Metaeye Security Group » Unrar for Linux Denial Of Service vulnerability.

Vendor: RARLABS (http://www.rarlabs.com)

Product: Unrar for linux (freeware).

Versions affected: All upto 3.70 beta 4

Severity: Moderate

Issue

The unrar for Linux results in crash due to processing of standard filters in RAR VM, while
processing a special crafted compressed RAR file. This happens only while extracting the
contents from the compressed file.

Impact

Any programs/softwares using the code from unrar for Linux from rarlabs for processing RAR files
are vulnerable.

PoC

http://www.metaeye.org/codes/corrupted.rar
The corrupted file has only one byte change from the original. At offset 0xE9, 80—>81.

References

1. Bugtraq BID 24866.

Status

Reported: 20/06/2007
Fixed in version 3.7 beta 5.

| by msg on July 11th, 2007 at 4:09 pm | permanent link |


home advisories codes projects hunch archives contact rss2	• Unrar for Linux Denial Of Service vulnerability. Vendor: RARLABS (http://www.rarlabs.com) Product: Unrar for linux (freeware). Versions affected: All upto 3.70 beta 4 Severity: Moderate Issue The unrar for Linux results in crash due to processing of standard filters in RAR VM, while processing a special crafted compressed RAR file. This happens only while extracting the contents from the compressed file. Impact Any programs/softwares using the code from unrar for Linux from rarlabs for processing RAR files are vulnerable. PoC http://www.metaeye.org/codes/corrupted.rar The corrupted file has only one byte change from the original. At offset 0xE9, 80—>81. References 1. Bugtraq BID 24866. Status Reported: 20/06/2007 Fixed in version 3.7 beta 5. \| by msg on July 11th, 2007 at 4:09 pm \| permanent link \|
[ © MSG ]