|
Family: Ubuntu Local Security Checks --> Category: infos
USN159-1 : unzip vulnerability Vulnerability Scan
Vulnerability Scan Summary unzip vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote package "unzip" is missing a security patch.
Description :
If a ZIP archive contains binaries with the setuid and/or setgid bit
set, unzip preserved those bits when extracting the archive. This
could be exploited by tricking the administrator into unzipping an
archive with a setuid-root binary into a directory the attacker can
access. This allowed the attacker to execute arbitrary commands with
root rights.
The updated version does not preserve setuid, setgid, and sticky bits
any more by default. The old behaviour can be explicitly requested now
by supplying the option '-K'.
Solution :
Upgrade to :
- unzip-5.51-2ubuntu1.1 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|