diff options
| author | remko <remko@FreeBSD.org> | 2005-09-13 20:18:44 +0000 |
|---|---|---|
| committer | remko <remko@FreeBSD.org> | 2005-09-13 20:18:44 +0000 |
| commit | 2bd4d8d0a6568c534f3575602df693e137dd9dbe (patch) | |
| tree | 12aa5767ba600970ae23914e21f8d2df18ff0291 /security | |
| parent | a10a4c2830d00aa9691704d26225d1599a9c06f4 (diff) | |
| download | FreeBSD-ports-2bd4d8d0a6568c534f3575602df693e137dd9dbe.zip FreeBSD-ports-2bd4d8d0a6568c534f3575602df693e137dd9dbe.tar.gz | |
Document unzip -- permission race vulnerability. [1]
Update the recent htdig entry with it's corrected version.
Reviewed by: simon [1]
Diffstat (limited to 'security')
| -rw-r--r-- | security/vuxml/vuln.xml | 36 |
1 files changed, 35 insertions, 1 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index b92c347..e8a2c9d 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,39 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1"> + <vuln vid="9750cf22-216d-11da-bc01-000e0c2e438a"> + <topic>unzip -- permission race vulnerability</topic> + <affects> + <package> + <name>unzip</name> + <name>zh-unzip</name> + <name>ko-unzip</name> + <range><lt>5.52_2</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Imran Ghory reports a vulnerability within unzip. The + vulnerability is caused by a race condition between + extracting an archive and changing the permissions of the + extracted files. This would give an attacker enough time to + remove a file and hardlink it to another file owned by the + user running unzip. When unzip changes the permissions of + the file it could give the attacker access to files that + normally would not have been accessible for others.</p> + </body> + </description> + <references> + <bid>14450</bid> + <cvename>CAN-2005-2475</cvename> + <mlist msgid="7389fc4b05080116031536adf7@mail.gmail.com">http://marc.theaimsgroup.com/?l=bugtraq&m=112300046224117</mlist> + </references> + <dates> + <discovery>2005-08-02</discovery> + <entry>2005-09-13</entry> + </dates> + </vuln> + <vuln vid="8665ebb9-2237-11da-978e-0001020eed82"> <topic>firefox & mozilla -- buffer overflow vulnerability</topic> @@ -134,7 +167,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <affects> <package> <name>htdig</name> - <range><gt>0</gt></range> + <range><lt>3.2.0b6_1</lt></range> </package> </affects> <description> @@ -155,6 +188,7 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. <dates> <discovery>2005-02-03</discovery> <entry>2005-09-04</entry> + <modified>2005-09-13</modified> </dates> </vuln> |
