Test ID:	1.3.6.1.4.1.25623.1.0.58232
Category:	Red Hat Local Security Checks
Title:	RedHat Security Advisory RHSA-2007:0203
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory RHSA-2007:0203. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475) A buffer overflow was found in Unzip command line argument handling. If a user could be tricked into running Unzip with a specially crafted long file name, an attacker could execute arbitrary code with that user's privileges. (CVE-2005-4667) As well, this update adds support for files larger than 2GB. All users of unzip should upgrade to these updated packages, which contain backported patches that resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0203.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 3.7
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2475 BugTraq ID: 14450 http://www.securityfocus.com/bid/14450 Bugtraq: 20050801 unzip TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=112300046224117&w=2 Debian Security Information: DSA-903 (Google Search) http://www.debian.org/security/2005/dsa-903 http://www.mandriva.com/security/advisories?name=MDKSA-2005:197 http://www.osvdb.org/18530 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9975 http://www.redhat.com/support/errata/RHSA-2007-0203.html SCO Security Bulletin: SCOSA-2005.39 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt http://secunia.com/advisories/16309 http://secunia.com/advisories/16985 http://secunia.com/advisories/17006 http://secunia.com/advisories/17045 http://secunia.com/advisories/17342 http://secunia.com/advisories/17653 http://secunia.com/advisories/25098 http://securityreason.com/securityalert/32 http://www.trustix.org/errata/2005/0053/ http://www.ubuntu.com/usn/usn-191-1 Common Vulnerability Exposure (CVE) ID: CVE-2005-4667 BugTraq ID: 15968 http://www.securityfocus.com/bid/15968 Debian Security Information: DSA-1012 (Google Search) http://www.debian.org/security/2006/dsa-1012 http://www.securityfocus.com/archive/1/430300/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:050 http://www.osvdb.org/22400 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252 http://www.trustix.org/errata/2006/0006 https://usn.ubuntu.com/248-1/ https://usn.ubuntu.com/248-2/
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.