CVE-2005-2475: Race Condition

Reference Links

• http://www.securityfocus.com/bid/14450
• http://www.osvdb.org/18530
• http://secunia.com/advisories/16309
• http://www.ubuntu.com/usn/usn-191-1
• http://www.debian.org/security/2005/dsa-903
• http://secunia.com/advisories/17653
• http://www.trustix.org/errata/2005/0053/
• http://secunia.com/advisories/17045
• http://secunia.com/advisories/17342
• http://secunia.com/advisories/16985
• http://secunia.com/advisories/17006
• http://www.redhat.com/support/errata/RHSA-2007-0203.html
• http://secunia.com/advisories/25098
• http://www.mandriva.com/security/advisories?name=MDKSA-2005:197
• http://securityreason.com/securityalert/32
• http://www.info-zip.org/FAQ.html
• http://marc.info/?l=bugtraq&m=112300046224117&w=2
• https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9975
• https://www.cisa.gov/news-events/ics-advisories/icsa-21-308-01 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

• ICSA-21-308-01

Frequently Asked Questions

• What is the severity of CVE-2005-2475?

  The severity of CVE-2005-2475 is rated as Medium due to the potential for unauthorized changes to file permissions.

• How do I fix CVE-2005-2475?

  To fix CVE-2005-2475, upgrade to a patched version of Unzip that does not have this race condition vulnerability.

• Who is affected by CVE-2005-2475?

  CVE-2005-2475 affects users of Unzip version 5.52 and potentially those using VISAM VBASE Pro-RT/ Server-RT version 11.6.0.6.

• What type of attack does CVE-2005-2475 involve?

  CVE-2005-2475 involves a hard link attack that exploits a race condition during file decompression.

• What are the potential consequences of CVE-2005-2475?

  The potential consequences of CVE-2005-2475 include unauthorized modification of file permissions by local users.