Red Hat Bugzilla – Bug 98328
CAN-2003-0282 vulnerability in unzip 5.50 allows malicious zip file to write to ../
Last modified: 2007-11-30 17:06:53 EST
Description of problem:
By inserting non-printable characters into a directory, for instance:
One may create a zip file which, when extracted, will bypass the "writing to
../" security check (if the user has not specified the "-:" command line
option), thus opening up the potential for a trojan horse program:
Version-Release number of selected component (if applicable):
Steps to Reproduce: Unzip the attached testcase.zip.
Actual Results: Stuff created in parent directory (../) without the -: option.
Expected Results: Stuff created in current directory.
An errata has been issued which should help the problem described in this bug report.
This report is therefore being closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files, please follow the link below. You may reopen
this bug report if the solution does not work for you.