RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary code.
|Package||app-arch/rar on all architectures|
|Affected versions||< 3.7.0_beta1|
|Unaffected versions||>= 3.7.0_beta1|
|Package||app-arch/unrar on all architectures|
|Affected versions||< 3.7.3|
|Unaffected versions||>= 3.7.3|
RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.
RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow.
A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive.
There is no known workaround at this time.
All UnRAR users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3"
All RAR users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1"
February 13, 2007
February 14, 2007: 02