This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.
The remote Slackware host is missing a security update.
New infozip (zip/unzip) packages are available for Slackware 8.1,
9.0, 9.1, 10.0, 10.1, and -current to fix security issues. - From the
www.info-zip.org site: Zip 2.3 and (presumably) all previous versions
have a buffer- overrun vulnerability relating to deep directory paths
that could potentially lead to local privilege escalation (e.g., in
the case of automated, Zip-based backups). See the FAQ page for
details. All versions of UnZip through 5.50 have a number of
directory- traversal vulnerabilities, and version 5.50 also has a
textmode data- corruption bug that affects 16-bit ports such as
MS-DOS. See the FAQ page for details.
See also :
Update the affected infozip package.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now