CVE Vulnerabilities

CVE-2004-1027

Published: Mar 01, 2005 | Modified: Oct 30, 2023
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

Affected Software

Name Vendor Start Version End Version
Unarj Arjsoftware 2.62 (including) 2.62 (including)
Unarj Arjsoftware 2.63-a (including) 2.63-a (including)
Unarj Arjsoftware 2.64 (including) 2.64 (including)
Unarj Arjsoftware 2.65 (including) 2.65 (including)
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 RedHat *
Red Hat Enterprise Linux ES version 2.1 RedHat *
Red Hat Enterprise Linux WS version 2.1 RedHat *
Red Hat Linux Advanced Workstation 2.1 RedHat *

References