Vulnerability Details : CVE-2004-1027
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
Vulnerability category: Directory traversal
Products affected by CVE-2004-1027
- cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*
- cpe:2.3:a:arjsoftware:unarj:2.62:*:*:*:*:*:*:*
- cpe:2.3:a:arjsoftware:unarj:2.63:a:*:*:*:*:*:*
- cpe:2.3:a:arjsoftware:unarj:2.64:*:*:*:*:*:*:*
- cpe:2.3:a:arjsoftware:unarj:2.65:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2004-1027
0.82%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 82 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2004-1027
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:P/A:N |
10.0
|
2.9
|
NIST |
References for CVE-2004-1027
-
http://www.securityfocus.com/bid/11436
Patch;Third Party Advisory;VDB Entry;Vendor Advisory
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/17684
unarj file extraction directory traversal CVE-2004-1027 Vulnerability ReportVDB Entry
-
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html
[Full-Disclosure] Mailing List CharterThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-200411-29.xml
unarj: Long filenames buffer overflow and a path traversal vulnerability (GLSA 200411-29) — Gentoo securityThird Party Advisory
-
http://www.debian.org/security/2005/dsa-652
Debian -- Security Information -- DSA-652-1 unarjThird Party Advisory
-
http://lwn.net/Articles/121827/
Fedora-Legacy alert FLSA:2272 (unarj) [LWN.net]Third Party Advisory
-
http://www.redhat.com/support/errata/RHSA-2005-007.html
SupportThird Party Advisory
-
http://www.debian.org/security/2005/dsa-628
Debian -- Security Information -- DSA-628-1 imlib2Third Party Advisory
Jump to