int(1933)

Vulnerability Bulletins

Aumento de privilegios en Unzip

Vulnerability classification
Property Value
Confidence level Oficial
Impact Aumento de privilegios
Dificulty Principiante
Required attacker level Acceso remoto con cuenta

System information
Property Value
Affected manufacturer GNU/Linux
Affected software Unzip <= 5.51

Description
Se ha descubierto una vulnerabilidad en Unzip versión 5.51 y anteriores. La vulnerabilidad reside en que Unzip no alerta al usuario cuando se extraen ficheros con permisos setuid y setgid.

Un atacante local podría elevar sus privilegios mediante un fichero zip que incluya un fichero ejecutable con permisos setuid y setgid.

Existe una prueba de concepto disponible.

Solution


Actualización de software

Mandriva

Corporate Server 2.1
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/RPMS/unzip-5.50-4.4.C21mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/2.1/SRPMS/unzip-5.50-4.4.C21mdk.src.rpm

Mandriva Linux 10.1
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/RPMS/unzip-5.51-1.2.101mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/RPMS/unzip-5.51-1.2.101mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.1/SRPMS/unzip-5.51-1.2.101mdk.src.rpm

Corporate 3.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/RPMS/unzip-5.50-9.2.C30mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/corporate/3.0/SRPMS/unzip-5.50-9.2.C30mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/RPMS/unzip-5.50-9.2.C30mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/corporate/3.0/SRPMS/unzip-5.50-9.2.C30mdk.src.rpm

Multi Network Firewall 2.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/RPMS/unzip-5.50-9.2.M20mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/mnf/2.0/SRPMS/unzip-5.50-9.2.M20mdk.src.rpm

Mandriva Linux 10.2
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/RPMS/unzip-5.51-1.2.102mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/10.2/SRPMS/unzip-5.51-1.2.102mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/RPMS/unzip-5.51-1.2.102mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/10.2/SRPMS/unzip-5.51-1.2.102mdk.src.rpm

Mandriva Linux 2006.0
X86
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/RPMS/unzip-5.52-1.2.20060mdk.i586.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/2006.0/SRPMS/unzip-5.52-1.2.20060mdk.src.rpm
X86_64
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/RPMS/unzip-5.52-1.2.20060mdk.x86_64.rpm
ftp://ftp.ps.pl/mirrors/Mandrakelinux/official/updates/x86_64/2006.0/SRPMS/unzip-5.52-1.2.20060mdk.src.rpm

Sun(103150)
Solaris 9 / SPARC / patch 112951-14
Solaris 8 / SPARC / patch 108987-19
Solaris 8 / x86 / patch 108988-19
Solaris 9 / x86 / patch 114194-11
Solaris 10 / SPARC / patch 119254-46
Solaris 10 / x86 / patch 119255-46
http://sunsolve.sun.com/pub-cgi/show.pl?target=patchpage

Standar resources
Property Value
CVE CVE-2005-0602
BID

Other resources
Mandriva Security Advisory (MDKSA-2005:197)
http://www.mandriva.com/security/advisories?name=MDKSA-2005:197

Sun Alert Notification (103150)
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103150-1

Version history
Version Comments Date
1.0 Aviso emitido 2005-10-28
1.1 Aviso emitido por Sun (103150) 2007-11-15
1.2 Aviso actualizado por Sun (103150) 2007-11-29
1.3 Aviso actualizado por Sun (103150) 2007-12-04
1.4 Aviso actualizado por Sun (103150) 2008-01-04
Ministerio de Defensa
CNI
CCN
CCN-CERT