Test ID:	1.3.6.1.4.1.25623.1.0.67565
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:122 (fastjar)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to fastjar announced via advisory MDVSA-2010:122. A vulnerability has been discovered and corrected in fastjar: Directory traversal vulnerability in the extract_jar function in jartool.c in FastJar 0.98 allows remote attackers to create or overwrite arbitrary files via a .. (dot dot) in a non-initial pathname component in a filename within a .jar archive, a related issue to CVE-2005-1080. NOTE: this vulnerability exists because of an incomplete fix for CVE-2006-3619 (CVE-2010-0831). Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more: http://store.mandriva.com/product_info.php?cPath=149&products_id=490 The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2010:122 Risk factor : High CVSS Score: 5.8
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1080 BugTraq ID: 13083 http://www.securityfocus.com/bid/13083 Bugtraq: 20050412 7a69Adv#23 - Jar tool directory transversal vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111331593310508&w=2 http://www.mandriva.com/security/advisories?name=MDVSA-2015:212 http://www.securiteam.com/securitynews/5IP0C0AFGW.html http://marc.info/?l=oss-security&m=127603032617644&w=2 http://marc.info/?l=oss-security&m=127602564508766&w=2 RedHat Security Advisories: RHSA-2015:0806 http://rhn.redhat.com/errata/RHSA-2015-0806.html RedHat Security Advisories: RHSA-2015:0807 http://rhn.redhat.com/errata/RHSA-2015-0807.html RedHat Security Advisories: RHSA-2015:0808 http://rhn.redhat.com/errata/RHSA-2015-0808.html RedHat Security Advisories: RHSA-2015:0809 http://rhn.redhat.com/errata/RHSA-2015-0809.html RedHat Security Advisories: RHSA-2015:0854 http://rhn.redhat.com/errata/RHSA-2015-0854.html RedHat Security Advisories: RHSA-2015:0857 http://rhn.redhat.com/errata/RHSA-2015-0857.html RedHat Security Advisories: RHSA-2015:0858 http://rhn.redhat.com/errata/RHSA-2015-0858.html RedHat Security Advisories: RHSA-2015:1006 http://rhn.redhat.com/errata/RHSA-2015-1006.html RedHat Security Advisories: RHSA-2015:1007 http://rhn.redhat.com/errata/RHSA-2015-1007.html RedHat Security Advisories: RHSA-2015:1020 http://rhn.redhat.com/errata/RHSA-2015-1020.html RedHat Security Advisories: RHSA-2015:1021 http://rhn.redhat.com/errata/RHSA-2015-1021.html RedHat Security Advisories: RHSA-2015:1091 http://rhn.redhat.com/errata/RHSA-2015-1091.html http://secunia.com/advisories/14902 Common Vulnerability Exposure (CVE) ID: CVE-2006-3619 BugTraq ID: 15669 http://www.securityfocus.com/bid/15669 Debian Security Information: DSA-1170 (Google Search) http://www.debian.org/security/2006/dsa-1170 http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065902.html http://security.gentoo.org/glsa/glsa-200711-23.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:066 http://www.osvdb.org/21337 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9617 http://www.redhat.com/support/errata/RHSA-2007-0220.html RedHat Security Advisories: RHSA-2007:0473 http://rhn.redhat.com/errata/RHSA-2007-0473.html http://www.securitytracker.com/id?1017987 http://secunia.com/advisories/17839 http://secunia.com/advisories/21100 http://secunia.com/advisories/21797 http://secunia.com/advisories/25098 http://secunia.com/advisories/25281 http://secunia.com/advisories/25633 http://secunia.com/advisories/25894 http://secunia.com/advisories/26909 http://secunia.com/advisories/27706 http://secunia.com/advisories/29334 SGI Security Advisory: 20070602-01-P ftp://patches.sgi.com/support/free/security/advisories/20070602-01-P.asc http://www.vupen.com/english/advisories/2005/2686 http://www.vupen.com/english/advisories/2006/2866 http://www.vupen.com/english/advisories/2007/3229 XForce ISS Database: gnugcc-fastjar-directory-traversal(27806) https://exchange.xforce.ibmcloud.com/vulnerabilities/27806 Common Vulnerability Exposure (CVE) ID: CVE-2010-0831 BugTraq ID: 41006 http://www.securityfocus.com/bid/41006 http://security.gentoo.org/glsa/glsa-201209-21.xml http://www.mandriva.com/security/advisories?name=MDVSA-2010:122 http://marc.info/?l=oss-security&m=127602731712034&w=2 http://www.osvdb.org/65467 http://www.redhat.com/support/errata/RHSA-2011-0025.html http://secunia.com/advisories/42892 http://secunia.com/advisories/50786 http://www.vupen.com/english/advisories/2010/1553 http://www.vupen.com/english/advisories/2011/0121
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.