1. CVE-Search
  2. CVE-2005-0602
ID CVE-2005-0602
Summary Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
References
Vulnerable Configurations
  • cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*
    cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*
  • cpe:2.3:a:info-zip:unzip:*:*:*:*:*:*:*:*
    cpe:2.3:a:info-zip:unzip:*:*:*:*:*:*:*:*
CVSS
Base: 6.2 (as of 18-10-2016 - 03:12)
Impact:
Exploitability:
CWE NVD-CWE-Other
CAPEC
Access
VectorComplexityAuthentication
LOCAL HIGH NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:H/Au:N/C:C/I:C/A:C
refmap via4
bid 14447
bugtraq 20050228 7a69Adv#22 - UNIX unzip keep setuid and setgid files
confirm http://www.info-zip.org/FAQ.html
mandriva MDKSA-2005:197
secunia
  • 17045
  • 17342
  • 27684
sunalert
  • 103150
  • 200844
trustix 2005-0053
vupen ADV-2007-3866
statements via4
contributor Mark J Cox
lastmodified 2006-08-30
organization Red Hat
statement We do not consider this a security vulnerability; this is the expected behaviour.
Last major update 18-10-2016 - 03:12
Published 02-05-2005 - 04:00
Last modified 18-10-2016 - 03:12
Back to Top