Login or Register to Ask a Question and Join Our Community


Security Advisories (RSS)

S-237: unzip Vulnerability

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Special Forums Cybersecurity Security Advisories (RSS) S-237: unzip Vulnerability
# 1  
Old 03-27-2008
S-237: unzip Vulnerability
Unzip, when processing specially crafted ZIP aarchives, could pass invalid pointers to the C library's free routing, potentially leading to arbitrary code execution. The risk is MEDIUM. Could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution.


More...
Login or Register to Ask a Question

Previous Thread | Next Thread

6 More Discussions You Might Find Interesting

1. Shell Programming and Scripting

Unzip the .zip file without using unzip utility in UNIX

I have .zip file, i want to list all the files archived in the zip file. unzip utility is not working for me in unix. Please help me resolve this issue Thanks ganesh. (3 Replies)
Discussion started by: Ganesh L
3 Replies

2. UNIX for Advanced & Expert Users

Unzip Help

Hello All, I am trying to write a shell script(linux) where it just unzips the abc.zip file in the same folder. If I write unzip abc.zip in my shell script and try to run the shell script I am getting Error : ?Invalid command But when I run the command unzip abc.zip at the command prompt... (5 Replies)
Discussion started by: su2
5 Replies

3. Shell Programming and Scripting

How to Unzip a file using unzip utility for files zipped without zip utility ?

Hi, I need to zip/compress a data file and send to a vendor. The vendor does have only unzip utility and can accept only .ZIP files. I do not have zip utility in my server. How do I zip/compress the file so that it can be deflated using unzip command ? I tried gzip & compress commands, but... (1 Reply)
Discussion started by: Sabari Nath S
1 Replies

4. Shell Programming and Scripting

How to Unzip a .ZIP file in Unix without using unzip cmd..?????

Hi All I have ftped a .ZIP file (zipped using WinZip in Windows) to my Unix server (HP-UX). I don't have unzip cmd available in my curent Unix version Please let me know any cmd in UNIX (other than unzip) using which I can unzip this .ZIP file . Please elaborate on the commands aval and... (5 Replies)
Discussion started by: sureshg_sampat
5 Replies

5. UNIX for Dummies Questions & Answers

unzip!!!!!!

Hi, How to find the size of a zipfile after unzipping without unziping it? Pls let me know if anyone has idea abtit. Thanks (1 Reply)
Discussion started by: rags_s11
1 Replies

6. HP-UX

How to Unzip a .ZIP file in Unix without using unzip cmd..?????

Hi All I have ftped a .ZIP file (zipped using WinZip in Windows) to my Unix server (HP-UX). I don't have unzip cmd available in my curent Unix version Please let me know any cmd in UNIX (other than unzip) using which I can unzip this .ZIP file . Please elaborate on the commands aval and... (5 Replies)
Discussion started by: sureshg_sampat
5 Replies
Login or Register to Ask a Question

LEARN ABOUT MOJAVE

zipgrep

ZIPGREP(1L)															       ZIPGREP(1L)

NAME

       zipgrep - search files in a ZIP archive for lines matching a pattern

SYNOPSIS

       zipgrep [egrep_options] pattern file[.zip] [file(s) ...]  [-x xfile(s) ...]

DESCRIPTION

       zipgrep	will  search  files  within  a ZIP archive for lines matching the given string or pattern.  zipgrep is a shell script and requires
       egrep(1) and unzip(1L) to function.  Its output is identical to that of egrep(1).

ARGUMENTS

       pattern
	      The pattern to be located within a ZIP archive.  Any string or regular expression accepted by egrep(1) may be used.  file[.zip] Path
	      of  the  ZIP archive.  (Wildcard expressions for the ZIP archive name are not supported.)  If the literal filename is not found, the
	      suffix .zip is appended.	Note that self-extracting ZIP files are supported, as with any other ZIP archive; just	specify  the  .exe
	      suffix (if any) explicitly.

       [file(s)]
	      An  optional list of archive members to be processed, separated by spaces.  If no member files are specified, all members of the ZIP
	      archive are searched.  Regular expressions (wildcards) may be used to match multiple members:

	      *      matches a sequence of 0 or more characters

	      ?      matches exactly 1 character

	      [...]  matches any single character found inside the brackets; ranges are specified by a beginning character, a hyphen, and an  end-
		     ing character.  If an exclamation point or a caret (`!' or `^') follows the left bracket, then the range of characters within
		     the brackets is complemented (that is, anything except the characters inside the brackets is considered a match).

	      (Be sure to quote any character that might otherwise be interpreted or modified by the operating system.)

       [-x xfile(s)]
	      An optional list of archive members to be excluded from processing.  Since wildcard characters  match  directory	separators  (`/'),
	      this  option  may  be used to exclude any files that are in subdirectories.  For example, ``zipgrep grumpy foo *.[ch] -x */*'' would
	      search for the string ``grumpy'' in all C source files in the main directory of the ``foo'' archive, but none in any subdirectories.
	      Without the -x option, all C source files in all directories within the zipfile would be searched.

OPTIONS

       All options prior to the ZIP archive filename are passed to egrep(1).

SEE ALSO

       egrep(1), unzip(1L), zip(1L), funzip(1L), zipcloak(1L), zipinfo(1L), zipnote(1L), zipsplit(1L)

URL

       The Info-ZIP home page is currently at
       http://www.info-zip.org/pub/infozip/
       or
       ftp://ftp.info-zip.org/pub/infozip/ .

AUTHORS

       zipgrep was written by Jean-loup Gailly.

Info-ZIP							   20 April 2009						       ZIPGREP(1L)