This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
A vulnerability was discovered in unzip 5.50 and earlier that allows
attackers to overwrite arbitrary files during archive extraction by
placing non-printable characters between two '.' characters. These
invalid characters are filtered which results in a '..' sequence.
The patch applied to these packages prevents unzip from writing to
parent directories unless the '-:' command line option is used.
Ben Laurie found that the original patch used to fix this issue missed
a case where the path component included a quoted slash. An updated
patch was used to build these packages.
See also :
Update the affected unzip package.
Risk factor :
Low / CVSS Base Score : 2.6