13 matches found
CentOS 4 : unzip (CESA-2007:0203)
Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...
Scientific Linux Security Update : unzip on SL4.x i386/x86_64
A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed CVE-2005-2475 A buffer overflow was found in Unzip command line argument handling. If a user could be tricked into running...
FreeBSD Ports: unzip, zh-unzip, ko-unzip
The remote host is missing an update to the system as announced in the referenced advisory. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only...
Debian Security Advisory DSA 903-1 (unzip)
The remote host is missing an update to unzip announced via advisory DSA 903-1. Imran Ghory discovered a race condition in the permissions setting code in unzip. When decompressing a file in a directory an attacker has access to, unzip could be tricked to set the file permissions to a different...
Debian Security Advisory DSA 903-1 (unzip)
The remote host is missing an update to unzip announced via advisory DSA 903-1. Imran Ghory discovered a race condition in the permissions setting code in unzip. When decompressing a file in a directory an attacker has access to, unzip could be tricked to set the file permissions to a different...
Debian: Security Advisory (DSA-903-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Low: Red Hat Bug Fix Advisory: unzip bug fix update
Updated unzip packages that address various bugs are now available. The unzip utility is used to list, test, or extract files from a zip archive. This update addresses the following issues: a TOCTOU bug that could be exploited to change file permissions CVE-2005-2475 a long filename buffer overfl...
RHEL 4 : unzip (RHSA-2007:0203)
Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...
Low: Red Hat Security Advisory: unzip security and bug fix update
Updated unzip packages that fix two security issues and various bugs are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip...
FreeBSD : unzip -- permission race vulnerability (9750cf22-216d-11da-bc01-000e0c2e438a)
Imran Ghory reports a vulnerability within unzip. The vulnerability is caused by a race condition between extracting an archive and changing the permissions of the extracted files. This would give an attacker enough time to remove a file and hardlink it to another file owned by the user running...
Ubuntu 4.10 / 5.04 : unzip vulnerability (USN-191-1)
Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user. Note that Tenable Network Security has extract...
CVE-2005-2475
The provided data confirms CVE-2005-2475: a race condition in unzip allows local users to modify permissions of arbitrary files via a hard link attack during decompression. This is evidenced by multiple advisories (RHSA-2007:0203, ELSA-2007-0203, CESA-2007:0203, CESAs for RHEL/CentOS) describing ...
CVE-2005-2475
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete...