Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:067 (sharutils)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52036

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2005:067 (sharutils)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to sharutils
announced via advisory MDKSA-2005:067.

Shaun Colley discovered a buffer overflow in shar that was triggered
by output files (using -o) with names longer than 49 characters which
could be exploited to run arbitrary attacker-specified code.

Ulf Harnhammar discovered that shar does not check the data length
returned by the wc command.

Joey Hess discovered that unshar would create temporary files in an
insecure manner which could allow a symbolic link attack to create or
overwrite arbitrary files with the privileges of the user using unshar.

The updated packages have been patched to correct these issues.

Affected versions: 10.0, 10.1, Corporate 3.0,
Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:067
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412

Risk factor : High

CVSS Score:
7.5

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2004-1772
BugTraq ID: 10066
http://www.securityfocus.com/bid/10066
Bugtraq: 20040406 GNU Sharutils buffer overflow vulnerability. (Google Search)
http://www.securityfocus.com/archive/1/359639
https://bugzilla.fedora.us/show_bug.cgi?id=2155
http://marc.info/?l=bugtraq&m=108137386310299&w=2
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722
http://www.redhat.com/support/errata/RHSA-2005-377.html
XForce ISS Database: sharutils-shar-bo(15759)
https://exchange.xforce.ibmcloud.com/vulnerabilities/15759
Common Vulnerability Exposure (CVE) ID: CVE-2004-1773
BugTraq ID: 11298
http://www.securityfocus.com/bid/11298
http://security.gentoo.org/glsa/glsa-200410-01.xml
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52036
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:067 (sharutils)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to sharutils announced via advisory MDKSA-2005:067. Shaun Colley discovered a buffer overflow in shar that was triggered by output files (using -o) with names longer than 49 characters which could be exploited to run arbitrary attacker-specified code. Ulf Harnhammar discovered that shar does not check the data length returned by the wc command. Joey Hess discovered that unshar would create temporary files in an insecure manner which could allow a symbolic link attack to create or overwrite arbitrary files with the privileges of the user using unshar. The updated packages have been patched to correct these issues. Affected versions: 10.0, 10.1, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:067 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=302412 Risk factor : High CVSS Score: 7.5
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2004-1772 BugTraq ID: 10066 http://www.securityfocus.com/bid/10066 Bugtraq: 20040406 GNU Sharutils buffer overflow vulnerability. (Google Search) http://www.securityfocus.com/archive/1/359639 https://bugzilla.fedora.us/show_bug.cgi?id=2155 http://marc.info/?l=bugtraq&m=108137386310299&w=2 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11722 http://www.redhat.com/support/errata/RHSA-2005-377.html XForce ISS Database: sharutils-shar-bo(15759) https://exchange.xforce.ibmcloud.com/vulnerabilities/15759 Common Vulnerability Exposure (CVE) ID: CVE-2004-1773 BugTraq ID: 11298 http://www.securityfocus.com/bid/11298 http://security.gentoo.org/glsa/glsa-200410-01.xml https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11093
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com