1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200702-04 / rar, unrar |
| Release Date | February 13, 2007 |
| Latest Revision | February 14, 2007: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| app-arch/rar | < 3.7.0_beta1 | >= 3.7.0_beta1 | All supported architectures |
| app-arch/unrar | < 3.7.3 | >= 3.7.3 | All supported architectures |
Related bugreports: #166440
RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary code.
RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.
RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow.
A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive.
There is no known workaround at this time.
All UnRAR users should upgrade to the latest version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3" |
All RAR users should upgrade to the latest version:
Code Listing 3.2: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1" |