Info-ZIP UnZip Encoded Character Hostile Destination Path Vulnerability

Bugtraq ID: 7550
Class: Access Validation Error
CVE: CVE-2003-0282
Remote: Yes
Local: No
Published: May 10 2003 12:00AM
Updated: Jul 11 2009 09:07PM
Credit: Discovery of this vulnerability credited to "jelmer" <jelmer@kuperus.xs4all.nl>.
Vulnerable: SCO OpenLinux Workstation 3.1.1
SCO OpenLinux Server 3.1.1
Info-ZIP UnZip 5.50
+ Conectiva Linux 9.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG Current
+ Red Hat Linux 6.2
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Slackware Linux 9.0
+ Slackware Linux -current
+ Sun Linux 5.0.6
Not Vulnerable:


 

Privacy Statement
Copyright 2010, SecurityFocus