Login
Newsletter
Werbung

Sicherheit: Unerwünschtes Überschreiben von Dateien in unzip
Aktuelle Meldungen Distributionen
Name: Unerwünschtes Überschreiben von Dateien in unzip
ID: CSSA-2003-031.0
Distribution: Caldera
Plattformen: Caldera Server 3.1.1, Caldera Workstation 3.1.1
Datum: Do, 13. November 2003, 12:00
Referenzen: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282
Applikationen: UnZip

Originalnachricht

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


______________________________________________________________________________

SCO Security Advisory

Subject: OpenLinux: unzip directory traversal
Advisory number: CSSA-2003-031.0
Issue date: 2003 November 07
Cross reference: sr882696 fz528147 erg712381 CAN-2003-0282
______________________________________________________________________________


1. Problem Description

unzip is a program widely used for the distribution of
multiple files concatenated/compacted (a file commonly known
as an "archive").

A vulnerability has been found in the way unzip extracts files
with invalid characters between two '.' (dot) characters in
their path/names. These characters are filtered and result in
a ".." sequence (indicating the parent directory). By exploiting
this vulnerability, an attacker can overwrite arbitrary files
if the user unpacking such an archive has sufficient filesystem
permissions to do so.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CAN-2003-0282 to this issue.


2. Vulnerable Supported Versions

System Package
----------------------------------------------------------------------
OpenLinux 3.1.1 Server prior to unzip-5.40-6MR.i386.rpm
OpenLinux 3.1.1 Workstation prior to unzip-5.40-6MR.i386.rpm


3. Solution

The proper solution is to install the latest packages. Many
customers find it easier to use the Caldera System Updater, called
cupdate (or kcupdate under the KDE environment), to update these
packages rather than downloading and installing them by hand.


4. OpenLinux 3.1.1 Server

4.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-031.0/RPMS

4.2 Packages

308bbe0a68423441404609f93288b0e7 unzip-5.40-6MR.i386.rpm

4.3 Installation

rpm -Fvh unzip-5.40-6MR.i386.rpm

4.4 Source Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Server/CSSA-2003-031.0/SRPMS

4.5 Source Packages

f220b525c0b9d8d157d46d23018a5676 unzip-5.40-6MR.src.rpm


5. OpenLinux 3.1.1 Workstation

5.1 Package Location

ftp://ftp.sco.com/pub/updates/OpenLinux/3.1.1/Workstation/CSSA-2003-031.0/RPMS

5.2 Packages

ee383aa3af5442bf977f454dc62cdcaa unzip-5.40-6MR.i386.rpm

5.3 Installation

rpm -Fvh unzip-5.40-6MR.i386.rpm

5.4 Source Package Location

SRPMS

5.5 Source Packages

7541701bdcb262ac4970c3bd4a4da077 unzip-5.40-6MR.src.rpm


6. References

Specific references for this advisory:
http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175&w=2
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282

SCO security resources:
http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr882696 fz528147
erg712381.


7. Disclaimer

SCO is not responsible for the misuse of any of the information
we provide on this website and/or through our security
advisories. Our advisories are a service to our customers intended
to promote secure installation and use of SCO products.


8. Acknowledgements

SCO would like to thank Ben Laurie who found that the original patch
to fix this issue missed a case where the path component included
a quoted slash. These updated packages contain a new patch that
corrects this issue.
______________________________________________________________________________


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/sYZnbluZssSXDTERAil9AJsFDmPro0woAzrp0fk2sFczftQYfACfRqRL
7xzvK4yZjt1YLPb5IQccWB4=
=l6Nv
-----END PGP SIGNATURE-----
Pro-Linux
Unterstützer werden
Neue Nachrichten
Werbung