Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2005-4667 (GCVE-0-2005-4667)
Vulnerability from cvelistv5 – Published: 2006-01-25 21:00 – Updated: 2024-08-07 23:53
VLAI?
EPSS
Summary
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:53:28.920Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "USN-248-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/248-2/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.info-zip.org/FAQ.html"
},
{
"name": "FLSA:180159",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"name": "MDKSA-2006:050",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"name": "2006-0006",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"name": "oval:org.mitre.oval:def:11252",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL",
"x_transferred"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"name": "RHSA-2007:0203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"name": "USN-248-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/248-1/"
},
{
"name": "20051219 Unzip *ALL* verisons ;))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"name": "22400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22400"
},
{
"name": "15968",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15968"
},
{
"name": "DSA-1012",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1012"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-19T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25098",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "USN-248-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/248-2/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.info-zip.org/FAQ.html"
},
{
"name": "FLSA:180159",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"name": "MDKSA-2006:050",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"name": "2006-0006",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"name": "oval:org.mitre.oval:def:11252",
"tags": [
"vdb-entry",
"signature",
"x_refsource_OVAL"
],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"name": "RHSA-2007:0203",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"name": "USN-248-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/248-1/"
},
{
"name": "20051219 Unzip *ALL* verisons ;))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"name": "22400",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22400"
},
{
"name": "15968",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15968"
},
{
"name": "DSA-1012",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1012"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25098"
},
{
"name": "USN-248-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/248-2/"
},
{
"name": "http://www.info-zip.org/FAQ.html",
"refsource": "CONFIRM",
"url": "http://www.info-zip.org/FAQ.html"
},
{
"name": "FLSA:180159",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"name": "MDKSA-2006:050",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"name": "2006-0006",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"name": "oval:org.mitre.oval:def:11252",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"name": "RHSA-2007:0203",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"name": "USN-248-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/248-1/"
},
{
"name": "20051219 Unzip *ALL* verisons ;))",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"name": "22400",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22400"
},
{
"name": "15968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15968"
},
{
"name": "DSA-1012",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1012"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-4667",
"datePublished": "2006-01-25T21:00:00",
"dateReserved": "2006-01-25T00:00:00",
"dateUpdated": "2024-08-07T23:53:28.920Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"390337E4-2A52-4CB4-9730-BC5FEB7691E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:info-zip:unzip:5.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"39AAC8DA-C1CB-4D05-9CE4-37EE0452F1B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:info-zip:unzip:5.31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2B550991-5E21-4537-B43B-9507B7B4BA7A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:info-zip:unzip:5.32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"83CED6B5-1B14-4076-BA6E-3779D2D143B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:info-zip:unzip:5.40:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FFCCB6FA-6723-4096-A426-0C6975F258C6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:info-zip:unzip:5.41:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D30AB65-C5A7-4F2E-AD6E-B9C7CE21D13D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:info-zip:unzip:5.42:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A83C2C1C-F1DD-4DB7-BCF7-4DE7D35CF4C5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7E623D2F-C9DA-4937-BE64-236323A7C99E\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.\"}]",
"id": "CVE-2005-4667",
"lastModified": "2024-11-21T00:04:53.060",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:H/Au:N/C:P/I:P/A:P\", \"baseScore\": 3.7, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"HIGH\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 1.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": true, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
"published": "2005-12-31T05:00:00.000",
"references": "[{\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/25098\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1012\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.info-zip.org/FAQ.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:050\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/22400\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0203.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/archive/1/430300/100/0/threaded\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/15968\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.trustix.org/errata/2006/0006\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/248-1/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://usn.ubuntu.com/248-2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://secunia.com/advisories/25098\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2006/dsa-1012\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://www.info-zip.org/FAQ.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDKSA-2006:050\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/22400\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.redhat.com/support/errata/RHSA-2007-0203.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/archive/1/430300/100/0/threaded\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/15968\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\"]}, {\"url\": \"http://www.trustix.org/errata/2006/0006\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/248-1/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://usn.ubuntu.com/248-2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vendorComments": "[{\"organization\": \"Red Hat\", \"comment\": \"Red Hat is aware of this issue and is tracking it via the following bug:\\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\\nhttp://www.redhat.com/security/updates/classification/\\n\\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\\n\\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.\", \"lastModified\": \"2007-09-05T00:00:00\"}]",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2005-4667\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2005-12-31T05:00:00.000\",\"lastModified\":\"2025-04-03T01:03:51.193\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:H/Au:N/C:P/I:P/A:P\",\"baseScore\":3.7,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"HIGH\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":1.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":true,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"390337E4-2A52-4CB4-9730-BC5FEB7691E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:info-zip:unzip:5.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"39AAC8DA-C1CB-4D05-9CE4-37EE0452F1B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:info-zip:unzip:5.31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B550991-5E21-4537-B43B-9507B7B4BA7A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:info-zip:unzip:5.32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83CED6B5-1B14-4076-BA6E-3779D2D143B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:info-zip:unzip:5.40:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FFCCB6FA-6723-4096-A426-0C6975F258C6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:info-zip:unzip:5.41:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D30AB65-C5A7-4F2E-AD6E-B9C7CE21D13D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:info-zip:unzip:5.42:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A83C2C1C-F1DD-4DB7-BCF7-4DE7D35CF4C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E623D2F-C9DA-4937-BE64-236323A7C99E\"}]}]}],\"references\":[{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/25098\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1012\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.info-zip.org/FAQ.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:050\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/22400\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0203.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/430300/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/15968\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.trustix.org/errata/2006/0006\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/248-1/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://usn.ubuntu.com/248-2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://secunia.com/advisories/25098\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2006/dsa-1012\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://www.info-zip.org/FAQ.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDKSA-2006:050\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/22400\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.redhat.com/support/errata/RHSA-2007-0203.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/430300/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/15968\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"http://www.trustix.org/errata/2006/0006\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/248-1/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://usn.ubuntu.com/248-2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}],\"vendorComments\":[{\"organization\":\"Red Hat\",\"comment\":\"Red Hat is aware of this issue and is tracking it via the following bug:\\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\\n\\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\\nhttp://www.redhat.com/security/updates/classification/\\n\\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\\n\\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.\",\"lastModified\":\"2007-09-05T00:00:00\"}]}}"
}
}
GSD-2005-4667
Vulnerability from gsd - Updated: 2023-12-13 01:20Details
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2005-4667",
"description": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
"id": "GSD-2005-4667",
"references": [
"https://www.suse.com/security/cve/CVE-2005-4667.html",
"https://www.debian.org/security/2006/dsa-1012",
"https://access.redhat.com/errata/RHBA-2007:0418",
"https://access.redhat.com/errata/RHSA-2007:0203",
"https://linux.oracle.com/cve/CVE-2005-4667.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2005-4667"
],
"details": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
"id": "GSD-2005-4667",
"modified": "2023-12-13T01:20:09.323211Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4667",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25098",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25098"
},
{
"name": "USN-248-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/248-2/"
},
{
"name": "http://www.info-zip.org/FAQ.html",
"refsource": "CONFIRM",
"url": "http://www.info-zip.org/FAQ.html"
},
{
"name": "FLSA:180159",
"refsource": "FEDORA",
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"name": "MDKSA-2006:050",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"name": "2006-0006",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"name": "oval:org.mitre.oval:def:11252",
"refsource": "OVAL",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"name": "RHSA-2007:0203",
"refsource": "REDHAT",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"name": "USN-248-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/248-1/"
},
{
"name": "20051219 Unzip *ALL* verisons ;))",
"refsource": "FULLDISC",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"name": "22400",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22400"
},
{
"name": "15968",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15968"
},
{
"name": "DSA-1012",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1012"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.3:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.41:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.42:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:info-zip:unzip:5.40:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-4667"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "15968",
"refsource": "BID",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15968"
},
{
"name": "20051219 Unzip *ALL* verisons ;))",
"refsource": "FULLDISC",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"name": "22400",
"refsource": "OSVDB",
"tags": [],
"url": "http://www.osvdb.org/22400"
},
{
"name": "2006-0006",
"refsource": "TRUSTIX",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"name": "DSA-1012",
"refsource": "DEBIAN",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1012"
},
{
"name": "RHSA-2007:0203",
"refsource": "REDHAT",
"tags": [],
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"name": "25098",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/25098"
},
{
"name": "MDKSA-2006:050",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"name": "http://www.info-zip.org/FAQ.html",
"refsource": "CONFIRM",
"tags": [],
"url": "http://www.info-zip.org/FAQ.html"
},
{
"name": "oval:org.mitre.oval:def:11252",
"refsource": "OVAL",
"tags": [],
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"name": "USN-248-2",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/248-2/"
},
{
"name": "USN-248-1",
"refsource": "UBUNTU",
"tags": [],
"url": "https://usn.ubuntu.com/248-1/"
},
{
"name": "FLSA:180159",
"refsource": "FEDORA",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"severity": "LOW",
"userInteractionRequired": true
}
},
"lastModifiedDate": "2018-10-19T15:41Z",
"publishedDate": "2005-12-31T05:00Z"
}
}
}
RHBA-2007:0418
Vulnerability from csaf_redhat - Published: 2007-07-11 00:00 - Updated: 2025-11-21 17:20Summary
Red Hat Bug Fix Advisory: unzip bug fix update
Notes
Topic
Updated unzip packages that address various bugs are now available.
