CentOS Update For Unzip CESA-2008:0196 Centos3 I386 Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The unzip utility is used to list, test, or extract files from a zip archive. An invalid pointer flaw was found in unzip. If a user ran unzip on a specially crafted file, an attacker could execute arbitrary code with that user's privileges. (CVE-2008-0888) Red Hat would like to thank Tavis Ormandy of the Google Security Team for reporting this issue. All unzip users are advised to upgrade to these updated packages, which contain a backported patch to resolve this issue.

Affected

unzip on CentOS 3

References

http://lists.centos.org/pipermail/centos-announce/2008-March/014756.html

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-0888
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

CentOS Security Advisory CESA-2009:0012 (netpbm)
CentOS Security Advisory CESA-2009:0354 (evolution-data-server)
CentOS Security Advisory CESA-2009:0315 (firefox)
CentOS Security Advisory CESA-2009:0331 (kernel)
CentOS Security Advisory CESA-2009:0002 (thunderbird)

CentOS Update for unzip CESA-2008:0196 centos3 i386

Take action and discover your vulnerabilities