Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vulnerabilities
BID:12630
Info
Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vulnerabilities
| Bugtraq ID: | 12630 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2005-0160 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 23 2005 12:00AM |
| Updated: | May 17 2007 09:58PM |
| Credit: | Ulf Harnhammar is credited with the discovery of this issue. |
| Vulnerable: |
Winace UnAce 2.5 Winace UnAce 2.2 Winace UnAce 2.1 Winace UnAce 2.0 4 Winace UnAce 2.0 Winace UnAce 1.2 b Winace UnAce 1.1 Winace UnAce 1.0 SuSE SUSE Linux Enterprise Server 8 SuSE Linux Enterprise Server 9 S.u.S.E. Open-Enterprise-Server 9.0 S.u.S.E. Linux Professional 8.2 S.u.S.E. Linux Personal 9.3 x86_64 S.u.S.E. Linux Personal 9.3 S.u.S.E. Linux Personal 9.2 x86_64 S.u.S.E. Linux Personal 9.2 S.u.S.E. Linux Personal 9.1 x86_64 S.u.S.E. Linux Personal 9.1 S.u.S.E. Linux Personal 9.0 x86_64 S.u.S.E. Linux Personal 9.0 S.u.S.E. Linux Personal 8.2 S.u.S.E. Linux Enterprise Server for S/390 9.0 Pardus Linux 2007.1 Gentoo Linux Christian Ghisler Total Commander 0 |
| Not Vulnerable: |
Christian Ghisler Total Commander 6.54a |
Discussion
Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vulnerabilities
Multiple remotely exploitable client-side buffer-overflow vulnerabilities reportedly affect WinAce unace. These issues are due to the application's failure to properly validate the length of user-supplied strings before copying them into static process buffers.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
**Update: Versions 2.x of unace are reportedly affected by one of these issues as well. The vulnerability has been confirmed in 2.04, 2.2, and 2.5.
Multiple remotely exploitable client-side buffer-overflow vulnerabilities reportedly affect WinAce unace. These issues are due to the application's failure to properly validate the length of user-supplied strings before copying them into static process buffers.
An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
**Update: Versions 2.x of unace are reportedly affected by one of these issues as well. The vulnerability has been confirmed in 2.04, 2.2, and 2.5.
Exploit / POC
Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vulnerabilities
The following proof-of-concept examples have been made available. The referenced ZIP file contains two ACE format archives designed to test for the vulnerability. Note that Symantec has not verified the included ACE files.
The following proof-of-concept examples have been made available. The referenced ZIP file contains two ACE format archives designed to test for the vulnerability. Note that Symantec has not verified the included ACE files.
Solution / Fix
Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vulnerabilities
Solution:
Please see the referenced vendor advisories for more information.
Total Commander contains the affected RAR library. A new version has been released to address various issues. The latest version of Total Commander can be downloaded from:
http://www.ghisler.com/download.htm
Solution:
Please see the referenced vendor advisories for more information.
Total Commander contains the affected RAR library. A new version has been released to address various issues. The latest version of Total Commander can be downloaded from:
http://www.ghisler.com/download.htm
References
Winace UnAce ACE Archive Multiple Remote Buffer Overflow Vulnerabilities
References:
References:
- Bugzilla Bug 81958 - app-arch/unace: buffer overflows and directory traversal (Gentoo)
- Total Commander Home Page (Christian Ghisler)
- UnAce Homepage (Winace)