ID CVE-2005-0602
Summary Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:info-zip:unzip:5.50
    cpe:2.3:a:info-zip:unzip:5.50
  • cpe:2.3:a:info-zip:unzip:5.51
    cpe:2.3:a:info-zip:unzip:5.51
CVSS
Base: 6.2 (as of 08-06-2005 - 14:55)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
nessus via4
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_112951.NASL
    description SunOS 5.9: patchadd and patchrm Patch. Date this patch was last updated by Sun : Jul/02/10
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 29209
    published 2007-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29209
    title Solaris 9 (sparc) : 112951-15
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-197.NASL
    description Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. (CVE-2005-0602) Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user. This affects versions of unzip 5.52 and lower (CVE-2005-2475) The updated packages have been patched to address these issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 20125
    published 2005-11-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20125
    title Mandrake Linux Security Advisory : unzip (MDKSA-2005:197)
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_108987.NASL
    description SunOS 5.8: Patch for patchadd and patchrm. Date this patch was last updated by Sun : Nov/30/07
    last seen 2018-09-01
    modified 2014-08-30
    plugin id 13307
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13307
    title Solaris 8 (sparc) : 108987-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS8_X86_108988.NASL
    description SunOS 5.8_x86: Patch for patchadd and patc. Date this patch was last updated by Sun : Nov/30/07
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 13417
    published 2004-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=13417
    title Solaris 8 (x86) : 108988-19
  • NASL family Solaris Local Security Checks
    NASL id SOLARIS9_X86_114194.NASL
    description SunOS 5.9_x86: patchadd and patchrm Patch. Date this patch was last updated by Sun : Jul/02/10
    last seen 2018-09-02
    modified 2014-08-30
    plugin id 29211
    published 2007-12-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=29211
    title Solaris 9 (x86) : 114194-12
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-159-1.NASL
    description If a ZIP archive contains binaries with the setuid and/or setgid bit set, unzip preserved those bits when extracting the archive. This could be exploited by tricking the administrator into unzipping an archive with a setuid-root binary into a directory the attacker can access. This allowed the attacker to execute arbitrary commands with root privileges. The updated version does not preserve setuid, setgid, and sticky bits any more by default. The old behaviour can be explicitly requested now by supplying the option '-K'. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-01-16
    modified 2018-07-19
    plugin id 20563
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20563
    title Ubuntu 4.10 / 5.04 : unzip vulnerability (USN-159-1)
refmap via4
bid 14447
bugtraq 20050228 7a69Adv#22 - UNIX unzip keep setuid and setgid files
confirm http://www.info-zip.org/FAQ.html
mandriva MDKSA-2005:197
secunia
  • 17045
  • 17342
  • 27684
sunalert
  • 103150
  • 200844
trustix 2005-0053
vupen ADV-2007-3866
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement We do not consider this a security vulnerability; this is the expected behaviour.
Last major update 17-10-2016 - 23:12
Published 02-05-2005 - 00:00
Back to Top