Upstream information
Description
Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.SUSE information
Overall state of this security issue: Resolved
This issue is currently not rated by SUSE as it is not affecting the SUSE Enterprise products.
| National Vulnerability Database | |
|---|---|
| Base Score | 1.2 |
| Vector | AV:L/AC:H/Au:N/C:P/I:N/A:N |
| Access Vector | Local |
| Access Complexity | High |
| Authentication | None |
| Confidentiality Impact | Partial |
| Integrity Impact | None |
| Availability Impact | None |
Note from the SUSE Security Team
This issue was fixed for SUSE Linux Enterprise Server 11 and newer products. Older products are affected, but will not receive fixes due to the low severity of this problem. SUSE Bugzilla entry: 274156 [RESOLVED / FIXED] No SUSE Security Announcements cross referenced.List of released packages
| Product(s) | Fixed package version(s) | References |
|---|---|---|
| SUSE Linux Enterprise Server 11 SP1 |
| Patchnames: SUSE Linux Enterprise Server 11 SP1 GA unzip-5.52-142.23.43 |
| SUSE Linux Enterprise Server 11 SP2 |
| Patchnames: SUSE Linux Enterprise Server 11 SP2 GA unzip-6.00-11.7.1 |
| SUSE Linux Enterprise Server 11 SP3 |
| Patchnames: SUSE Linux Enterprise Server 11 SP3 GA unzip-6.00-11.7.1 |
| SUSE Linux Enterprise Server 11 SP4 |
| Patchnames: SUSE Linux Enterprise Server 11 SP4 GA unzip-6.00-11.13.1 |
| openSUSE Tumbleweed |
| Patchnames: openSUSE-Tumbleweed-2024-11485 |
SUSE Timeline for this CVE
CVE page created: Fri Jun 28 01:43:07 2013CVE page last modified: Tue Sep 3 18:10:43 2024