 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.50945 |
| Categoría: | Red Hat Local Security Checks |
| Título: | RedHat Security Advisory RHSA-2003:200 |
| Resumen: | NOSUMMARY |
| Descripción: | Description: The remote host is missing updates announced in advisory RHSA-2003:200. The unzip utility is used for manipulating archives, which are multiple files stored inside of a single file. A vulnerabilitiy in unzip version 5.50 and earlier allows attackers to overwrite arbitrary files during archive extraction by placing invalid (non-printable) characters between two . characters. These non-printable characters are filtered, resulting in a .. sequence. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0282 to this issue. This erratum includes a patch ensuring that non-printable characters do not make it possible for a malicious .zip file to write to parent directories unless the -: command line parameter is specified. Users of unzip are advised to upgrade to these updated packages, which are not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2003-200.html http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175 Risk factor : Medium CVSS Score: 2.6 |
| Referencia Cruzada: |
BugTraq ID: 7550 Common Vulnerability Exposure (CVE) ID: CVE-2003-0282 http://www.securityfocus.com/bid/7550 Bugtraq: 20030509 unzip directory traversal revisited (Google Search) http://marc.info/?l=bugtraq&m=105259038503175&w=2 Bugtraq: 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) (Google Search) http://marc.info/?l=bugtraq&m=105786446329347&w=2 Caldera Security Advisory: CSSA-2003-031.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt Computer Incident Advisory Center Bulletin: N-111 http://www.ciac.org/ciac/bulletins/n-111.shtml Conectiva Linux advisory: CLA-2003:672 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672 Debian Security Information: DSA-344 (Google Search) http://www.debian.org/security/2003/dsa-344 Immunix Linux Advisory: IMNX-2003-7+-017-01 http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619 http://www.redhat.com/support/errata/RHSA-2003-199.html http://www.redhat.com/support/errata/RHSA-2003-200.html SCO Security Bulletin: CSSA-2003-031.0 TurboLinux Advisory: TLSA-2003-42 http://www.turbolinux.com/security/TLSA-2003-42.txt XForce ISS Database: unzip-dotdot-directory-traversal(12004) https://exchange.xforce.ibmcloud.com/vulnerabilities/12004 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |