by @LeSuisse Activity log
- Created automatic suggestion
-
@LeSuisse
removed
10 packages
- archiver
- xarchiver
- fsarchiver
- the-unarchiver
- lxqt.lxqt-archiver
- CuboCore.corearchiver
- wayback-machine-archiver
- python312Packages.nskeyedunarchiver
- python313Packages.nskeyedunarchiver
- python314Packages.nskeyedunarchiver
- @LeSuisse dismissed
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability
GFI Archiver MArc.Core Deserialization of Untrusted Data Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GFI Archiver. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the configuration of the MArc.Core.Remoting.exe process, which listens on port 8017. The issue results from the lack of proper validation of user-supplied data, which can result in deserialization of untrusted data. An attacker can leverage this vulnerability to execute code in the context of SYSTEM. Was ZDI-CAN-27935.
References
- ZDI-26-074 x_research-advisory
Affected products
- ==15.10
Ignored packages (10)
pkgs.archiver
Easily create & extract archives, and compress & decompress files of various formats
pkgs.xarchiver
GTK frontend to 7z,zip,rar,tar,bzip2, gzip,arj, lha, rpm and deb (open and extract only)
pkgs.fsarchiver
File system archiver for linux
pkgs.the-unarchiver
Unpacks archive files
pkgs.lxqt.lxqt-archiver
Archive tool for the LXQt desktop environment
pkgs.CuboCore.corearchiver
Archiver from the C Suite to create and extract archives
pkgs.wayback-machine-archiver
Python script to submit web pages to the Wayback Machine for archiving
pkgs.python312Packages.nskeyedunarchiver
Unserializes plist data into a usable Python dict
pkgs.python313Packages.nskeyedunarchiver
Unserializes plist data into a usable Python dict
pkgs.python314Packages.nskeyedunarchiver
Unserializes plist data into a usable Python dict