Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] [USN-191-1] unzip vulnerability

from [Martin Pitt] Network Security [Permanent Link]
Subject: [Full-disclosure] [USN-191-1] unzip vulnerability
Date: Thu, 29 Sep 2005 19:00:49 +0200 
===========================================================
Ubuntu Security Notice USN-191-1         September 29, 2005
unzip vulnerability
CAN-2005-2475
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

unzip

The problem can be corrected by upgrading the affected package to
version 5.51-2ubuntu0.2 (for Ubuntu 4.10), or 5.51-2ubuntu1.2 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

Imran Ghory found a race condition in the handling of output files.
While a file was unpacked by unzip, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the unzip user.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.2.diff.gz
      Size/MD5:     5370 1c702c10ef3dde4ff8709278ed177eb2
    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.2.dsc
      Size/MD5:      534 bf60ea9eea72153cace6f4897bbdd9ea
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
      Size/MD5:  1112594 8a25712aac642430d87d21491f7c6bd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.2_amd64.deb
      Size/MD5:   147456 27383e90eb1a9a9908383566e453907f

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.2_i386.deb
      Size/MD5:   134000 31a882052de2106d47ba3386068468a9

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.2_powerpc.deb
      Size/MD5:   149764 c3fb934fe364b596b26d67818c55825a

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.2.diff.gz
      Size/MD5:     6254 16aca1c38a3c6f65b26b767c52d56fb4
    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.2.dsc
      Size/MD5:      534 89355d1863fec2a59e2375689550411c
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
      Size/MD5:  1112594 8a25712aac642430d87d21491f7c6bd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.2_amd64.deb
      Size/MD5:   147616 3624db8444f94bc37bd1ed27147829c5

  i386 architecture (x86 compatible Intel/AMD)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.2_i386.deb
      Size/MD5:   134874 c89ca693f0d79534a41f1677162d5cfb

  powerpc architecture (Apple Macintosh G3/G4/G5)

    
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.2_powerpc.deb
      Size/MD5:   151228 2464a5ddfa75c851b87db1b198e02fc5

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] [USN-191-1] unzip vulnerability, Martin Pitt <=
Previous by Date:  [Full-disclosure] [USN-190-1] SNMP vulnerability, Martin Pitt
Next by Date:  [Full-disclosure] Update of ciscocrack.c, Jerome Poggi
Previous by Thread:  [Full-disclosure] [USN-190-1] SNMP vulnerability, Martin Pitt
Next by Thread:  [Full-disclosure] Update of ciscocrack.c, Jerome Poggi
Indexes:  [Date] [Thread] [Top] [All Lists]