unace

www.gentoo.org/securit...
Synopsis

UnAce is vulnerable to several buffer overflow and directory traversal attacks.

2. Impact Information

Background

UnAce is an utility to extract, view and test the contents of an ACE archive.

Description

Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives (CAN-2005-0160). He also found out that UnAce is vulnerable to directory traversal attacks, if an archive contains "./.." sequences or absolute filenames (CAN-2005-0161).

Impact

An attacker could exploit the buffer overflows to execute malicious code or the directory traversals to overwrite arbitrary files.

Unace command revisited.
itnet7@ubuntu-breezyws:~$ unace --version

UNACE v1.2 public version

Usage: UNACE <command> [<switches>] <archive[.ace]>

Where <command> is one of:

e Extract files

l List archive

t Test archive integrity

v List archive (verbose)

x Extract files with full path

And <switches> is zero or more of:

-y Assume 'yes' on all questions, never ask for input

I downloaded a set of files that included the following:

A-AMSW.ACE

A-AMSW.001

A-AMSW.002 and so on....

I ran the following and it extracted all of the archived files into my working directory:

unace x -y A-AMSW.ACE

Hope this helps more!

Thanks,

ITnet7

unace command
I was just successful using the unace command. I was looking all over the web for an example of what someone had used, but came up short. Here is the command that I used verbatim:(beginning)
unace x -y /home/nonrootusername/test/ (ending)
This extracted two files to the test directory which was my working directory.

Hope this helps someone!

ITnet7

whats up with a binary only linux driver!?
Give me 64 bit, solaris and more please!

try this:
unance e foo