ARJ软件UNARJ远程缓冲区溢出漏洞

漏洞信息详情

ARJ软件UNARJ远程缓冲区溢出漏洞

• CNNVD编号：CNNVD-200502-024
• 危害等级： 超危
  
  
• CVE编号：
  CVE-2004-0947
  
• 漏洞类型：
  
  
  缓冲区溢出
  
• 发布时间：
  
  2005-02-09
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2005-10-20
  
• 厂        商：
  
  suse
• 漏洞来源：
  The individual or …

unarj是用来解压DOS下流行的.arj文件的程序。
unarj 2.63a-r2之前的缓冲区溢出，可让远程攻击者通过包含长文件名的arj归档文件执行任意代码。

目前厂商已经发布了升级补丁以修复这个安全问题，补丁下载链接：
ARJ Software Inc. UNARJ 2.43
Debian unarj_2.43-3woody1_alpha.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_alpha.deb
Debian unarj_2.43-3woody1_arm.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_arm.deb
Debian unarj_2.43-3woody1_hppa.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_hppa.deb
Debian unarj_2.43-3woody1_i386.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_i386.deb
Debian unarj_2.43-3woody1_ia64.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_ia64.deb
Debian unarj_2.43-3woody1_m68k.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_m68k.deb
Debian unarj_2.43-3woody1_powerpc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_powerpc.deb
Debian unarj_2.43-3woody1_s390.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_s390.deb
Debian unarj_2.43-3woody1_sparc.deb
Debian GNU/Linux 3.0 alias woody
http://security.debian.org/pool/updates/non-free/u/unarj/unarj_2.43-3w oody1_sparc.deb
RedHat unarj-2.63a-4.0.7.3.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/7.3/updates/i386/unarj-2.63a-4 .0.7.3.1.legacy.i386.rpm
ARJ Software Inc. UNARJ 2.63 a
Fedora unarj-2.63a-7.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora unarj-2.63a-7.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora unarj-debuginfo-2.63a-7.i386.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
Fedora unarj-debuginfo-2.63a-7.x86_64.rpm
RedHat Fedora Core 2
http://download.fedora.redhat.com/pub/fedora/linux/core/updates/2/
RedHat unarj-2.63a-4.0.9.1.legacy.i386.rpm
http://download.fedoralegacy.org/redhat/9/updates/i386/unarj-2.63a-4.0 .9.1.legacy.i386.rpm
RedHat unarj-2.63a-4.1.1.legacy.i386.rpm
http://download.fedoralegacy.org/fedora/1/updates/i386/unarj-2.63a-4.1 .1.legacy.i386.rpm
S.u.S.E. Linux Personal 9.0
SuSE unarj-2.65-137.i586.rpm
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.0/rpm/i586/unarj-2.65-137.i5 86.rpm
SuSE unarj-2.65-137.x86_64.rpm
x86
ftp://ftp.suse.com/pub/suse/x86_64/update/9.0/rpm/x86_64/unarj-2.65-13 7.x86_64.rpm
S.u.S.E. Linux Personal 9.1
SuSE unarj-2.65-131.6.i586.rpm
x86
ftp://ftp.suse.com/pub/suse/i386/update/9.1/rpm/i586/unarj-2.65-131.6. i586.rpm
SuSE unarj-2.65-131.6.x86_64.rpm
x86-64
ftp://ftp.suse.com/pub/suse/x86_64/update/9.1/rpm/x86_64/unarj-2.65-13 1.6.x86_64.rpm
S.u.S.E. Linux Personal 9.2
SuSE unarj-2.65-133.3.i586.rpm
ix86 fix
ftp://ftp.suse.com/pub/suse/i386/update/9.2/rpm/i586/unarj-2.65-133.3. i586.rpm
SuSE unarj-2.65-133.3.x86_64.rpm
x86-64 fix
ftp://ftp.suse.com/pub/suse/x86_64/update/9.2/rpm/x86_64/unarj-2.65-13 3.3.x86_64.rpm

来源: BID
名称: 11665
链接:http://www.securityfocus.com/bid/11665

来源: GENTOO
名称: GLSA-200411-29
链接:http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml

来源: XF
名称: unarj-longfilename-bo(18044)
链接:http://xforce.iss.net/xforce/xfdb/18044

来源: REDHAT
名称: RHSA-2005:007
链接:http://www.redhat.com/support/errata/RHSA-2005-007.html

来源: DEBIAN
名称: DSA-652
链接:http://www.debian.org/security/2005/dsa-652

来源: FEDORA
名称: FLSA:2272
链接:http://lwn.net/Articles/121827/