FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2005-2475

This CVE name corresponds to:

Entered Topic
2005-09-13 unzip -- permission race vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

Details

Type Candidate
Name CVE-2005-2475
Phase Assigned(20050805)

Description

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

References

Source Reference
BUGTRAQ 20050801 unzip TOCTOU file-permissions vulnerability
CONFIRM http://www.info-zip.org/FAQ.html
DEBIAN DSA-903
MANDRIVA MDKSA-2005:197
REDHAT RHSA-2007:0203
SCO SCOSA-2005.39
TRUSTIX 2005-0053
UBUNTU USN-191-1
BID 14450
OSVDB 18530
OVAL oval:org.mitre.oval:def:9975
SECUNIA 16309
SECUNIA 17653
SECUNIA 17045
SECUNIA 17342
SECUNIA 16985
SECUNIA 17006
SECUNIA 25098
SREASON 32