Info-ZIP UnZip Encoded Character Hostile Destination Path Vulnerability

Bugtraq ID: 7550
Class: Access Validation Error
CVE: CVE-2003-0282
Remote: Yes
Local: No
Published: May 10 2003 12:00AM
Updated: Jul 11 2009 09:07PM
Credit: Discovery of this vulnerability credited to "jelmer" <jelmer@kuperus.xs4all.nl>.
Vulnerable: SCO OpenLinux Workstation 3.1.1
SCO OpenLinux Server 3.1.1
Info-ZIP UnZip 5.50
+ Conectiva Linux 9.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
 + Debian Linux 3.0 s/390
 + Debian Linux 3.0 ppc
 + Debian Linux 3.0 mipsel
 + Debian Linux 3.0 mips
 + Debian Linux 3.0 m68k
 + Debian Linux 3.0 ia-64
 + Debian Linux 3.0 ia-32
 + Debian Linux 3.0 hppa
 + Debian Linux 3.0 arm
 + Debian Linux 3.0 alpha
 + Debian Linux 3.0
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.1 ppc
 + Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
 + Mandriva Linux Mandrake 8.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG Current
 + Red Hat Linux 6.2
 + RedHat Linux 7.2 ia64
 + RedHat Linux 7.2 i386
 + RedHat Linux 7.2 alpha
 + RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
 + RedHat Linux 7.1 i386
 + RedHat Linux 7.1 alpha
 + RedHat Linux 7.1
+ RedHat Linux 7.0 sparc
 + RedHat Linux 7.0 i386
 + RedHat Linux 7.0 alpha
 + RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
 + RedHat Linux 6.2 i386
 + RedHat Linux 6.2 alpha
 + Slackware Linux 9.0
+ Slackware Linux -current
 + Sun Linux 5.0.6
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus