Vulnerability Note VU#215006

unace buffer overflow vulnerability

Original Release date: 22 Sep 2005 | Last revised: 28 Oct 2005

Overview

A buffer overflow in the unace compression library may allow a remote attacker to execute arbitrary code.

Description

The unace compression library is used to decompress ace archives (*.ace file extension). A lack of input validation on filenames in an ace archive may allow a buffer overflow to occur. If an attacker supplies the unace library with a specially crafted compressed ace archive, that attacker may be able to trigger the buffer overflow and, consequently, execute arbitrary code with the privileges of the application linked to unace.

Impact

If a remote attacker can convince a user to access a specially crafted ace archive, that attacker may be able to execute arbitrary code. In addition, this vulnerability may prevent security software, such as anti-virus software, from detecting a malicious ace archive.

Solution

Apply patches from your vendor

The unace compression library is freely available and used by many vendors in a wide variety of applications. As a result, any one of these applications may contain this vulnerability. Users are encouraged to contact their vendors to determine if they are vulnerable and what action to take.

Do not accept ace archives from untrusted sources

Exploitation occurs by accessing a specially crafted ace archive. By only accessing ace archives from trusted or known sources, the chances of exploitation are reduced.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
FreeBSD, Inc.Affected21 Sep 200503 Oct 2005
Gentoo LinuxAffected-21 Oct 2005
NetBSDAffected21 Sep 200523 Sep 2005
SUSE LinuxAffected21 Sep 200526 Sep 2005
Apple Computer, Inc.Not Affected21 Sep 200528 Oct 2005
Debian LinuxNot Affected21 Sep 200526 Sep 2005
F-PROT by FRISK Software InternationalNot Affected21 Sep 200523 Sep 2005
HitachiNot Affected21 Sep 200522 Sep 2005
Mandriva, Inc.Not Affected21 Sep 200528 Sep 2005
NokiaNot Affected21 Sep 200526 Sep 2005
Openwall GNU/*/LinuxNot Affected21 Sep 200522 Sep 2005
Red Hat, Inc.Not Affected21 Sep 200526 Sep 2005
Aladdin Knowledge SystemsUnknown21 Sep 200523 Sep 2005
Avast! Antivirus SoftwareUnknown21 Sep 200521 Sep 2005
Check Point Software TechnologiesUnknown21 Sep 200521 Sep 2005
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was reported by Ulf Harnhammar.

This document was written by Jeff Gennari.

Other Information

  • CVE IDs: CAN-2005-0160
  • Date Public: 22 Feb 2005
  • Date First Published: 22 Sep 2005
  • Date Last Updated: 28 Oct 2005
  • Severity Metric: 4.50
  • Document Revision: 58

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.