Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:065: unzip Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the unzip package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:065 (unzip).
A directory traversal vulnerability was discovered in unzip version 5.42 and
earlier that allows attackers to overwrite arbitrary files during extraction of
the archive by using a '..' (dot dot) in an extracted filename, as well as
prefixing filenames in the archive with '/' (slash).
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:065
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.