English | Deutsch | Español
 
Startseite ▼
Startseite Über uns Kontact Datenschutz Partnerprogramme Zeugnisse In der Presse Mailinglisten Missbrauch Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Sicherheits
Überprüfungs ▼
Home Dediziert Erweitert Standard Wiederkehrend Risikolos Desktop Basis Sicherheits Segal FAQ Preis/Funktionszusammenfassung Bestellen Neue Anfälligkeiten Alle Anfälligkeiten Vertraulichkeit Anfälligkeiten Suche Durchführen Terminkalender IP Permissions Maßgeschneidert Warteschlange Erinnerer Siegel Berichte Berichts Stil
Verwaltetes
DNS ▼
Info Bestellen/Erneuern FAQ AUP Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password
Netzwerk
Überwachung ▼
Enterprise Erweiterte Standard Gratis Test FAQ Preis/Funktionszusammenfassung Bestellen Beispiele
Konfigurieren/Status Alarm Profile
Recherce
Berichte ▼
Home FAQ Glossary Archive
 Anmeldung/Registrierung 
 
 Anfälligkeitssuche        Suche in 324607 CVE Beschreibungen
und 145615 Test Beschreibungen,
Zugriff auf 10,000+ Quellverweise.
Tests   CVE   Alle  

Test Kennung:1.3.6.1.4.1.25623.1.0.53056
Kategorie:Red Hat Local Security Checks
Titel:RedHat Security Advisory RHSA-2005:474
Zusammenfassung:NOSUMMARY
Beschreibung:Description:

The remote host is missing updates announced in
advisory RHSA-2005:474.

Bzip2 is a data compressor.

A bug was found in the way bzgrep processes file names. If a user can be
tricked into running bzgrep on a file with a carefully crafted file name,
arbitrary commands could be executed as the user running bzgrep. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2005-0758 to this issue.

A bug was found in the way bzip2 modifies file permissions during
decompression. If an attacker has write access to the directory into which
bzip2 is decompressing files, it is possible for them to modify permissions
on files owned by the user running bzip2 (CVE-2005-0953).

A bug was found in the way bzip2 decompresses files. It is possible for an
attacker to create a specially crafted bzip2 file which will cause bzip2 to
cause a denial of service (by filling disk space) if decompressed by a
victim (CVE-2005-1260).

Users of Bzip2 should upgrade to these updated packages, which contain
backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2005-474.html
http://scary.beasts.org/security/CESA-2005-002.txt

Risk factor : Medium

CVSS Score:
5.0

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2005-0758
1013928
http://securitytracker.com/id?1013928
13582
http://www.securityfocus.com/bid/13582
16371
http://www.osvdb.org/16371
18100
http://secunia.com/advisories/18100
19183
http://secunia.com/advisories/19183
20060301-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
22033
http://secunia.com/advisories/22033
25159
http://www.securityfocus.com/bid/25159
26235
http://secunia.com/advisories/26235
ADV-2007-2732
http://www.vupen.com/english/advisories/2007/2732
APPLE-SA-2007-07-31
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
FLSA:158801
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
GLSA-200505-05
http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml
MDKSA-2006:026
http://www.mandriva.com/security/advisories?name=MDKSA-2006:026
MDKSA-2006:027
http://www.mandriva.com/security/advisories?name=MDKSA-2006:027
OpenPKG-SA-2007.002
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html
RHSA-2005:357
http://rhn.redhat.com/errata/RHSA-2005-357.html
RHSA-2005:474
http://www.redhat.com/support/errata/RHSA-2005-474.html
SCOSA-2005.58
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt
SSA:2006-262
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
USN-158-1
http://www.ubuntu.com/usn/usn-158-1
gzip-zgrep-file-installation(20539)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20539
http://bugs.gentoo.org/show_bug.cgi?id=90626
http://docs.info.apple.com/article.html?artnum=306172
oval:org.mitre.oval:def:1081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081
oval:org.mitre.oval:def:1107
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107
oval:org.mitre.oval:def:9797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797
Common Vulnerability Exposure (CVE) ID: CVE-2005-0953
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
BugTraq ID: 12954
http://www.securityfocus.com/bid/12954
BugTraq ID: 26444
http://www.securityfocus.com/bid/26444
Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=111229375217633&w=2
Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search)
http://www.securityfocus.com/archive/1/456430/30/8730/threaded
Cert/CC Advisory: TA07-319A
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Debian Security Information: DSA-730 (Google Search)
http://www.debian.org/security/2005/dsa-730
NETBSD Security Advisory: NetBSD-SA2008-004
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154
http://secunia.com/advisories/27274
http://secunia.com/advisories/27643
http://secunia.com/advisories/29940
SGI Security Advisory: 20060301-01-U
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1
http://www.vupen.com/english/advisories/2007/3525
http://www.vupen.com/english/advisories/2007/3868
XForce ISS Database: bzip2-toctou-symlink(19926)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19926
Common Vulnerability Exposure (CVE) ID: CVE-2005-1260
103118
13657
http://www.securityfocus.com/bid/13657
15447
http://secunia.com/advisories/15447
200191
26444
27274
27643
ADV-2007-3525
ADV-2007-3868
APPLE-SA-2007-11-14
DSA-741
http://www.debian.org/security/2005/dsa-741
TA07-319A
USN-127-1
https://usn.ubuntu.com/127-1/
http://docs.info.apple.com/article.html?artnum=307041
oval:org.mitre.oval:def:10700
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700
oval:org.mitre.oval:def:749
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.

Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.



© 1998-2025 E-Soft Inc. Alle Rechte vorbehalten.