This one time, at band camp, Santiago Vila said: > On Wed, 25 Jan 2006, Stephen Gran wrote: > > > This one time, at band camp, Santiago Vila said: > > > On Wed, 25 Jan 2006, Stephen Gran wrote: > > > > > > > Package: unzip > > > > Version: 5.52-1sarge3 > > > > Severity: grave > > > > Tags: security > > > > > > > > http://www.securityfocus.com/bid/15968 > > > > > > Why "grave" and "security"? AFAIK, this is not the case where a > > > malicious user gives you a .zip archive and your system get > > > compromised if you try to unzip it. > > > > Actually it appears this is exactly the case. > > > > http://www.securityfocus.com/bid/15968/discuss: > > "This issue allows attackers to execute arbitrary machine code in the > > context of users utilizing the affected application." > > No, it's not that case. > > This one is about an insanely long command line. Normally, you can't > run unzip with an arbitrary command line unless you already have local > user access.
I was under the impression that the filename was part of the command line. So, I could send you an email with an insanely long filename zip file attached and cause this overflow. If I'm wrong, and the filename isn't part of this vulnerablity (even though the title of the report is "UnZip File Name Buffer Overflow") then feel free to downgrade it. I am not particularly interested in an argument about it, one way or the other. If you feel that it's unlikely to be exploited, then handle it as you see fit. -- ----------------------------------------------------------------- | ,''`. Stephen Gran | | : :' : [EMAIL PROTECTED] | | `. `' Debian user, admin, and developer | | `- http://www.debian.org | -----------------------------------------------------------------
signature.asc
Description: Digital signature
