cvelistv5 - cve-2004-1027

CVE-2004-1027 (GCVE-0-2004-1027)

Vulnerability from cvelistv5

Published

2004-11-16 05:00

Modified

2024-08-08 00:38

Severity ?

CWE

Summary

Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.

References

URL

Tags

cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html	Third Party Advisory
cve@mitre.org	http://lwn.net/Articles/121827/	Third Party Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200411-29.xml	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2005/dsa-628	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2005/dsa-652	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2005-007.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/11436	Patch, Third Party Advisory, VDB Entry, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17684	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lwn.net/Articles/121827/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200411-29.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2005/dsa-628	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2005/dsa-652	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-007.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11436	Patch, Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17684	VDB Entry

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-08T00:38:59.903Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "unarj-directory-traversal(17684)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684"
          },
          {
            "name": "DSA-652",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-652"
          },
          {
            "name": "RHSA-2005:007",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
          },
          {
            "name": "DSA-628",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2005/dsa-628"
          },
          {
            "name": "11436",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/11436"
          },
          {
            "name": "FLSA:2272",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lwn.net/Articles/121827/"
          },
          {
            "name": "GLSA-200411-29",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml"
          },
          {
            "name": "20041010 unarj dir-transversal bug (../../../..)",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2004-10-10T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-07-10T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "unarj-directory-traversal(17684)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684"
        },
        {
          "name": "DSA-652",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-652"
        },
        {
          "name": "RHSA-2005:007",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
        },
        {
          "name": "DSA-628",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2005/dsa-628"
        },
        {
          "name": "11436",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/11436"
        },
        {
          "name": "FLSA:2272",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lwn.net/Articles/121827/"
        },
        {
          "name": "GLSA-200411-29",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml"
        },
        {
          "name": "20041010 unarj dir-transversal bug (../../../..)",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1027",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "unarj-directory-traversal(17684)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684"
            },
            {
              "name": "DSA-652",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-652"
            },
            {
              "name": "RHSA-2005:007",
              "refsource": "REDHAT",
              "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
            },
            {
              "name": "DSA-628",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2005/dsa-628"
            },
            {
              "name": "11436",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/11436"
            },
            {
              "name": "FLSA:2272",
              "refsource": "FEDORA",
              "url": "http://lwn.net/Articles/121827/"
            },
            {
              "name": "GLSA-200411-29",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml"
            },
            {
              "name": "20041010 unarj dir-transversal bug (../../../..)",
              "refsource": "FULLDISC",
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2004-1027",
    "datePublished": "2004-11-16T05:00:00",
    "dateReserved": "2004-11-12T00:00:00",
    "dateUpdated": "2024-08-08T00:38:59.903Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2004-1027\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-03-01T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:P/A:N\",\"baseScore\":5.0,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":10.0,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arjsoftware:unarj:2.62:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5C202DC6-6684-4D19-ABF4-8A6B15C382A7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arjsoftware:unarj:2.63:a:*:*:*:*:*:*\",\"matchCriteriaId\":\"AACEB57C-196E-4897-A7BC-9AAFFC881A72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arjsoftware:unarj:2.64:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1DDDC1B4-1E20-4BCD-8129-3102AA4619B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:arjsoftware:unarj:2.65:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A05F72E0-F9CF-4E1F-BB8E-5D89EBF05D2E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"647BA336-5538-4972-9271-383A0EC9378E\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CAE037F-111C-4A76-8FFE-716B74D65EF3\"}]}]}],\"references\":[{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lwn.net/Articles/121827/\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200411-29.xml\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2005/dsa-628\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2005/dsa-652\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-007.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/11436\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17684\",\"source\":\"cve@mitre.org\",\"tags\":[\"VDB Entry\"]},{\"url\":\"http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://lwn.net/Articles/121827/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://security.gentoo.org/glsa/glsa-200411-29.xml\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2005/dsa-628\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.debian.org/security/2005/dsa-652\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2005-007.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/11436\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\",\"VDB Entry\",\"Vendor Advisory\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/17684\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"VDB Entry\"]}]}}"
  }
}

RHSA-2005:007

Vulnerability from csaf_redhat

Published

2005-01-12 18:38

Modified

2025-11-21 17:28

Summary

Red Hat Security Advisory: unarj security update

Notes

Topic

An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.

