Vulnerabilities > CVE-2005-0602 - Privilege Escalation vulnerability in Info-Zip Unzip 5.50
Attack vector
LOCAL Attack complexity
HIGH Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 2 |
Nessus
NASL family Solaris Local Security Checks NASL id SOLARIS9_112951.NASL description SunOS 5.9: patchadd and patchrm Patch. Date this patch was last updated by Sun : Jul/02/10 last seen 2020-06-01 modified 2020-06-02 plugin id 29209 published 2007-12-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29209 title Solaris 9 (sparc) : 112951-15 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(29209); script_version("1.14"); script_cvs_date("Date: 2019/10/25 13:36:26"); script_cve_id("CVE-2005-0602"); script_name(english:"Solaris 9 (sparc) : 112951-15"); script_summary(english:"Check for patch 112951-15"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 112951-15" ); script_set_attribute( attribute:"description", value: "SunOS 5.9: patchadd and patchrm Patch. Date this patch was last updated by Sun : Jul/02/10" ); script_set_attribute( attribute:"see_also", value:"https://getupdates.oracle.com/readme/112951-15" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2010/07/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2007/12/04"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.9", arch:"sparc", patch:"112951-15", obsoleted_by:"", package:"SUNWswmt", version:"11.9,REV=2002.04.14.23.49") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS8_108987.NASL description SunOS 5.8: Patch for patchadd and patchrm. Date this patch was last updated by Sun : Nov/30/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13307 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13307 title Solaris 8 (sparc) : 108987-19 code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text in this plugin was # extracted from the Oracle SunOS Patch Updates. # include("compat.inc"); if (description) { script_id(13307); script_version("1.31"); script_cvs_date("Date: 2019/10/25 13:36:24"); script_cve_id("CVE-2005-0602"); script_name(english:"Solaris 8 (sparc) : 108987-19"); script_summary(english:"Check for patch 108987-19"); script_set_attribute( attribute:"synopsis", value:"The remote host is missing Sun Security Patch number 108987-19" ); script_set_attribute( attribute:"description", value: "SunOS 5.8: Patch for patchadd and patchrm. Date this patch was last updated by Sun : Nov/30/07" ); script_set_attribute( attribute:"see_also", value:"http://download.oracle.com/sunalerts/1000637.1.html" ); script_set_attribute( attribute:"solution", value:"You should install this patch for your system to be up-to-date." ); script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:sun:solaris"); script_set_attribute(attribute:"patch_publication_date", value:"2007/11/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/12"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108987-19", obsoleted_by:"", package:"SUNWadmr", version:"11.8,REV=1999.12.16.15.15") < 0) flag++; if (solaris_check_patch(release:"5.8", arch:"sparc", patch:"108987-19", obsoleted_by:"", package:"SUNWswmt", version:"11.8,REV=1999.12.16.15.15") < 0) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:solaris_get_report()); else security_warning(0); exit(0); } audit(AUDIT_HOST_NOT, "affected");
NASL family Solaris Local Security Checks NASL id SOLARIS9_X86_114194.NASL description SunOS 5.9_x86: patchadd and patchrm Patch. Date this patch was last updated by Sun : Jul/02/10 last seen 2020-06-01 modified 2020-06-02 plugin id 29211 published 2007-12-04 reporter This script is Copyright (C) 2007-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/29211 title Solaris 9 (x86) : 114194-12 NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2005-197.NASL description Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. (CVE-2005-0602) Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user. This affects versions of unzip 5.52 and lower (CVE-2005-2475) The updated packages have been patched to address these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20125 published 2005-11-02 reporter This script is Copyright (C) 2005-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20125 title Mandrake Linux Security Advisory : unzip (MDKSA-2005:197) NASL family Solaris Local Security Checks NASL id SOLARIS8_X86_108988.NASL description SunOS 5.8_x86: Patch for patchadd and patc. Date this patch was last updated by Sun : Nov/30/07 last seen 2020-06-01 modified 2020-06-02 plugin id 13417 published 2004-07-12 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/13417 title Solaris 8 (x86) : 108988-19 NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-159-1.NASL description If a ZIP archive contains binaries with the setuid and/or setgid bit set, unzip preserved those bits when extracting the archive. This could be exploited by tricking the administrator into unzipping an archive with a setuid-root binary into a directory the attacker can access. This allowed the attacker to execute arbitrary commands with root privileges. The updated version does not preserve setuid, setgid, and sticky bits any more by default. The old behaviour can be explicitly requested now by supplying the option last seen 2020-06-01 modified 2020-06-02 plugin id 20563 published 2006-01-15 reporter Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/20563 title Ubuntu 4.10 / 5.04 : unzip vulnerability (USN-159-1)
Statements
contributor | Mark J Cox |
lastmodified | 2006-08-30 |
organization | Red Hat |
statement | We do not consider this a security vulnerability; this is the expected behaviour. |
References
- http://marc.info/?l=bugtraq&m=110960796331943&w=2
- http://secunia.com/advisories/17045
- http://secunia.com/advisories/17342
- http://secunia.com/advisories/27684
- http://sunsolve.sun.com/search/document.do?assetkey=1-26-103150-1
- http://sunsolve.sun.com/search/document.do?assetkey=1-66-200844-1
- http://www.info-zip.org/FAQ.html
- http://www.mandriva.com/security/advisories?name=MDKSA-2005:197
- http://www.securityfocus.com/bid/14447
- http://www.trustix.org/errata/2005/0053/
- http://www.vupen.com/english/advisories/2007/3866