CVE-2005-0602
CVSS6.2
发布时间 :2005-05-02 00:00:00
修订时间 :2016-10-17 23:12:58
NMCOS    

[原文]Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.


[CNNVD]Info-ZIP UnZip本地权限提升漏洞(CNNVD-200505-377)

        unzip是在Unix下对.zip文件格式进行解压的工具。
        Info-ZIP unzip中存在权限提升漏洞,成功利用这个漏洞的攻击者可以以root权限执行任意命令。。

- CVSS (基础分值)

CVSS分值: 6.2 [中等(MEDIUM)]
机密性影响: COMPLETE [完全的信息泄露导致所有系统文件暴露]
完整性影响: COMPLETE [系统完整性可被完全破坏]
可用性影响: COMPLETE [可能导致系统完全宕机]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:info-zip:unzip:5.50
cpe:/a:info-zip:unzip:5.51

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0602
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-0602
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200505-377
(官方数据源) CNNVD

- 其它链接及资源

http://marc.info/?l=bugtraq&m=110960796331943&w=2
(UNKNOWN)  BUGTRAQ  20050228 7a69Adv#22 - UNIX unzip keep setuid and setgid files
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103150-1
(UNKNOWN)  SUNALERT  103150
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200844-1
(UNKNOWN)  SUNALERT  200844
http://www.info-zip.org/FAQ.html
(UNKNOWN)  CONFIRM  http://www.info-zip.org/FAQ.html
http://www.mandriva.com/security/advisories?name=MDKSA-2005:197
(UNKNOWN)  MANDRIVA  MDKSA-2005:197
http://www.securityfocus.com/bid/14447
(UNKNOWN)  BID  14447
http://www.trustix.org/errata/2005/0053/
(UNKNOWN)  TRUSTIX  2005-0053
http://www.vupen.com/english/advisories/2007/3866
(UNKNOWN)  VUPEN  ADV-2007-3866

- 漏洞信息

Info-ZIP UnZip本地权限提升漏洞
中危 设计错误
2005-05-02 00:00:00 2005-10-20 00:00:00
本地  
        unzip是在Unix下对.zip文件格式进行解压的工具。
        Info-ZIP unzip中存在权限提升漏洞,成功利用这个漏洞的攻击者可以以root权限执行任意命令。。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复此安全问题,补丁获取链接:
        http://ftp.info-zip.org/pub/infozip/src/unzip552.tar.gz

- 漏洞信息

14390
UnZip Extracted File setuid/setgid Weakness
Local Access Required Input Manipulation
Loss of Integrity Upgrade
Exploit Public Vendor Verified, Coordinated Disclosure

- 漏洞描述

UnZip contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when extracting setuid or setgid files, allowing a local attacker to gain root privileges.

- 时间线

2005-02-28 2005-01-12
2005-02-28 2005-02-28

- 解决方案

Upgrade to version 5.52 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Info-ZIP UnZip Privilege Escalation Vulnerability
Design Error 14447
No Yes
2005-02-27 12:00:00 2008-02-05 09:26:00
The original discoverer of this vulnerability is currently unknown.