Details
The unzip utility is used to list, test, or extract files from a zip
archive.
This update addresses the following issues:
* a TOCTOU bug that could be exploited to change file permissions (CVE-2005-2475)
* a long filename buffer overflow vulnerability (CVE-2005-4667)
All users of unzip should upgrade to these updated packages, which
resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated unzip packages that address various bugs are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "The unzip utility is used to list, test, or extract files from a zip\narchive. \n\nThis update addresses the following issues:\n\n* a TOCTOU bug that could be exploited to change file permissions (CVE-2005-2475)\n\n* a long filename buffer overflow vulnerability (CVE-2005-4667)\n\nAll users of unzip should upgrade to these updated packages, which\nresolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2007:0418",
"url": "https://access.redhat.com/errata/RHBA-2007:0418"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#low",
"url": "http://www.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "186570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=186570"
},
{
"category": "external",
"summary": "226749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=226749"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhba-2007_0418.json"
}
],
"title": "Red Hat Bug Fix Advisory: unzip bug fix update",
"tracking": {
"current_release_date": "2025-11-21T17:20:49+00:00",
"generator": {
"date": "2025-11-21T17:20:49+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHBA-2007:0418",
"initial_release_date": "2007-07-11T00:00:00+00:00",
"revision_history": [
{
"date": "2007-07-11T00:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2007-06-07T15:24:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:20:49+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.ia64",
"product": {
"name": "unzip-0:5.50-35.EL3.ia64",
"product_id": "unzip-0:5.50-35.EL3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.x86_64",
"product": {
"name": "unzip-0:5.50-35.EL3.x86_64",
"product_id": "unzip-0:5.50-35.EL3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.i386",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.i386",
"product": {
"name": "unzip-0:5.50-35.EL3.i386",
"product_id": "unzip-0:5.50-35.EL3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.src",
"product": {
"name": "unzip-0:5.50-35.EL3.src",
"product_id": "unzip-0:5.50-35.EL3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.ppc",
"product": {
"name": "unzip-0:5.50-35.EL3.ppc",
"product_id": "unzip-0:5.50-35.EL3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.s390x",
"product": {
"name": "unzip-0:5.50-35.EL3.s390x",
"product_id": "unzip-0:5.50-35.EL3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.s390",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.s390",
"product": {
"name": "unzip-0:5.50-35.EL3.s390",
"product_id": "unzip-0:5.50-35.EL3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.src"
},
"product_reference": "unzip-0:5.50-35.EL3.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.src"
},
"product_reference": "unzip-0:5.50-35.EL3.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.src"
},
"product_reference": "unzip-0:5.50-35.EL3.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.src"
},
"product_reference": "unzip-0:5.50-35.EL3.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2475",
"discovery_date": "2005-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617723"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:unzip-0:5.50-35.EL3.i386",
"3AS:unzip-0:5.50-35.EL3.ia64",
"3AS:unzip-0:5.50-35.EL3.ppc",
"3AS:unzip-0:5.50-35.EL3.s390",
"3AS:unzip-0:5.50-35.EL3.s390x",
"3AS:unzip-0:5.50-35.EL3.src",
"3AS:unzip-0:5.50-35.EL3.x86_64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-0:5.50-35.EL3.i386",
"3Desktop:unzip-0:5.50-35.EL3.ia64",
"3Desktop:unzip-0:5.50-35.EL3.ppc",
"3Desktop:unzip-0:5.50-35.EL3.s390",
"3Desktop:unzip-0:5.50-35.EL3.s390x",
"3Desktop:unzip-0:5.50-35.EL3.src",
"3Desktop:unzip-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3ES:unzip-0:5.50-35.EL3.i386",
"3ES:unzip-0:5.50-35.EL3.ia64",
"3ES:unzip-0:5.50-35.EL3.ppc",
"3ES:unzip-0:5.50-35.EL3.s390",
"3ES:unzip-0:5.50-35.EL3.s390x",
"3ES:unzip-0:5.50-35.EL3.src",
"3ES:unzip-0:5.50-35.EL3.x86_64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3WS:unzip-0:5.50-35.EL3.i386",
"3WS:unzip-0:5.50-35.EL3.ia64",
"3WS:unzip-0:5.50-35.EL3.ppc",
"3WS:unzip-0:5.50-35.EL3.s390",
"3WS:unzip-0:5.50-35.EL3.s390x",
"3WS:unzip-0:5.50-35.EL3.src",
"3WS:unzip-0:5.50-35.EL3.x86_64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2475"
},
{
"category": "external",
"summary": "RHBZ#1617723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2475",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2475"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475"
}
],
"release_date": "2005-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-07-11T00:00:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:unzip-0:5.50-35.EL3.i386",
"3AS:unzip-0:5.50-35.EL3.ia64",
"3AS:unzip-0:5.50-35.EL3.ppc",
"3AS:unzip-0:5.50-35.EL3.s390",
"3AS:unzip-0:5.50-35.EL3.s390x",
"3AS:unzip-0:5.50-35.EL3.src",
"3AS:unzip-0:5.50-35.EL3.x86_64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-0:5.50-35.EL3.i386",
"3Desktop:unzip-0:5.50-35.EL3.ia64",
"3Desktop:unzip-0:5.50-35.EL3.ppc",
"3Desktop:unzip-0:5.50-35.EL3.s390",
"3Desktop:unzip-0:5.50-35.EL3.s390x",
"3Desktop:unzip-0:5.50-35.EL3.src",
"3Desktop:unzip-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3ES:unzip-0:5.50-35.EL3.i386",
"3ES:unzip-0:5.50-35.EL3.ia64",
"3ES:unzip-0:5.50-35.EL3.ppc",
"3ES:unzip-0:5.50-35.EL3.s390",
"3ES:unzip-0:5.50-35.EL3.s390x",
"3ES:unzip-0:5.50-35.EL3.src",
"3ES:unzip-0:5.50-35.EL3.x86_64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3WS:unzip-0:5.50-35.EL3.i386",
"3WS:unzip-0:5.50-35.EL3.ia64",
"3WS:unzip-0:5.50-35.EL3.ppc",
"3WS:unzip-0:5.50-35.EL3.s390",
"3WS:unzip-0:5.50-35.EL3.s390x",
"3WS:unzip-0:5.50-35.EL3.src",
"3WS:unzip-0:5.50-35.EL3.x86_64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2007:0418"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-4667",
