Heads up - serious vulnerability in 'unzip'
Spicer, Kevin
Kevin.Spicer at BMRB.CO.UK
Tue Jul 8 09:13:43 IST 2003
Theres a problem with unzip. Looks like it could be serious for anyone running MailScanner as root where the virus scanner uses external unzip (such as Clam). Patches are available.
(from http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0282 )
Directory traversal vulnerability in UnZip 5.50 allows attackers to overwrite arbitrary files via invalid characters between two . (dot) characters, which are filtered and result in a ".." sequence.
BMRB International
http://www.bmrb.co.uk
+44 (0)20 8566 5000
_________________________________________________________________
This message (and any attachment) is intended only for the
recipient and may contain confidential and/or privileged
material. If you have received this in error, please contact the
sender and delete this message immediately. Disclosure, copying
or other action taken in respect of this email or in
reliance on it is prohibited. BMRB International Limited
accepts no liability in relation to any personal emails, or
content of any email which does not directly relate to our
business.
More information about the MailScanner
mailing list