|
|
|
View Notes By
|
|
|
|
Other Documents
|
|
|
|
|
Vulnerability Note VU#215006
unace buffer overflow vulnerability
OverviewA buffer overflow in the unace compression library may allow a remote attacker to execute arbitrary code.
I. DescriptionThe unace compression library is used to decompress ace archives (*.ace file extension). A lack of input validation on filenames in an ace archive may allow a buffer overflow to occur. If an attacker supplies the unace library with a specially crafted compressed ace archive, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code with the privileges of the application linked to unace. II. ImpactIf a remote attacker can convince a user to access a specially crafted ace archive, that attacker may be able to execute arbitrary code. In addition, this vulnerability may prevent security software, such as anti-virus software, from detecting a malicious ace archive.III. SolutionApply patches from your vendor
The unace compression library is freely available and used by many vendors in a wide variety of applications. As a result, any one of these applications may contain this vulnerability. Users are encouraged to contact their vendors to determine if they are vulnerable and what action to take.
Do not accept ace archives from untrusted sources
Exploitation occurs by accessing a specially crafted ace archive. By only accessing ace archives from trusted or known sources, the chances of exploitation are reduced.
Systems Affected
| Vendor | Status | Date Notified | Date Updated |
|---|
| Aladdin Knowledge Systems | Unknown | 23-Sep-2005 |
| Apple Computer, Inc. | Not Vulnerable | 28-Oct-2005 |
| Avast! Antivirus Software | Unknown | 21-Sep-2005 |
| Check Point Software Technologies | Unknown | 21-Sep-2005 |
| Command Software Systems | Unknown | 21-Sep-2005 |
| Computer Associates | Unknown | 21-Sep-2005 |
| Cray Inc. | Unknown | 21-Sep-2005 |
| CyberSoft, Inc. | Unknown | 21-Sep-2005 |
| DataFellows | Unknown | 21-Sep-2005 |
| Debian Linux | Not Vulnerable | 26-Sep-2005 |
| EMC, Inc. (formerly Data General Corporation) | Unknown | 21-Sep-2005 |
| Engarde Secure Linux | Unknown | 21-Sep-2005 |
| F-PROT by FRISK Software International | Not Vulnerable | 23-Sep-2005 |
| F-Secure Corporation | Unknown | 21-Sep-2005 |
| F5 Networks, Inc. | Unknown | 21-Sep-2005 |
| Finjan Software | Unknown | 21-Sep-2005 |
| Fortinet, Inc. | Unknown | 21-Sep-2005 |
| FreeBSD, Inc. | Vulnerable | 3-Oct-2005 |
| Fujitsu | Unknown | 21-Sep-2005 |
| Gentoo Linux | Vulnerable | 21-Oct-2005 |
| GFI Software, Inc. | Unknown | 21-Sep-2005 |
| Hewlett-Packard Company | Unknown | 21-Sep-2005 |
| Hitachi | Not Vulnerable | 22-Sep-2005 |
| IBM Corporation | Unknown | 21-Sep-2005 |
| IBM Corporation (zseries) | Unknown | 21-Sep-2005 |
| IBM eServer | Unknown | 21-Sep-2005 |
| Immunix Communications, Inc. | Unknown | 21-Sep-2005 |
| Ingrian Networks, Inc. | Unknown | 21-Sep-2005 |
| Juniper Networks, Inc. | Unknown | 21-Sep-2005 |
| Mandriva, Inc. | Not Vulnerable | 28-Sep-2005 |
| Mandriva, Inc. | Unknown | 21-Sep-2005 |
| MessageLabs | Unknown | 21-Sep-2005 |
| Microsoft Corporation | Unknown | 21-Sep-2005 |
| MontaVista Software, Inc. | Unknown | 21-Sep-2005 |
| NEC Corporation | Unknown | 21-Sep-2005 |
| NetBSD | Vulnerable | 23-Sep-2005 |
| Nokia | Not Vulnerable | 26-Sep-2005 |
| Novell, Inc. | Unknown | 21-Sep-2005 |
| OpenBSD | Unknown | 21-Sep-2005 |
| Openwall GNU/*/Linux | Not Vulnerable | 22-Sep-2005 |
| Proland Software, Inc. | Unknown | 21-Sep-2005 |
| QNX, Software Systems, Inc. | Unknown | 21-Sep-2005 |
| Red Hat, Inc. | Not Vulnerable | 26-Sep-2005 |
| Sequent Computer Systems, Inc. | Unknown | 21-Sep-2005 |
| Silicon Graphics, Inc. | Unknown | 21-Sep-2005 |
| Sony Corporation | Unknown | 21-Sep-2005 |
| Sophos, Inc. | Unknown | 21-Sep-2005 |
| Sun Microsystems, Inc. | Unknown | 21-Sep-2005 |
| SUSE Linux | Vulnerable | 26-Sep-2005 |
| Symantec, Inc. | Unknown | 21-Sep-2005 |
| The SCO Group (SCO Linux) | Unknown | 21-Sep-2005 |
| The SCO Group (SCO Unix) | Unknown | 21-Sep-2005 |
| Trendmicro | Unknown | 21-Sep-2005 |
| Trustix Secure Linux | Unknown | 21-Sep-2005 |
| Turbolinux | Unknown | 21-Sep-2005 |
| Unisys | Unknown | 21-Sep-2005 |
| Wind River Systems, Inc. | Unknown | 21-Sep-2005 |
References
http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html
http://lists.suse.com/archive/suse-security-announce/2005-Jun/0006.html
http://secunia.com/advisories/14359/
http://securitytracker.com/alerts/2005/Jul/1014544.html
http://secunia.com/advisories/15776/
http://secunia.com/advisories/15674/
Credit
This vulnerability was reported by Ulf Harnhammar.
This document was written by Jeff Gennari.
Other Information
| Date Public: | 2005-02-22 |
| Date First Published: | 2005-09-22 |
| Date Last Updated: | 2005-10-28 |
| CERT Advisory: | |
| CVE-ID(s): | CAN-2005-0160 |
| NVD-ID(s): | CAN-2005-0160 |
| US-CERT Technical Alerts: | |
| Metric: | 4.50 |
| Document Revision: | 58 |
If you have feedback, comments, or additional information about this vulnerability, please send us
email.
|
|
Get Adobe Reader