Mandrake Linux Security Advisory : perl-Archive-Zip (MDKSA-2004:118)

High Nessus Plugin ID 15598


The remote Mandrake Linux host is missing a security update.


Recently, it was noticed that several antivirus programs miss viruses that are contained in ZIP archives with manipulated directory data.
The global archive directory of these ZIP file have been manipulated to indicate zero file sizes.

Archive::Zip produces files of zero length when decompressing this type of ZIP file. This causes AV products that use Archive::ZIP to fail to detect viruses in manipulated ZIP archives. One of these products is amavisd-new.

The updated packages are patched to fix this problem.


Update the affected perl-Archive-Zip package.

See Also

Plugin Details

Severity: High

ID: 15598

File Name: mandrake_MDKSA-2004-118.nasl

Version: $Revision: 1.16 $

Type: local

Published: 2004/11/02

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:perl-Archive-Zip, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/11/01

Reference Information

CVE: CVE-2004-0932, CVE-2004-0933, CVE-2004-0934, CVE-2004-0935, CVE-2004-0936, CVE-2004-0937, CVE-2004-1096, CVE-2004-2442

MDKSA: 2004:118