Upstream information

CVE-2005-2475 at MITRE

Description

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 1.2
Vector AV:L/AC:H/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity High
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Note from the SUSE Security Team

This issue was fixed for SUSE Linux Enterprise Server 11 and newer products. Older products are affected, but will not receive fixes due to the low severity of this problem.

SUSE Bugzilla entry: 274156 [RESOLVED / FIXED]

No SUSE Security Announcements cross referenced.

List of released packages

Product(s) Fixed package version(s) References
SUSE Linux Enterprise Server 11 SP1
  • unzip >= 5.52-142.23.43
Patchnames:
SUSE Linux Enterprise Server 11 SP1 GA unzip
SUSE Linux Enterprise Server 11 SP2
  • unzip >= 6.00-11.7.1
Patchnames:
SUSE Linux Enterprise Server 11 SP2 GA unzip
SUSE Linux Enterprise Server 11 SP3
  • unzip >= 6.00-11.7.1
Patchnames:
SUSE Linux Enterprise Server 11 SP3 GA unzip
SUSE Linux Enterprise Server 11 SP4
  • unzip >= 6.00-11.13.1
Patchnames:
SUSE Linux Enterprise Server 11 SP4 GA unzip