"discovery_date": "2006-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617861"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:unzip-0:5.50-35.EL3.i386",
"3AS:unzip-0:5.50-35.EL3.ia64",
"3AS:unzip-0:5.50-35.EL3.ppc",
"3AS:unzip-0:5.50-35.EL3.s390",
"3AS:unzip-0:5.50-35.EL3.s390x",
"3AS:unzip-0:5.50-35.EL3.src",
"3AS:unzip-0:5.50-35.EL3.x86_64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-0:5.50-35.EL3.i386",
"3Desktop:unzip-0:5.50-35.EL3.ia64",
"3Desktop:unzip-0:5.50-35.EL3.ppc",
"3Desktop:unzip-0:5.50-35.EL3.s390",
"3Desktop:unzip-0:5.50-35.EL3.s390x",
"3Desktop:unzip-0:5.50-35.EL3.src",
"3Desktop:unzip-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3ES:unzip-0:5.50-35.EL3.i386",
"3ES:unzip-0:5.50-35.EL3.ia64",
"3ES:unzip-0:5.50-35.EL3.ppc",
"3ES:unzip-0:5.50-35.EL3.s390",
"3ES:unzip-0:5.50-35.EL3.s390x",
"3ES:unzip-0:5.50-35.EL3.src",
"3ES:unzip-0:5.50-35.EL3.x86_64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3WS:unzip-0:5.50-35.EL3.i386",
"3WS:unzip-0:5.50-35.EL3.ia64",
"3WS:unzip-0:5.50-35.EL3.ppc",
"3WS:unzip-0:5.50-35.EL3.s390",
"3WS:unzip-0:5.50-35.EL3.s390x",
"3WS:unzip-0:5.50-35.EL3.src",
"3WS:unzip-0:5.50-35.EL3.x86_64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-4667"
},
{
"category": "external",
"summary": "RHBZ#1617861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-4667",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4667"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667"
}
],
"release_date": "2005-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-07-11T00:00:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:unzip-0:5.50-35.EL3.i386",
"3AS:unzip-0:5.50-35.EL3.ia64",
"3AS:unzip-0:5.50-35.EL3.ppc",
"3AS:unzip-0:5.50-35.EL3.s390",
"3AS:unzip-0:5.50-35.EL3.s390x",
"3AS:unzip-0:5.50-35.EL3.src",
"3AS:unzip-0:5.50-35.EL3.x86_64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-0:5.50-35.EL3.i386",
"3Desktop:unzip-0:5.50-35.EL3.ia64",
"3Desktop:unzip-0:5.50-35.EL3.ppc",
"3Desktop:unzip-0:5.50-35.EL3.s390",
"3Desktop:unzip-0:5.50-35.EL3.s390x",
"3Desktop:unzip-0:5.50-35.EL3.src",
"3Desktop:unzip-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3ES:unzip-0:5.50-35.EL3.i386",
"3ES:unzip-0:5.50-35.EL3.ia64",
"3ES:unzip-0:5.50-35.EL3.ppc",
"3ES:unzip-0:5.50-35.EL3.s390",
"3ES:unzip-0:5.50-35.EL3.s390x",
"3ES:unzip-0:5.50-35.EL3.src",
"3ES:unzip-0:5.50-35.EL3.x86_64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3WS:unzip-0:5.50-35.EL3.i386",
"3WS:unzip-0:5.50-35.EL3.ia64",
"3WS:unzip-0:5.50-35.EL3.ppc",
"3WS:unzip-0:5.50-35.EL3.s390",
"3WS:unzip-0:5.50-35.EL3.s390x",
"3WS:unzip-0:5.50-35.EL3.src",
"3WS:unzip-0:5.50-35.EL3.x86_64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2007:0418"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHSA-2007_0203
Vulnerability from csaf_redhat - Published: 2007-05-01 13:37 - Updated: 2024-11-22 00:32Summary
Red Hat Security Advisory: unzip security and bug fix update
Notes
Topic
Updated unzip packages that fix two security issues and various bugs are
now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
The unzip utility is used to list, test, or extract files from a zip archive.
A race condition was found in Unzip. Local users could use this flaw to
modify permissions of arbitrary files via a hard link attack on a file
while it was being decompressed (CVE-2005-2475)
A buffer overflow was found in Unzip command line argument handling.
If a user could be tricked into running Unzip with a specially crafted long
file name, an attacker could execute arbitrary code with that user's
privileges. (CVE-2005-4667)
As well, this update adds support for files larger than 2GB.
All users of unzip should upgrade to these updated packages, which
contain backported patches that resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated unzip packages that fix two security issues and various bugs are\nnow available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The unzip utility is used to list, test, or extract files from a zip archive.\n\nA race condition was found in Unzip. Local users could use this flaw to\nmodify permissions of arbitrary files via a hard link attack on a file\nwhile it was being decompressed (CVE-2005-2475)\n\nA buffer overflow was found in Unzip command line argument handling.\nIf a user could be tricked into running Unzip with a specially crafted long\nfile name, an attacker could execute arbitrary code with that user\u0027s\nprivileges. (CVE-2005-4667)\n\nAs well, this update adds support for files larger than 2GB.\n\nAll users of unzip should upgrade to these updated packages, which\ncontain backported patches that resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2007:0203",
"url": "https://access.redhat.com/errata/RHSA-2007:0203"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#low",
"url": "http://www.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "164927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=164927"
},
{
"category": "external",
"summary": "178960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=178960"
},
{
"category": "external",
"summary": "199104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=199104"
},
{
"category": "external",
"summary": "230558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=230558"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0203.json"
}
],
"title": "Red Hat Security Advisory: unzip security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T00:32:55+00:00",
"generator": {
"date": "2024-11-22T00:32:55+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2007:0203",
"initial_release_date": "2007-05-01T13:37:00+00:00",
"revision_history": [
{
"date": "2007-05-01T13:37:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2007-05-01T13:05:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T00:32:55+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.ia64",
"product": {
"name": "unzip-0:5.51-9.EL4.5.ia64",
"product_id": "unzip-0:5.51-9.EL4.5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.src",
"product": {
"name": "unzip-0:5.51-9.EL4.5.src",
