Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Unarj | Arjsoftware | 2.62 (including) | 2.62 (including) |
Unarj | Arjsoftware | 2.63-a (including) | 2.63-a (including) |
Unarj | Arjsoftware | 2.64 (including) | 2.64 (including) |
Unarj | Arjsoftware | 2.65 (including) | 2.65 (including) |
Red Hat Enterprise Linux AS (Advanced Server) version 2.1 | RedHat | * | |
Red Hat Enterprise Linux ES version 2.1 | RedHat | * | |
Red Hat Enterprise Linux WS version 2.1 | RedHat | * | |
Red Hat Linux Advanced Workstation 2.1 | RedHat | * |