[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20050801114115.GB18335@piware.de>
Date: Mon Aug 1 12:41:36 2005
From: martin.pitt at canonical.com (Martin Pitt)
Subject: [USN-159-1] unzip vulnerability
===========================================================
Ubuntu Security Notice USN-159-1 August 01, 2005
unzip vulnerability
CAN-2005-0602
===========================================================
A security issue affects the following Ubuntu releases:
Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)
The following packages are affected:
unzip
The problem can be corrected by upgrading the affected package to
version 5.51-2ubuntu0.1 (for Ubuntu 4.10), or 5.51-2ubuntu1.1 (for
Ubuntu 5.04). In general, a standard system upgrade is sufficient to
effect the necessary changes.
Details follow:
If a ZIP archive contains binaries with the setuid and/or setgid bit
set, unzip preserved those bits when extracting the archive. This
could be exploited by tricking the administrator into unzipping an
archive with a setuid-root binary into a directory the attacker can
access. This allowed the attacker to execute arbitrary commands with
root privileges.
The updated version does not preserve setuid, setgid, and sticky bits
any more by default. The old behaviour can be explicitly requested now
by supplying the option '-K'.
Updated packages for Ubuntu 4.10 (Warty Warthog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1.diff.gz
Size/MD5: 5058 5ed7b2fd196c7481a038486669df1667
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1.dsc
Size/MD5: 534 b04ea621f49716157fdff3f9379f842a
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
Size/MD5: 1112594 8a25712aac642430d87d21491f7c6bd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1_amd64.deb
Size/MD5: 147314 77f0b2321e625fef72cf04f80a7e841a
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1_i386.deb
Size/MD5: 133786 f6d0d6c32d193b12009fab6ea946bce6
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1_powerpc.deb
Size/MD5: 149620 1efec44b8a4be7756f47f3a6201acde4
Updated packages for Ubuntu 5.04 (Hoary Hedgehog):
Source archives:
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1.diff.gz
Size/MD5: 5944 11944741502707e5b1d8de30c37db17b
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1.dsc
Size/MD5: 534 6e462e58df9c99892f2401f863dd9bdc
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
Size/MD5: 1112594 8a25712aac642430d87d21491f7c6bd1
amd64 architecture (Athlon64, Opteron, EM64T Xeon)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1_amd64.deb
Size/MD5: 147438 a026e8229b7590f5307d005b1f612af3
i386 architecture (x86 compatible Intel/AMD)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1_i386.deb
Size/MD5: 134676 75d9f59b79498117e498495126cdf873
powerpc architecture (Apple Macintosh G3/G4/G5)
http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1_powerpc.deb
Size/MD5: 150988 597d27bb8ea7978b7549a65e39745a49
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050801/87a949f1/attachment.bin
Powered by blists - more mailing lists