"product_id": "unzip-0:5.51-9.EL4.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.x86_64",
"product": {
"name": "unzip-0:5.51-9.EL4.5.x86_64",
"product_id": "unzip-0:5.51-9.EL4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.i386",
"product": {
"name": "unzip-0:5.51-9.EL4.5.i386",
"product_id": "unzip-0:5.51-9.EL4.5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.ppc",
"product": {
"name": "unzip-0:5.51-9.EL4.5.ppc",
"product_id": "unzip-0:5.51-9.EL4.5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.s390x",
"product": {
"name": "unzip-0:5.51-9.EL4.5.s390x",
"product_id": "unzip-0:5.51-9.EL4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.s390",
"product": {
"name": "unzip-0:5.51-9.EL4.5.s390",
"product_id": "unzip-0:5.51-9.EL4.5.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=s390"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.src"
},
"product_reference": "unzip-0:5.51-9.EL4.5.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.src"
},
"product_reference": "unzip-0:5.51-9.EL4.5.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.src"
},
"product_reference": "unzip-0:5.51-9.EL4.5.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.src"
},
"product_reference": "unzip-0:5.51-9.EL4.5.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2475",
"discovery_date": "2005-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617723"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS:unzip-0:5.51-9.EL4.5.i386",
"4AS:unzip-0:5.51-9.EL4.5.ia64",
"4AS:unzip-0:5.51-9.EL4.5.ppc",
"4AS:unzip-0:5.51-9.EL4.5.s390",
"4AS:unzip-0:5.51-9.EL4.5.s390x",
"4AS:unzip-0:5.51-9.EL4.5.src",
"4AS:unzip-0:5.51-9.EL4.5.x86_64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-0:5.51-9.EL4.5.src",
"4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-0:5.51-9.EL4.5.i386",
"4ES:unzip-0:5.51-9.EL4.5.ia64",
"4ES:unzip-0:5.51-9.EL4.5.ppc",
"4ES:unzip-0:5.51-9.EL4.5.s390",
"4ES:unzip-0:5.51-9.EL4.5.s390x",
"4ES:unzip-0:5.51-9.EL4.5.src",
"4ES:unzip-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-0:5.51-9.EL4.5.i386",
"4WS:unzip-0:5.51-9.EL4.5.ia64",
"4WS:unzip-0:5.51-9.EL4.5.ppc",
"4WS:unzip-0:5.51-9.EL4.5.s390",
"4WS:unzip-0:5.51-9.EL4.5.s390x",
"4WS:unzip-0:5.51-9.EL4.5.src",
"4WS:unzip-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2475"
},
{
"category": "external",
"summary": "RHBZ#1617723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2475",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2475"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475"
}
],
"release_date": "2005-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-05-01T13:37:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:unzip-0:5.51-9.EL4.5.i386",
"4AS:unzip-0:5.51-9.EL4.5.ia64",
"4AS:unzip-0:5.51-9.EL4.5.ppc",
"4AS:unzip-0:5.51-9.EL4.5.s390",
"4AS:unzip-0:5.51-9.EL4.5.s390x",
"4AS:unzip-0:5.51-9.EL4.5.src",
"4AS:unzip-0:5.51-9.EL4.5.x86_64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-0:5.51-9.EL4.5.src",
"4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-0:5.51-9.EL4.5.i386",
"4ES:unzip-0:5.51-9.EL4.5.ia64",
"4ES:unzip-0:5.51-9.EL4.5.ppc",
"4ES:unzip-0:5.51-9.EL4.5.s390",
"4ES:unzip-0:5.51-9.EL4.5.s390x",
"4ES:unzip-0:5.51-9.EL4.5.src",
"4ES:unzip-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-0:5.51-9.EL4.5.i386",
"4WS:unzip-0:5.51-9.EL4.5.ia64",
"4WS:unzip-0:5.51-9.EL4.5.ppc",
"4WS:unzip-0:5.51-9.EL4.5.s390",
"4WS:unzip-0:5.51-9.EL4.5.s390x",
"4WS:unzip-0:5.51-9.EL4.5.src",
"4WS:unzip-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0203"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-4667",
"discovery_date": "2006-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617861"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS:unzip-0:5.51-9.EL4.5.i386",
"4AS:unzip-0:5.51-9.EL4.5.ia64",
"4AS:unzip-0:5.51-9.EL4.5.ppc",
"4AS:unzip-0:5.51-9.EL4.5.s390",
"4AS:unzip-0:5.51-9.EL4.5.s390x",
"4AS:unzip-0:5.51-9.EL4.5.src",
"4AS:unzip-0:5.51-9.EL4.5.x86_64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-0:5.51-9.EL4.5.src",
"4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-0:5.51-9.EL4.5.i386",
"4ES:unzip-0:5.51-9.EL4.5.ia64",
"4ES:unzip-0:5.51-9.EL4.5.ppc",
"4ES:unzip-0:5.51-9.EL4.5.s390",
"4ES:unzip-0:5.51-9.EL4.5.s390x",
"4ES:unzip-0:5.51-9.EL4.5.src",
"4ES:unzip-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-0:5.51-9.EL4.5.i386",
"4WS:unzip-0:5.51-9.EL4.5.ia64",
"4WS:unzip-0:5.51-9.EL4.5.ppc",
"4WS:unzip-0:5.51-9.EL4.5.s390",
"4WS:unzip-0:5.51-9.EL4.5.s390x",
"4WS:unzip-0:5.51-9.EL4.5.src",
"4WS:unzip-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-4667"
},
{
"category": "external",
"summary": "RHBZ#1617861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-4667",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4667"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667"
}
],
"release_date": "2005-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-05-01T13:37:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:unzip-0:5.51-9.EL4.5.i386",
"4AS:unzip-0:5.51-9.EL4.5.ia64",
"4AS:unzip-0:5.51-9.EL4.5.ppc",
"4AS:unzip-0:5.51-9.EL4.5.s390",
"4AS:unzip-0:5.51-9.EL4.5.s390x",
"4AS:unzip-0:5.51-9.EL4.5.src",
"4AS:unzip-0:5.51-9.EL4.5.x86_64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-0:5.51-9.EL4.5.src",
"4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-0:5.51-9.EL4.5.i386",
"4ES:unzip-0:5.51-9.EL4.5.ia64",
"4ES:unzip-0:5.51-9.EL4.5.ppc",
"4ES:unzip-0:5.51-9.EL4.5.s390",
"4ES:unzip-0:5.51-9.EL4.5.s390x",
"4ES:unzip-0:5.51-9.EL4.5.src",
"4ES:unzip-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-0:5.51-9.EL4.5.i386",
"4WS:unzip-0:5.51-9.EL4.5.ia64",
"4WS:unzip-0:5.51-9.EL4.5.ppc",
"4WS:unzip-0:5.51-9.EL4.5.s390",
"4WS:unzip-0:5.51-9.EL4.5.s390x",
"4WS:unzip-0:5.51-9.EL4.5.src",
"4WS:unzip-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0203"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHBA-2007_0418
Vulnerability from csaf_redhat - Published: 2007-07-11 00:00 - Updated: 2024-11-22 00:33Summary
Red Hat Bug Fix Advisory: unzip bug fix update
Notes
Topic
Updated unzip packages that address various bugs are now available.
Details
The unzip utility is used to list, test, or extract files from a zip
archive.
