DESCRIPTION
unzip is a program widely used for the distribution of multiple files
concatenated/compacted (a file commonly known as an "archive").
A vulnerability has been found in the way unzip extracts files with
invalid characters between two '.' (dot) characters in their
path/names. These characters are filtered and result in a ".."
sequence (indicating the parent directory). By exploiting this
vulnerability, an attacker can overwrite arbitrary files if the user
unpacking such an archive has sufficient filesystem permissions to do
so.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0282 to this issue.
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/unzip-5.50-1U70_2cl.i386.rp
m
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/unzip-5.50-1U70_2cl.src.rp
m
ftp://atualizacoes.conectiva.com.br/8/RPMS/unzip-5.50-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/unzip-5.50-1U80_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/unzip-5.50-13860U90_1cl.i386.
rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/unzip-5.50-13860U90_1cl.src.
rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- ------------------------------------------------------------------------
-
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- ------------------------------------------------------------------------
-
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- ------------------------------------------------------------------------
-
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
Hash: SHA1
- ------------------------------------------------------------------------
--
CONECTIVA LINUX SECURITY ANNOUNCEMENT
- ------------------------------------------------------------------------
--
PACKAGE : unzip
SUMMARY : Directory transversal vulnerability
DATE : 2003-07-02 18:57:00
ID : CLA-2003:672
RELEVANT
RELEASES : 7.0, 8, 9
- ------------------------------------------------------------------------
-
DESCRIPTION
unzip is a program widely used for the distribution of multiple files
concatenated/compacted (a file commonly known as an "archive").
A vulnerability has been found in the way unzip extracts files with
invalid characters between two '.' (dot) characters in their
path/names. These characters are filtered and result in a ".."
sequence (indicating the parent directory). By exploiting this
vulnerability, an attacker can overwrite arbitrary files if the user
unpacking such an archive has sufficient filesystem permissions to do
so.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CAN-2003-0282 to this issue.
SOLUTION
All unzip users should upgrade.
REFERENCES:
1.http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175
2.http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282
UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/unzip-5.50-1U70_2cl.i386.rp
m
ftp://atualizacoes.conectiva.com.br/7.0/SRPMS/unzip-5.50-1U70_2cl.src.rp
m
ftp://atualizacoes.conectiva.com.br/8/RPMS/unzip-5.50-1U80_2cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/SRPMS/unzip-5.50-1U80_2cl.src.rpm
ftp://atualizacoes.conectiva.com.br/9/RPMS/unzip-5.50-13860U90_1cl.i386.
rpm
ftp://atualizacoes.conectiva.com.br/9/SRPMS/unzip-5.50-13860U90_1cl.src.
rpm
ADDITIONAL INSTRUCTIONS
The apt tool can be used to perform RPM packages upgrades:
- run: apt-get update
- after that, execute: apt-get upgrade
Detailed instructions reagarding the use of apt and upgrade examples
can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en
- ------------------------------------------------------------------------
-
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en
- ------------------------------------------------------------------------
-
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en
- ------------------------------------------------------------------------
-
Copyright (c) 2003 Conectiva Inc.
http://www.conectiva.com
- ------------------------------------------------------------------------
-
subscribe: conectiva-updates-subscribe (at) papaleguas.conectiva.com (dot) br [email concealed]
unsubscribe: conectiva-updates-unsubscribe (at) papaleguas.conectiva.com (dot) br [email concealed]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE/A1he42jd0JmAcZARAnlpAJ49pZfG2KHfpAjh9UXKzG9OhNTd6wCbBMf8
+0BAIs0dyrVMJwKEJzmwYz4=
=kUgz
-----END PGP SIGNATURE-----
[ reply ]