ID de Prueba:	1.3.6.1.4.1.25623.1.0.50840
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2002:066 (tar)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to tar announced via advisory MDKSA-2002:066. A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a .. (dot dot) in an extracted filename. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 1.0.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2002:066 http://online.securityfocus.com/archive/1/196445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1267 BugTraq ID: 3024 http://www.securityfocus.com/bid/3024 Bugtraq: 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers (Google Search) http://online.securityfocus.com/archive/1/196445 Conectiva Linux advisory: CLA-2002:538 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 HPdes Security Advisory: HPSBTL0209-068 http://online.securityfocus.com/advisories/4514 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 http://www.redhat.com/support/errata/RHSA-2002-096.html http://www.redhat.com/support/errata/RHSA-2002-138.html http://www.redhat.com/support/errata/RHSA-2003-218.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1 http://www.iss.net/security_center/static/10224.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0399 BugTraq ID: 5834 http://www.securityfocus.com/bid/5834 Bugtraq: 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) (Google Search) http://marc.info/?l=bugtraq&m=103419290219680&w=2 Bugtraq: 20070825 rPSA-2007-0172-1 tar (Google Search) http://www.securityfocus.com/archive/1/477731/100/0/threaded Bugtraq: 20070827 FLEA-2007-0049-1 tar (Google Search) http://www.securityfocus.com/archive/1/477865/100/0/threaded En Garde Linux Advisory: ESA-20021003-022 http://www.linuxsecurity.com/advisories/other_advisory-2400.html http://www.mandriva.com/security/advisories?name=MDKSA-2002:066 http://secunia.com/advisories/19130 http://secunia.com/advisories/26604 http://secunia.com/advisories/26673 http://secunia.com/advisories/26987 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1 SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.