|
Info-ZIP UnZip CHMod File Permission Modification Race Condition Weakness
Info-ZIP unzip is reported prone to a security weakness. The issue occurs only when an archive is extracted into a world- or group-writable directory. Reportedly, unzip employs non-atomic procedures to write a file and later to change the permissions on the newly extracted file. A local attacker may leverage this issue to modify file permissions of target files. |
|
|
Privacy Statement |