This update addresses the following issues:
* a TOCTOU bug that could be exploited to change file permissions (CVE-2005-2475)
* a long filename buffer overflow vulnerability (CVE-2005-4667)
All users of unzip should upgrade to these updated packages, which
resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated unzip packages that address various bugs are now available.",
"title": "Topic"
},
{
"category": "general",
"text": "The unzip utility is used to list, test, or extract files from a zip\narchive. \n\nThis update addresses the following issues:\n\n* a TOCTOU bug that could be exploited to change file permissions (CVE-2005-2475)\n\n* a long filename buffer overflow vulnerability (CVE-2005-4667)\n\nAll users of unzip should upgrade to these updated packages, which\nresolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHBA-2007:0418",
"url": "https://access.redhat.com/errata/RHBA-2007:0418"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#low",
"url": "http://www.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "186570",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=186570"
},
{
"category": "external",
"summary": "226749",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=226749"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhba-2007_0418.json"
}
],
"title": "Red Hat Bug Fix Advisory: unzip bug fix update",
"tracking": {
"current_release_date": "2024-11-22T00:33:02+00:00",
"generator": {
"date": "2024-11-22T00:33:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHBA-2007:0418",
"initial_release_date": "2007-07-11T00:00:00+00:00",
"revision_history": [
{
"date": "2007-07-11T00:00:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2007-06-07T15:24:38+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T00:33:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 3",
"product": {
"name": "Red Hat Enterprise Linux AS version 3",
"product_id": "3AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Desktop version 3",
"product": {
"name": "Red Hat Desktop version 3",
"product_id": "3Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 3",
"product": {
"name": "Red Hat Enterprise Linux ES version 3",
"product_id": "3ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 3",
"product": {
"name": "Red Hat Enterprise Linux WS version 3",
"product_id": "3WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:3::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.ia64",
"product": {
"name": "unzip-0:5.50-35.EL3.ia64",
"product_id": "unzip-0:5.50-35.EL3.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.x86_64",
"product": {
"name": "unzip-0:5.50-35.EL3.x86_64",
"product_id": "unzip-0:5.50-35.EL3.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.i386",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=i386"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.i386",
"product": {
"name": "unzip-0:5.50-35.EL3.i386",
"product_id": "unzip-0:5.50-35.EL3.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.src",
"product": {
"name": "unzip-0:5.50-35.EL3.src",
"product_id": "unzip-0:5.50-35.EL3.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.ppc",
"product": {
"name": "unzip-0:5.50-35.EL3.ppc",
"product_id": "unzip-0:5.50-35.EL3.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.s390x",
"product": {
"name": "unzip-0:5.50-35.EL3.s390x",
"product_id": "unzip-0:5.50-35.EL3.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.50-35.EL3.s390",
"product": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390",
"product_id": "unzip-debuginfo-0:5.50-35.EL3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.50-35.EL3?arch=s390"
}
}
},
{
"category": "product_version",
"name": "unzip-0:5.50-35.EL3.s390",
"product": {
"name": "unzip-0:5.50-35.EL3.s390",
"product_id": "unzip-0:5.50-35.EL3.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.50-35.EL3?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.src"
},
"product_reference": "unzip-0:5.50-35.EL3.src",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux AS version 3",
"product_id": "3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.src"
},
"product_reference": "unzip-0:5.50-35.EL3.src",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Desktop version 3",
"product_id": "3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.src"
},
"product_reference": "unzip-0:5.50-35.EL3.src",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux ES version 3",
"product_id": "3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.src as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.src"
},
"product_reference": "unzip-0:5.50-35.EL3.src",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.i386 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.i386"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.i386",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ia64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.ia64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ia64",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.ppc as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.ppc"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.ppc",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.s390"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.s390x as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.s390x"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.s390x",
"relates_to_product_reference": "3WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.50-35.EL3.x86_64 as a component of Red Hat Enterprise Linux WS version 3",
"product_id": "3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.50-35.EL3.x86_64",
"relates_to_product_reference": "3WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2475",
"discovery_date": "2005-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617723"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:unzip-0:5.50-35.EL3.i386",
"3AS:unzip-0:5.50-35.EL3.ia64",
"3AS:unzip-0:5.50-35.EL3.ppc",
"3AS:unzip-0:5.50-35.EL3.s390",
"3AS:unzip-0:5.50-35.EL3.s390x",
"3AS:unzip-0:5.50-35.EL3.src",
"3AS:unzip-0:5.50-35.EL3.x86_64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-0:5.50-35.EL3.i386",
"3Desktop:unzip-0:5.50-35.EL3.ia64",
"3Desktop:unzip-0:5.50-35.EL3.ppc",
"3Desktop:unzip-0:5.50-35.EL3.s390",
"3Desktop:unzip-0:5.50-35.EL3.s390x",
"3Desktop:unzip-0:5.50-35.EL3.src",
"3Desktop:unzip-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3ES:unzip-0:5.50-35.EL3.i386",
"3ES:unzip-0:5.50-35.EL3.ia64",
"3ES:unzip-0:5.50-35.EL3.ppc",
"3ES:unzip-0:5.50-35.EL3.s390",
"3ES:unzip-0:5.50-35.EL3.s390x",
"3ES:unzip-0:5.50-35.EL3.src",
"3ES:unzip-0:5.50-35.EL3.x86_64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3WS:unzip-0:5.50-35.EL3.i386",
"3WS:unzip-0:5.50-35.EL3.ia64",
"3WS:unzip-0:5.50-35.EL3.ppc",
"3WS:unzip-0:5.50-35.EL3.s390",
"3WS:unzip-0:5.50-35.EL3.s390x",
"3WS:unzip-0:5.50-35.EL3.src",
"3WS:unzip-0:5.50-35.EL3.x86_64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2475"
},
{
"category": "external",
"summary": "RHBZ#1617723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2475",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2475"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475"
}
],
"release_date": "2005-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-07-11T00:00:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:unzip-0:5.50-35.EL3.i386",
"3AS:unzip-0:5.50-35.EL3.ia64",
"3AS:unzip-0:5.50-35.EL3.ppc",
"3AS:unzip-0:5.50-35.EL3.s390",
"3AS:unzip-0:5.50-35.EL3.s390x",
"3AS:unzip-0:5.50-35.EL3.src",
"3AS:unzip-0:5.50-35.EL3.x86_64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-0:5.50-35.EL3.i386",
"3Desktop:unzip-0:5.50-35.EL3.ia64",
"3Desktop:unzip-0:5.50-35.EL3.ppc",
"3Desktop:unzip-0:5.50-35.EL3.s390",
"3Desktop:unzip-0:5.50-35.EL3.s390x",
"3Desktop:unzip-0:5.50-35.EL3.src",
"3Desktop:unzip-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3ES:unzip-0:5.50-35.EL3.i386",
"3ES:unzip-0:5.50-35.EL3.ia64",
"3ES:unzip-0:5.50-35.EL3.ppc",
"3ES:unzip-0:5.50-35.EL3.s390",
"3ES:unzip-0:5.50-35.EL3.s390x",
"3ES:unzip-0:5.50-35.EL3.src",
"3ES:unzip-0:5.50-35.EL3.x86_64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3WS:unzip-0:5.50-35.EL3.i386",
"3WS:unzip-0:5.50-35.EL3.ia64",
"3WS:unzip-0:5.50-35.EL3.ppc",
"3WS:unzip-0:5.50-35.EL3.s390",
"3WS:unzip-0:5.50-35.EL3.s390x",
"3WS:unzip-0:5.50-35.EL3.src",
"3WS:unzip-0:5.50-35.EL3.x86_64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2007:0418"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-4667",
"discovery_date": "2006-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617861"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"3AS:unzip-0:5.50-35.EL3.i386",
"3AS:unzip-0:5.50-35.EL3.ia64",
"3AS:unzip-0:5.50-35.EL3.ppc",
"3AS:unzip-0:5.50-35.EL3.s390",
