Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:106 (aria2)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.67434

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:106 (aria2)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to aria2
announced via advisory MDVSA-2010:106.

A vulnerability was discovered in aria2 which allows remote attackers
to create arbitrary files via directory traversal sequences in the
name attribute of a file element in a metalink file (CVE-2010-1512).

This update fixes this issue.

Packages for 2009.0 are provided as of the Extended Maintenance
Program.
Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&products_id=490

Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:106

Risk factor : Medium

CVSS Score:
4.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2010-1512
BugTraq ID: 40142
http://www.securityfocus.com/bid/40142
Bugtraq: 20100513 Secunia Research: aria2 metalink "name" Directory Traversal Vulnerability (Google Search)
http://www.securityfocus.com/archive/1/511280/100/0/threaded
Debian Security Information: DSA-2047 (Google Search)
http://www.debian.org/security/2010/dsa-2047
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041753.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041754.html
http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041758.html
http://security.gentoo.org/glsa/glsa-201101-04.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2010:106
http://secunia.com/secunia_research/2010-71/
http://www.osvdb.org/64592
http://secunia.com/advisories/39529
http://secunia.com/advisories/39872
http://secunia.com/advisories/42906
SuSE Security Announcement: SUSE-SR:2010:014 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html
SuSE Security Announcement: SUSE-SR:2010:017 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html
http://www.vupen.com/english/advisories/2010/1228
http://www.vupen.com/english/advisories/2010/1229
http://www.vupen.com/english/advisories/2011/0116

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.67434
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:106 (aria2)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to aria2 announced via advisory MDVSA-2010:106. A vulnerability was discovered in aria2 which allows remote attackers to create arbitrary files via directory traversal sequences in the name attribute of a file element in a metalink file (CVE-2010-1512). This update fixes this issue. Packages for 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:106 Risk factor : Medium CVSS Score: 4.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2010-1512 BugTraq ID: 40142 http://www.securityfocus.com/bid/40142 Bugtraq: 20100513 Secunia Research: aria2 metalink "name" Directory Traversal Vulnerability (Google Search) http://www.securityfocus.com/archive/1/511280/100/0/threaded Debian Security Information: DSA-2047 (Google Search) http://www.debian.org/security/2010/dsa-2047 http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041753.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041754.html http://lists.fedoraproject.org/pipermail/package-announce/2010-May/041758.html http://security.gentoo.org/glsa/glsa-201101-04.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:106 http://secunia.com/secunia_research/2010-71/ http://www.osvdb.org/64592 http://secunia.com/advisories/39529 http://secunia.com/advisories/39872 http://secunia.com/advisories/42906 SuSE Security Announcement: SUSE-SR:2010:014 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html SuSE Security Announcement: SUSE-SR:2010:017 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-09/msg00006.html http://www.vupen.com/english/advisories/2010/1228 http://www.vupen.com/english/advisories/2010/1229 http://www.vupen.com/english/advisories/2011/0116
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com