CyberSec.Space Logo
CVEブラウザに戻る

CVE-2004-1027

MEDIUM
5.0
CVSS Severity Score
EPSS Score0.1140%
EPSS Percentile33.82th
Published2005年3月1日
Last Modified2026年4月16日

Vulnerability Description

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

Affected Platforms (CPE)

📦
Arjsoftware

Unarj

= 2.62
📦
Arjsoftware

Unarj

= 2.63
📦
Arjsoftware

Unarj

= 2.64
📦
Arjsoftware

Unarj

= 2.65
💻
Gentoo

Linux

All versions
💻
Debian

Debian Linux

= 3.0

References & Advisories

🔗 http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html
🔗 http://lwn.net/Articles/121827/
🔗 http://security.gentoo.org/glsa/glsa-200411-29.xml
🔗 http://www.debian.org/security/2005/dsa-628
🔗 http://www.debian.org/security/2005/dsa-652
🔗 http://www.redhat.com/support/errata/RHSA-2005-007.html
🔗 http://www.securityfocus.com/bid/11436
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/17684

関連する脆弱性情報

CVE-2004-094710.0

Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long f...

CVE-2004-000210.0

The TCP MSS (maximum segment size) functionality in netinet allows remote attackers to cause a denial of service (resource exhaust...

CVE-2004-105010.0

Heap-based buffer overflow in Internet Explorer 6 allows remote attackers to execute arbitrary code via long (1) SRC or (2) NAME a...

CVE-2004-003910.0

Multiple format string vulnerabilities in HTTP Application Intelligence (AI) component in Check Point Firewall-1 NG-AI R55 and R54...