unace is a utility to extract, view, and test the contents of an ACE archive.
No changes have been submitted for this release.
UnAce is vulnerable to several buffer overflow and directory traversal attacks.
2. Impact Information
UnAce is an utility to extract, view and test the contents of an ACE archive.
Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives (CAN-2005-0160). He also found out that UnAce is vulnerable to directory traversal attacks, if an archive contains "./.." sequences or absolute filenames (CAN-2005-0161).
An attacker could exploit the buffer overflows to execute malicious code or the directory traversals to overwrite arbitrary files.
Unace command revisited.
itnet7@ubuntu-breezyws:~$ unace --version
UNACE v1.2 public version
Usage: UNACE <command> [<switches>] <archive[.ace]>
Where <command> is one of:
e Extract files
l List archive
t Test archive integrity
v List archive (verbose)
x Extract files with full path
And <switches> is zero or more of:
-y Assume 'yes' on all questions, never ask for input
I downloaded a set of files that included the following:
A-AMSW.002 and so on....
I ran the following and it extracted all of the archived files into my working directory:
unace x -y A-AMSW.ACE
Hope this helps more!
I was just successful using the unace command. I was looking all over the web for an example of what someone had used, but came up short. Here is the command that I used verbatim:(beginning)
unace x -y /home/nonrootusername/test/ (ending)
This extracted two files to the test directory which was my working directory.
Hope this helps someone!
whats up with a binary only linux driver!?
Give me 64 bit, solaris and more please!
unance e foo
30 Jan 2001 06:29
A Fluent OpenStack client API for Java.
A TWiki appliance that is easy to use and lightweight.