Lucene search

K

[email protected]NVD:CVE-2005-4667

HistoryDec 31, 2005 - 5:00 a.m.

CVE-2005-4667

2005-12-3105:00:00

CWE-119

[email protected]

web.nvd.nist.gov

1

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.8%

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

Affected configurations

NVD

Node

info-zipunzipMatch5.2

OR

info-zipunzipMatch5.3

OR

info-zipunzipMatch5.31

OR

info-zipunzipMatch5.32

OR

info-zipunzipMatch5.40

OR

info-zipunzipMatch5.41

OR

info-zipunzipMatch5.42

OR

info-zipunzipMatch5.50

References

archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html

secunia.com/advisories/25098

www.debian.org/security/2006/dsa-1012

www.info-zip.org/FAQ.html

www.mandriva.com/security/advisories?name=MDKSA-2006:050

www.osvdb.org/22400

www.redhat.com/support/errata/RHSA-2007-0203.html

www.securityfocus.com/archive/1/430300/100/0/threaded

www.securityfocus.com/bid/15968

www.trustix.org/errata/2006/0006

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252

usn.ubuntu.com/248-1/

usn.ubuntu.com/248-2/

3.7 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:H/Au:N/C:P/I:P/A:P

7.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.8%

Related for NVD:CVE-2005-4667

nessus8 openvas2 ubuntucve1 debian2 debiancve1 ubuntu1 osv1 cve1 cvelist1 centos1 redhat1 oraclelinux1