RedHatRHSA-2007:0203(RHSA-2007:0203) Low: unzip security and bug fix update
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.4%
The unzip utility is used to list, test, or extract files from a zip archive.
A race condition was found in Unzip. Local users could use this flaw to
modify permissions of arbitrary files via a hard link attack on a file
while it was being decompressed (CVE-2005-2475)
A buffer overflow was found in Unzip command line argument handling.
If a user could be tricked into running Unzip with a specially crafted long
file name, an attacker could execute arbitrary code with that user’s
privileges. (CVE-2005-4667)
As well, this update adds support for files larger than 2GB.
All users of unzip should upgrade to these updated packages, which
contain backported patches that resolve these issues.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| RedHat | any | ppc | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.ppc.rpm |
| RedHat | any | src | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.src.rpm |
| RedHat | any | ia64 | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.ia64.rpm |
| RedHat | any | s390 | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.s390.rpm |
| RedHat | any | s390x | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.s390x.rpm |
| RedHat | any | i386 | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.i386.rpm |
| RedHat | any | x86_64 | unzip | < 5.51-9.EL4.5 | unzip-5.51-9.EL4.5.x86_64.rpm |
Related
3.7 Low
CVSS2
Access Vector
LOCAL
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
0.002 Low
EPSS
Percentile
58.4%