Vulnerabilities > CVE-2001-1268 - Unspecified vulnerability in Info-Zip Unzip

047910
CVSS 2.1 - LOW
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
local
low complexity
info-zip
nessus
NVD
Published: 2001-07-12
Updated: 2010-05-25

Summary

Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.

Vulnerable Configurations

Part Description Count
Application
Info-Zip
1

Nessus

  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2002-138.NASL
    descriptionThe unzip and tar utilities contain vulnerabilities which can allow arbitrary files to be overwritten during archive extraction. The unzip and tar utilities are used for dealing with archives, which are multiple files stored inside of a single file. A directory traversal vulnerability in unzip version 5.42 and earlier, as well as GNU tar 1.13.19 and earlier, allows attackers to overwrite arbitrary files during archive extraction via a
    last seen2020-06-01
    modified2020-06-02
    plugin id12312
    published2004-07-06
    reporterThis script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/12312
    titleRHEL 2.1 : unzip (RHSA-2002:138)
    code
    #%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Red Hat Security Advisory RHSA-2002:138. The text 
# itself is copyright (C) Red Hat, Inc.
#

include("compat.inc");

if (description)
{
  script_id(12312);
  script_version ("1.25");
  script_cvs_date("Date: 2019/10/25 13:36:09");

  script_cve_id("CVE-2001-1267", "CVE-2001-1268", "CVE-2001-1269", "CVE-2002-0399", "CVE-2002-1216");
  script_xref(name:"RHSA", value:"2002:138");

  script_name(english:"RHEL 2.1 : unzip (RHSA-2002:138)");
  script_summary(english:"Checks the rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Red Hat host is missing one or more security updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The unzip and tar utilities contain vulnerabilities which can allow
arbitrary files to be overwritten during archive extraction.

The unzip and tar utilities are used for dealing with archives, which
are multiple files stored inside of a single file.

A directory traversal vulnerability in unzip version 5.42 and earlier,
as well as GNU tar 1.13.19 and earlier, allows attackers to overwrite
arbitrary files during archive extraction via a '..' (dot dot) in an
extracted filename (CVE-2001-1267, CVE-2001-1268). In addition, unzip
version 5.42 and earlier also allows attackers to overwrite arbitrary
files during archive extraction via filenames in the archive that
begin with the '/' (slash) character (CVE-2001-1269).

During testing of the fix to GNU tar, we discovered that GNU tar
1.13.25 was still vulnerable to a modified version of the same
problem. Red Hat has provided a patch to tar 1.3.25 to correct this
problem (CVE-2002-0399).

Users of unzip and tar are advised to upgrade to these errata
packages, containing unzip version 5.50 and a patched version of GNU
tar 1.13.25, which are not vulnerable to these issues."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2001-1267"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2001-1268"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2001-1269"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2002-0399"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/security/cve/cve-2002-1216"
  );
  # http://online.securityfocus.com/archive/1/196445
  script_set_attribute(
    attribute:"see_also",
    value:"https://online.securityfocus.com/archive/1/196445"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://access.redhat.com/errata/RHSA-2002:138"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected tar and / or unzip packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tar");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:unzip");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1");

  script_set_attribute(attribute:"vuln_publication_date", value:"2001/07/12");
  script_set_attribute(attribute:"patch_publication_date", value:"2002/10/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/06");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Red Hat Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("misc_func.inc");
include("rpm.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item("Host/RedHat/release");
if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
os_ver = os_ver[1];
if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver);

if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu);

yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
if (!empty_or_null(yum_updateinfo)) 
{
  rhsa = "RHSA-2002:138";
  yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
  if (!empty_or_null(yum_report))
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : yum_report 
    );
    exit(0);
  }
  else
  {
    audit_message = "affected by Red Hat security advisory " + rhsa;
    audit(AUDIT_OS_NOT, audit_message);
  }
}
else
{
  flag = 0;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"tar-1.13.25-4.AS21.0")) flag++;
  if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"unzip-5.50-2")) flag++;

  if (flag)
  {
    security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + redhat_report_package_caveat()
    );
    exit(0);
  }
  else
  {
    tested = pkg_tests_get();
    if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
    else audit(AUDIT_PACKAGE_NOT_INSTALLED, "tar / unzip");
  }
}
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2002-065.NASL
    descriptionA directory traversal vulnerability was discovered in unzip version 5.42 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a
    last seen2020-06-01
    modified2020-06-02
    plugin id13966
    published2004-07-31
    reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/13966
    titleMandrake Linux Security Advisory : unzip (MDKSA-2002:065)

References