Details

The unarj program is an archiving utility which can extract ARJ-compatible archives. A buffer overflow bug was discovered in unarj when handling long file names contained in an archive. An attacker could create a specially crafted archive which could cause unarj to crash or possibly execute arbitrary code when extracted by a victim. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to this issue. Additionally, a path traversal vulnerability was discovered in unarj. An attacker could create a specially crafted archive which would create files in the parent ("..") directory when extracted by a victim. When used recursively, this vulnerability could be used to overwrite critical system files and programs. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2004-1027 to this issue. Users of unarj should upgrade to this updated package which contains backported patches and is not vulnerable to these issues.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated unarj package that fixes a buffer overflow vulnerability and a\ndirectory traversal vulnerability is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The unarj program is an archiving utility which can extract ARJ-compatible\narchives.\n\nA buffer overflow bug was discovered in unarj when handling long file\nnames contained in an archive.  An attacker could create a specially\ncrafted archive which could cause unarj to crash or possibly execute\narbitrary code when extracted by a victim.  The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to\nthis issue.\n\nAdditionally, a path traversal vulnerability was discovered in unarj.  An\nattacker could create a specially crafted archive which would create files\nin the parent (\"..\") directory when extracted by a victim.  When used\nrecursively, this vulnerability could be used to overwrite critical system\nfiles and programs.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-1027 to this issue.\n\nUsers of unarj should upgrade to this updated package which contains\nbackported patches and is not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2005:007",
        "url": "https://access.redhat.com/errata/RHSA-2005:007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "138462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138462"
      },
      {
        "category": "external",
        "summary": "138835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138835"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_007.json"
      }
    ],
    "title": "Red Hat Security Advisory: unarj security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:28:06+00:00",
      "generator": {
        "date": "2025-11-21T17:28:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2005:007",
      "initial_release_date": "2005-01-12T18:38:00+00:00",
      "revision_history": [
        {
          "date": "2005-01-12T18:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2005-01-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:28:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0947",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617328"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617328",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617328"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1027",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2005:007

Vulnerability from csaf_redhat

Published

2005-01-12 18:38

Modified

2025-11-21 17:28

Summary

Red Hat Security Advisory: unarj security update

Notes

Topic

An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated unarj package that fixes a buffer overflow vulnerability and a\ndirectory traversal vulnerability is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The unarj program is an archiving utility which can extract ARJ-compatible\narchives.\n\nA buffer overflow bug was discovered in unarj when handling long file\nnames contained in an archive.  An attacker could create a specially\ncrafted archive which could cause unarj to crash or possibly execute\narbitrary code when extracted by a victim.  The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to\nthis issue.\n\nAdditionally, a path traversal vulnerability was discovered in unarj.  An\nattacker could create a specially crafted archive which would create files\nin the parent (\"..\") directory when extracted by a victim.  When used\nrecursively, this vulnerability could be used to overwrite critical system\nfiles and programs.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-1027 to this issue.\n\nUsers of unarj should upgrade to this updated package which contains\nbackported patches and is not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2005:007",
        "url": "https://access.redhat.com/errata/RHSA-2005:007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "138462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138462"
      },
      {
        "category": "external",
        "summary": "138835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138835"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_007.json"
      }
    ],
    "title": "Red Hat Security Advisory: unarj security update",
    "tracking": {
      "current_release_date": "2025-11-21T17:28:06+00:00",
      "generator": {
        "date": "2025-11-21T17:28:06+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.6.12"
        }
      },
      "id": "RHSA-2005:007",
      "initial_release_date": "2005-01-12T18:38:00+00:00",
      "revision_history": [
        {
          "date": "2005-01-12T18:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2005-01-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2025-11-21T17:28:06+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0947",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617328"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617328",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617328"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1027",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

rhsa-2005_007

Vulnerability from csaf_redhat

Published

2005-01-12 18:38

Modified

2024-11-21 23:18

Summary

Red Hat Security Advisory: unarj security update

Notes

Topic

An updated unarj package that fixes a buffer overflow vulnerability and a directory traversal vulnerability is now available.

