cvelistv5 - cve-2004-0947

cve-2004-0947

Vulnerability from cvelistv5

Published

2004-11-24 05:00

Modified

2024-08-08 00:31

Severity ?

Summary

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

References

URL	Tags
cve@mitre.org	http://lwn.net/Articles/121827/
cve@mitre.org	http://www.debian.org/security/2005/dsa-652
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2005-007.html
cve@mitre.org	http://www.securityfocus.com/bid/11665	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/18044
af854a3a-2127-422b-91ae-364da2661108	http://lwn.net/Articles/121827/
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2005/dsa-652
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-007.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11665	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/18044

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:31:48.138Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-652",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-652"
          },
          {
            "name": "11665",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11665"
          },
          {
            "name": "RHSA-2005:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
          },
          {
            "name": "unarj-longfilename-bo(18044)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18044"
          },
          {
            "name": "GLSA-200411-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml"
          },
          {
            "name": "FLSA:2272",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lwn.net/Articles/121827/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-11-19T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-652",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-652"
        },
        {
          "name": "11665",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11665"
        },
        {
          "name": "RHSA-2005:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
        },
        {
          "name": "unarj-longfilename-bo(18044)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18044"
        },
        {
          "name": "GLSA-200411-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml"
        },
        {
          "name": "FLSA:2272",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lwn.net/Articles/121827/"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0947",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-652",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-652"
            },
            {
              "name": "11665",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11665"
            },
            {
              "name": "RHSA-2005:007",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
            },
            {
              "name": "unarj-longfilename-bo(18044)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18044"
            },
            {
              "name": "GLSA-200411-29",
              "refsource": "GENTOO",
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml"
            },
            {
              "name": "FLSA:2272",
              "refsource": "FEDORA",
              "url": "http://lwn.net/Articles/121827/"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-0947",
    "datePublished": "2004-11-24T05:00:00",
    "dateReserved": "2004-10-12T00:00:00",
    "dateUpdated": "2024-08-08T00:31:48.138Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arj_software_inc.:unarj:2.62:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"09C72F8C-9CA0-414E-A035-884E795BAAF5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arj_software_inc.:unarj:2.63_a:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"00CADC2B-DACE-41AD-9B47-DC42C71130FE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arj_software_inc.:unarj:2.64:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9BE62C88-B823-4369-9DA0-4DA8852681FF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:arj_software_inc.:unarj:2.65:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E46C61B0-FB21-4047-9C36-DE4E96559494\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"647BA336-5538-4972-9271-383A0EC9378E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FB0E2D3B-B50A-46C2-BA1E-3E014DE91954\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFABFCE5-4F86-4AE8-9849-BC360AC72098\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.\"}]",
      "id": "CVE-2004-0947",
      "lastModified": "2024-11-20T23:49:45.147",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 10.0, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": true, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2005-02-09T05:00:00.000",
      "references": "[{\"url\": \"http://lwn.net/Articles/121827/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2005/dsa-652\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-007.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/11665\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/18044\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lwn.net/Articles/121827/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2005/dsa-652\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2005-007.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/11665\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/18044\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-0947\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-02-09T05:00:00.000\",\"lastModified\":\"2024-11-20T23:49:45.147\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":10.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":true,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arj_software_inc.:unarj:2.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"09C72F8C-9CA0-414E-A035-884E795BAAF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arj_software_inc.:unarj:2.63_a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"00CADC2B-DACE-41AD-9B47-DC42C71130FE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arj_software_inc.:unarj:2.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9BE62C88-B823-4369-9DA0-4DA8852681FF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arj_software_inc.:unarj:2.65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E46C61B0-FB21-4047-9C36-DE4E96559494\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"647BA336-5538-4972-9271-383A0EC9378E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FB0E2D3B-B50A-46C2-BA1E-3E014DE91954\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFABFCE5-4F86-4AE8-9849-BC360AC72098\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C\"}]}]}],\"references\":[{\"url\":\"http://lwn.net/Articles/121827/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2005/dsa-652\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-007.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/11665\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18044\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lwn.net/Articles/121827/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2005/dsa-652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/11665\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/18044\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

rhsa-2005:007

Vulnerability from csaf_redhat

Published

2005-01-12 18:38

Modified

2024-11-21 23:18

Summary

Red Hat Security Advisory: unarj security update

Notes

Topic

An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.

