ID de Prueba:	1.3.6.1.4.1.25623.1.0.55763
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:197 (unzip)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to unzip announced via advisory MDKSA-2005:197. Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges. (CVE-2005-0602) Imran Ghory found a race condition in the handling of output files. While a file was unpacked by unzip, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the unzip user. This affects versions of unzip 5.52 and lower (CVE-2005-2475) The updated packages have been patched to address these issues. Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0, Multi Network Firewall 2.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDKSA-2005:197 Risk factor : High CVSS Score: 6.2
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0602 BugTraq ID: 14447 http://www.securityfocus.com/bid/14447 Bugtraq: 20050228 7a69Adv#22 - UNIX unzip keep setuid and setgid files (Google Search) http://marc.info/?l=bugtraq&m=110960796331943&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2005:197 http://secunia.com/advisories/17045 http://secunia.com/advisories/17342 http://secunia.com/advisories/27684 http://sunsolve.sun.com/search/document.do?assetkey=1-26-103150-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200844-1 http://www.trustix.org/errata/2005/0053/ http://www.vupen.com/english/advisories/2007/3866 Common Vulnerability Exposure (CVE) ID: CVE-2005-2475 BugTraq ID: 14450 http://www.securityfocus.com/bid/14450 Bugtraq: 20050801 unzip TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=112300046224117&w=2 Debian Security Information: DSA-903 (Google Search) http://www.debian.org/security/2005/dsa-903 http://www.osvdb.org/18530 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9975 http://www.redhat.com/support/errata/RHSA-2007-0203.html SCO Security Bulletin: SCOSA-2005.39 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt http://secunia.com/advisories/16309 http://secunia.com/advisories/16985 http://secunia.com/advisories/17006 http://secunia.com/advisories/17653 http://secunia.com/advisories/25098 http://securityreason.com/securityalert/32 http://www.ubuntu.com/usn/usn-191-1
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.