Details

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Low"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An updated unarj package that fixes a buffer overflow vulnerability and a\ndirectory traversal vulnerability is now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The unarj program is an archiving utility which can extract ARJ-compatible\narchives.\n\nA buffer overflow bug was discovered in unarj when handling long file\nnames contained in an archive.  An attacker could create a specially\ncrafted archive which could cause unarj to crash or possibly execute\narbitrary code when extracted by a victim.  The Common Vulnerabilities and\nExposures project (cve.mitre.org) has assigned the name CAN-2004-0947 to\nthis issue.\n\nAdditionally, a path traversal vulnerability was discovered in unarj.  An\nattacker could create a specially crafted archive which would create files\nin the parent (\"..\") directory when extracted by a victim.  When used\nrecursively, this vulnerability could be used to overwrite critical system\nfiles and programs.  The Common Vulnerabilities and Exposures project\n(cve.mitre.org) has assigned the name CAN-2004-1027 to this issue.\n\nUsers of unarj should upgrade to this updated package which contains\nbackported patches and is not vulnerable to these issues.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2005:007",
        "url": "https://access.redhat.com/errata/RHSA-2005:007"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#low",
        "url": "https://access.redhat.com/security/updates/classification/#low"
      },
      {
        "category": "external",
        "summary": "138462",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138462"
      },
      {
        "category": "external",
        "summary": "138835",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=138835"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2005/rhsa-2005_007.json"
      }
    ],
    "title": "Red Hat Security Advisory: unarj security update",
    "tracking": {
      "current_release_date": "2024-11-21T23:18:10+00:00",
      "generator": {
        "date": "2024-11-21T23:18:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2005:007",
      "initial_release_date": "2005-01-12T18:38:00+00:00",
      "revision_history": [
        {
          "date": "2005-01-12T18:38:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2005-01-12T00:00:00+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-21T23:18:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                "product": {
                  "name": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_id": "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::as"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Linux Advanced Workstation 2.1",
                "product": {
                  "name": "Red Hat Linux Advanced Workstation 2.1",
                  "product_id": "Red Hat Linux Advanced Workstation 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::aw"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux ES version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux ES version 2.1",
                  "product_id": "Red Hat Enterprise Linux ES version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::es"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux WS version 2.1",
                "product": {
                  "name": "Red Hat Enterprise Linux WS version 2.1",
                  "product_id": "Red Hat Enterprise Linux WS version 2.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:2.1::ws"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2004-0947",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617328"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617328",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617328"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-0947",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-0947"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-0947"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    },
    {
      "cve": "CVE-2004-1027",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "1617356"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "security flaw",
          "title": "Vulnerability summary"
        }
      ],
      "product_status": {
        "fixed": [
          "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
          "Red Hat Enterprise Linux ES version 2.1",
          "Red Hat Enterprise Linux WS version 2.1",
          "Red Hat Linux Advanced Workstation 2.1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "RHBZ#1617356",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617356"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2004-1027",
          "url": "https://www.cve.org/CVERecord?id=CVE-2004-1027"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027"
        }
      ],
      "release_date": "2004-11-09T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2005-01-12T18:38:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.  Use Red Hat\nNetwork to download and update your packages.  To launch the Red Hat\nUpdate Agent, use the following command:\n\n    up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n    http://www.redhat.com/docs/manuals/enterprise/",
          "product_ids": [
            "Red Hat Enterprise Linux AS (Advanced Server) version 2.1 ",
            "Red Hat Enterprise Linux ES version 2.1",
            "Red Hat Enterprise Linux WS version 2.1",
            "Red Hat Linux Advanced Workstation 2.1"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2005:007"
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Low"
        }
      ],
      "title": "security flaw"
    }
  ]
}

ghsa-8p77-cqww-99jh

Vulnerability from github

Published

2022-04-29 02:58

Modified

2025-04-03 04:08

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2004-1027"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2005-03-01T05:00:00Z",
    "severity": "MODERATE"
  },
  "details": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
  "id": "GHSA-8p77-cqww-99jh",
  "modified": "2025-04-03T04:08:23Z",
  "published": "2022-04-29T02:58:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2004-1027"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684"
    },
    {
      "type": "WEB",
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html"
    },
    {
      "type": "WEB",
      "url": "http://lwn.net/Articles/121827"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2005/dsa-628"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2005/dsa-652"
    },
    {
      "type": "WEB",
      "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/11436"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2004-1027

Vulnerability from fkie_nvd

Published

2005-03-01 05:00

Modified

2025-04-03 01:03

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html	Third Party Advisory
cve@mitre.org	http://lwn.net/Articles/121827/	Third Party Advisory
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200411-29.xml	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2005/dsa-628	Third Party Advisory
cve@mitre.org	http://www.debian.org/security/2005/dsa-652	Third Party Advisory
cve@mitre.org	http://www.redhat.com/support/errata/RHSA-2005-007.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/bid/11436	Patch, Third Party Advisory, VDB Entry, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/17684	VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lwn.net/Articles/121827/	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200411-29.xml	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2005/dsa-628	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2005/dsa-652	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.redhat.com/support/errata/RHSA-2005-007.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/11436	Patch, Third Party Advisory, VDB Entry, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/17684	VDB Entry

