Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness

Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness

Info-ZIP unzip is reported prone to a security weakness. The issue occurs only when an archive is extracted into a world- or group-writable directory. Reportedly, unzip employs non-atomic procedures to write a file and later to change the permissions on the newly extracted file.

A local attacker may leverage this issue to modify file permissions of target files.