Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2002:052 (sharutils)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50830

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2002:052 (sharutils)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to sharutils
announced via advisory MDKSA-2002:052.

The uudecode utility creates output files without checking to see if it
is about to write to a symlink or pipe. This could be exploited by a
local attacker to overwrite files or lead to privilege escalation if
users decode data into share directories, such as /tmp. This update
fixes this vulnerability by checking to see if the destination output
file is a symlink or pipe.

Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1,
Single Network Firewall 7.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:052
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0178
http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en

Risk factor : High

CVSS Score:
7.2

Referencia Cruzada: BugTraq ID: 4742
Common Vulnerability Exposure (CVE) ID: CVE-2002-0178
http://www.securityfocus.com/bid/4742
Bugtraq: 20021030 GLSA: sharutils (Google Search)
http://marc.info/?l=bugtraq&m=103599320902432&w=2
Caldera Security Advisory: CSSA-2002-040.0
ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt
CERT/CC vulnerability note: VU#336083
http://www.kb.cert.org/vuls/id/336083
COMPAQ Service Security Patch: SSRT2301
HPdes Security Advisory: HPSBTL0205-040
http://online.securityfocus.com/advisories/4132
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
http://www.osvdb.org/8274
http://www.redhat.com/support/errata/RHSA-2002-065.html
http://www.redhat.com/support/errata/RHSA-2003-180.html
http://www.iss.net/security_center/static/9075.php

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50830
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:052 (sharutils)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to sharutils announced via advisory MDKSA-2002:052. The uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this vulnerability by checking to see if the destination output file is a symlink or pipe. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, Corporate Server 1.0.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:052 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0178 http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en Risk factor : High CVSS Score: 7.2
Referencia Cruzada:	BugTraq ID: 4742 Common Vulnerability Exposure (CVE) ID: CVE-2002-0178 http://www.securityfocus.com/bid/4742 Bugtraq: 20021030 GLSA: sharutils (Google Search) http://marc.info/?l=bugtraq&m=103599320902432&w=2 Caldera Security Advisory: CSSA-2002-040.0 ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt CERT/CC vulnerability note: VU#336083 http://www.kb.cert.org/vuls/id/336083 COMPAQ Service Security Patch: SSRT2301 HPdes Security Advisory: HPSBTL0205-040 http://online.securityfocus.com/advisories/4132 http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en http://www.osvdb.org/8274 http://www.redhat.com/support/errata/RHSA-2002-065.html http://www.redhat.com/support/errata/RHSA-2003-180.html http://www.iss.net/security_center/static/9075.php
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com