unzip
Page content
- Author: voroskoi
- Vulnerable: 5.52-1
- Unaffected: 5.52-2terminus1
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. Buffer overflow in UnZip allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
- Bug Tracker URL: http://bugs.frugalware.org/task/2026