Info-ZIP UnZip Privilege Escalation Vulnerability

Info-ZIP UnZip is prone to a privilege-escalation issue because of improper handling of permissions contained in ZIP archives during decompression.

If users with superuser privileges use UnZip to decompress archives with setuid or setgid permissions, malicious binaries may be created that allow attackers to gain superuser privileges and compromise the computer.


 

Privacy Statement
Copyright 2010, SecurityFocus