Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2005-4667HistoryJan 25, 2006 - 9:00 p.m.
CVE-2005-4667
2006-01-2521:00:00
Debian Security Bug Tracker
security-tracker.debian.org
14
CVSS2
3.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.002
Percentile
58.8%
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | unzip | < 5.52-7 | unzip_5.52-7_all.deb |
| Debian | 11 | all | unzip | < 5.52-7 | unzip_5.52-7_all.deb |
| Debian | 999 | all | unzip | < 5.52-7 | unzip_5.52-7_all.deb |
| Debian | 13 | all | unzip | < 5.52-7 | unzip_5.52-7_all.deb |
Related
nessus
nessus
Ubuntu 4.10 / 5.04 / 5.10 : unzip vulnerability (USN-248-1)
2006-03-13 00:00:00
Debian DSA-1012-1 : unzip - buffer overflow
2006-10-14 00:00:00
Fedora Core 4 : unzip-5.51-13.fc4 (2006-098)
2006-02-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1012-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1012-1 (unzip)
2008-01-17 00:00:00
exploitdb
exploitdb
Info-ZIP UnZip 5.x - File Name Buffer Overflow
2005-12-19 00:00:00
ubuntucve
ubuntucve
CVE-2005-4667
2005-12-31 00:00:00
debian
debian
[SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution
2006-03-21 08:24:18
[SECURITY] [DSA 1012-1] New unzip packages fix arbitrary code execution
2006-03-21 08:24:18
nvd
nvd
CVE-2005-4667
2005-12-31 05:00:00
osv
osv
unzip - buffer overflow
2006-03-21 00:00:00
ubuntu
ubuntu
unzip vulnerability
2006-02-15 00:00:00
cve
cve
CVE-2005-4667
2006-01-25 21:00:00
cvelist
cvelist
CVE-2005-4667
2006-01-25 21:00:00
centos
centos
unzip security update
2007-05-02 08:59:05
oraclelinux
oraclelinux
Low unzip security and bug fix update
2007-05-17 00:00:00
redhat
redhat
(RHSA-2007:0203) Low: unzip security and bug fix update
2007-05-01 00:00:00
CVSS2
3.7
Attack Vector
LOCAL
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:H/Au:N/C:P/I:P/A:P
EPSS
0.002
Percentile
58.8%
Related for DEBIANCVE:CVE-2005-4667