9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.072 Low
EPSS
Percentile
94.0%
CentOS Errata and Security Advisory CESA-2008:0196-01
The unzip utility is used to list, test, or extract files from a zip
archive.
An invalid pointer flaw was found in unzip. If a user ran unzip on a
specially crafted file, an attacker could execute arbitrary code with that
user’s privileges. (CVE-2008-0888)
Red Hat would like to thank Tavis Ormandy of the Google Security Team for
reporting this issue.
All unzip users are advised to upgrade to these updated packages, which
contain a backported patch to resolve this issue.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2008-March/076922.html
Affected packages:
unzip
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 2 | i386 | unzip | < 5.50-31.EL2.1 | unzip-5.50-31.EL2.1.i386.rpm |