Detections
Analytics

FreeBSD : rar -- password prompt buffer overflow vulnerability (94234e00-be8a-11db-b2ec-000c6ec775d9)

medium Nessus Plugin ID 24366

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

iDefense reports :

Remote exploitation of a stack based buffer overflow vulnerability in RARLabs Unrar may allow an attacker to execute arbitrary code with the privileges of the user opening the archive.

Unrar is prone to a stack based buffer overflow when processing specially crafted password protected archives.

If users are using the vulnerable command line based unrar, they still need to interact with the program in order to trigger the vulnerability. They must respond to the prompt asking for the password, after which the vulnerability will be triggered. They do not need to enter a correct password, but they must at least push the enter key.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?34943166

https://www.rarlab.com/rarnew.htm

http://www.nessus.org/u?d630ecf5

Plugin Details

Severity: Medium

ID: 24366

File Name: freebsd_pkg_94234e00be8a11dbb2ec000c6ec775d9.nasl

Version: 1.18

Type: local

Published: 2/18/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:rar, p-cpe:/a:freebsd:freebsd:unrar, p-cpe:/a:freebsd:freebsd:zh-unrar, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 2/17/2007

Vulnerability Publication Date: 2/7/2007

Reference Information

CVE: CVE-2007-0855

BID: 22447