CVE-2005-4667 - Secunia Advisories - Vulnerability Information

CVE Reference: CVE-2005-4667
NOTE: The text on this page is written by CVE MITRE and reflects neither the opinions of Secunia or the results of our research. All data on this page is written and maintained by CVE MITRE.

Original Page at CVE MITRE: CVE-2005-4667

Description: Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.

CVE Status: Candidate

References: UBUNTU http://www.ubuntulinux.org/support/documentation/usn/usn-248-1 http://www.ubuntulinux.org/support/documentation/usn/usn-248-2 TRUSTIX http://www.trustix.org/errata/2006/0006 SAID Secunia Advisory: SA25098 REDHAT http://www.redhat.com/support/errata/RHSA-2007-0203.html OSVDB 22400 MANDRIVA http://frontal2.mandriva.com/security/advisories?name=MDKSA-2006:050 FULLDISC http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html FEDORA http://www.securityfocus.com/archive/1/archive/1/430300/100/0/threaded DEBIAN http://www.debian.org/security/2006/dsa-1012 BID 15968

Return to the previous page.