Slackware 9.0 / current : unzip vulnerability patched (SSA:2003-237-01)

low Nessus Plugin ID 18722

Synopsis

The remote Slackware host is missing a security update.

Description

Upgraded infozip packages are available for Slackware 9.0 and
-current. These fix a security issue where a specially crafted archive may overwrite files (including system files anywhere on the filesystem) upon extraction by a user with sufficient permissions.

Solution

Update the affected infozip package.

See Also

https://lwn.net/Articles/38540/

https://www.securityfocus.com/bid/7550

http://www.nessus.org/u?b0c3557d

http://www.nessus.org/u?f13925b4

Plugin Details

Severity: Low

ID: 18722

File Name: Slackware_SSA_2003-237-01.nasl

Version: 1.17

Type: local

Published: 7/13/2005

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.2

CVSS v2

Risk Factor: Low

Base Score: 2.6

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:slackware:slackware_linux:infozip, cpe:/o:slackware:slackware_linux, cpe:/o:slackware:slackware_linux:9.0

Required KB Items: Host/local_checks_enabled, Host/Slackware/release, Host/Slackware/packages

Patch Publication Date: 8/25/2003

Reference Information

CVE: CVE-2003-0282

SSA: 2003-237-01