Details

The unarj program is an archiving utility which can extract ARJ-compatible archives. A buffer overflow bug was discovered in unarj when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to this issue. Additionally, a path traversal vulnerability was discovered in unarj. An attacker could create a specially crafted archive which would create files in the parent ("..") directory when extracted by a victim. When used recursively, this vulnerability could be used to overwrite critical system files and programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1027 to this issue. Users of unarj should upgrade to this updated package which contains backported patches and is not vulnerable to these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated unarj package that fixes a buffer overflow vulnerability and a\ndirectory traversal vulnerability is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The unarj program is an archiving utility which can extract ARJ-compatible\narchives.\n\nA buffer overflow bug was discovered in unarj when handling long file\nnames contained in an archive.  An attacker could create a specially\ncrafted archive which could cause unarj to crash or possibly execute\narbitrary code when extracted by a victim.  The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to\nthis issue.\n\nAdditionally, a path traversal vulnerability was discovered in unarj.  An\nattacker could create a specially crafted archive which would create files\nin the parent (\"..\") directory when extracted by a victim.  When used\nrecursively, this vulnerability could be used to overwrite critical system\nfiles and programs.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-1027 to this issue.\n\nUsers of unarj should upgrade to this updated package which contains\nbackported patches and is not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2005:007",
        "url": "https://access.redhat.com/errata/RHSA-2005:007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "138462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138462"
      },
      {
        "category": "external",
        "summary": "138835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138835"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_007.json"
      }
    ],
    "title": "Red Hat Security Advisory: unarj security update",
    "tracking": {
      "current_release_date": "2024-11-21T23:18:10+00:00",
      "generator": {
        "date": "2024-11-21T23:18:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2005:007",
      "initial_release_date": "2005-01-12T18:38:00+00:00",
      "revision_history": [
        {
          "date": "2005-01-12T18:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2005-01-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:18:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0947",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617328"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617328",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617328"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1027",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

RHSA-2005:007

Vulnerability from csaf_redhat

Published

2005-01-12 18:38

Modified

2024-11-21 23:18

Summary

Red Hat Security Advisory: unarj security update

Notes

Topic

An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated unarj package that fixes a buffer overflow vulnerability and a\ndirectory traversal vulnerability is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The unarj program is an archiving utility which can extract ARJ-compatible\narchives.\n\nA buffer overflow bug was discovered in unarj when handling long file\nnames contained in an archive.  An attacker could create a specially\ncrafted archive which could cause unarj to crash or possibly execute\narbitrary code when extracted by a victim.  The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to\nthis issue.\n\nAdditionally, a path traversal vulnerability was discovered in unarj.  An\nattacker could create a specially crafted archive which would create files\nin the parent (\"..\") directory when extracted by a victim.  When used\nrecursively, this vulnerability could be used to overwrite critical system\nfiles and programs.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-1027 to this issue.\n\nUsers of unarj should upgrade to this updated package which contains\nbackported patches and is not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2005:007",
        "url": "https://access.redhat.com/errata/RHSA-2005:007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "138462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138462"
      },
      {
        "category": "external",
        "summary": "138835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138835"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_007.json"
      }
    ],
    "title": "Red Hat Security Advisory: unarj security update",
    "tracking": {
      "current_release_date": "2024-11-21T23:18:10+00:00",
      "generator": {
        "date": "2024-11-21T23:18:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2005:007",
      "initial_release_date": "2005-01-12T18:38:00+00:00",
      "revision_history": [
        {
          "date": "2005-01-12T18:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2005-01-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:18:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0947",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617328"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617328",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617328"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1027",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2005_007

Vulnerability from csaf_redhat

Published

2005-01-12 18:38

Modified

2024-11-21 23:18

Summary

Red Hat Security Advisory: unarj security update

Notes

Topic

An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated unarj package that fixes a buffer overflow vulnerability and a\ndirectory traversal vulnerability is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The unarj program is an archiving utility which can extract ARJ-compatible\narchives.\n\nA buffer overflow bug was discovered in unarj when handling long file\nnames contained in an archive.  An attacker could create a specially\ncrafted archive which could cause unarj to crash or possibly execute\narbitrary code when extracted by a victim.  The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to\nthis issue.\n\nAdditionally, a path traversal vulnerability was discovered in unarj.  An\nattacker could create a specially crafted archive which would create files\nin the parent (\"..\") directory when extracted by a victim.  When used\nrecursively, this vulnerability could be used to overwrite critical system\nfiles and programs.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-1027 to this issue.\n\nUsers of unarj should upgrade to this updated package which contains\nbackported patches and is not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2005:007",
        "url": "https://access.redhat.com/errata/RHSA-2005:007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "138462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138462"
      },
      {
        "category": "external",
        "summary": "138835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138835"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_007.json"
      }
    ],
    "title": "Red Hat Security Advisory: unarj security update",
    "tracking": {
      "current_release_date": "2024-11-21T23:18:10+00:00",
      "generator": {
        "date": "2024-11-21T23:18:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2005:007",
      "initial_release_date": "2005-01-12T18:38:00+00:00",
      "revision_history": [
        {
          "date": "2005-01-12T18:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2005-01-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:18:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0947",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617328"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617328",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617328"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1027",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

