Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-2475

Overview

Vulnerability Score 1.2 1.2
CVE Id CVE-2005-2475
Last Modified 09 Jan 2015 09:59:20
Published 05 Aug 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-2475

Summary

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

Vulnerable Systems

Application

  • Info-zip Unzip 5.52


References

UBUNTU - USN-191-1

TRUSTIX - 2005-0053

BID - 14450

REDHAT - RHSA-2007:0203

OSVDB - 18530

MANDRIVA - MDKSA-2005:197

DEBIAN - DSA-903

SREASON - 32

SECUNIA - 25098

SECUNIA - 17653

SECUNIA - 17342

SECUNIA - 17045

SECUNIA - 17006

SECUNIA - 16985

SECUNIA - 16309

BUGTRAQ - 20050801 unzip TOCTOU file-permissions vulnerability

SCO - SCOSA-2005.39

CONFIRM - http://www.info-zip.org/FAQ.html


Last Updated: 27 May 2016 10:36:58