Detections
Analytics
Mandriva Linux Security Advisory : arj (MDVSA-2015:201)
high Nessus Plugin ID 82736
Language:
Synopsis
The remote Mandriva Linux host is missing a security update.Description
Multiple vulnerabilities has been found and corrected in arj :Jakub Wilk discovered that arj follows symlinks created during unpacking of an arj archive. A remote attacker could use this flaw to perform a directory traversal attack if a user or automated system were tricked into processing a specially crafted arj archive (CVE-2015-0556).
Jakub Wilk discovered that arj does not sufficiently protect from directory traversal while unpacking an arj archive containing file paths with multiple leading slashes. A remote attacker could use this flaw to write to arbitrary files if a user or automated system were tricked into processing a specially crafted arj archive (CVE-2015-0557).
Jakub Wilk and Guillem Jover discovered a buffer overflow vulnerability in arj. A remote attacker could use this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the user running arj (CVE-2015-2782).
The updated packages provides a solution for these security issues.
Solution
Update the affected arj package.Plugin Details
Severity: High
ID: 82736
File Name: mandriva_MDVSA-2015-201.nasl
Version: 1.5
Type: local
Family: Mandriva Local Security Checks
Published: 4/13/2015
Updated: 1/14/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 5.5
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:arj, cpe:/o:mandriva:business_server:1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Exploit Ease: No known exploits are available
Patch Publication Date: 4/10/2015
Reference Information
CVE: CVE-2015-0556, CVE-2015-0557, CVE-2015-2782
DSA: 3213
MDVSA: 2015:201