"3AS:unzip-0:5.50-35.EL3.s390x",
"3AS:unzip-0:5.50-35.EL3.src",
"3AS:unzip-0:5.50-35.EL3.x86_64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-0:5.50-35.EL3.i386",
"3Desktop:unzip-0:5.50-35.EL3.ia64",
"3Desktop:unzip-0:5.50-35.EL3.ppc",
"3Desktop:unzip-0:5.50-35.EL3.s390",
"3Desktop:unzip-0:5.50-35.EL3.s390x",
"3Desktop:unzip-0:5.50-35.EL3.src",
"3Desktop:unzip-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3ES:unzip-0:5.50-35.EL3.i386",
"3ES:unzip-0:5.50-35.EL3.ia64",
"3ES:unzip-0:5.50-35.EL3.ppc",
"3ES:unzip-0:5.50-35.EL3.s390",
"3ES:unzip-0:5.50-35.EL3.s390x",
"3ES:unzip-0:5.50-35.EL3.src",
"3ES:unzip-0:5.50-35.EL3.x86_64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3WS:unzip-0:5.50-35.EL3.i386",
"3WS:unzip-0:5.50-35.EL3.ia64",
"3WS:unzip-0:5.50-35.EL3.ppc",
"3WS:unzip-0:5.50-35.EL3.s390",
"3WS:unzip-0:5.50-35.EL3.s390x",
"3WS:unzip-0:5.50-35.EL3.src",
"3WS:unzip-0:5.50-35.EL3.x86_64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-4667"
},
{
"category": "external",
"summary": "RHBZ#1617861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-4667",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4667"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667"
}
],
"release_date": "2005-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-07-11T00:00:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"3AS:unzip-0:5.50-35.EL3.i386",
"3AS:unzip-0:5.50-35.EL3.ia64",
"3AS:unzip-0:5.50-35.EL3.ppc",
"3AS:unzip-0:5.50-35.EL3.s390",
"3AS:unzip-0:5.50-35.EL3.s390x",
"3AS:unzip-0:5.50-35.EL3.src",
"3AS:unzip-0:5.50-35.EL3.x86_64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3AS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3AS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3AS:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-0:5.50-35.EL3.i386",
"3Desktop:unzip-0:5.50-35.EL3.ia64",
"3Desktop:unzip-0:5.50-35.EL3.ppc",
"3Desktop:unzip-0:5.50-35.EL3.s390",
"3Desktop:unzip-0:5.50-35.EL3.s390x",
"3Desktop:unzip-0:5.50-35.EL3.src",
"3Desktop:unzip-0:5.50-35.EL3.x86_64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.i386",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3Desktop:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3ES:unzip-0:5.50-35.EL3.i386",
"3ES:unzip-0:5.50-35.EL3.ia64",
"3ES:unzip-0:5.50-35.EL3.ppc",
"3ES:unzip-0:5.50-35.EL3.s390",
"3ES:unzip-0:5.50-35.EL3.s390x",
"3ES:unzip-0:5.50-35.EL3.src",
"3ES:unzip-0:5.50-35.EL3.x86_64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.i386",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3ES:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390",
"3ES:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3ES:unzip-debuginfo-0:5.50-35.EL3.x86_64",
"3WS:unzip-0:5.50-35.EL3.i386",
"3WS:unzip-0:5.50-35.EL3.ia64",
"3WS:unzip-0:5.50-35.EL3.ppc",
"3WS:unzip-0:5.50-35.EL3.s390",
"3WS:unzip-0:5.50-35.EL3.s390x",
"3WS:unzip-0:5.50-35.EL3.src",
"3WS:unzip-0:5.50-35.EL3.x86_64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.i386",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ia64",
"3WS:unzip-debuginfo-0:5.50-35.EL3.ppc",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390",
"3WS:unzip-debuginfo-0:5.50-35.EL3.s390x",
"3WS:unzip-debuginfo-0:5.50-35.EL3.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHBA-2007:0418"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
RHSA-2007:0203
Vulnerability from csaf_redhat - Published: 2007-05-01 13:37 - Updated: 2025-11-21 17:31Summary
Red Hat Security Advisory: unzip security and bug fix update
Notes
Topic
Updated unzip packages that fix two security issues and various bugs are
now available.
This update has been rated as having low security impact by the Red Hat
Security Response Team.
Details
The unzip utility is used to list, test, or extract files from a zip archive.
A race condition was found in Unzip. Local users could use this flaw to
modify permissions of arbitrary files via a hard link attack on a file
while it was being decompressed (CVE-2005-2475)
A buffer overflow was found in Unzip command line argument handling.
If a user could be tricked into running Unzip with a specially crafted long
file name, an attacker could execute arbitrary code with that user's
privileges. (CVE-2005-4667)
As well, this update adds support for files larger than 2GB.
All users of unzip should upgrade to these updated packages, which
contain backported patches that resolve these issues.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated unzip packages that fix two security issues and various bugs are\nnow available.\n\nThis update has been rated as having low security impact by the Red Hat\nSecurity Response Team.",
"title": "Topic"
},
{
"category": "general",
"text": "The unzip utility is used to list, test, or extract files from a zip archive.\n\nA race condition was found in Unzip. Local users could use this flaw to\nmodify permissions of arbitrary files via a hard link attack on a file\nwhile it was being decompressed (CVE-2005-2475)\n\nA buffer overflow was found in Unzip command line argument handling.\nIf a user could be tricked into running Unzip with a specially crafted long\nfile name, an attacker could execute arbitrary code with that user\u0027s\nprivileges. (CVE-2005-4667)\n\nAs well, this update adds support for files larger than 2GB.\n\nAll users of unzip should upgrade to these updated packages, which\ncontain backported patches that resolve these issues.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2007:0203",
"url": "https://access.redhat.com/errata/RHSA-2007:0203"
},
{
"category": "external",
"summary": "http://www.redhat.com/security/updates/classification/#low",
"url": "http://www.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "164927",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=164927"
},
{
"category": "external",
"summary": "178960",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=178960"
},
{
"category": "external",
"summary": "199104",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=199104"
},
{
"category": "external",
"summary": "230558",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=230558"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2007/rhsa-2007_0203.json"
}
],
"title": "Red Hat Security Advisory: unzip security and bug fix update",
"tracking": {
"current_release_date": "2025-11-21T17:31:28+00:00",
"generator": {
"date": "2025-11-21T17:31:28+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.12"
}
},
"id": "RHSA-2007:0203",
"initial_release_date": "2007-05-01T13:37:00+00:00",
"revision_history": [
{
"date": "2007-05-01T13:37:00+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2007-05-01T13:05:16+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-11-21T17:31:28+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AS version 4",
"product": {
"name": "Red Hat Enterprise Linux AS version 4",
"product_id": "4AS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::as"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux Desktop version 4",
"product": {
"name": "Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::desktop"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux ES version 4",
"product": {
"name": "Red Hat Enterprise Linux ES version 4",
"product_id": "4ES",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::es"
}
}
},
{
"category": "product_name",
"name": "Red Hat Enterprise Linux WS version 4",
"product": {
"name": "Red Hat Enterprise Linux WS version 4",
"product_id": "4WS",
"product_identification_helper": {
"cpe": "cpe:/o:redhat:enterprise_linux:4::ws"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.ia64",
"product": {
"name": "unzip-0:5.51-9.EL4.5.ia64",
"product_id": "unzip-0:5.51-9.EL4.5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=ia64"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=ia64"
}
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.src",
"product": {
"name": "unzip-0:5.51-9.EL4.5.src",
"product_id": "unzip-0:5.51-9.EL4.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.x86_64",
"product": {
"name": "unzip-0:5.51-9.EL4.5.x86_64",
"product_id": "unzip-0:5.51-9.EL4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.i386",
"product": {
"name": "unzip-0:5.51-9.EL4.5.i386",
"product_id": "unzip-0:5.51-9.EL4.5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=i386"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=i386"
}
}
}
],
"category": "architecture",
"name": "i386"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.ppc",
"product": {
"name": "unzip-0:5.51-9.EL4.5.ppc",
"product_id": "unzip-0:5.51-9.EL4.5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=ppc"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=ppc"
}
}
}
],
"category": "architecture",
"name": "ppc"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.s390x",
