FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

unzip -- permission race vulnerability

Affected packages
ko-unzip < 5.52_2
unzip < 5.52_2
zh-unzip < 5.52_2

Details

VuXML ID 9750cf22-216d-11da-bc01-000e0c2e438a
Discovery 2005-08-02
Entry 2005-09-13

Imran Ghory reports a vulnerability within unzip. The vulnerability is caused by a race condition between extracting an archive and changing the permissions of the extracted files. This would give an attacker enough time to remove a file and hardlink it to another file owned by the user running unzip. When unzip changes the permissions of the file it could give the attacker access to files that normally would not have been accessible for others.

References

Bugtraq ID 14450
CVE Name CVE-2005-2475
Message 7389fc4b05080116031536adf7@mail.gmail.com