Exploitation of the vulnerability could allow an attacker to execute arbitrary code with the privileges of the user opening the file. Exploitation would require that an attacker hosts a maliciously crafted document on a website and entice users to visit the site. An attacker could also e-mail the malicious document and use social engineering techniques to trick the e-mail recipient into opening the document.
There are several mitigating factors for this vulnerability. Nearly all Windows users will use the GUI based WinRAR to open archives, and it is not vulnerable. If users are using the vulnerable command line based unrar, they still need to interact with the program in order to trigger the vulnerability. They must respond to the prompt asking for the password, after which the vulnerability will be triggered. They do not need to enter a correct password, but they must at least push the enter key.
Thanks Carsten, this vuln went out of my scope :(
base-system, could you bump unrar version 3.7.0 please? thanks
rar-3.7.0_beta1 and unrar-3.7.3 now in portage
Thanks vapier for the very quick bump, and for unrar too.
hi arches, please test and mark stable :
rar-3.7.0_beta1 for AMD64 and X86
unrar-3.7.3 for all arches
Stable for HPPA.
both rar and unrar x86 stable
both stable on amd64
this may be the wrong place to report, but i think there is a dependency to glibc 2.4 missing
/lib/libc.so.6: version `GLIBC_2.4' not found (required by /opt/bin/rar)
i can only use sys-libs/glibc-2.3.6-r5
Portage 2.1.2-r9 (selinux/2005.1/x86/hardened, gcc-3.4.6, glibc-2.3.6-r5, 2.6.18-hardened i686)
GLSA 200702-04, thanks to everybody. ARM, IA64, S390, don't forget to mark stable.