"product": {
"name": "unzip-0:5.51-9.EL4.5.s390x",
"product_id": "unzip-0:5.51-9.EL4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "unzip-0:5.51-9.EL4.5.s390",
"product": {
"name": "unzip-0:5.51-9.EL4.5.s390",
"product_id": "unzip-0:5.51-9.EL4.5.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip@5.51-9.EL4.5?arch=s390"
}
}
},
{
"category": "product_version",
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"product": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"product_id": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/unzip-debuginfo@5.51-9.EL4.5?arch=s390"
}
}
}
],
"category": "architecture",
"name": "s390"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.src"
},
"product_reference": "unzip-0:5.51-9.EL4.5.src",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux AS version 4",
"product_id": "4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4AS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.src"
},
"product_reference": "unzip-0:5.51-9.EL4.5.src",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux Desktop version 4",
"product_id": "4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4Desktop"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.src"
},
"product_reference": "unzip-0:5.51-9.EL4.5.src",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux ES version 4",
"product_id": "4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4ES"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.src as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.src"
},
"product_reference": "unzip-0:5.51-9.EL4.5.src",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.i386 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.i386",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ia64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.ppc as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.s390x as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"relates_to_product_reference": "4WS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64 as a component of Red Hat Enterprise Linux WS version 4",
"product_id": "4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
},
"product_reference": "unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"relates_to_product_reference": "4WS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2005-2475",
"discovery_date": "2005-08-02T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617723"
}
],
"notes": [
{
"category": "description",
"text": "Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This issue was addressed in unzip packages as shipped with Red Hat Enterprise Linux 3 and 4 via RHBA-2007:0418 and RHSA-2007:0203 respectively.\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS:unzip-0:5.51-9.EL4.5.i386",
"4AS:unzip-0:5.51-9.EL4.5.ia64",
"4AS:unzip-0:5.51-9.EL4.5.ppc",
"4AS:unzip-0:5.51-9.EL4.5.s390",
"4AS:unzip-0:5.51-9.EL4.5.s390x",
"4AS:unzip-0:5.51-9.EL4.5.src",
"4AS:unzip-0:5.51-9.EL4.5.x86_64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-0:5.51-9.EL4.5.src",
"4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-0:5.51-9.EL4.5.i386",
"4ES:unzip-0:5.51-9.EL4.5.ia64",
"4ES:unzip-0:5.51-9.EL4.5.ppc",
"4ES:unzip-0:5.51-9.EL4.5.s390",
"4ES:unzip-0:5.51-9.EL4.5.s390x",
"4ES:unzip-0:5.51-9.EL4.5.src",
"4ES:unzip-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-0:5.51-9.EL4.5.i386",
"4WS:unzip-0:5.51-9.EL4.5.ia64",
"4WS:unzip-0:5.51-9.EL4.5.ppc",
"4WS:unzip-0:5.51-9.EL4.5.s390",
"4WS:unzip-0:5.51-9.EL4.5.s390x",
"4WS:unzip-0:5.51-9.EL4.5.src",
"4WS:unzip-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-2475"
},
{
"category": "external",
"summary": "RHBZ#1617723",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617723"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-2475",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-2475"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-2475"
}
],
"release_date": "2005-08-02T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-05-01T13:37:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:unzip-0:5.51-9.EL4.5.i386",
"4AS:unzip-0:5.51-9.EL4.5.ia64",
"4AS:unzip-0:5.51-9.EL4.5.ppc",
"4AS:unzip-0:5.51-9.EL4.5.s390",
"4AS:unzip-0:5.51-9.EL4.5.s390x",
"4AS:unzip-0:5.51-9.EL4.5.src",
"4AS:unzip-0:5.51-9.EL4.5.x86_64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-0:5.51-9.EL4.5.src",
"4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-0:5.51-9.EL4.5.i386",
"4ES:unzip-0:5.51-9.EL4.5.ia64",
"4ES:unzip-0:5.51-9.EL4.5.ppc",
"4ES:unzip-0:5.51-9.EL4.5.s390",
"4ES:unzip-0:5.51-9.EL4.5.s390x",
"4ES:unzip-0:5.51-9.EL4.5.src",
"4ES:unzip-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-0:5.51-9.EL4.5.i386",
"4WS:unzip-0:5.51-9.EL4.5.ia64",
"4WS:unzip-0:5.51-9.EL4.5.ppc",
"4WS:unzip-0:5.51-9.EL4.5.s390",
"4WS:unzip-0:5.51-9.EL4.5.s390x",
"4WS:unzip-0:5.51-9.EL4.5.src",
"4WS:unzip-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0203"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
},
{
"cve": "CVE-2005-4667",
"discovery_date": "2006-01-25T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1617861"
}
],
"notes": [
{
"category": "description",
"text": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "security flaw",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
"title": "Statement"
}
],
"product_status": {
"fixed": [
"4AS:unzip-0:5.51-9.EL4.5.i386",
"4AS:unzip-0:5.51-9.EL4.5.ia64",
"4AS:unzip-0:5.51-9.EL4.5.ppc",
"4AS:unzip-0:5.51-9.EL4.5.s390",
"4AS:unzip-0:5.51-9.EL4.5.s390x",
"4AS:unzip-0:5.51-9.EL4.5.src",
"4AS:unzip-0:5.51-9.EL4.5.x86_64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-0:5.51-9.EL4.5.src",
"4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-0:5.51-9.EL4.5.i386",
"4ES:unzip-0:5.51-9.EL4.5.ia64",
"4ES:unzip-0:5.51-9.EL4.5.ppc",
"4ES:unzip-0:5.51-9.EL4.5.s390",
"4ES:unzip-0:5.51-9.EL4.5.s390x",
"4ES:unzip-0:5.51-9.EL4.5.src",
"4ES:unzip-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-0:5.51-9.EL4.5.i386",
"4WS:unzip-0:5.51-9.EL4.5.ia64",
"4WS:unzip-0:5.51-9.EL4.5.ppc",
"4WS:unzip-0:5.51-9.EL4.5.s390",
"4WS:unzip-0:5.51-9.EL4.5.s390x",
"4WS:unzip-0:5.51-9.EL4.5.src",
"4WS:unzip-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2005-4667"
},
{
"category": "external",
"summary": "RHBZ#1617861",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1617861"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2005-4667",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4667"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667"
}
],
"release_date": "2005-12-19T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2007-05-01T13:37:00+00:00",
"details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied. Use Red Hat\nNetwork to download and update your packages. To launch the Red Hat\nUpdate Agent, use the following command:\n\n up2date\n\nFor information on how to install packages manually, refer to the\nfollowing Web page for the System Administration or Customization\nguide specific to your system:\n\n http://www.redhat.com/docs/manuals/enterprise/",
"product_ids": [
"4AS:unzip-0:5.51-9.EL4.5.i386",
"4AS:unzip-0:5.51-9.EL4.5.ia64",
"4AS:unzip-0:5.51-9.EL4.5.ppc",
"4AS:unzip-0:5.51-9.EL4.5.s390",
"4AS:unzip-0:5.51-9.EL4.5.s390x",
"4AS:unzip-0:5.51-9.EL4.5.src",
"4AS:unzip-0:5.51-9.EL4.5.x86_64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4AS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-0:5.51-9.EL4.5.src",
"4Desktop:unzip-0:5.51-9.EL4.5.x86_64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4Desktop:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-0:5.51-9.EL4.5.i386",
"4ES:unzip-0:5.51-9.EL4.5.ia64",
"4ES:unzip-0:5.51-9.EL4.5.ppc",
"4ES:unzip-0:5.51-9.EL4.5.s390",
"4ES:unzip-0:5.51-9.EL4.5.s390x",
"4ES:unzip-0:5.51-9.EL4.5.src",
"4ES:unzip-0:5.51-9.EL4.5.x86_64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4ES:unzip-debuginfo-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-0:5.51-9.EL4.5.i386",
"4WS:unzip-0:5.51-9.EL4.5.ia64",
"4WS:unzip-0:5.51-9.EL4.5.ppc",
"4WS:unzip-0:5.51-9.EL4.5.s390",
"4WS:unzip-0:5.51-9.EL4.5.s390x",
"4WS:unzip-0:5.51-9.EL4.5.src",
"4WS:unzip-0:5.51-9.EL4.5.x86_64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.i386",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ia64",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.ppc",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.s390x",
"4WS:unzip-debuginfo-0:5.51-9.EL4.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2007:0203"
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "security flaw"
}
]
}
CERTA-2006-AVI-094
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans l'utilitaire de décompression unzip permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.
Description
Unzip est un utilitaire de décompression d'archives.
