[ advisories ]
Vendor: RARLABS (http://www.rarlabs.com)
Product: Unrar for linux (freeware).
Versions affected: All upto 3.70 beta 4
Severity: Moderate
Issue
The unrar for Linux results in crash due to processing of standard filters in RAR VM, while
processing a special crafted compressed RAR file. This happens only while extracting the
contents from the compressed file.
Impact
Any programs/softwares using the code from unrar for Linux from rarlabs for processing RAR files
are vulnerable.
PoC
http://www.metaeye.org/codes/corrupted.rar
The corrupted file has only one byte change from the original. At offset 0xE9, 80—>81.
References
Status
Reported: 20/06/2007
Fixed in version 3.7 beta 5.
Vendor: Clam AntiVirus (http://www.clamav.net)
Product: Clamav (libclamav)
Versions Affected: All before 0.91
Severity: Moderate
Issue
Clamav crashes due to processing of standard filters in RAR VM, while processing a
corrupted RAR file. Processing the corrupted file results in a null pointer deference.
Impact
Processing the corrupted file will result in crashing of clamscan application and
clamd daemon.
Fix
Upgrade to version 0.91.
PoC
http://www.metaeye.org/codes/corrupted.rar
Vendor Status
Reported: 25/06/2007
Fixed: 11/07/2007
References
1. Clamav bugzilla bug id 555.
2. Secunia advisory SA26038.
3. Bugtraq ID 24866.
4. CVE-2007-3725.
Vendor: Wordpress (http://www.wordpress.org).
Severity: Moderate.
Dated: 03 March 2007.
Versions Affected: All.
Issue
The wp-login.php page redirects a user to arbitrary page after
successful login by setting the redirect_to url parameter.
For example if a user logins successfully with his credentials
on the following page
http://www.foo.com/wp-login.php?redirect_to=http://www.google.co.in
He will be redirected to www.google.co.in.
Impact
This can lead to credentials stealing. Also cookie stealing
is possible coupled with some browser bugs.
Vendor Status
Reported on 03 March 2007.
Fixed.
References
1. CVE-2007-1599.