CVE-2004-1027
unarj - Directory Traversal and Arbitrary File Write via Extract Command
Title source: llmDescription
Directory traversal vulnerability in the -x (extract) command line option in unarj allows remote attackers to overwrite arbitrary files via an arj archive with filenames that contain .. (dot dot) sequences.
References (8)
Core 8
Core References
VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/17684
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-652
Third Party Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2005-007.html
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2005/dsa-628
Patch, Third Party Advisory, VDB Entry, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/11436
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200411-29.xml
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lwn.net/Articles/121827/
Third Party Advisory mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2004-October/027348.html
Scores
EPSS
0.0628
EPSS Percentile
91.0%
Details
Status
published
Products (6)
arjsoftware/unarj
2.62
arjsoftware/unarj
2.63 a
arjsoftware/unarj
2.64
arjsoftware/unarj
2.65
debian/debian_linux
3.0
gentoo/linux
Published
Mar 01, 2005
Tracked Since
Feb 18, 2026