1.2 CVE-2005-2475

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.
https://nvd.nist.gov/vuln/detail/CVE-2005-2475

References

BID

14450

BUGTRAQ

20050801 unzip TOCTOU file-permissions vulnerability

CONFIRM

http://www.info-zip.org/FAQ.html

DEBIAN

DSA-903

MANDRIVA

MDKSA-2005:197

OSVDB

18530

OVAL

oval:org.mitre.oval:def:9975

REDHAT

RHSA-2007:0203

SCO

SCOSA-2005.39

SECUNIA

16309
16985
17006
17045
17342
17653
25098

SREASON

32

TRUSTIX

2005-0053

UBUNTU

USN-191-1

CPE

cpe	start	end
Configuration 1
cpe:2.3:a:info-zip:unzip:5.52:::::::*

REMEDIATION

EXPLOITS

Exploit-db.com

id	description	date
No known exploits

Other (github, ...)

Url
No known exploits

CAPEC

Common Attack Pattern Enumerations and Classifications

id	description	severity
No entry

MITRE

Sherlock® flash

Take a picture of your computer network in a few clicks !

The Sherlock® flash audit solution allows you to perform an audit to strengthen the security of your IT assets. Vulnerability analysis of your physical and virtual equipment. Patch planning by priority level and time available. Detailed and intuitive reporting.

Discover this offer

Sherlock® flash: 1st instant cybersecurity audit solution