FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

unarj -- directory traversal vulnerability

Affected packages
unarj < 2.43_2

Details

VuXML ID 1f922de0-3fe5-11d9-a9e7-0001020eed82
Discovery 2004-10-10
Entry 2004-11-26

unarj has insufficient checks for filenames that contain ... This can allow an attacker to overwrite arbitrary files with the permissions of the user running unarj.

References

Bugtraq ID 11436
CVE Name CVE-2004-1027
Message 200410102243.i9AMhA9F083398@mailserver2.hushmail.com

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.