Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2004:141: zip Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the zip package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2004:141 (zip).
A vulnerability in zip was discovered where zip would not check the resulting
path length when doing recursive folder compression, which could allow a
malicious person to convince a user to create an archive containing a
specially-crafted path name. By doing so, arbitrary code could be executed with
the permissions of the user running zip.
The updated packages are patched to prevent this problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2004:141
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.