CentOS Update For Unzip CESA-2008:0196 Centos3 X86_64 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The unzip utility is used to list, test, or extract files from a zip archive. An invalid pointer flaw was found in unzip. If a user ran unzip on a specially crafted file, an attacker could execute arbitrary code with that user's privileges. (CVE-2008-0888) Red Hat would like to thank Tavis Ormandy of the Google Security Team for reporting this issue. All unzip users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.

Affected

unzip on CentOS 3

References

http://lists.centos.org/pipermail/centos-announce/2008-March/014757.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0888

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:1116 (cyrus-imapd)
CentOS Security Advisory CESA-2009:0337 (php)
CentOS Security Advisory CESA-2009:1209 (curl)
CentOS Security Advisory CESA-2009:1321 (nfs-utils)
CentOS Security Advisory CESA-2009:0408 (krb5)

CentOS Update for unzip CESA-2008:0196 centos3 x86_64

Take action and discover your vulnerabilities