Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2003:073 (unzip)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50732

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2003:073 (unzip)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to unzip
announced via advisory MDKSA-2003:073.

A vulnerability was discovered in unzip 5.50 and earlier that allows
attackers to overwrite arbitrary files during archive extraction by
placing non-printable characters between two . characters. These
invalid characters are filtered which results in a .. sequence.

The patch applied to these packages prevents unzip from writing to
parent directories unless the -: command line option is used.

Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1,
Multi Network Firewall 8.2

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:073
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282
http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175

Risk factor : Medium

CVSS Score:
2.6

Referencia Cruzada: BugTraq ID: 7550
Common Vulnerability Exposure (CVE) ID: CVE-2003-0282
http://www.securityfocus.com/bid/7550
Bugtraq: 20030509 unzip directory traversal revisited (Google Search)
http://marc.info/?l=bugtraq&m=105259038503175&w=2
Bugtraq: 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) (Google Search)
http://marc.info/?l=bugtraq&m=105786446329347&w=2
Caldera Security Advisory: CSSA-2003-031.0
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt
Computer Incident Advisory Center Bulletin: N-111
http://www.ciac.org/ciac/bulletins/n-111.shtml
Conectiva Linux advisory: CLA-2003:672
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672
Debian Security Information: DSA-344 (Google Search)
http://www.debian.org/security/2003/dsa-344
Immunix Linux Advisory: IMNX-2003-7+-017-01
http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619
http://www.redhat.com/support/errata/RHSA-2003-199.html
http://www.redhat.com/support/errata/RHSA-2003-200.html
SCO Security Bulletin: CSSA-2003-031.0
TurboLinux Advisory: TLSA-2003-42
http://www.turbolinux.com/security/TLSA-2003-42.txt
XForce ISS Database: unzip-dotdot-directory-traversal(12004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12004

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50732
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2003:073 (unzip)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to unzip announced via advisory MDKSA-2003:073. A vulnerability was discovered in unzip 5.50 and earlier that allows attackers to overwrite arbitrary files during archive extraction by placing non-printable characters between two . characters. These invalid characters are filtered which results in a .. sequence. The patch applied to these packages prevents unzip from writing to parent directories unless the -: command line option is used. Affected versions: 8.2, 9.0, 9.1, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2003:073 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282 http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175 Risk factor : Medium CVSS Score: 2.6
Referencia Cruzada:	BugTraq ID: 7550 Common Vulnerability Exposure (CVE) ID: CVE-2003-0282 http://www.securityfocus.com/bid/7550 Bugtraq: 20030509 unzip directory traversal revisited (Google Search) http://marc.info/?l=bugtraq&m=105259038503175&w=2 Bugtraq: 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) (Google Search) http://marc.info/?l=bugtraq&m=105786446329347&w=2 Caldera Security Advisory: CSSA-2003-031.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt Computer Incident Advisory Center Bulletin: N-111 http://www.ciac.org/ciac/bulletins/n-111.shtml Conectiva Linux advisory: CLA-2003:672 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672 Debian Security Information: DSA-344 (Google Search) http://www.debian.org/security/2003/dsa-344 Immunix Linux Advisory: IMNX-2003-7+-017-01 http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619 http://www.redhat.com/support/errata/RHSA-2003-199.html http://www.redhat.com/support/errata/RHSA-2003-200.html SCO Security Bulletin: CSSA-2003-031.0 TurboLinux Advisory: TLSA-2003-42 http://www.turbolinux.com/security/TLSA-2003-42.txt XForce ISS Database: unzip-dotdot-directory-traversal(12004) https://exchange.xforce.ibmcloud.com/vulnerabilities/12004
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com