Skip site navigation (1)Skip section navigation (2)
Date:      Tue, 1 Jul 2003 15:11:23 -0700 (PDT)
From:      Thomas McIntyre <temac@yahoo.com>
To:        freebsd-ports@freebsd.org
Subject:   vulnerability in unzip 5.50?
Message-ID:  <20030701221123.27692.qmail@web14202.mail.yahoo.com>

next in thread | raw e-mail | index | archive | help
Is anybody aware of a a security problem with unzip in the ports?  I
tried searching google/mailing lists, but did not find anything
relevant.

The last update to the port looks about 3 months ago, which seems to
be before the notifications.

Thx,
Tom McIntyre

=-=-=-=-=-=

[RHSA-2003:199-01] Updated unzip packages fix trojan vulnerability

.....

3. Problem description:

The unzip utility is used for manipulating archives, which are
multiple
files stored inside of a single file.

A vulnerabilitiy in unzip version 5.50 and earlier allows attackers
to
overwrite arbitrary files during archive extraction by placing
invalid
(non-printable) characters between two "." characters.  These
non-printable
characters are filtered, resulting in a ".." sequence.  The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name
CAN-2003-0282 to this issue.

This erratum includes a patch ensuring that non-printable characters
do not
make it possible for a malicious .zip file to write to parent
directories
unless the "-:" command line parameter is specified.

Users of unzip are advised to upgrade to these updated packages,
which are
not vulnerable to this issue.

=-=-=-=-=-=

http://icat.nist.gov/icat.cfm?cvename=CAN-2003-0282

.....

Vulnerability Name: 
This reference is to a non-NIST site. (disclaimer)  CAN-2003-0282  
Published before: 6/16/2003  
Summary: Directory traversal vulnerability in UnZip 5.50 allows
attackers to overwrite arbitrary files via invalid characters between
two . (dot) characters, which are filtered and result in a ".."
sequence.  
Severity: Medium  
Vulnerability type: Exceptional Condition Handling Error
Design Error
 
Exploitable Range: Unknown
 
Loss type: Integrity
 
Reference 1:
This reference is to a non-NIST site. (disclaimer)  Source: Bugtraq
Type: General 
Name: unzip directory traversal revisited
http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175&w=2  
Vulnerable software and versions: Info-Zip, UnZip, 5.50  


__________________________________
Do you Yahoo!?
SBC Yahoo! DSL - Now only $29.95 per month!
http://sbc.yahoo.com



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030701221123.27692.qmail>