gsd-2004-0947

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

Aliases

CVE-2004-0947

Aliases

CVE-2004-0947

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-0947",
    "description": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
    "id": "GSD-2004-0947",
    "references": [
      "https://www.suse.com/security/cve/CVE-2004-0947.html",
      "https://www.debian.org/security/2005/dsa-652",
      "https://access.redhat.com/errata/RHSA-2005:007"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-0947"
      ],
      "details": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
      "id": "GSD-2004-0947",
      "modified": "2023-12-13T01:22:54.557411Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-0947",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-652",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2005/dsa-652"
          },
          {
            "name": "11665",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/11665"
          },
          {
            "name": "RHSA-2005:007",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
          },
          {
            "name": "unarj-longfilename-bo(18044)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18044"
          },
          {
            "name": "GLSA-200411-29",
            "refsource": "GENTOO",
            "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml"
          },
          {
            "name": "FLSA:2272",
            "refsource": "FEDORA",
            "url": "http://lwn.net/Articles/121827/"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:arj_software_inc.:unarj:2.64:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arj_software_inc.:unarj:2.65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arj_software_inc.:unarj:2.62:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arj_software_inc.:unarj:2.63_a:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-0947"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11665",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/11665"
            },
            {
              "name": "GLSA-200411-29",
              "refsource": "GENTOO",
              "tags": [
                "Patch",
                "Vendor Advisory"
              ],
              "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml"
            },
            {
              "name": "DSA-652",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2005/dsa-652"
            },
            {
              "name": "FLSA:2272",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lwn.net/Articles/121827/"
            },
            {
              "name": "RHSA-2005:007",
              "refsource": "REDHAT",
              "tags": [],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
            },
            {
              "name": "unarj-longfilename-bo(18044)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18044"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 10.0,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 10.0,
          "obtainAllPrivilege": true,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-07-11T01:30Z",
      "publishedDate": "2005-02-09T05:00Z"
    }
  }
}

ghsa-xjjv-8746-3g86

Vulnerability from github

Published

2022-04-29 02:58

Modified

2022-04-29 02:58

Details

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-0947"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-02-09T05:00:00Z",
    "severity": "HIGH"
  },
  "details": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
  "id": "GHSA-xjjv-8746-3g86",
  "modified": "2022-04-29T02:58:39Z",
  "published": "2022-04-29T02:58:39Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18044"
    },
    {
      "type": "WEB",
      "url": "http://lwn.net/Articles/121827"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2005/dsa-652"
    },
    {
      "type": "WEB",
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11665"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2004-0947

Vulnerability from fkie_nvd

Published

2005-02-09 05:00

Modified

2024-11-20 23:49

Severity ?

Summary

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.

References

URL	Tags
cve@mitre.org	http://lwn.net/Articles/121827/
cve@mitre.org	http://www.debian.org/security/2005/dsa-652
cve@mitre.org	http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml	Patch, Vendor Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2005-007.html
cve@mitre.org	http://www.securityfocus.com/bid/11665	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/18044
af854a3a-2127-422b-91ae-364da2661108	http://lwn.net/Articles/121827/
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2005/dsa-652
af854a3a-2127-422b-91ae-364da2661108	http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-007.html
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11665	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/18044

Impacted products

Vendor	Product	Version
arj_software_inc.	unarj	2.62
arj_software_inc.	unarj	2.63_a
arj_software_inc.	unarj	2.64
arj_software_inc.	unarj	2.65
gentoo	linux	*
suse	suse_linux	9.0
suse	suse_linux	9.1
suse	suse_linux	9.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arj_software_inc.:unarj:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "09C72F8C-9CA0-414E-A035-884E795BAAF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arj_software_inc.:unarj:2.63_a:*:*:*:*:*:*:*",
              "matchCriteriaId": "00CADC2B-DACE-41AD-9B47-DC42C71130FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arj_software_inc.:unarj:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9BE62C88-B823-4369-9DA0-4DA8852681FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arj_software_inc.:unarj:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "E46C61B0-FB21-4047-9C36-DE4E96559494",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FB0E2D3B-B50A-46C2-BA1E-3E014DE91954",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFABFCE5-4F86-4AE8-9849-BC360AC72098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:suse:suse_linux:9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "CFF36BC6-6CCD-4FEE-A120-5B8C4BF5620C",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames."
    }
  ],
  "id": "CVE-2004-0947",
  "lastModified": "2024-11-20T23:49:45.147",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 10.0,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 10.0,
        "obtainAllPrivilege": true,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-02-09T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lwn.net/Articles/121827/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2005/dsa-652"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11665"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18044"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lwn.net/Articles/121827/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2005/dsa-652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.gentoo.org/security/en/glsa/glsa-200411-29.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11665"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/18044"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2004-0947

Vulnerability from cvelistv5

rhsa-2005:007

Vulnerability from csaf_redhat

RHSA-2005:007

Vulnerability from csaf_redhat

rhsa-2005_007

Vulnerability from csaf_redhat

gsd-2004-0947

Vulnerability from gsd

ghsa-xjjv-8746-3g86

Vulnerability from github

fkie_cve-2004-0947

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature