Lucene search
K

13 matches found

Tenable Nessus
Tenable Nessus
added 2013/06/29 12:0 a.m.32 views

CentOS 4 : unzip (CESA-2007:0203)

Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...

3.7CVSS8.2AI score0.01481EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2012/08/01 12:0 a.m.27 views

Scientific Linux Security Update : unzip on SL4.x i386/x86_64

A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed CVE-2005-2475 A buffer overflow was found in Unzip command line argument handling. If a user could be tricked into running...

3.7CVSS8.2AI score0.01481EPSS
Exploits1References3
OpenVAS
OpenVAS
added 2008/09/04 12:0 a.m.13 views

FreeBSD Ports: unzip, zh-unzip, ko-unzip

The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...

1.2CVSS6.6AI score0.00399EPSS
Exploits0References3
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.26 views

Debian Security Advisory DSA 903-1 (unzip)

The remote host is missing an update to unzip announced via advisory DSA 903-1. Imran Ghory discovered a race condition in the permissions setting code in unzip. When decompressing a file in a directory an attacker has access to, unzip could be tricked to set the file permissions to a different...

1.2CVSS7.7AI score0.00399EPSS
Exploits0
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.13 views

Debian Security Advisory DSA 903-1 (unzip)

The remote host is missing an update to unzip announced via advisory DSA 903-1. Imran Ghory discovered a race condition in the permissions setting code in unzip. When decompressing a file in a directory an attacker has access to, unzip could be tricked to set the file permissions to a different...

1.2CVSS8.1AI score0.00399EPSS
Exploits0References2
OpenVAS
OpenVAS
added 2008/01/17 12:0 a.m.13 views

Debian: Security Advisory (DSA-903-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

1.2CVSS6.7AI score0.00399EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2007/07/11 12:0 a.m.5 views

Low: Red Hat Bug Fix Advisory: unzip bug fix update

Updated unzip packages that address various bugs are now available. The unzip utility is used to list, test, or extract files from a zip archive. This update addresses the following issues: a TOCTOU bug that could be exploited to change file permissions CVE-2005-2475 a long filename buffer overfl...

3.7CVSS7.3AI score0.01481EPSS
Exploits1References3
Tenable Nessus
Tenable Nessus
added 2007/05/02 12:0 a.m.31 views

RHEL 4 : unzip (RHSA-2007:0203)

Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...

3.7CVSS8.2AI score0.01481EPSS
Exploits1References5
RedHat Linux
RedHat Linux
added 2007/05/01 1:37 p.m.30 views

Low: Red Hat Security Advisory: unzip security and bug fix update

Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...

3.7CVSS7.5AI score0.01481EPSS
Exploits1References5
Tenable Nessus
Tenable Nessus
added 2006/05/13 12:0 a.m.41 views

FreeBSD : unzip -- permission race vulnerability (9750cf22-216d-11da-bc01-000e0c2e438a)

Imran Ghory reports a vulnerability within unzip. The vulnerability is caused by a race condition between extracting an archive and changing the permissions of the extracted files. This would give an attacker enough time to remove a file and hardlink it to another file owned by the user running...

1.2CVSS7.5AI score0.00399EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2006/01/15 12:0 a.m.25 views

Ubuntu 4.10 / 5.04 : unzip vulnerability (USN-191-1)

Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user. Note that Tenable Network Security has extract...

1.2CVSS7.8AI score0.00399EPSS
Exploits0References1
CVE
CVE
added 2005/08/05 4:0 a.m.88 views

CVE-2005-2475

The provided data confirms CVE-2005-2475: a race condition in unzip allows local users to modify permissions of arbitrary files via a hard link attack during decompression. This is evidenced by multiple advisories (RHSA-2007:0203, ELSA-2007-0203, CESA-2007:0203, CESAs for RHEL/CentOS) describing ...

1.2CVSS5.9AI score0.00399EPSS
Exploits0References19Affected Software1
OSV
OSV
added 2005/08/05 4:0 a.m.8 views

CVE-2005-2475

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete...

6AI score
Exploits0References19
Rows per page
Query Builder