ID de Prueba:	1.3.6.1.4.1.25623.1.0.51548
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2002:538
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2002:538. tar and unzip are programs widely used for distribution of multiple files concatenated (commonly known as an archive). Both tar and unzip have directory transversal vulnerabilities in the way they extract filenames containning .. or / characteres at the beginning. By exploiting these vulnerabilities, a malicious user can overwrite arbitrary files if the user unpacking such an archive has sufficient filesystem permissions to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2001-1267, CVE-2001-1268, CVE-2001-1269 and CVE-2002-0399 to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:538 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1267 BugTraq ID: 3024 http://www.securityfocus.com/bid/3024 Bugtraq: 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers (Google Search) http://online.securityfocus.com/archive/1/196445 Conectiva Linux advisory: CLA-2002:538 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 HPdes Security Advisory: HPSBTL0209-068 http://online.securityfocus.com/advisories/4514 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 http://www.redhat.com/support/errata/RHSA-2002-096.html http://www.redhat.com/support/errata/RHSA-2002-138.html http://www.redhat.com/support/errata/RHSA-2003-218.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1 http://www.iss.net/security_center/static/10224.php Common Vulnerability Exposure (CVE) ID: CVE-2001-1268 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1 Common Vulnerability Exposure (CVE) ID: CVE-2001-1269 Common Vulnerability Exposure (CVE) ID: CVE-2002-0399 BugTraq ID: 5834 http://www.securityfocus.com/bid/5834 Bugtraq: 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) (Google Search) http://marc.info/?l=bugtraq&m=103419290219680&w=2 Bugtraq: 20070825 rPSA-2007-0172-1 tar (Google Search) http://www.securityfocus.com/archive/1/477731/100/0/threaded Bugtraq: 20070827 FLEA-2007-0049-1 tar (Google Search) http://www.securityfocus.com/archive/1/477865/100/0/threaded En Garde Linux Advisory: ESA-20021003-022 http://www.linuxsecurity.com/advisories/other_advisory-2400.html http://www.mandriva.com/security/advisories?name=MDKSA-2002:066 http://secunia.com/advisories/19130 http://secunia.com/advisories/26604 http://secunia.com/advisories/26673 http://secunia.com/advisories/26987 SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.