Impacted products

Vendor	Product	Version
arjsoftware	unarj	2.62
arjsoftware	unarj	2.63
arjsoftware	unarj	2.64
arjsoftware	unarj	2.65
gentoo	linux	*
debian	debian_linux	3.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:arjsoftware:unarj:2.62:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C202DC6-6684-4D19-ABF4-8A6B15C382A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arjsoftware:unarj:2.63:a:*:*:*:*:*:*",
              "matchCriteriaId": "AACEB57C-196E-4897-A7BC-9AAFFC881A72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arjsoftware:unarj:2.64:*:*:*:*:*:*:*",
              "matchCriteriaId": "1DDDC1B4-1E20-4BCD-8129-3102AA4619B2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:arjsoftware:unarj:2.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "A05F72E0-F9CF-4E1F-BB8E-5D89EBF05D2E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CAE037F-111C-4A76-8FFE-716B74D65EF3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences."
    }
  ],
  "id": "CVE-2004-1027",
  "lastModified": "2025-04-03T01:03:51.193",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2005-03-01T05:00:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lwn.net/Articles/121827/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-628"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-652"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11436"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lwn.net/Articles/121827/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-628"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2005/dsa-652"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory",
        "VDB Entry",
        "Vendor Advisory"
      ],
      "url": "http://www.securityfocus.com/bid/11436"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "VDB Entry"
      ],
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

gsd-2004-1027

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2004-1027

Aliases

CVE-2004-1027

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2004-1027",
    "description": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
    "id": "GSD-2004-1027",
    "references": [
      "https://www.debian.org/security/2005/dsa-652",
      "https://access.redhat.com/errata/RHSA-2005:007"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2004-1027"
      ],
      "details": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.",
      "id": "GSD-2004-1027",
      "modified": "2023-12-13T01:22:56.132565Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2004-1027",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "unarj-directory-traversal(17684)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684"
          },
          {
            "name": "DSA-652",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2005/dsa-652"
          },
          {
            "name": "RHSA-2005:007",
            "refsource": "REDHAT",
            "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
          },
          {
            "name": "DSA-628",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2005/dsa-628"
          },
          {
            "name": "11436",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/11436"
          },
          {
            "name": "FLSA:2272",
            "refsource": "FEDORA",
            "url": "http://lwn.net/Articles/121827/"
          },
          {
            "name": "GLSA-200411-29",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml"
          },
          {
            "name": "20041010 unarj dir-transversal bug (../../../..)",
            "refsource": "FULLDISC",
            "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:arjsoftware:unarj:2.62:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arjsoftware:unarj:2.63:a:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arjsoftware:unarj:2.64:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:arjsoftware:unarj:2.65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2004-1027"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "11436",
              "refsource": "BID",
              "tags": [
                "Patch",
                "Third Party Advisory",
                "VDB Entry",
                "Vendor Advisory"
              ],
              "url": "http://www.securityfocus.com/bid/11436"
            },
            {
              "name": "20041010 unarj dir-transversal bug (../../../..)",
              "refsource": "FULLDISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html"
            },
            {
              "name": "DSA-628",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2005/dsa-628"
            },
            {
              "name": "DSA-652",
              "refsource": "DEBIAN",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.debian.org/security/2005/dsa-652"
            },
            {
              "name": "FLSA:2272",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lwn.net/Articles/121827/"
            },
            {
              "name": "GLSA-200411-29",
              "refsource": "GENTOO",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://security.gentoo.org/glsa/glsa-200411-29.xml"
            },
            {
              "name": "RHSA-2005:007",
              "refsource": "REDHAT",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.redhat.com/support/errata/RHSA-2005-007.html"
            },
            {
              "name": "unarj-directory-traversal(17684)",
              "refsource": "XF",
              "tags": [
                "VDB Entry"
              ],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17684"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2023-10-30T17:03Z",
      "publishedDate": "2005-03-01T05:00Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2004-1027 (GCVE-0-2004-1027)

Vulnerability from cvelistv5

RHSA-2005:007

Vulnerability from csaf_redhat

rhsa-2005:007

Vulnerability from csaf_redhat

rhsa-2005_007

Vulnerability from csaf_redhat

ghsa-8p77-cqww-99jh

Vulnerability from github

fkie_cve-2004-1027

Vulnerability from fkie_nvd

gsd-2004-1027

Vulnerability from gsd

Tags

Sightings

Nomenclature