A local overflow exists in Zip 2.3. Zip fails to properly perform recursive folder compression for long paths resulting in a buffer overflow. With a specially crafted path, an attacker can possibly execute arbitrary code resulting in a loss of integrity.

It has been reported that this issue has been fixed. Upgrade to version 2.31, or higher, to address this vulnerability.

• Security Tracker: 1012075
• Bugtraq ID: 11603
• Secunia Advisory ID: 13094 13140 13314 13395 13505 13730 15209 17645
• ISS X-Force ID: 17956
• CVE ID: 2004-1010 (see also: NVD)
• Vendor Specific Advisory URL: ftp://ftp.sco.com/pub/openserver5/507/mp/osr507mp4/osr507mp4.htm ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt http://www.gentoo.org/security/en/glsa/glsa-200411-16.xml
  http://www.ubuntulinux.org/support/documentation/usn/usn-18-1
• Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2004-11/0053.html
• Packet Storm: http://packetstormsecurity.org/0411-advisories/20041103-1.txt
• Other Advisory URL: http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.453597
  http://www.debian.org/security/2005/dsa-624
  http://www.hexview.com/docs/20041103-1.txt
  http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:141
  http://www.suse.de/de/security/2004_03_sr.html
• Vendor URL: http://www.info-zip.org
• RedHat RHSA: RHSA-2004:634
• Keyword: SCOSA-2005.49

• HexView - HexView