MDKSA-2005:197 - Updated unzip packages fix suid, permissions vulnerabilities.
Posted on: 10/26/2005 11:12 PM

The Mandriva Security Team published a new security update: MDKSA-2005:197 - Updated unzip packages fix suid, permissions vulnerabilities. for Mandriva Linux. Here the announcement:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_______________________________________________________________________

Mandriva Linux Security Advisory MDKSA-2005:197
http://www.mandriva.com/security/
_______________________________________________________________________

Package : unzip
Date : October 26, 2005
Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0
_______________________________________________________________________

Problem Description:

Unzip 5.51 and earlier does not properly warn the user when
extracting setuid or setgid files, which may allow local users
to gain privileges. (CAN-2005-0602)

Imran Ghory found a race condition in the handling of output files.
While a file was unpacked by unzip, a local attacker with write
permissions to the target directory could exploit this to change the
permissions of arbitrary files of the unzip user. This affects
versions of unzip 5.52 and lower (CAN-2005-2475)

The updated packages have been patched to address these issues.
_______________________________________________________________________

References:

http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-0602
http://cve.mitre.org/cgi-bin/cvename.cgi?nameÊN-2005-2475
_______________________________________________________________________

Updated Packages:

Corporate Server 2.1:
7588a2f5d443685a928d3c3feb547aba corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.i586.rpm
7d3e7ef187a36a39b3427d0d38959189 corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm

Corporate Server 2.1/X86_64:
79aa9befeb7ed8de2220afc3fb3d1886 x86_64/corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.x86_64.rpm
7d3e7ef187a36a39b3427d0d38959189 x86_64/corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm

Mandriva Linux 10.1:
cb3280ad8d82e7f7108ed7a5336217ea 10.1/RPMS/unzip-5.51-1.2.101mdk.i586.rpm
0ec9c5f7200a6bc97429408d49f26252 10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm

Mandriva Linux 10.1/X86_64:
67cb90cf939bd25c74deba5e45d6dbb8 x86_64/10.1/RPMS/unzip-5.51-1.2.101mdk.x86_64.rpm
0ec9c5f7200a6bc97429408d49f26252 x86_64/10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm

Corporate 3.0:
b17cff4c27c1a268fd3cd7cec5661c12 corporate/3.0/RPMS/unzip-5.50-9.2.C30mdk.i586.rpm
1aedfd6f58ec41f16c72f3581744812e corporate/3.0/SRPMS/unzip-5.50-9.2.C30mdk.src.rpm

Corporate 3.0/X86_64:
0b6a7cbd46e1ae821ad90bfc9623d86b x86_64/corporate/3.0/RPMS/unzip-5.50-9.2.C30mdk.x86_64.rpm
1aedfd6f58ec41f16c72f3581744812e x86_64/corporate/3.0/SRPMS/unzip-5.50-9.2.C30mdk.src.rpm

Multi Network Firewall 2.0:
09797c30705503bef945eac7ae58e6ba mnf/2.0/RPMS/unzip-5.50-9.2.M20mdk.i586.rpm
81f25b8506bab3e2d467a918247a24ea mnf/2.0/SRPMS/unzip-5.50-9.2.M20mdk.src.rpm

Mandriva Linux 10.2:
2fbac32dc8e75c593af39fda3abb2b85 10.2/RPMS/unzip-5.51-1.2.102mdk.i586.rpm
95661a9046eb3b823a631ad85d9e0805 10.2/SRPMS/unzip-5.51-1.2.102mdk.src.rpm

Mandriva Linux 10.2/X86_64:
099a8fe40622a82cabd9495cdf52377a x86_64/10.2/RPMS/unzip-5.51-1.2.102mdk.x86_64.rpm
95661a9046eb3b823a631ad85d9e0805 x86_64/10.2/SRPMS/unzip-5.51-1.2.102mdk.src.rpm

Mandriva Linux 2006.0:
36aa8d839b74be9bb71fffd19f55e20c 2006.0/RPMS/unzip-5.52-1.2.20060mdk.i586.rpm
0dce17e0e7ff5040bf7d28802df8de7c 2006.0/SRPMS/unzip-5.52-1.2.20060mdk.src.rpm

Mandriva Linux 2006.0/X86_64:
10ac5d8076fa230106359170360a5f23 x86_64/2006.0/RPMS/unzip-5.52-1.2.20060mdk.x86_64.rpm
0dce17e0e7ff5040bf7d28802df8de7c x86_64/2006.0/SRPMS/unzip-5.52-1.2.20060mdk.src.rpm
_______________________________________________________________________

To upgrade automatically use MandrivaUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

All packages are signed by Mandriva for security. You can obtain the
GPG public key of the Mandriva Security Team by executing:

gpg --recv-keys --keyserver pgp.mit.edu 0x22458A98

You can view other update advisories for Mandriva Linux at:

http://www.mandriva.com/security/advisories

If you want to report vulnerabilities, please contact

security_(at)_mandriva.com
_______________________________________________________________________

Type Bits/KeyID Date User ID
pub 1024D/22458A98 2000-07-10 Mandriva Security Team
lt;security*mandriva.comgt;
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFDX/bHmqjQ0CJFipgRAu/dAKDkvstFLoqaBkWZAJmBF7ymm4SFVgCfSOak
4YlJec53w5WEyuPn7PXTSPE=
=prpn
-----END PGP SIGNATURE-----



Printed from Linux Compatible (http://www.linuxcompatible.org/news/story/_mdksa_2005197__updated_unzip_packages_fix_suidpermissions_vulnerabilities.html)