Summary: | app-arch/unarj: Filename Handling Buffer Overflow - CAN-2004-0947 | ||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Product: | Gentoo Security | Reporter: | Luke Macken (RETIRED) <lewk> | ||||||||||
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> | ||||||||||
Status: | RESOLVED FIXED | ||||||||||||
Severity: | normal | Keywords: | InVCS | ||||||||||
Priority: | High | ||||||||||||
Version: | unspecified | ||||||||||||
Hardware: | All | ||||||||||||
OS: | All | ||||||||||||
Whiteboard: | B2 [glsa] jaervosz | ||||||||||||
Package list: | Runtime testing required: | --- | |||||||||||
Attachments: |
|
Description
Luke Macken (RETIRED)
2004-11-12 07:53:12 UTC
Created attachment 43787 [details, diff]
unarj-overflow.diff
patch #1
Created attachment 43788 [details, diff]
unarj-path.diff
patch #2
patches come from Ludwig Nussel <ludwig.nussel.@suse.de> Solar this is unmaintained will you patch? Using commit message: ------------------------------------------------------------------------------ security bump - CAN-2004-0947 - bug 70966 ------------------------------------------------------------------------------ Old: unarj-2.63a-r1 KEYWORDS="x86 ppc sparc alpha arm amd64" New unarj-2.63a-r2 KEYWORDS="~x86 ~ppc ~sparc ~alpha ~arm ~amd64" Arch maintainers you can do the Hokey-Pokey and turn your arch around. stable on ppc sparc stable. Stable on alpha. stable on amd64 x86 please mark stable. sorry for the delay.. its there Created attachment 44273 [details]
overflow.arj
solar@simple a $ unarj overflow.arj
UNARJ (Demo version) 2.63 Copyright (c) 1991-2000 ARJ Software, Inc.
Processing archive: overflow.arj
Archive created: 2004-11-08 12:28:06, modified: 2004-11-08 12:30:28
Bad header
Created attachment 44274 [details]
path.arj
solar@simple a $ unarj path.arj
UNARJ (Demo version) 2.63 Copyright (c) 1991-2000 ARJ Software, Inc.
Processing archive: path.arj
Archive created: 2004-11-09 13:23:52, modified: 2004-11-09 13:23:52
Filename Original Compressed Ratio DateTime modified CRC-32 AttrBTPMGVX
------------ ---------- ---------- ----- ----------------- -------- -----------
FOO 4 4 1.000 04-10-13 11:00:04 7E3265A8 B+0
------------ ---------- ---------- ----- -----------------
1 files 4 4 1.000 04-11-09 13:23:52
Two POC arj's for testing. arch arm remains.. SpankY poke poke. GLSA 200411-29 arm should mark stable to benefit from GLSA |