Test ID:	1.3.6.1.4.1.25623.1.0.57338
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1170)
Summary:	The remote host is missing an update for the Debian 'gcc-3.4' package(s) announced via the DSA-1170 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'gcc-3.4' package(s) announced via the DSA-1170 advisory. Vulnerability Insight: Jurgen Weigert discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories. For the stable distribution (sarge) this problem has been fixed in version 3.4.3-13sarge1. For the unstable distribution (sid) this problem has been fixed in version 4.1.1-11. We recommend that you upgrade your fastjar package. Affected Software/OS: 'gcc-3.4' package(s) on Debian 3.1. Solution: Please install the updated package(s). CVSS Score: 2.6 CVSS Vector: AV:N/AC:H/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2006-3619 BugTraq ID: 15669 http://www.securityfocus.com/bid/15669 Debian Security Information: DSA-1170 (Google Search) http://www.debian.org/security/2006/dsa-1170 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://security.gentoo.org/glsa/glsa-200711-23.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:066 http://www.osvdb.org/21337 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9617 http://www.redhat.com/support/errata/RHSA-2007-0220.html RedHat Security Advisories: RHSA-2007:0473 http://rhn.redhat.com/errata/RHSA-2007-0473.html http://www.securitytracker.com/id?1017987 http://secunia.com/advisories/17839 http://secunia.com/advisories/21100 http://secunia.com/advisories/21797 http://secunia.com/advisories/25098 http://secunia.com/advisories/25281 http://secunia.com/advisories/25633 http://secunia.com/advisories/25894 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 http://secunia.com/advisories/29334 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.vupen.com/english/advisories/2005/2686 http://www.vupen.com/english/advisories/2006/2866 http://www.vupen.com/english/advisories/2007/3229 XForce ISS Database: gnugcc-fastjar-directory-traversal(27806) https://exchange.xforce.ibmcloud.com/vulnerabilities/27806
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.