Title: RAR, UnRAR: Buffer overflow ([glsa=200702-04]GLSA 200702-04[/glsa])
Severity: normal
Exploitable: remote
Date: February 13, 2007
Updated: February 14, 2007
Bug(s): #166440
ID: 200702-04
Synopsis
RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary code.
Background
RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.
Affected Packages
Package: app-arch/rar
Vulnerable: < 3.7.0_beta1
Unaffected: >= 3.7.0_beta1
Architectures: All supported architectures
Package: app-arch/unrar
Vulnerable: < 3.7.3
Unaffected: >= 3.7.3
Architectures: All supported architectures
Description
RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow.
Impact
A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive.
Workaround
There is no known workaround at this time.
Resolution
All UnRAR users should upgrade to the latest version:
Code: Select all
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3"Code: Select all
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1"References
CVE-2007-0855