Vulnerabilities > CVE-2004-0947 - Remote Buffer Overflow vulnerability in ARJ Software UNARJ

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
arj-software-inc
gentoo
suse
critical
nessus

Summary

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

Nessus

  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-652.NASL
    descriptionSeveral vulnerabilities have been discovered in unarj, a non-free ARJ unarchive utility. The Common Vulnerabilities and Exposures Project identifies the following vulnerabilities : - CAN-2004-0947 A buffer overflow has been discovered when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when being extracted by a victim. - CAN-2004-1027 A directory traversal vulnerability has been found so that an attacker could create a specially crafted archive which would create files in the parent directory when being extracted by a victim. When used recursively, this vulnerability could be used to overwrite critical system files and programs.
    last seen2020-06-01
    modified2020-06-02
    plugin id16236
    published2005-01-25
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/16236
    titleDebian DSA-652-1 : unarj - several vulnerabilities
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-652. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(16236);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:18");
    
      script_cve_id("CVE-2004-0947", "CVE-2004-1027");
      script_xref(name:"DSA", value:"652");
    
      script_name(english:"Debian DSA-652-1 : unarj - several vulnerabilities");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Several vulnerabilities have been discovered in unarj, a non-free ARJ
    unarchive utility. The Common Vulnerabilities and Exposures Project
    identifies the following vulnerabilities :
    
      - CAN-2004-0947
        A buffer overflow has been discovered when handling long
        file names contained in an archive. An attacker could
        create a specially crafted archive which could cause
        unarj to crash or possibly execute arbitrary code when
        being extracted by a victim.
    
      - CAN-2004-1027
    
        A directory traversal vulnerability has been found so
        that an attacker could create a specially crafted
        archive which would create files in the parent directory
        when being extracted by a victim. When used recursively,
        this vulnerability could be used to overwrite critical
        system files and programs."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=281922"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2005/dsa-652"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the unarj package.
    
    For the stable distribution (woody) these problems have been fixed in
    version 2.43-3woody1."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:unarj");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.0");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/01/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/01/25");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.0", prefix:"unarj", reference:"2.43-3woody1")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200411-29.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200411-29 (unarj: Long filenames buffer overflow and a path traversal vulnerability) unarj has a bounds checking vulnerability within the handling of long filenames in archives. It also fails to properly sanitize paths when extracting an archive (if the
    last seen2020-06-01
    modified2020-06-02
    plugin id15777
    published2004-11-22
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/15777
    titleGLSA-200411-29 : unarj: Long filenames buffer overflow and a path traversal vulnerability
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200411-29.
    #
    # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(15777);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:42");
    
      script_cve_id("CVE-2004-0947", "CVE-2004-1027");
      script_xref(name:"GLSA", value:"200411-29");
    
      script_name(english:"GLSA-200411-29 : unarj: Long filenames buffer overflow and a path traversal vulnerability");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200411-29
    (unarj: Long filenames buffer overflow and a path traversal vulnerability)
    
        unarj has a bounds checking vulnerability within the handling of
        long filenames in archives. It also fails to properly sanitize paths
        when extracting an archive (if the 'x' option is used to preserve
        paths).
      
    Impact :
    
        An attacker could trigger a buffer overflow or a path traversal by
        enticing a user to open an archive containing specially crafted path
        names, potentially resulting in the overwrite of files or execution of
        arbitrary code with the permissions of the user running unarj.
      
    Workaround :
    
        There is no known workaround at this time."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200411-29"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All unarj users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose '>=app-arch/unarj-2.63a-r2'"
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:unarj");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/11/19");
      script_set_attribute(attribute:"plugin_publication_date", value:"2004/11/22");
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/10/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"app-arch/unarj", unaffected:make_list("ge 2.63a-r2"), vulnerable:make_list("lt 2.63a-r2"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unarj");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2004-414.NASL
    descriptionA buffer overflow bug has been discovered in unarj when handling long file names contained in an archive. An attacker could create an archive with a specially crafted path which could cause unarj to crash or execute arbitrary instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0947 to this issue. Additionally, a path traversal vulnerability exists in unarj which allows an attacker to extract files to the parent (
    last seen2020-06-01
    modified2020-06-02
    plugin id62247
    published2012-09-24
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62247
    titleFedora Core 2 : unarj-2.63a-7 (2004-414)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2004-414.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(62247);
      script_version("1.7");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2004-0947");
      script_xref(name:"FEDORA", value:"2004-414");
    
