FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1027

This CVE name corresponds to:

Entered Topic
2004-11-26 unarj -- directory traversal vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-1027 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-1027
Phase Assigned(20041112)

Description

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

References

Source Reference
FULLDISC 20041010 unarj dir-transversal bug (../../../..)
DEBIAN DSA-628
DEBIAN DSA-652
FEDORA FLSA:2272
GENTOO GLSA-200411-29
REDHAT RHSA-2005:007
XF unarj-directory-traversal(17684)
BID 11436

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.