Mandrake Linux Security Advisory : zip (MDKSA-2004:141)

This script is Copyright (C) 2004-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

A vulnerability in zip was discovered where zip would not check the
resulting path length when doing recursive folder compression, which
could allow a malicious person to convince a user to create an archive
containing a specially crafted path name. By doing so, arbitrary code
could be executed with the permissions of the user running zip.

The updated packages are patched to prevent this problem.

See also :

http://www.hexview.com/docs/20041103-1.txt

Solution :

Update the affected zip package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 15839 (mandrake_MDKSA-2004-141.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1010

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now