Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> Debian Local Security Checks >> [DSA903] DSA-903-2 unzip


Vulnerability Assessment Details

[DSA903] DSA-903-2 unzip

Vulnerability Assessment Summary
DSA-903-2 unzip

Detailed Explanation for this Vulnerability Assessment

The unzip update in DSA 903 contained a regression so that symbolic
links that are resolved later in a zip archive aren't supported
anymore.  This update corrects this behaviour.  For completeness,
below please find the original advisory text:
Imran Ghory discovered a race condition in the permissions setting
code in unzip. When decompressing a file in a directory a possible hacker
has access to, unzip could be tricked to set the file permissions to a
different file the user has permissions to.
For the old stable distribution (woody) this problem has been fixed in
version 5.50-1woody5.
For the stable distribution (sarge) this problem has been fixed in
version 5.52-1sarge3.
For the unstable distribution (sid) this problem has been fixed in
version 5.52-6.
We recommend that you upgrade your unzip package.


Solution : http://www.debian.org/security/2005/dsa-903
Network Security Threat Level: High

Networks Security ID: 14450

Vulnerability Assessment Copyright: This script is (C) 2007 Michel Arboi

Cables, Connectors

2017 Microsoft Surface Pro - Core i5, 8GB RAM, 256GB HDD
$0.01
2017 Microsoft Surface Pro - Core i5, 8GB RAM, 256GB HDD pictureHP Renew ProLiant DL380 G9 Single E5-2623 v3 4-Core 3.0GHz 192GB 8x 2TB SAS
$6906.0
HP Renew ProLiant DL380 G9 Single E5-2623 v3 4-Core 3.0GHz 192GB 8x 2TB SAS pictureHP Renew ProLiant DL380 G9 Dual E5-2623 v3 4-Core 3.0GHz 256GB 8x 600GB 15K SAS
$8313.0
HP Renew ProLiant DL380 G9 Dual E5-2623 v3 4-Core 3.0GHz 256GB 8x 600GB 15K SAS pictureDell Inspiron 3650 Windows 10 Core I5 2.70 8 GB 1 TB HD Ready to Use
$259.0
Dell Inspiron 3650 Windows 10  Core I5 2.70 8 GB 1 TB HD Ready to Use picture


Discussions

No Discussions have been posted on this vulnerability.