Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 83057

Summary: app-arch/unace: Directory Traversal and Buffer Overflow Vulnerabilities
Product: Gentoo Security Reporter: Jean-François Brunette (RETIRED) <formula7>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: All   
Package list:
Runtime testing required: ---

Description Jean-François Brunette (RETIRED) gentoo-dev 2005-02-23 04:47:41 UTC
Ulf H
Comment 1 Jean-François Brunette (RETIRED) gentoo-dev 2005-02-23 04:47:41 UTC
Ulf Härnhammar has discovered some vulnerabilities in unace, which can be exploited by malicious people to compromise a user's system.

1) An input validation error when extracting files compressed with ACE (.ace) makes it possible extract files to arbitrary locations outside the specified directory using the "../" directory traversal sequence or an absolute path.

2) Some boundary errors in the processing of malicious ACE archives can be exploited to cause a buffer overflow by tricking a user into extracting, testing, or listing a specially crafted archive.

Successful exploitation may allow execution of arbitrary code.

The vulnerabilities have been confirmed in version 1.2b. Other versions may also be affected.

Do not extract, list, or test untrusted ACE archives.

Use another product.
Comment 2 Luke Macken (RETIRED) gentoo-dev 2005-02-23 05:12:20 UTC

*** This bug has been marked as a duplicate of 81958 ***