Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain Ready for next volume messages.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Unace | E-merge | 1.2b (including) | 1.2b (including) |
| Unace | Ubuntu | dapper | * |
| Unace | Ubuntu | devel | * |
| Unace | Ubuntu | edgy | * |
| Unace | Ubuntu | feisty | * |
References
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html
- http://secunia.com/advisories/14359
- http://www.kb.cert.org/vuls/id/215006
- http://www.novell.com/linux/security/advisories/2005_16_sr.html
- http://www.securityfocus.com/bid/12630
- http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html
- http://secunia.com/advisories/14359
- http://www.kb.cert.org/vuls/id/215006
- http://www.novell.com/linux/security/advisories/2005_16_sr.html
- http://www.securityfocus.com/bid/12630