Scientific Linux Security Update : unzip on SL4.x i386/x86_64
Low Nessus Plugin ID 60171
SynopsisThe remote Scientific Linux host is missing a security update.
DescriptionA race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475)
A buffer overflow was found in Unzip command line argument handling.
If a user could be tricked into running Unzip with a specially crafted long file name, an attacker could execute arbitrary code with that user's privileges. (CVE-2005-4667)
SolutionUpdate the affected unzip package.