| Summary: | app-arch/unace: Directory Traversal and Buffer Overflow Vulnerabilities | ||
|---|---|---|---|
| Product: | Gentoo Security | Reporter: | Jean-François Brunette (RETIRED) <formula7> |
| Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
| Status: | RESOLVED DUPLICATE | ||
| Severity: | normal | ||
| Priority: | High | ||
| Version: | unspecified | ||
| Hardware: | All | ||
| OS: | All | ||
| URL: | http://secunia.com/advisories/14359/ | ||
| Whiteboard: | |||
| Package list: | Runtime testing required: | --- | |
|
Description
Jean-François Brunette (RETIRED)
2005-02-23 04:47:41 UTC
Description: Ulf Härnhammar has discovered some vulnerabilities in unace, which can be exploited by malicious people to compromise a user's system. 1) An input validation error when extracting files compressed with ACE (.ace) makes it possible extract files to arbitrary locations outside the specified directory using the "../" directory traversal sequence or an absolute path. 2) Some boundary errors in the processing of malicious ACE archives can be exploited to cause a buffer overflow by tricking a user into extracting, testing, or listing a specially crafted archive. Successful exploitation may allow execution of arbitrary code. The vulnerabilities have been confirmed in version 1.2b. Other versions may also be affected. Solution: Do not extract, list, or test untrusted ACE archives. Use another product. |