[USN-159-1] unzip vulnerability

Martin Pitt martin.pitt at canonical.com
Mon Aug 1 11:41:15 UTC 2005


===========================================================
Ubuntu Security Notice USN-159-1            August 01, 2005
unzip vulnerability
CAN-2005-0602
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 4.10 (Warty Warthog)
Ubuntu 5.04 (Hoary Hedgehog)

The following packages are affected:

unzip

The problem can be corrected by upgrading the affected package to
version 5.51-2ubuntu0.1 (for Ubuntu 4.10), or 5.51-2ubuntu1.1 (for
Ubuntu 5.04).  In general, a standard system upgrade is sufficient to
effect the necessary changes.

Details follow:

If a ZIP archive contains binaries with the setuid and/or setgid bit
set, unzip preserved those bits when extracting the archive. This
could be exploited by tricking the administrator into unzipping an
archive with a setuid-root binary into a directory the attacker can
access.  This allowed the attacker to execute arbitrary commands with
root privileges.

The updated version does not preserve setuid, setgid, and sticky bits
any more by default. The old behaviour can be explicitly requested now
by supplying the option '-K'.


Updated packages for Ubuntu 4.10 (Warty Warthog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1.diff.gz
      Size/MD5:     5058 5ed7b2fd196c7481a038486669df1667
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1.dsc
      Size/MD5:      534 b04ea621f49716157fdff3f9379f842a
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
      Size/MD5:  1112594 8a25712aac642430d87d21491f7c6bd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1_amd64.deb
      Size/MD5:   147314 77f0b2321e625fef72cf04f80a7e841a

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1_i386.deb
      Size/MD5:   133786 f6d0d6c32d193b12009fab6ea946bce6

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu0.1_powerpc.deb
      Size/MD5:   149620 1efec44b8a4be7756f47f3a6201acde4

Updated packages for Ubuntu 5.04 (Hoary Hedgehog):

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1.diff.gz
      Size/MD5:     5944 11944741502707e5b1d8de30c37db17b
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1.dsc
      Size/MD5:      534 6e462e58df9c99892f2401f863dd9bdc
    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51.orig.tar.gz
      Size/MD5:  1112594 8a25712aac642430d87d21491f7c6bd1

  amd64 architecture (Athlon64, Opteron, EM64T Xeon)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1_amd64.deb
      Size/MD5:   147438 a026e8229b7590f5307d005b1f612af3

  i386 architecture (x86 compatible Intel/AMD)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1_i386.deb
      Size/MD5:   134676 75d9f59b79498117e498495126cdf873

  powerpc architecture (Apple Macintosh G3/G4/G5)

    http://security.ubuntu.com/ubuntu/pool/main/u/unzip/unzip_5.51-2ubuntu1.1_powerpc.deb
      Size/MD5:   150988 597d27bb8ea7978b7549a65e39745a49
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20050801/87a949f1/attachment.pgp>


More information about the ubuntu-security-announce mailing list