Vulnerabilities > CVE-2005-0161 - Remote Directory Traversal vulnerability in E-Merge Unace 1.2B

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
e-merge
nessus
exploit available

Summary

Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.

Vulnerable Configurations

Part Description Count
Application
E-Merge
1

Exploit-Db

descriptionWinace UnAce 1.x ACE Archive Remote Directory Traversal Vulnerability. CVE-2005-0161. Remote exploit for linux platform
idEDB-ID:25150
last seen2016-02-03
modified2005-02-23
published2005-02-23
reporterUlf Harnhammar
sourcehttps://www.exploit-db.com/download/25150/
titleWinace UnAce 1.x ACE Archive Remote Directory Traversal Vulnerability

Nessus

  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_1D3A27377EB711D9ACF7000854D03344.NASL
    descriptionUlf Harnhammar reports : - There are buffer overflows when extracting, testing or listing specially prepared ACE archives. - There are directory traversal bugs when extracting ACE archives. - There are also buffer overflows when dealing with long (>17000 characters) command line arguments. Secunia reports : The vulnerabilities have been confirmed in version 1.2b. One of the buffer overflow vulnerabilities have also been reported in version 2.04, 2.2 and 2.5. Other versions may also be affected. Successful exploitation may allow execution of arbitrary code.
    last seen2020-06-01
    modified2020-06-02
    plugin id18860
    published2005-07-13
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/18860
    titleFreeBSD : unace -- multiple vulnerabilities (1d3a2737-7eb7-11d9-acf7-000854d03344)
  • NASL familySuSE Local Security Checks
    NASL idSUSE9_10239.NASL
    descriptionThis update fixes several buffer overflows while extracting, testing, or listing an archive file (CVE-2005-0160) as well as a buffer overflow while handling long command-line options. (CVE-2005-0161)
    last seen2020-06-01
    modified2020-06-02
    plugin id58224
    published2012-04-23
    reporterThis script is Copyright (C) 2012-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/58224
    titleSuSE9 Security Update : unace (YOU Patch Number 10239)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200502-32.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200502-32 (UnAce: Buffer overflow and directory traversal vulnerabilities) Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives (CAN-2005-0160). He also found out that UnAce is vulnerable to directory traversal attacks, if an archive contains
    last seen2020-06-01
    modified2020-06-02
    plugin id17235
    published2005-03-01
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/17235
    titleGLSA-200502-32 : UnAce: Buffer overflow and directory traversal vulnerabilities