Une vulnérabilité dans l'interprétation de noms de certains fichiers
longs permet à un utilisateur mal intentionné d'exécuter du code
arbitraire à distance sur la plate-forme vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Unzip 5.52 et versions antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eUnzip 5.52 et versions ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nUnzip est un utilitaire de d\u00e9compression d\u0027archives. \nUne vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation de noms de certains fichiers\nlongs permet \u00e0 un utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance sur la plate-forme vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2005-4667",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4667"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1012 du 21 mars 2006 :",
"url": "http://www.debian.org/security/2006/dsa-1012"
},
{
"title": "Site Internet de unzip :",
"url": "http://www.info-zip.org/pub/infozip/UnZip.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Ubuntu USN-248-1 et USN-248-2 du 15 f\u00e9vrier 2006 :",
"url": "http://www.ubuntu.com/usn/usn-248-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:050 du 27 f\u00e9vrier 2006 :",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Ubuntu USN-248-1 et USN-248-2 du 15 f\u00e9vrier 2006 :",
"url": "http://www.ubuntu.com/usn/usn-248-2"
}
],
"reference": "CERTA-2006-AVI-094",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-02-28T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian.",
"revision_date": "2006-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027utilitaire de d\u00e9compression unzip permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 de unzip",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-248-2 du 15 f\u00e9vrier 2006",
"url": null
}
]
}
CERTA-2006-AVI-094
Vulnerability from certfr_avis - Published: - Updated:
Une vulnérabilité dans l'utilitaire de décompression unzip permet à un utilisateur mal intentionné d'exécuter du code arbitraire à distance.
Description
Unzip est un utilitaire de décompression d'archives.
Une vulnérabilité dans l'interprétation de noms de certains fichiers
longs permet à un utilisateur mal intentionné d'exécuter du code
arbitraire à distance sur la plate-forme vulnérable.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
Unzip 5.52 et versions antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cp\u003eUnzip 5.52 et versions ant\u00e9rieures.\u003c/p\u003e",
"content": "## Description\n\nUnzip est un utilitaire de d\u00e9compression d\u0027archives. \nUne vuln\u00e9rabilit\u00e9 dans l\u0027interpr\u00e9tation de noms de certains fichiers\nlongs permet \u00e0 un utilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code\narbitraire \u00e0 distance sur la plate-forme vuln\u00e9rable.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2005-4667",
"url": "https://www.cve.org/CVERecord?id=CVE-2005-4667"
}
],
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 Debian DSA-1012 du 21 mars 2006 :",
"url": "http://www.debian.org/security/2006/dsa-1012"
},
{
"title": "Site Internet de unzip :",
"url": "http://www.info-zip.org/pub/infozip/UnZip.html"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Ubuntu USN-248-1 et USN-248-2 du 15 f\u00e9vrier 2006 :",
"url": "http://www.ubuntu.com/usn/usn-248-1"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Mandriva MDKSA-2006:050 du 27 f\u00e9vrier 2006 :",
"url": "http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 Ubuntu USN-248-1 et USN-248-2 du 15 f\u00e9vrier 2006 :",
"url": "http://www.ubuntu.com/usn/usn-248-2"
}
],
"reference": "CERTA-2006-AVI-094",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2006-02-28T00:00:00.000000"
},
{
"description": "ajout de la r\u00e9f\u00e9rence au bulletin de s\u00e9curit\u00e9 Debian.",
"revision_date": "2006-03-21T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
}
],
"summary": "Une vuln\u00e9rabilit\u00e9 dans l\u0027utilitaire de d\u00e9compression unzip permet \u00e0 un\nutilisateur mal intentionn\u00e9 d\u0027ex\u00e9cuter du code arbitraire \u00e0 distance.\n",
"title": "Vuln\u00e9rabilit\u00e9 de unzip",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Ubuntu USN-248-2 du 15 f\u00e9vrier 2006",
"url": null
}
]
}
FKIE_CVE-2005-4667
Vulnerability from fkie_nvd - Published: 2005-12-31 05:00 - Updated: 2025-04-03 01:03
Severity ?
Summary
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:info-zip:unzip:5.2:*:*:*:*:*:*:*",
"matchCriteriaId": "390337E4-2A52-4CB4-9730-BC5FEB7691E6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:info-zip:unzip:5.3:*:*:*:*:*:*:*",
"matchCriteriaId": "39AAC8DA-C1CB-4D05-9CE4-37EE0452F1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:info-zip:unzip:5.31:*:*:*:*:*:*:*",
"matchCriteriaId": "2B550991-5E21-4537-B43B-9507B7B4BA7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:info-zip:unzip:5.32:*:*:*:*:*:*:*",
"matchCriteriaId": "83CED6B5-1B14-4076-BA6E-3779D2D143B1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:info-zip:unzip:5.40:*:*:*:*:*:*:*",
"matchCriteriaId": "FFCCB6FA-6723-4096-A426-0C6975F258C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:info-zip:unzip:5.41:*:*:*:*:*:*:*",
"matchCriteriaId": "8D30AB65-C5A7-4F2E-AD6E-B9C7CE21D13D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:info-zip:unzip:5.42:*:*:*:*:*:*:*",
"matchCriteriaId": "A83C2C1C-F1DD-4DB7-BCF7-4DE7D35CF4C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:info-zip:unzip:5.50:*:*:*:*:*:*:*",
"matchCriteriaId": "7E623D2F-C9DA-4937-BE64-236323A7C99E",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs."
}
],
"id": "CVE-2005-4667",
"lastModified": "2025-04-03T01:03:51.193",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 3.7,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 1.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25098"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1012"
},
{
"source": "cve@mitre.org",
"url": "http://www.info-zip.org/FAQ.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22400"
},
{
"source": "cve@mitre.org",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15968"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"source": "cve@mitre.org",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/248-1/"
},
{
"source": "cve@mitre.org",
"url": "https://usn.ubuntu.com/248-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1012"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.info-zip.org/FAQ.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22400"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/15968"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2006/0006"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/248-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://usn.ubuntu.com/248-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vendorComments": [
{
"comment": "Red Hat is aware of this issue and is tracking it via the following bug:\nhttps://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=178960\n\nThe Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw. More information regarding issue severity can be found here:\nhttp://www.redhat.com/security/updates/classification/\n\nRed Hat Enterprise Linux 5 is not vulnerable to this issue as it contains a backported patch.\n\nThe risks associated with fixing this bug are greater than the low severity security risk. We therefore currently have no plans to fix this flaw in Red Hat Enterprise Linux 2.1 which is in maintenance mode.",
"lastModified": "2007-09-05T00:00:00",
"organization": "Red Hat"
}
],
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-8H2V-2P8G-F36M
Vulnerability from github – Published: 2022-05-01 02:29 – Updated: 2025-04-03 04:23
VLAI?
Details
Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.
{
"affected": [],
"aliases": [
"CVE-2005-4667"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2005-12-31T05:00:00Z",
"severity": "LOW"
},
"details": "Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument. NOTE: since the overflow occurs in a non-setuid program, there are not many scenarios under which it poses a vulnerability, unless unzip is passed long arguments when it is invoked from other programs.",
"id": "GHSA-8h2v-2p8g-f36m",
"modified": "2025-04-03T04:23:49Z",
"published": "2022-05-01T02:29:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2005-4667"
},
{
"type": "WEB",
"url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/248-1"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/248-2"
},
{
"type": "WEB",
"url": "http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html"
},
{
"type": "WEB",
"url": "http://secunia.com/advisories/25098"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2006/dsa-1012"
},
{
"type": "WEB",
"url": "http://www.info-zip.org/FAQ.html"
},
{
"type": "WEB",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:050"
},
{
"type": "WEB",
"url": "http://www.osvdb.org/22400"
},
{
"type": "WEB",
"url": "http://www.redhat.com/support/errata/RHSA-2007-0203.html"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/430300/100/0/threaded"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/15968"
},
{
"type": "WEB",
"url": "http://www.trustix.org/errata/2006/0006"
}
],
"schema_version": "1.4.0",
"severity": []
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…