Info-ZIP UnZip敌对目标路径漏洞-一一网

漏洞信息详情

Info-ZIP UnZip敌对目标路径漏洞

CNNVD编号：CNNVD-200107-076

危害等级：低危
CVE编号：
CVE-2001-1268
漏洞类型：

路径遍历
发布时间：

2001-07-12
威胁类型：

本地
更新时间：

2005-10-20
厂商：

info-zip
漏洞来源：
Reported by 3APA3A…

漏洞简介

Info-ZIP UnZip 5.42及其早期版本存在目录遍历漏洞。远程攻击者可以在提取存档期间借助提取文件名中的..（点点）覆盖任意文件。

漏洞公告

Gentoo Linux has released an advisory. It is highly suggested that users who have installed app-arch/unzip-5.42-r1 and earlier update their systems by issuing the following commands:
emerge rsync
emerge unzip
emerge clean
HP has released an advisory for HP Secure OS Software for Linux Release 1.0 instructing users to install the packages listed under Red Hat Linux 7.1 i386 in the attached Red Hat advisory (RHSA-2002:096).
FreeBSD has released upgrades. Users are advised to upgrade their Ports
collection and reinstall the affected port.
Fixes are available:
Info-ZIP UnZip 5.42

Conectiva unzip-5.50-1U60_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/6.0/RPMS/unzip-5.50-1U60_1cl.i386.
rpm
Conectiva unzip-5.50-1U70_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/7.0/RPMS/unzip-5.50-1U70_1cl.i386.
rpm
Conectiva unzip-5.50-1U80_1cl.i386.rpm
ftp://atualizacoes.conectiva.com.br/8/RPMS/unzip-5.50-1U80_1cl.i386.rp
m
MandrakeSoft unzip-5.50-2.1mdk.i586.rpmCorporate Server 1.0.1

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.i586.rpmMandrake Linux 7.1

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.i586.rpmMandrake Linux 7.2

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.i586.rpmMandrake Linux 8.0

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.i586.rpmMandrake Linux 8.1

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.i586.rpmMandrake Linux 8.2

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.i586.rpmSingle Network Firewall 7.2

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.ia64.rpmMandrake Linux 8.1/ia64

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.ppc.rpmMandrake Linux 8.0/ppc

http://www.mandrakesecure.net/en/ftp.php
MandrakeSoft unzip-5.50-2.1mdk.ppc.rpmMandrake Linux 8.2/ppc

http://www.mandrakesecure.net/en/ftp.php
Red Hat unzip-5.50-1.62.alpha.rpm
ftp://updates.redhat.com/6.2/en/os/alpha/unzip-5.50-1.62.alpha.rpm
Red Hat unzip-5.50-1.62.i386.rpm
ftp://updates.redhat.com/6.2/en/os/i386/unzip-5.50-1.62.i386.rpm
Red Hat unzip-5.50-1.62.sparc.rpm
ftp://updates.redhat.com/6.2/en/os/sparc/unzip-5.50-1.62.sparc.rpm
Red Hat unzip-5.50-2.alpha.rpm
ftp://updates.redhat.com/7.0/en/os/alpha/unzip-5.50-2.alpha.rpm
Red Hat unzip-5.50-2.alpha.rpm
ftp://updates.redhat.com/7.1/en/os/alpha/unzip-5.50-2.alpha.rpm
Red Hat unzip-5.50-2.i386.rpm
ftp://updates.redhat.com/7.0/en/os/i386/unzip-5.50-2.i386.rpm
Red Hat unzip-5.50-2.i386.rpm
ftp://updates.redhat.com/7.1/en/os/i386/unzip-5.50-2.i386.rpm
Red Hat unzip-5.50-2.i386.rpm
ftp://updates.redhat.com/7.2/en/os/i386/unzip-5.50-2.i386.rpm
Red Hat unzip-5.50-2.ia64.rpm
ftp://updates.redhat.com/7.1/en/os/ia64/unzip-5.50-2.ia64.rpm
Red Hat unzip-5.50-2.ia64.rpm
ftp://updates.redhat.com/7.2/en/os/ia64/unzip-5.50-2.ia64.rpm
Sun unzip-5.50-2.i386.rpm

http://sunsolve.sun.com/patches/linux/security.html
Sun Qube3-All-Security-4.0.1-16170.pkg

http://sunsolve.sun.com/patches/cobalt/
Sun RaQ3-All-Security-5.0.1-16170.pkg

http://sunsolve.sun.com/patches/cobalt/
Sun RaQ4-All-Security-2.0.2-16170.pkg

http://sunsolve.sun.com/patches/cobalt/
Sun RaQ550-All-Security-0.0.1-16170.pkg

http://sunsolve.sun.com/patches/cobalt/
Sun RaQXTR-All-Security-1.0.1-16170.pkg

http://sunsolve.sun.com/patches/cobalt/

参考网址

来源: BUGTRAQ
名称: 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
链接:http://online.securityfocus.com/archive/1/196445

来源: www.info-zip.org
链接:http://www.info-zip.org/pub/infozip/UnZip.html

来源: SUNALERT
名称: 1000928
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1

来源: SUNALERT
名称: 47800
链接:http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1