Alerts This Week
Warning Icon 1 929
Alerts This Week
Warning Icon 1 929

Gentoo: 200307-02 Critical: Unzip Directory Traversal Exploit

gentoo
Calendar Grey July 11, 2003
Dist Gentoo Esm H88
Gentoo Linux Security Advisory 202310-05 relating to bash local exploit linked to code execution vulnerability.
By inserting invalid characters between ".." attackers can overwritearbitrary files.

Summary


- - ---------------------------------------------------------------------
GENTOO LINUX SECURITY ANNOUNCEMENT 200307-02
- - ---------------------------------------------------------------------

- - ---------------------------------------------------------------------

By inserting invalid characters between ".." attackers can overwrite
arbitrary files.

Read the full advisory at 
http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175

SOLUTION

It is recommended that all Gentoo Linux users who are running
app-arch/unzip upgrade to unzip-5.50-r2 as follows

emerge sync
emerge unzip
emerge clean

- - ---------------------------------------------------------------------
aliz@gentoo.org - GnuPG key is available at   
- - ---------------------------------------------------------------------

Topics%20covered

Topics Covered

security advisory gentoo critical directory traversal local exploit

Resolution

References

Availability

style>.gentoo_availability{display:block;}

Concerns

Severity
critical
Lowest
Low
Medium
High
Critical

PACKAGE : unzip
SUMMARY : directory traversal vulnerability
DATE : 2003-07-11 13:54 UTC
EXPLOIT : local
VERSIONS AFFECTED : =unzip-5.50-r2
CVE : 2003-0282

Topics%20covered

Topics Covered

security advisory gentoo critical directory traversal local exploit

Synopsis

Background

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

Impact

Workaround

Your message here