diff options
| author | simon <simon@FreeBSD.org> | 2004-11-26 20:41:06 +0000 |
|---|---|---|
| committer | simon <simon@FreeBSD.org> | 2004-11-26 20:41:06 +0000 |
| commit | e8e0e8ae0fee1215cc614f53587f827c0fc31fd7 (patch) | |
| tree | a03b1c7dd25beb0664a94f2f42af000bbbc4e859 /security | |
| parent | 0e18d7a7fd8dae6dcd3c7c954b46a0c503fba096 (diff) | |
| download | FreeBSD-ports-e8e0e8ae0fee1215cc614f53587f827c0fc31fd7.zip FreeBSD-ports-e8e0e8ae0fee1215cc614f53587f827c0fc31fd7.tar.gz | |
Document two vulnerabilities in unarj.
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 5c3e1e7..67ac761 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,59 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="a163baff-3fe1-11d9-a9e7-0001020eed82"> + <topic>unarj -- long filename buffer overflow</topic> + <affects> + <package> + <name>unarj</name> + <range><lt>2.43_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Ludwig Nussel has discovered a buffer overflow + vulnerability in unarj's handling of long filenames which + could potentially lead to execution of arbitrary code with + the permissions of the user running unarj.</p> + </body> + </description> + <references> + <cvename>CAN-2004-0947</cvename> + <bid>11665</bid> + </references> + <dates> + <discovery>2004-11-09</discovery> + <entry>2004-11-26</entry> + </dates> + </vuln> + + <vuln vid="1f922de0-3fe5-11d9-a9e7-0001020eed82"> + <topic>unarj -- directory traversal vulnerability</topic> + <affects> + <package> + <name>unarj</name> + <range><lt>2.43_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>unarj has insufficient checks for filenames that contain + <q>..</q>. This can allow an attacker to overwrite + arbitrary files with the permissions of the user running + unarj.</p> + </body> + </description> + <references> + <cvename>CAN-2004-1027</cvename> + <bid>11436</bid> + <mlist msgid="200410102243.i9AMhA9F083398@mailserver2.hushmail.com">http://marc.theaimsgroup.com/?l=full-disclosure&m=109748984030292</mlist> + </references> + <dates> + <discovery>2004-10-10</discovery> + <entry>2004-11-26</entry> + </dates> + </vuln> + <vuln vid="ac619d06-3ef8-11d9-8741-c942c075aa41"> <topic> Security Vulnerability With Java Plugin</topic> <affects> |