- 受影响的程序版本

Sun Solaris 9_x86
Sun Solaris 9
Sun Solaris 8_x86
Sun Solaris 8_sparc
Sun Solaris 10_x86
Sun Solaris 10
Nortel Networks Self-Service Speech Server 0
Nortel Networks Self-Service - CCSS7 0
Nortel Networks Peri Workstation 0
Nortel Networks Peri CTX 0
Nortel Networks Peri Application 0
Nortel Networks Multiservice Switch - MDM 0
Nortel Networks Multiservice Data Manager (Operator Client) 0
Nortel Networks Multiservice Data Manager 0
Nortel Networks Media Processing Server
Nortel Networks Enterprise NMS 0
Mandriva Linux Mandrake 2006.0 x86_64
Mandriva Linux Mandrake 2006.0
Mandriva Linux Mandrake 10.2 x86_64
Mandriva Linux Mandrake 10.2
Mandriva Linux Mandrake 10.1 x86_64
Mandriva Linux Mandrake 10.1
MandrakeSoft Multi Network Firewall 2.0
MandrakeSoft Corporate Server 3.0 x86_64
MandrakeSoft Corporate Server 3.0
MandrakeSoft Corporate Server 2.1 x86_64
MandrakeSoft Corporate Server 2.1
Info-ZIP UnZip 5.51
+ Trustix Secure Linux 2.2
+ Ubuntu Ubuntu Linux 5.0 4 powerpc
+ Ubuntu Ubuntu Linux 5.0 4 i386
+ Ubuntu Ubuntu Linux 5.0 4 amd64
+ Ubuntu Ubuntu Linux 4.1 ppc
+ Ubuntu Ubuntu Linux 4.1 ia64
+ Ubuntu Ubuntu Linux 4.1 ia32
Info-ZIP UnZip 5.50
+ Conectiva Linux 9.0
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Debian Linux 3.0 sparc
+ Debian Linux 3.0 s/390
+ Debian Linux 3.0 ppc
+ Debian Linux 3.0 mipsel
+ Debian Linux 3.0 mips
+ Debian Linux 3.0 m68k
+ Debian Linux 3.0 ia-64
+ Debian Linux 3.0 ia-32
+ Debian Linux 3.0 hppa
+ Debian Linux 3.0 arm
+ Debian Linux 3.0 alpha
+ Debian Linux 3.0
+ MandrakeSoft Corporate Server 2.1
+ MandrakeSoft Multi Network Firewall 2.0
+ Mandriva Linux Mandrake 9.1 ppc
+ Mandriva Linux Mandrake 9.1
+ Mandriva Linux Mandrake 9.0
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ OpenPKG OpenPKG 1.2
+ OpenPKG OpenPKG 1.1
+ OpenPKG OpenPKG Current
+ Red Hat Linux 6.2
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 sparc
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Slackware Linux 9.0
+ Slackware Linux -current
+ Sun Linux 5.0.6
Info-ZIP UnZip 5.42
+ Conectiva Linux 8.0
+ Conectiva Linux 7.0
+ Conectiva Linux 6.0
+ Gentoo Linux 1.4 _rc1
+ Gentoo Linux 1.2
+ MandrakeSoft Corporate Server 1.0.1
+ MandrakeSoft Single Network Firewall 7.2
+ Mandriva Linux Mandrake 8.2 ppc
+ Mandriva Linux Mandrake 8.2
+ Mandriva Linux Mandrake 8.1 ia64
+ Mandriva Linux Mandrake 8.1
+ Mandriva Linux Mandrake 8.0 ppc
+ Mandriva Linux Mandrake 8.0
+ Mandriva Linux Mandrake 7.2
+ Mandriva Linux Mandrake 7.1
+ Red Hat Linux 6.2
+ RedHat Linux 7.2 ia64
+ RedHat Linux 7.2 i386
+ RedHat Linux 7.2 alpha
+ RedHat Linux 7.2
+ RedHat Linux 7.1 ia64
+ RedHat Linux 7.1 i386
+ RedHat Linux 7.1 alpha
+ RedHat Linux 7.1
+ RedHat Linux 7.0 i386
+ RedHat Linux 7.0 alpha
+ RedHat Linux 7.0
+ RedHat Linux 6.2 sparc
+ RedHat Linux 6.2 i386
+ RedHat Linux 6.2 alpha
+ Sun Linux 5.0
Info-ZIP UnZip 5.41
Info-ZIP UnZip 5.40
Info-ZIP UnZip 5.32
Info-ZIP UnZip 5.31
Info-ZIP UnZip 5.3
Info-ZIP UnZip 5.2
Avaya Interactive Response 1.3
Avaya Interactive Response 3.0
Avaya Interactive Response 2.0
Avaya CMS Server 13.0
Avaya CMS Server 12.0
Avaya CMS Server 14.0
Avaya CMS Server 13.1
Info-ZIP UnZip 5.52
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Trustix Secure Linux 3.0

- 不受影响的程序版本

Info-ZIP UnZip 5.52
+ Debian Linux 3.1 sparc
+ Debian Linux 3.1 s/390
+ Debian Linux 3.1 ppc
+ Debian Linux 3.1 mipsel
+ Debian Linux 3.1 mips
+ Debian Linux 3.1 m68k
+ Debian Linux 3.1 ia-64
+ Debian Linux 3.1 ia-32
+ Debian Linux 3.1 hppa
+ Debian Linux 3.1 arm
+ Debian Linux 3.1 amd64
+ Debian Linux 3.1 alpha
+ Debian Linux 3.1
+ Trustix Secure Linux 3.0

- 漏洞讨论

Info-ZIP UnZip is prone to a privilege-escalation issue because of improper handling of permissions contained in ZIP archives during decompression.

If users with superuser privileges use UnZip to decompress archives with setuid or setgid permissions, malicious binaries may be created that allow attackers to gain superuser privileges and compromise the computer.

- 漏洞利用

An exploit is not required.

- 解决方案

The vendor has released UnZip 5.52 to address this issue. Please see the references for more information.


Sun Solaris 8_sparc

Sun Solaris 9

Sun Solaris 9_x86

Sun Solaris 8_x86

Info-ZIP UnZip 5.2

Info-ZIP UnZip 5.3

Info-ZIP UnZip 5.31

Info-ZIP UnZip 5.32

Info-ZIP UnZip 5.40

Info-ZIP UnZip 5.41

Info-ZIP UnZip 5.42

Info-ZIP UnZip 5.50

Info-ZIP UnZip 5.51

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站