      script_name(english:"Fedora Core 2 : unarj-2.63a-7 (2004-414)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A buffer overflow bug has been discovered in unarj when handling long
    file names contained in an archive. An attacker could create an
    archive with a specially crafted path which could cause unarj to crash
    or execute arbitrary instructions. The Common Vulnerabilities and
    Exposures project (cve.mitre.org) has assigned the name CVE-2004-0947
    to this issue.
    
    Additionally, a path traversal vulnerability exists in unarj which
    allows an attacker to extract files to the parent ('..') directory.
    When used recursively, this vulnerability can be used to overwrite
    critical system files and programs.
    
    Users of unarj are advised to upgrade to these packages.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2004-November/000393.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d089fdde"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected unarj package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:unarj");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:2");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/11/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2012-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^2([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 2.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC2", reference:"unarj-2.63a-7")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "unarj");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A163BAFF3FE111D9A9E70001020EED82.NASL
    descriptionLudwig Nussel has discovered a buffer overflow vulnerability in unarj
    last seen2020-06-01
    modified2020-06-02
    plugin id19053
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/19053
    titleFreeBSD : unarj -- long filename buffer overflow (a163baff-3fe1-11d9-a9e7-0001020eed82)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(19053);
      script_version("1.15");
      script_cvs_date("Date: 2019/08/02 13:32:36");
    
      script_cve_id("CVE-2004-0947");
      script_bugtraq_id(11665);
    
      script_name(english:"FreeBSD : unarj -- long filename buffer overflow (a163baff-3fe1-11d9-a9e7-0001020eed82)");
      script_summary(english:"Checks for updated package in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote FreeBSD host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Ludwig Nussel has discovered a buffer overflow vulnerability in
    unarj's handling of long filenames which could potentially lead to
    execution of arbitrary code with the permissions of the user running
    unarj."
      );
      # https://vuxml.freebsd.org/freebsd/a163baff-3fe1-11d9-a9e7-0001020eed82.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?5e56d3cb"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:unarj");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2004/11/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2004/11/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"unarj<2.43_2")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_9523.NASL
    descriptionA directory traversal bug was spotted in the unarj program (CVE-2004-0947). Additionaly SUSE Security audited unarj and found several buffer overflows which are also fixed by this update.
    last seen2020-06-01
    modified2020-06-02
    plugin id41339
    published2009-09-24
    reporterThis script is Copyright (C) 2009-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/41339
    titleSuSE9 Security Update : unarj (YOU Patch Number 9523)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(41339);
      script_version("1.8");
      script_cvs_date("Date: 2019/10/25 13:36:27");
    
      script_cve_id("CVE-2004-0947");
    
      script_name(english:"SuSE9 Security Update : unarj (YOU Patch Number 9523)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 9 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "A directory traversal bug was spotted in the unarj program
    (CVE-2004-0947). Additionaly SUSE Security audited unarj and found
    several buffer overflows which are also fixed by this update."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.suse.com/security/cve/CVE-2004-0947/"
      );
      script_set_attribute(attribute:"solution", value:"Apply YOU patch number 9523.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2004/12/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2009/09/24");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2009-2019 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 9 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SUSE9", reference:"unarj-2.65-131.6")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-007.NASL
    descriptionAn updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available. The unarj program is an archiving utility which can extract ARJ-compatible archives. A buffer overflow bug was discovered in unarj when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-0947 to this issue. Additionally, a path traversal vulnerability was discovered in unarj. An attacker could create a specially crafted archive which would create files in the parent (
    last seen2020-06-01
    modified2020-06-02
    plugin id16145
    published2005-01-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/16145
    titleRHEL 2.1 : unarj (RHSA-2005:007)

Redhat

advisories
rhsa
idRHSA-2005:007