漏洞信息详情
ARJ软件UNARJ远程缓冲区溢出漏洞
- CNNVD编号:CNNVD-200502-024
- 危害等级: 超危
- CVE编号: CVE-2004-0947
- 漏洞类型: 缓冲区溢出
- 发布时间: 2005-02-09
- 威胁类型: 远程
- 更新时间: 2005-10-20
- 厂 商: suse
- 漏洞来源: The individual or ...
漏洞简介
unarj是用来解压DOS下流行的.arj文件的程序。 unarj 2.63a-r2之前的缓冲区溢出,可让远程攻击者通过包含长文件名的arj归档文件执行任意代码。
漏洞公告
目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接: ARJ Software Inc. UNARJ 2.43 Debian unarj_2.43-3woody1_alpha.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_alpha.deb Debian unarj_2.43-3woody1_arm.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_arm.deb Debian unarj_2.43-3woody1_hppa.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_hppa.deb Debian unarj_2.43-3woody1_i386.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_i386.deb Debian unarj_2.43-3woody1_ia64.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_ia64.deb Debian unarj_2.43-3woody1_m68k.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_m68k.deb Debian unarj_2.43-3woody1_powerpc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_powerpc.deb Debian unarj_2.43-3woody1_s390.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_s390.deb Debian unarj_2.43-3woody1_sparc.deb Debian GNU/Linux 3.0 alias woody http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_sparc.deb RedHat unarj-2.63a-4.0.7.3.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/7.3/updates/i386/unarj-2.63a-4 .0.7.3.1.legacy.i386.rpm ARJ Software Inc. UNARJ 2.63 a Fedora unarj-2.63a-7.i386.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora unarj-2.63a-7.x86_64.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora unarj-debuginfo-2.63a-7.i386.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ Fedora unarj-debuginfo-2.63a-7.x86_64.rpm RedHat Fedora Core 2 http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/ RedHat unarj-2.63a-4.0.9.1.legacy.i386.rpm http://download.fedoralegacy.org/redhat/9/updates/i386/unarj-2.63a-4.0 .9.1.legacy.i386.rpm RedHat unarj-2.63a-4.1.1.legacy.i386.rpm http://download.fedoralegacy.org/fedora/1/updates/i386/unarj-2.63a-4.1 .1.legacy.i386.rpm S.u.S.E. Linux Personal 9.0 SuSE unarj-2.65-137.i586.rpm x86 ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/unarj-2.65-137.i5 86.rpm SuSE unarj-2.65-137.x86_64.rpm x86 ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/unarj-2.65-13 7.x86_64.rpm S.u.S.E. Linux Personal 9.1 SuSE unarj-2.65-131.6.i586.rpm x86 ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/unarj-2.65-131.6. i586.rpm SuSE unarj-2.65-131.6.x86_64.rpm x86-64 ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/unarj-2.65-13 1.6.x86_64.rpm S.u.S.E. Linux Personal 9.2 SuSE unarj-2.65-133.3.i586.rpm ix86 fix ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/unarj-2.65-133.3. i586.rpm SuSE unarj-2.65-133.3.x86_64.rpm x86-64 fix ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/unarj-2.65-13 3.3.x86_64.rpm
参考网址
来源: BID 名称: 11665 链接:http://www.securityfocus.com/bid/11665 来源: GENTOO 名称: GLSA-200411-29 链接:http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml 来源: XF 名称: unarj-longfilename-bo(18044) 链接:http://xforce.iss.net/xforce/xfdb/18044 来源: REDHAT 名称: RHSA-2005:007 链接:http://www.redhat.com/support/errata/RHSA-2005-007.HTML 来源: DEBIAN 名称: DSA-652 链接:http://www.debian.org/security/2005/dsa-652 来源: FEDORA 名称: FLSA:2272 链接:http://lwn.net/Articles/121827/
受影响实体
- Suse Suse_linux:9.2
- Suse Suse_linux:9.1
补丁
暂无
![weinxin](http://zone.ci/zone_ci_images/zone.ci.png)
评论