CVE-2005-4667
CVE-2005-4667
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/26913unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.htmlhttp://secunia.com/advisories/25098https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252https://usn.ubuntu.com/248-1/https://usn.ubuntu.com/248-2/http://www.debian.org/security/2006/dsa-1012http://www.info-zip.org/FAQ.htmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2006:050http://www.osvdb.org/22400http://www.redhat.com/support/errata/RHSA-2007-0203.htmlhttp://www.securityfocus.com/archive/1/430300/100/0/threadedhttp://www.securityfocus.com/bid/15968