|Summary:||app-arch/unace: Directory Traversal and Buffer Overflow Vulnerabilities|
|Product:||Gentoo Security||Reporter:||Jean-François Brunette (RETIRED) <formula7>|
|Component:||Vulnerabilities||Assignee:||Gentoo Security <security>|
|Package list:||Runtime testing required:||---|
Description Jean-François Brunette (RETIRED) 2005-02-23 04:47:41 UTC
Description: Ulf H
Comment 1 Jean-François Brunette (RETIRED) 2005-02-23 04:47:41 UTC
Description: Ulf Härnhammar has discovered some vulnerabilities in unace, which can be exploited by malicious people to compromise a user's system. 1) An input validation error when extracting files compressed with ACE (.ace) makes it possible extract files to arbitrary locations outside the specified directory using the "../" directory traversal sequence or an absolute path. 2) Some boundary errors in the processing of malicious ACE archives can be exploited to cause a buffer overflow by tricking a user into extracting, testing, or listing a specially crafted archive. Successful exploitation may allow execution of arbitrary code. The vulnerabilities have been confirmed in version 1.2b. Other versions may also be affected. Solution: Do not extract, list, or test untrusted ACE archives. Use another product.