Family: Debian Local Security Checks --> Category: infos
[DSA903] DSA-903-2 unzip Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
The unzip update in DSA 903 contained a regression so that symbolic
links that are resolved later in a zip archive aren't supported
anymore. This update corrects this behaviour. For completeness,
below please find the original advisory text:
Imran Ghory discovered a race condition in the permissions setting
code in unzip. When decompressing a file in a directory a possible hacker
has access to, unzip could be tricked to set the file permissions to a
different file the user has permissions to.
For the old stable distribution (woody) this problem has been fixed in
For the stable distribution (sarge) this problem has been fixed in
For the unstable distribution (sid) this problem has been fixed in
We recommend that you upgrade your unzip package.
Solution : http://www.debian.org/security/2005/dsa-903
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.