Red Hat Bugzilla – Bug 178961
CVE-2005-4667 unzip long filename buffer overflow
Last modified: 2007-11-30 17:11:22 EST
unzip long filename buffer overflow
unzip is vulnerable to a filename buffer overflow vulnerability. It
may be possible to execute arbitrary code as the user running unzip.
This issue can be verified with the following command:
unzip `perl -e 'print "A" x 50000'`
This issue also affects FC5
fc5 and fc4 versions are fixed (unzip-5.52-2 and unzip-5.51-13.fc4).
What about various RHEL releases? It seems to me that the bug is present in
all of these (and really the same fix).
We are tracking the RHEL issue as bug 178960. We have rated this issue as low,
which means we likely won't release an update for this package just for this fix
(we will wait for other more important issues). If you have any concerns please
feel free to mail me.