Turbolinux Local Security Tests : Turbolinux TLSA-2005-30 (cpio)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52846

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2005-30 (cpio)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to cpio
announced via advisory TLSA-2005-30.

GNU cpio copies files into or out of a cpio or tar archive. The archive
can be placed into another file on disk, on a magnetic tape, or into a pipe.

The cpio uses a file creation mask (umask) of 0 when creating files when
the -O (archive) or -F options are used.

The cpio creates files with mode 0666 (a+rw) which allows local users
to read or overwrite created files.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-30

Risk factor : Medium

CVSS Score:
2.1

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-1999-1572
Bugtraq: 20050204 [USN-75-1] cpio vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=110763404701519&w=2
Debian Security Information: DSA-664 (Google Search)
http://www.debian.org/security/2005/dsa-664
http://www.mandriva.com/security/advisories?name=MDKSA-2005:032
http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888
http://www.redhat.com/support/errata/RHSA-2005-073.html
http://www.redhat.com/support/errata/RHSA-2005-080.html
http://www.redhat.com/support/errata/RHSA-2005-806.html
http://secunia.com/advisories/14357
http://secunia.com/advisories/17063
http://secunia.com/advisories/17532
http://www.trustix.org/errata/2005/0003/
XForce ISS Database: cpio-o-archive-insecure-permissions(19167)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19167

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52846
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-30 (cpio)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cpio announced via advisory TLSA-2005-30. GNU cpio copies files into or out of a cpio or tar archive. The archive can be placed into another file on disk, on a magnetic tape, or into a pipe. The cpio uses a file creation mask (umask) of 0 when creating files when the -O (archive) or -F options are used. The cpio creates files with mode 0666 (a+rw) which allows local users to read or overwrite created files. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-30 Risk factor : Medium CVSS Score: 2.1
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-1999-1572 Bugtraq: 20050204 [USN-75-1] cpio vulnerability (Google Search) http://marc.info/?l=bugtraq&m=110763404701519&w=2 Debian Security Information: DSA-664 (Google Search) http://www.debian.org/security/2005/dsa-664 http://www.mandriva.com/security/advisories?name=MDKSA-2005:032 http://www.freebsd.org/cgi/query-pr.cgi?pr=bin/1391 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10888 http://www.redhat.com/support/errata/RHSA-2005-073.html http://www.redhat.com/support/errata/RHSA-2005-080.html http://www.redhat.com/support/errata/RHSA-2005-806.html http://secunia.com/advisories/14357 http://secunia.com/advisories/17063 http://secunia.com/advisories/17532 http://www.trustix.org/errata/2005/0003/ XForce ISS Database: cpio-o-archive-insecure-permissions(19167) https://exchange.xforce.ibmcloud.com/vulnerabilities/19167
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com