Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2005-4667

Overview

Vulnerability Score 3.7 3.7
CVE Id CVE-2005-4667
Last Modified 09 Jan 2015 09:59:21
Published 31 Dec 2005 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector LOCAL
Access Complexity HIGH
Authentication NONE

CVE-2005-4667

Summary

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

Vulnerable Systems

Application

  • Info-zip Unzip 5.2

  • Info-zip Unzip 5.3

  • Info-zip Unzip 5.31

  • Info-zip Unzip 5.32

  • Info-zip Unzip 5.40

  • Info-zip Unzip 5.41

  • Info-zip Unzip 5.42

  • Info-zip Unzip 5.50


References

UBUNTU - USN-248-2

UBUNTU - USN-248-1

TRUSTIX - 2006-0006

FEDORA - FLSA:180159

DEBIAN - DSA-1012

BID - 15968

REDHAT - RHSA-2007:0203

OSVDB - 22400

SECUNIA - 25098

FULLDISC - 20051219 Unzip *ALL* verisons ;))

MANDRIVA - MDKSA-2006:050

CONFIRM - http://www.info-zip.org/FAQ.html


Last Updated: 27 May 2016 11:07:28