Vulnerability Details : CVE-2005-0602
Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.
Products affected by CVE-2005-0602
- cpe:2.3:a:info-zip:unzip:*:*:*:*:*:*:*:*
- cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2005-0602
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 8 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2005-0602
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.2
|
MEDIUM | AV:L/AC:H/Au:N/C:C/I:C/A:C |
1.9
|
10.0
|
NIST |
Vendor statements for CVE-2005-0602
-
Red Hat 2006-08-30We do not consider this a security vulnerability; this is the expected behaviour.
References for CVE-2005-0602
-
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200844-1
-
http://www.vupen.com/english/advisories/2007/3866
Site en construction
-
http://www.securityfocus.com/bid/14447
-
http://marc.info/?l=bugtraq&m=110960796331943&w=2
'7a69Adv#22 - UNIX unzip keep setuid and setgid files' - MARC
-
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103150-1
-
http://www.trustix.org/errata/2005/0053/
Trustix | Empowering Trust and Security in the Digital Age
-
http://www.info-zip.org/FAQ.html
Info-ZIP Frequently Asked Questions
-
http://www.mandriva.com/security/advisories?name=MDKSA-2005:197
Mandriva
Jump to