Unrar Password Prompt Buffer Overflow Vulnerability

This is a place for users to discuss Altap Salamander. Please feel free to ask, answer questions, and express your opinion. Please do not post problems, bug reports or feature requests here.
Post Reply
NiNe
Posts: 1
Joined: 08 Feb 2007, 17:21

Unrar Password Prompt Buffer Overflow Vulnerability

Post by NiNe »

I have read about some buffer overflow vulnerability when unpacking a rar file.
Just have a look here:
http://labs.idefense.com/intelligence/v ... php?id=472

Is there the same problem with the RAR-Plugin in Salamander?
Top
Jan Rysavy
ALTAP Staff
ALTAP Staff
Posts: 5231
Joined: 08 Dec 2005, 06:34
Location: Novy Bor, Czech Republic
Contact:
Contact Jan Rysavy

Unrar Password Prompt Buffer Overflow Vulnerability

Post by Jan Rysavy »

We don't know. There is nearly zero information in the mentioned message.
Without detailed description and sample archive we are not able to tell you...
Top
Guest

Unrar Password Prompt Buffer Overflow Vulnerability

Post by Guest »

WinRAR's changelog:
Version 3.70 beta 1

15. Stack overflow vulnerability has been corrected in password
processing module of console RAR and UnRAR. GUI WinRAR is not
affected. We are thankful to the iDEFENSE LABS for reporting this bug.
Top
Jan Rysavy
ALTAP Staff
ALTAP Staff
Posts: 5231
Joined: 08 Dec 2005, 06:34
Location: Novy Bor, Czech Republic
Contact:
Contact Jan Rysavy

Unrar Password Prompt Buffer Overflow Vulnerability

Post by Jan Rysavy »

V tom případě bude stačit nahradit knihovnu
Servant Salamander 2.5 RC2\plugins\unrar\unrar.dll
novou opravenou verzí z UnRAR 3.70 beta 1...
Top
Post Reply

Return to “General Discussion”