Turbolinux Local Security Tests : Turbolinux TLSA-2003-42 (unzip)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52949

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2003-42 (unzip)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to unzip
announced via advisory TLSA-2003-42.

Unzip will list, test, or extract files from a ZIP archive.
UnZip contains a vulnerability during the handling of pathnames
for archived files. Specifically, when certain encoded characters are
inserted into '../' directory traversal sequences, the creator of the
archive can cause the file to be extracted to arbitrary locations on the
filesystem - including paths containing system binaries and other
sensitive or confidential information.

This will allow an attacker to create files in a hostile archive to be
placed anywhere on the target system.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-42

Risk factor : Medium

CVSS Score:
2.6

Referencia Cruzada: BugTraq ID: 7550
Common Vulnerability Exposure (CVE) ID: CVE-2003-0282
http://www.securityfocus.com/bid/7550
Bugtraq: 20030509 unzip directory traversal revisited (Google Search)
http://marc.info/?l=bugtraq&m=105259038503175&w=2
Bugtraq: 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) (Google Search)
http://marc.info/?l=bugtraq&m=105786446329347&w=2
Caldera Security Advisory: CSSA-2003-031.0
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt
Computer Incident Advisory Center Bulletin: N-111
http://www.ciac.org/ciac/bulletins/n-111.shtml
Conectiva Linux advisory: CLA-2003:672
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672
Debian Security Information: DSA-344 (Google Search)
http://www.debian.org/security/2003/dsa-344
Immunix Linux Advisory: IMNX-2003-7+-017-01
http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619
http://www.redhat.com/support/errata/RHSA-2003-199.html
http://www.redhat.com/support/errata/RHSA-2003-200.html
SCO Security Bulletin: CSSA-2003-031.0
TurboLinux Advisory: TLSA-2003-42
http://www.turbolinux.com/security/TLSA-2003-42.txt
XForce ISS Database: unzip-dotdot-directory-traversal(12004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12004

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52949
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2003-42 (unzip)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to unzip announced via advisory TLSA-2003-42. Unzip will list, test, or extract files from a ZIP archive. UnZip contains a vulnerability during the handling of pathnames for archived files. Specifically, when certain encoded characters are inserted into '../' directory traversal sequences, the creator of the archive can cause the file to be extracted to arbitrary locations on the filesystem - including paths containing system binaries and other sensitive or confidential information. This will allow an attacker to create files in a hostile archive to be placed anywhere on the target system. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2003-42 Risk factor : Medium CVSS Score: 2.6
Referencia Cruzada:	BugTraq ID: 7550 Common Vulnerability Exposure (CVE) ID: CVE-2003-0282 http://www.securityfocus.com/bid/7550 Bugtraq: 20030509 unzip directory traversal revisited (Google Search) http://marc.info/?l=bugtraq&m=105259038503175&w=2 Bugtraq: 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) (Google Search) http://marc.info/?l=bugtraq&m=105786446329347&w=2 Caldera Security Advisory: CSSA-2003-031.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt Computer Incident Advisory Center Bulletin: N-111 http://www.ciac.org/ciac/bulletins/n-111.shtml Conectiva Linux advisory: CLA-2003:672 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672 Debian Security Information: DSA-344 (Google Search) http://www.debian.org/security/2003/dsa-344 Immunix Linux Advisory: IMNX-2003-7+-017-01 http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619 http://www.redhat.com/support/errata/RHSA-2003-199.html http://www.redhat.com/support/errata/RHSA-2003-200.html SCO Security Bulletin: CSSA-2003-031.0 TurboLinux Advisory: TLSA-2003-42 http://www.turbolinux.com/security/TLSA-2003-42.txt XForce ISS Database: unzip-dotdot-directory-traversal(12004) https://exchange.xforce.ibmcloud.com/vulnerabilities/12004
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com