Joined: 12 May 2004
|Posted: Sun Nov 13, 2005 5:48 pm Post subject: [ GLSA 200511-10 ] RAR: Format string and buffer overflow vu
|Gentoo Linux Security Advisory
Title: RAR: Format string and buffer overflow vulnerabilities (GLSA 200511-10)
Date: November 13, 2005
RAR contains a format string error and a buffer overflow vulnerability that may be used to execute arbitrary code.
RAR is a powerful archive manager that can decompress RAR, ZIP and other files, and can create new archives in RAR and ZIP file format.
Vulnerable: < 3.5.1
Unaffected: >= 3.5.1
Architectures: All supported architectures
Tan Chew Keong reported about two vulnerabilities found in RAR:
- A format string error exists when displaying a diagnostic error message that informs the user of an invalid filename in an UUE/XXE encoded file.
- Some boundary errors in the processing of malicious ACE archives can be exploited to cause a buffer overflow.
A remote attacker could exploit these vulnerabilities by enticing a user to:
When the user performs these actions, the arbitrary code of the attacker's choice will be executed.
- decode a specially crafted UUE/XXE file, or
- extract a malicious ACE archive containing a file with an overly long filename.
There is no known workaround at this time.
All RAR users should upgrade to the latest version:
|# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/rar-3.5.1"
RAR Release Notes
Secunia Research 11/10/2005
Last edited by GLSA on Sun May 07, 2006 4:59 pm; edited 1 time in total