Summary
The remote host is missing an update to unzip
announced via advisory DSA 344-1.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20344-1
Insight
A directory traversal vulnerability in UnZip 5.50 allows attackers to bypass a check for relative pathnames ('../') by placing certain invalid characters between the two '.' characters.
For the stable distribution (woody) this problem has been fixed in version 5.50-1woody1.
For the unstable distribution (sid) this problem will be fixed soon.
We recommend that you update your unzip package.
Severity
Classification
-
CVE CVE-2003-0282 -
CVSS Base Score: 2.6
AV:N/AC:H/Au:N/C:N/I:P/A:N
Related Vulnerabilities