Yesterday, on another thread here, several people were discussing "trojans". As chance would have it, today I've received a warning message from Red Hat Linux advising me to update the unzip utility in order to fix a vulnerability in relation to trojans.
"How can something like unzip possibly have anything to do with trojans?" you might ask.
Updated unzip packages resolving a vulnerability allowing arbitrary files to be overwritten are now available.
Description: The unzip utility is used for manipulating archives, which are multiple files stored inside of a single file.
A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to overwrite arbitrary files during archive extraction by placing invalid (non-printable) characters between two "." characters. These non-printable characters are filtered, resulting in a ".." sequence. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CAN-2003-0282 to this issue.
This erratum includes a patch ensuring that non-printable characters do not make it possible for a malicious .zip file to write to parent directories unless the "-:" command line parameter is specified.
Users of unzip are advised to upgrade to these updated packages, which are not vulnerable to this issue.
On its website, Red Hat shows this vulnerability affects all of its Linux distributions from 7.1 up to and including the present 9.0.[/url]. It's very likely that other Linux distributions are also affected, and Windows users would be well-advised to consider the possibility of a similar weakness in unzip tools on their systems.