Conectiva Local Security Checks : Conectiva Security Advisory CLA-2003:672

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.51430

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLA-2003:672

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLA-2003:672.

unzip is a program widely used for the distribution of multiple files
concatenated/compacted (a file commonly known as an archive).

A vulnerability has been found in the way unzip extracts files with
invalid characters between two '.' (dot) characters in their
path/names. These characters are filtered and result in a ..
sequence (indicating the parent directory). By exploiting this
vulnerability, an attacker can overwrite arbitrary files if the user
unpacking such an archive has sufficient filesystem permissions to do
so.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the name CVE-2003-0282 to this issue.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282
http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:672
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003

Risk factor : Medium

CVSS Score:
2.6

Referencia Cruzada: BugTraq ID: 7550
Common Vulnerability Exposure (CVE) ID: CVE-2003-0282
http://www.securityfocus.com/bid/7550
Bugtraq: 20030509 unzip directory traversal revisited (Google Search)
http://marc.info/?l=bugtraq&m=105259038503175&w=2
Bugtraq: 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) (Google Search)
http://marc.info/?l=bugtraq&m=105786446329347&w=2
Caldera Security Advisory: CSSA-2003-031.0
ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt
Computer Incident Advisory Center Bulletin: N-111
http://www.ciac.org/ciac/bulletins/n-111.shtml
Conectiva Linux advisory: CLA-2003:672
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672
Debian Security Information: DSA-344 (Google Search)
http://www.debian.org/security/2003/dsa-344
Immunix Linux Advisory: IMNX-2003-7+-017-01
http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01
http://www.mandriva.com/security/advisories?name=MDKSA-2003:073
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619
http://www.redhat.com/support/errata/RHSA-2003-199.html
http://www.redhat.com/support/errata/RHSA-2003-200.html
SCO Security Bulletin: CSSA-2003-031.0
TurboLinux Advisory: TLSA-2003-42
http://www.turbolinux.com/security/TLSA-2003-42.txt
XForce ISS Database: unzip-dotdot-directory-traversal(12004)
https://exchange.xforce.ibmcloud.com/vulnerabilities/12004

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.51430
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2003:672
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2003:672. unzip is a program widely used for the distribution of multiple files concatenated/compacted (a file commonly known as an archive). A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. These characters are filtered and result in a .. sequence (indicating the parent directory). By exploiting this vulnerability, an attacker can overwrite arbitrary files if the user unpacking such an archive has sufficient filesystem permissions to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0282 to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:672 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 2.6
Referencia Cruzada:	BugTraq ID: 7550 Common Vulnerability Exposure (CVE) ID: CVE-2003-0282 http://www.securityfocus.com/bid/7550 Bugtraq: 20030509 unzip directory traversal revisited (Google Search) http://marc.info/?l=bugtraq&m=105259038503175&w=2 Bugtraq: 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) (Google Search) http://marc.info/?l=bugtraq&m=105786446329347&w=2 Caldera Security Advisory: CSSA-2003-031.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt Computer Incident Advisory Center Bulletin: N-111 http://www.ciac.org/ciac/bulletins/n-111.shtml Conectiva Linux advisory: CLA-2003:672 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672 Debian Security Information: DSA-344 (Google Search) http://www.debian.org/security/2003/dsa-344 Immunix Linux Advisory: IMNX-2003-7+-017-01 http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619 http://www.redhat.com/support/errata/RHSA-2003-199.html http://www.redhat.com/support/errata/RHSA-2003-200.html SCO Security Bulletin: CSSA-2003-031.0 TurboLinux Advisory: TLSA-2003-42 http://www.turbolinux.com/security/TLSA-2003-42.txt XForce ISS Database: unzip-dotdot-directory-traversal(12004) https://exchange.xforce.ibmcloud.com/vulnerabilities/12004
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com