Vulnerabilities > CVE-2005-3862 - Buffer Overflow vulnerability in Unalz Archive Filename
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Buffer overflow in unalz before 0.53 allows remote attackers to execute arbitrary code via long file names in ALZ archives.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 9 |
Exploit-Db
description | Unalz 0.x Archive Filename Buffer Overflow Vulnerability. CVE-2005-3862. Dos exploit for linux platform |
id | EDB-ID:26601 |
last seen | 2016-02-03 |
modified | 2005-11-28 |
published | 2005-11-28 |
reporter | Ulf Harnhammar |
source | https://www.exploit-db.com/download/26601/ |
title | Unalz 0.x Archive Filename Buffer Overflow Vulnerability |
Nessus
NASL family | Debian Local Security Checks |
NASL id | DEBIAN_DSA-959.NASL |
description | Ulf Harnhammar from the Debian Security Audit Project discovered that unalz, a decompressor for ALZ archives, performs insufficient bounds checking when parsing file names. This can lead to arbitrary code execution if an attacker provides a crafted ALZ archive. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 22825 |
published | 2006-10-14 |
reporter | This script is Copyright (C) 2006-2019 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/22825 |
title | Debian DSA-959-1 : unalz - buffer overflow |
code |
|
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=340842
- http://secunia.com/advisories/17774
- http://secunia.com/advisories/18665
- http://www.debian.org/security/2006/dsa-959
- http://www.kipple.pe.kr/win/unalz/
- http://www.osvdb.org/21160
- http://www.securityfocus.com/bid/15577
- http://www.vupen.com/english/advisories/2005/2604
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23267