Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-0602

Overview

Vulnerability Score 6.2 6.2
CVE Id CVE-2005-0602
Last Modified 09 Jan 2015 09:59:19
Published 02 May 2005 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-0602

Summary

Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.

Vulnerable Systems

Application

  • Info-zip Unzip 5.50

  • Info-zip Unzip 5.51


References

VUPEN - ADV-2007-3866

BUGTRAQ - 20050228 7a69Adv#22 - UNIX unzip keep setuid and setgid files

TRUSTIX - 2005-0053

BID - 14447

MANDRIVA - MDKSA-2005:197

SUNALERT - 200844

SUNALERT - 103150

SECUNIA - 27684

SECUNIA - 17342

SECUNIA - 17045

CONFIRM - http://www.info-zip.org/FAQ.html


Last Updated: 27 May 2016 11:07:28