Slackware 10.0 / 10.1 / 8.1 / 9.0 / 9.1 / current : infozip (SSA:2005-121-01)

This script is Copyright (C) 2005-2016 Tenable Network Security, Inc.

Synopsis :

The remote Slackware host is missing a security update.

Description :

New infozip (zip/unzip) packages are available for Slackware 8.1,
9.0, 9.1, 10.0, 10.1, and -current to fix security issues. - From the site: Zip 2.3 and (presumably) all previous versions
have a buffer- overrun vulnerability relating to deep directory paths
that could potentially lead to local privilege escalation (e.g., in
the case of automated, Zip-based backups). See the FAQ page for
details. All versions of UnZip through 5.50 have a number of
directory- traversal vulnerabilities, and version 5.50 also has a
textmode data- corruption bug that affects 16-bit ports such as
MS-DOS. See the FAQ page for details.

See also :

Solution :

Update the affected infozip package.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: Slackware Local Security Checks

Nessus Plugin ID: 18810 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now