Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2005:092 (gzip)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52732
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:092 (gzip)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to gzip announced via advisory MDKSA-2005:092. Several vulnerabilities have been discovered in the gzip package: Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. (CVE-2005-0758) A race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip file allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. (CVE-2005-0988) A directory traversal vulnerability via gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. (CVE-2005-1228) Updated packages are patched to address these issues. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:092 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0758 1013928 http://securitytracker.com/id?1013928 13582 http://www.securityfocus.com/bid/13582 16371 http://www.osvdb.org/16371 18100 http://secunia.com/advisories/18100 19183 http://secunia.com/advisories/19183 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc 22033 http://secunia.com/advisories/22033 25159 http://www.securityfocus.com/bid/25159 26235 http://secunia.com/advisories/26235 ADV-2007-2732 http://www.vupen.com/english/advisories/2007/2732 APPLE-SA-2007-07-31 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html FLSA:158801 http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html GLSA-200505-05 http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml MDKSA-2006:026 http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 MDKSA-2006:027 http://www.mandriva.com/security/advisories?name=MDKSA-2006:027 OpenPKG-SA-2007.002 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html RHSA-2005:357 http://rhn.redhat.com/errata/RHSA-2005-357.html RHSA-2005:474 http://www.redhat.com/support/errata/RHSA-2005-474.html SCOSA-2005.58 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt SSA:2006-262 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 USN-158-1 http://www.ubuntu.com/usn/usn-158-1 gzip-zgrep-file-installation(20539) https://exchange.xforce.ibmcloud.com/vulnerabilities/20539 http://bugs.gentoo.org/show_bug.cgi?id=90626 http://docs.info.apple.com/article.html?artnum=306172 oval:org.mitre.oval:def:1081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081 oval:org.mitre.oval:def:1107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107 oval:org.mitre.oval:def:9797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797 Common Vulnerability Exposure (CVE) ID: CVE-2005-0988 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 12996 http://www.securityfocus.com/bid/12996 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Bugtraq: 20050404 gzip TOCTOU file-permissions vulnerability (Google Search) http://www.securityfocus.com/archive/1/394965 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-752 (Google Search) http://www.debian.org/security/2005/dsa-752 http://www.osvdb.org/15487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765 RedHat Security Advisories: RHSA-2005:357 SCO Security Bulletin: SCOSA-2005.58 http://secunia.com/advisories/21253 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 http://www.vupen.com/english/advisories/2006/3101 Common Vulnerability Exposure (CVE) ID: CVE-2005-1228 Bugtraq: 20050420 gzip directory traversal vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111402732406477&w=2 http://www.osvdb.org/15721 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382 http://secunia.com/advisories/15047 XForce ISS Database: gzip-n-directory-traversal(20199) https://exchange.xforce.ibmcloud.com/vulnerabilities/20199
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com