Vulnerability Note VU#215006
unace buffer overflow vulnerability
A buffer overflow in the unace compression library may allow a remote attacker to execute arbitrary code.
The unace compression library is used to decompress ace archives (*.ace file extension). A lack of input validation on filenames in an ace archive may allow a buffer overflow to occur. If an attacker supplies the unace library with a specially crafted compressed ace archive, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code with the privileges of the application linked to unace.
If a remote attacker can convince a user to access a specially crafted ace archive, that attacker may be able to execute arbitrary code. In addition, this vulnerability may prevent security software, such as anti-virus software, from detecting a malicious ace archive.
Apply patches from your vendor
The unace compression library is freely available and used by many vendors in a wide variety of applications. As a result, any one of these applications may contain this vulnerability. Users are encouraged to contact their vendors to determine if they are vulnerable and what action to take.
Do not accept ace archives from untrusted sources
Systems Affected (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|FreeBSD, Inc.||Affected||21 Sep 2005||03 Oct 2005|
|Gentoo Linux||Affected||-||21 Oct 2005|
|NetBSD||Affected||21 Sep 2005||23 Sep 2005|
|SUSE Linux||Affected||21 Sep 2005||26 Sep 2005|
|Apple Computer, Inc.||Not Affected||21 Sep 2005||28 Oct 2005|
|Debian Linux||Not Affected||21 Sep 2005||26 Sep 2005|
|F-PROT by FRISK Software International||Not Affected||21 Sep 2005||23 Sep 2005|
|Hitachi||Not Affected||21 Sep 2005||22 Sep 2005|
|Mandriva, Inc.||Not Affected||21 Sep 2005||28 Sep 2005|
|Nokia||Not Affected||21 Sep 2005||26 Sep 2005|
|Openwall GNU/*/Linux||Not Affected||21 Sep 2005||22 Sep 2005|
|Red Hat, Inc.||Not Affected||21 Sep 2005||26 Sep 2005|
|Aladdin Knowledge Systems||Unknown||21 Sep 2005||23 Sep 2005|
|Avast! Antivirus Software||Unknown||21 Sep 2005||21 Sep 2005|
|Check Point Software Technologies||Unknown||21 Sep 2005||21 Sep 2005|
CVSS Metrics (Learn More)
This vulnerability was reported by Ulf Harnhammar.
This document was written by Jeff Gennari.
- CVE IDs: CAN-2005-0160
- Date Public: 22 Feb 2005
- Date First Published: 22 Sep 2005
- Date Last Updated: 28 Oct 2005
- Severity Metric: 4.50
- Document Revision: 58
If you have feedback, comments, or additional information about this vulnerability, please send us email.