Turbolinux Local Security Tests : Turbolinux TLSA-2005-60 (bzip2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.52982

Categoría: Turbolinux Local Security Tests

Título: Turbolinux TLSA-2005-60 (bzip2)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to bzip2
announced via advisory TLSA-2005-60.

Bzip2 is high-quality data compressor.

- A vulnerability in the manner in which bzip2 handles bzip2 file
could allow local users to overwrite arbitrary files via a symlink attack.
- The bzip2 allows attackers to cause a denial of
service (excessive CPU consumption due to an infinite loop) via a malformed gzip2 file.

These vulerabilities could allow attackers to overwrite arbitrary files via
a symbolic link attack, and/or allow attackers to cause a denial of service.

Solution: Please use the turbopkg (zabom) tool to apply the update.
https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-60

Risk factor : Medium

CVSS Score:
5.0

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2005-0953
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
BugTraq ID: 12954
http://www.securityfocus.com/bid/12954
BugTraq ID: 26444
http://www.securityfocus.com/bid/26444
Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=111229375217633&w=2
Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search)
http://www.securityfocus.com/archive/1/456430/30/8730/threaded
Cert/CC Advisory: TA07-319A
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Debian Security Information: DSA-730 (Google Search)
http://www.debian.org/security/2005/dsa-730
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:026
NETBSD Security Advisory: NetBSD-SA2008-004
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154
http://www.redhat.com/support/errata/RHSA-2005-474.html
http://secunia.com/advisories/19183
http://secunia.com/advisories/27274
http://secunia.com/advisories/27643
http://secunia.com/advisories/29940
SGI Security Advisory: 20060301-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1
http://www.vupen.com/english/advisories/2007/3525
http://www.vupen.com/english/advisories/2007/3868
XForce ISS Database: bzip2-toctou-symlink(19926)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19926
Common Vulnerability Exposure (CVE) ID: CVE-2005-1260
103118
13657
http://www.securityfocus.com/bid/13657
15447
http://secunia.com/advisories/15447
19183
200191
20060301-01-U
26444
27274
27643
ADV-2007-3525
ADV-2007-3868
APPLE-SA-2007-11-14
DSA-741
http://www.debian.org/security/2005/dsa-741
FLSA:158801
RHSA-2005:474
TA07-319A
USN-127-1
https://usn.ubuntu.com/127-1/
http://docs.info.apple.com/article.html?artnum=307041
oval:org.mitre.oval:def:10700
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700
oval:org.mitre.oval:def:749
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.52982
Categoría:	Turbolinux Local Security Tests
Título:	Turbolinux TLSA-2005-60 (bzip2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to bzip2 announced via advisory TLSA-2005-60. Bzip2 is high-quality data compressor. - A vulnerability in the manner in which bzip2 handles bzip2 file could allow local users to overwrite arbitrary files via a symlink attack. - The bzip2 allows attackers to cause a denial of service (excessive CPU consumption due to an infinite loop) via a malformed gzip2 file. These vulerabilities could allow attackers to overwrite arbitrary files via a symbolic link attack, and/or allow attackers to cause a denial of service. Solution: Please use the turbopkg (zabom) tool to apply the update. https://secure1.securityspace.com/smysecure/catid.html?in=TLSA-2005-60 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0953 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BugTraq ID: 12954 http://www.securityfocus.com/bid/12954 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111229375217633&w=2 Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search) http://www.securityfocus.com/archive/1/456430/30/8730/threaded Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html Debian Security Information: DSA-730 (Google Search) http://www.debian.org/security/2005/dsa-730 http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 NETBSD Security Advisory: NetBSD-SA2008-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154 http://www.redhat.com/support/errata/RHSA-2005-474.html http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://secunia.com/advisories/29940 SGI Security Advisory: 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http://www.vupen.com/english/advisories/2007/3525 http://www.vupen.com/english/advisories/2007/3868 XForce ISS Database: bzip2-toctou-symlink(19926) https://exchange.xforce.ibmcloud.com/vulnerabilities/19926 Common Vulnerability Exposure (CVE) ID: CVE-2005-1260 103118 13657 http://www.securityfocus.com/bid/13657 15447 http://secunia.com/advisories/15447 19183 200191 20060301-01-U 26444 27274 27643 ADV-2007-3525 ADV-2007-3868 APPLE-SA-2007-11-14 DSA-741 http://www.debian.org/security/2005/dsa-741 FLSA:158801 RHSA-2005:474 TA07-319A USN-127-1 https://usn.ubuntu.com/127-1/ http://docs.info.apple.com/article.html?artnum=307041 oval:org.mitre.oval:def:10700 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700 oval:org.mitre.oval:def:749 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com