Vulnerabilities > CVE-2005-0160 - Remote Buffer Overflow vulnerability in E-Merge Unace 1.2B
Attack vector
NETWORK Attack complexity
HIGH Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Nessus
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_1D3A27377EB711D9ACF7000854D03344.NASL description Ulf Harnhammar reports : - There are buffer overflows when extracting, testing or listing specially prepared ACE archives. - There are directory traversal bugs when extracting ACE archives. - There are also buffer overflows when dealing with long (>17000 characters) command line arguments. Secunia reports : The vulnerabilities have been confirmed in version 1.2b. One of the buffer overflow vulnerabilities have also been reported in version 2.04, 2.2 and 2.5. Other versions may also be affected. Successful exploitation may allow execution of arbitrary code. last seen 2020-06-01 modified 2020-06-02 plugin id 18860 published 2005-07-13 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/18860 title FreeBSD : unace -- multiple vulnerabilities (1d3a2737-7eb7-11d9-acf7-000854d03344) NASL family SuSE Local Security Checks NASL id SUSE9_10239.NASL description This update fixes several buffer overflows while extracting, testing, or listing an archive file (CVE-2005-0160) as well as a buffer overflow while handling long command-line options. (CVE-2005-0161) last seen 2020-06-01 modified 2020-06-02 plugin id 58224 published 2012-04-23 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/58224 title SuSE9 Security Update : unace (YOU Patch Number 10239) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-200502-32.NASL description The remote host is affected by the vulnerability described in GLSA-200502-32 (UnAce: Buffer overflow and directory traversal vulnerabilities) Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives (CAN-2005-0160). He also found out that UnAce is vulnerable to directory traversal attacks, if an archive contains last seen 2020-06-01 modified 2020-06-02 plugin id 17235 published 2005-03-01 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/17235 title GLSA-200502-32 : UnAce: Buffer overflow and directory traversal vulnerabilities