Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Red Hat Local Security Checks --> Category: infos

RHSA-2003-200: unzip Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the unzip packages

Detailed Explanation for this Vulnerability Test

Updated unzip packages resolving a vulnerability allowing arbitrary files
to be overwritten are now available.

[Updated 15 August 2003]
Ben Laurie found that the original patch to fix this issue missed a case
where the path component included a quoted slash. These updated packages
contain a new patch that corrects this issue.

The unzip utility is used for manipulating archives, which are multiple
files stored inside of a single file.

A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to
overwrite arbitrary files during archive extraction by placing invalid
(non-printable) characters between two "." characters. These non-printable
characters are filtered, resulting in a ".." sequence. The Common
Vulnerabilities and Exposures project ( has assigned the name
CVE-2003-0282 to this issue.

This erratum includes a patch ensuring that non-printable characters do not
make it possible for a malicious .zip file to write to parent directories
unless the "-:" command line parameter is specified.

Users of unzip are advised to upgrade to these updated packages, which are
not vulnerable to this issue.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.