FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

Revision:  373433
Date:      2014-11-25
Time:      21:42:42Z
Committer: naddy

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
94234e00-be8a-11db-b2ec-000c6ec775d9rar -- password prompt buffer overflow vulnerability

iDefense reports:

Remote exploitation of a stack based buffer overflow vulnerability in RARLabs Unrar may allow an attacker to execute arbitrary code with the privileges of the user opening the archive.

Unrar is prone to a stack based buffer overflow when processing specially crafted password protected archives.

If users are using the vulnerable command line based unrar, they still need to interact with the program in order to trigger the vulnerability. They must respond to the prompt asking for the password, after which the vulnerability will be triggered. They do not need to enter a correct password, but they must at least push the enter key.


Discovery 2007-02-07
Entry 2007-02-17
rar
lt 3.70.b1,1

unrar
zh-unrar
lt 3.70.b1,4

22447
CVE-2007-0855
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472
http://www.rarsoft.com/rarnew.htm
94234e00-be8a-11db-b2ec-000c6ec775d9rar -- password prompt buffer overflow vulnerability

iDefense reports:

Remote exploitation of a stack based buffer overflow vulnerability in RARLabs Unrar may allow an attacker to execute arbitrary code with the privileges of the user opening the archive.

Unrar is prone to a stack based buffer overflow when processing specially crafted password protected archives.

If users are using the vulnerable command line based unrar, they still need to interact with the program in order to trigger the vulnerability. They must respond to the prompt asking for the password, after which the vulnerability will be triggered. They do not need to enter a correct password, but they must at least push the enter key.


Discovery 2007-02-07
Entry 2007-02-17
rar
lt 3.70.b1,1

unrar
zh-unrar
lt 3.70.b1,4

22447
CVE-2007-0855
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=472
http://www.rarsoft.com/rarnew.htm