Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-0282

Overview

Vulnerability Score 2.6 2.6
CVE Id CVE-2003-0282
Last Modified 09 Jan 2015 09:59:16
Published 16 Jun 2003 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2003-0282

Summary

Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.

Vulnerable Systems

Operating System

  • Sco Openlinux Server 3.1.1

  • Sco Openlinux Workstation 3.1.1

Application

  • Info-zip Unzip 5.50


References

BID - 7550

REDHAT - RHSA-2003:199

TURBO - TLSA-2003-42

REDHAT - RHSA-2003:200

DEBIAN - DSA-344

BUGTRAQ - 20030509 unzip directory traversal revisited

IMMUNIX - IMNX-2003-7+-017-01

SCO - CSSA-2003-031.0

XF - unzip-dotdot-directory-traversal(12004)

MANDRAKE - MDKSA-2003:073

CIAC - N-111

BUGTRAQ - 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip)

CONECTIVA - CLA-2003:672

CONFIRM - http://www.info-zip.org/FAQ.html


Last Updated: 27 May 2016 11:07:28