OP is incorrect stating that the "[s]cript used was developed to bypass non-executing stack patches" in fact the script states: "It was not developped to bypass non-executing stack patches". I wasn't able to reproduce this with app-arch/unrar-4.1.4-r2 on a non-hardened system using sys-kernel/gentoo-sources-3.2.12 with CONFIG_CC_STACKPROTECTOR=n. There are no-comments on packetstorm, nor can I see any reference to it elsewhere. If gentoo-security want more details I can provide, but I think this may now be obsolete, or ficticious. I'm also unable to reproduce this with unrar-4.2.2. I don't think this problem applies to any of our app-arch/unrar pkgs. |