Projects / unace / Comments

Comments for unace

28 Mar 2011 17:57 xevilstar

http://www.gentoo.org/security/en/glsa/glsa-200502-32.xml
Synopsis

UnAce is vulnerable to several buffer overflow and directory traversal attacks.

2. Impact Information

Background

UnAce is an utility to extract, view and test the contents of an ACE archive.

Description

Ulf Harnhammar discovered that UnAce suffers from buffer overflows when testing, unpacking or listing specially crafted ACE archives (CAN-2005-0160). He also found out that UnAce is vulnerable to directory traversal attacks, if an archive contains "./.." sequences or absolute filenames (CAN-2005-0161).

Impact

An attacker could exploit the buffer overflows to execute malicious code or the directory traversals to overwrite arbitrary files.

12 Dec 2005 19:11 itnet7

Unace command revisited.
itnet7@ubuntu-breezyws:~$ unace --version

UNACE v1.2 public version

Usage: UNACE <command> [<switches>] <archive[.ace]>

Where <command> is one of:

e Extract files

l List archive

t Test archive integrity

v List archive (verbose)

x Extract files with full path

And <switches> is zero or more of:

-y Assume 'yes' on all questions, never ask for input

I downloaded a set of files that included the following:

A-AMSW.ACE

A-AMSW.001

A-AMSW.002 and so on....

I ran the following and it extracted all of the archived files into my working directory:

unace x -y A-AMSW.ACE

Hope this helps more!

Thanks,

ITnet7

29 Oct 2005 22:57 itnet7

unace command
I was just successful using the unace command. I was looking all over the web for an example of what someone had used, but came up short. Here is the command that I used verbatim:(beginning)
unace x -y /home/nonrootusername/test/ (ending)
This extracted two files to the test directory which was my working directory.

Hope this helps someone!

ITnet7

06 Feb 2005 11:09 insdol

whats up with a binary only linux driver!?
Give me 64 bit, solaris and more please!

23 Nov 2003 06:17 slania

try this:
unance e foo

15 May 2002 10:21 phlinex

Method
I downloaded unace to read the .ace file, but
"File compressed with unknown method. Decompression not possible."

:(

19 Apr 2002 06:15 michaelgz

Re: How do you use this?

> How do you use this program?
>
> I tried:
> $ unace e alt-dd.ace
> UNACE v1.2 public version
>
> Invalid archive file: alt-dd.ace
>
> but no luck :(
>


I had the same error with the old version - try the new one, maybe it helps.

michael

24 Feb 2002 18:01 osx

How do you use this?
How do you use this program?

I tried:
$ unace e alt-dd.ace
UNACE v1.2 public version

Invalid archive file: alt-dd.ace

but no luck :(

Screenshot

Project Spotlight

ReciJournal

An open, cross-platform journaling program.

Screenshot

Project Spotlight

Veusz

A scientific plotting package.