RAR, UnRAR: Buffer overflow

RAR, UnRAR: Buffer overflow RAR and UnRAR contain a buffer overflow allowing the execution of arbitrary code. rar, unrar 2007-02-13 2007-02-14 166440 remote 3.7.0_beta1 3.7.0_beta1 3.7.3 3.7.3

RAR and UnRAR provide command line interfaces for compressing and decompressing RAR files.

RAR and UnRAR contain a boundary error when processing password-protected archives that could result in a stack-based buffer overflow.

A remote attacker could entice a user to process a specially crafted password-protected archive and execute arbitrary code with the rights of the user uncompressing the archive.

There is no known workaround at this time.

All UnRAR users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-arch/unrar-3.7.3"

All RAR users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=app-arch/rar-3.7.0_beta1"

CVE-2007-0855 falco falco falco