Vulnerability Information Vulnerability Name: OpenServer: UnZip File Permissions Change Vulnerability CVE ID: CVE-2005-2475 CVSS Base Score: 1.2/10 Risk: Medium Local: No Remote: Yes Impact Scope Impact Subscore: 2.9/10 - Attack complexity: High - Confidentiality impact: Partial - Integrity impact: None - Availability impact: None Exploitability Subscore: 1.9/10 - Authentication: No required Description A vulnerability in unzip can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. The vulnerability is caused due to a race condition that exists when the uncompressed file is closed and before its permissions are changed. This can be exploited via hardlink attacks to change the permissions of other files belonging to the user running unzip. Successful exploitation requires that the malicious user is able to delete the uncompressed file and replace it with a hardlink to another file owned by the unzip user, before the permissions are set on the file. Affected Versions OpenServer 5.0.7: unzip distribution OpenServer 6.0.0: unzip distribution Solution The proper solution is to install the latest packages. References https://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2005-2475 https://marc.theaimsgroup.com/?l=bugtraq&m=112300046224117&w=2 https://www.securityfocus.com/bid/14450 https://www.osvdb.org/18530 https://secunia.com/advisories/16309 Additional Resources SCO Security Resources: https://www.sco.com/support/security/index.html SCO Security Advisories via Email: https://www.sco.com/support/forums/security.html Acknowledgments SCO would like to thank Imran Ghory for discovering this weakness.