MDKSA-2003:073-1

Package name

unzip

Date

2003-08-19

Advisory ID

MDKSA-2003:073-1

Affected versions

9.1 i586 , CS2.1 x86_64 , CS2.1 i586 , 9.0 i586 , 8.2 i586 , MNF8.2 i586 , 9.1 i586 , 8.2 i586

Problem description

A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two "." characters. These invalid characters are filtered which results in a ".." sequence. The patch applied to these packages prevents unzip from writing to parent directories unless the "-:" command line option is used. Update: Ben Laurie found that the original patch used to fix this issue missed a case where the path component included a quoted slash. An updated patch was used to build these packages.

Updated packages

9.1 i586

 32f6a6726eb9cfe5d76aec74a71228d1  9.1/RPMS/unzip-5.50-4.2mdk.i586.rpm
ece7c5edb30cb80c00e902a61126e68d  9.1/SRPMS/unzip-5.50-4.2mdk.src.rpm

CS2.1 x86_64

 53ecb5284909bec78ef0b570dfbabf89  x86_64/corporate/2.1/RPMS/unzip-5.50-4.2mdk.x86_64.rpm
ece7c5edb30cb80c00e902a61126e68d  x86_64/corporate/2.1/SRPMS/unzip-5.50-4.2mdk.src.rpm

CS2.1 i586

 eb83a1f819f0407da2a6abe8f9470e6d  corporate/2.1/RPMS/unzip-5.50-4.2mdk.i586.rpm
ece7c5edb30cb80c00e902a61126e68d  corporate/2.1/SRPMS/unzip-5.50-4.2mdk.src.rpm

9.0 i586

 eb83a1f819f0407da2a6abe8f9470e6d  9.0/RPMS/unzip-5.50-4.2mdk.i586.rpm
ece7c5edb30cb80c00e902a61126e68d  9.0/SRPMS/unzip-5.50-4.2mdk.src.rpm

8.2 i586

 da00ebf987ca4200ce2ed926bf4adaeb  8.2/RPMS/unzip-5.50-4.2mdk.i586.rpm
ece7c5edb30cb80c00e902a61126e68d  8.2/SRPMS/unzip-5.50-4.2mdk.src.rpm

MNF8.2 i586

 da00ebf987ca4200ce2ed926bf4adaeb  mnf8.2/RPMS/unzip-5.50-4.2mdk.i586.rpm
ece7c5edb30cb80c00e902a61126e68d  mnf8.2/SRPMS/unzip-5.50-4.2mdk.src.rpm

9.1 i586

 c4cc4eb7e92026ce5264daa57a42ce98  ppc/9.1/RPMS/unzip-5.50-4.2mdk.ppc.rpm
ece7c5edb30cb80c00e902a61126e68d  ppc/9.1/SRPMS/unzip-5.50-4.2mdk.src.rpm

8.2 i586

 07252553006b6d428289f4fdfadf46fd  ppc/8.2/RPMS/unzip-5.50-4.2mdk.ppc.rpm
ece7c5edb30cb80c00e902a61126e68d  ppc/8.2/SRPMS/unzip-5.50-4.2mdk.src.rpm

References

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282
• http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175