Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-1027

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2004-1027
Last Modified 05 Sep 2008 04:40:08
Published 01 Mar 2005 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2004-1027

Summary

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

Vulnerable Systems

Operating System

  • Gentoo Linux

Application

  • Arj Software Inc. Unarj 2.62

  • Arj Software Inc. Unarj 2.63 A

  • Arj Software Inc. Unarj 2.64

  • Arj Software Inc. Unarj 2.65


References

BID - 11436

XF - unarj-directory-traversal(17684)

REDHAT - RHSA-2005:007

DEBIAN - DSA-652

DEBIAN - DSA-628

GENTOO - GLSA-200411-29

FEDORA - FLSA:2272

FULLDISC - 20041010 unarj dir-transversal bug (../../../..)


Last Updated: 27 May 2016 10:38:52