Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://secunia.com/advisories/25098 | third party advisory |
| https://usn.ubuntu.com/248-2/ | vendor advisory |
| http://www.info-zip.org/FAQ.html | |
| http://www.securityfocus.com/archive/1/430300/100/0/threaded | vendor advisory |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:050 | vendor advisory |
| http://www.trustix.org/errata/2006/0006 | patch vendor advisory |
| https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252 | vdb entry signature |
| http://www.redhat.com/support/errata/RHSA-2007-0203.html | vendor advisory |
| https://usn.ubuntu.com/248-1/ | vendor advisory |
| http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html | mailing list exploit |
| http://www.osvdb.org/22400 | vdb entry |
| http://www.securityfocus.com/bid/15968 | vdb entry exploit |
| http://www.debian.org/security/2006/dsa-1012 | patch vendor advisory |