ARJ软件UNARJ远程缓冲区溢出漏洞

admin

0
文章

0
评论

2022-07-22 14:18:40 CNNVD漏洞来源：ZONE.CI 全球网 0 阅读模式

漏洞信息详情

ARJ软件UNARJ远程缓冲区溢出漏洞

CNNVD编号：CNNVD-200502-024
危害等级：超危
CVE编号： CVE-2004-0947
漏洞类型：缓冲区溢出
发布时间： 2005-02-09
威胁类型：远程
更新时间： 2005-10-20
厂商： suse
漏洞来源： The individual or ...

漏洞简介

unarj是用来解压DOS下流行的.arj文件的程序。 unarj 2.63a-r2之前的缓冲区溢出，可让远程攻击者通过包含长文件名的arj归档文件执行任意代码。

漏洞公告

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接： ARJ Software Inc. UNARJ 2.43 Debian unarj_2.43-3woody1_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_alpha.deb Debian unarj_2.43-3woody1_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_arm.deb Debian unarj_2.43-3woody1_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_hppa.deb Debian unarj_2.43-3woody1_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_i386.deb Debian unarj_2.43-3woody1_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_ia64.deb Debian unarj_2.43-3woody1_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_m68k.deb Debian unarj_2.43-3woody1_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_powerpc.deb Debian unarj_2.43-3woody1_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_s390.deb Debian unarj_2.43-3woody1_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_sparc.deb RedHat unarj-2.63a-4.0.7.3.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/unarj-2.63a-4 .0.7.3.1.legacy.i386.rpm ARJ Software Inc. UNARJ 2.63 a Fedora unarj-2.63a-7.i386.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora unarj-2.63a-7.x86_64.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora unarj-debuginfo-2.63a-7.i386.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora unarj-debuginfo-2.63a-7.x86_64.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ RedHat unarj-2.63a-4.0.9.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/unarj-2.63a-4.0 .9.1.legacy.i386.rpm RedHat unarj-2.63a-4.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/unarj-2.63a-4.1 .1.legacy.i386.rpm S.u.S.E. Linux Personal 9.0 SuSE unarj-2.65-137.i586.rpm x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/unarj-2.65-137.i5 86.rpm SuSE unarj-2.65-137.x86_64.rpm x86 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/unarj-2.65-13 7.x86_64.rpm S.u.S.E. Linux Personal 9.1 SuSE unarj-2.65-131.6.i586.rpm x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/unarj-2.65-131.6. i586.rpm SuSE unarj-2.65-131.6.x86_64.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/unarj-2.65-13 1.6.x86_64.rpm S.u.S.E. Linux Personal 9.2 SuSE unarj-2.65-133.3.i586.rpm ix86 fix ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/unarj-2.65-133.3. i586.rpm SuSE unarj-2.65-133.3.x86_64.rpm x86-64 fix ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/unarj-2.65-13 3.3.x86_64.rpm

参考网址

来源: BID 名称: 11665 链接:http://www.securityfocus.com/bid/11665 来源: GENTOO 名称: GLSA-200411-29 链接:http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml 来源: XF 名称: unarj-longfilename-bo(18044) 链接:http://xforce.iss.net/xforce/xfdb/18044 来源: REDHAT 名称: RHSA-2005:007 链接:http://www.redhat.com/support/errata/RHSA-2005-007.HTML 来源: DEBIAN 名称: DSA-652 链接:http://www.debian.org/security/2005/dsa-652 来源: FEDORA 名称: FLSA:2272 链接:http://lwn.net/Articles/121827/