ID de Prueba:	1.3.6.1.4.1.25623.1.0.53074
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Ports: gzip
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory.
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory. Vulnerability Insight: The following package is affected: gzip CVE-2005-0988 Race condition in gzip 1.2.4, 1.3.3, and earlier when decompressing a gzip allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. CVE-2005-1228 Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. Solution: Update your system with the appropriate patches or software upgrades. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0988 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 12996 http://www.securityfocus.com/bid/12996 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Bugtraq: 20050404 gzip TOCTOU file-permissions vulnerability (Google Search) http://www.securityfocus.com/archive/1/394965 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-752 (Google Search) http://www.debian.org/security/2005/dsa-752 http://www.osvdb.org/15487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765 RedHat Security Advisories: RHSA-2005:357 http://rhn.redhat.com/errata/RHSA-2005-357.html SCO Security Bulletin: SCOSA-2005.58 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt http://secunia.com/advisories/18100 http://secunia.com/advisories/21253 http://secunia.com/advisories/22033 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 http://www.vupen.com/english/advisories/2006/3101 Common Vulnerability Exposure (CVE) ID: CVE-2005-1228 Bugtraq: 20050420 gzip directory traversal vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111402732406477&w=2 http://www.osvdb.org/15721 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382 http://secunia.com/advisories/15047 XForce ISS Database: gzip-n-directory-traversal(20199) https://exchange.xforce.ibmcloud.com/vulnerabilities/20199
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.