2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:H/Au:N/C:N/I:P/A:N
0.002 Low
EPSS
Percentile
55.1%
The unzip utility is used for manipulating archives, which are multiple
files stored inside of a single file.
A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to
overwrite arbitrary files during archive extraction by placing invalid
(non-printable) characters between two “.” characters. These non-printable
characters are filtered, resulting in a “…” sequence. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CAN-2003-0282 to this issue.
This erratum includes a patch ensuring that non-printable characters do not
make it possible for a malicious .zip file to write to parent directories
unless the “-:” command line parameter is specified.
Users of unzip are advised to upgrade to these updated packages, which are
not vulnerable to this issue.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | any | ia64 | unzip | < 5.50-30 | unzip-5.50-30.ia64.rpm |
RedHat | any | i386 | unzip | < 5.50-30 | unzip-5.50-30.i386.rpm |