Slackware Local Security Checks : Slackware: Security Advisory (SSA:2005-121-01)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.53956

Categoría: Slackware Local Security Checks

Título: Slackware: Security Advisory (SSA:2005-121-01)

Resumen: The remote host is missing an update for the 'infozip' package(s) announced via the SSA:2005-121-01 advisory.

Descripción: Summary:
The remote host is missing an update for the 'infozip' package(s) announced via the SSA:2005-121-01 advisory.

Vulnerability Insight:
New infozip (zip/unzip) packages are available for Slackware 8.1, 9.0,
9.1, 10.0, 10.1, and -current to fix security issues.

- From the www.info-zip.org site:

Zip 2.3 and (presumably) all previous versions have a buffer-
overrun vulnerability relating to deep directory paths that could
potentially lead to local privilege escalation (e.g., in the case of
automated, Zip-based backups). See the FAQ page for details.

All versions of UnZip through 5.50 have a number of directory-
traversal vulnerabilities, and version 5.50 also has a textmode data-
corruption bug that affects 16-bit ports such as MS-DOS. See the FAQ
page for details.

Here are the details from the Slackware 10.1 ChangeLog:
+--------------------------+
patches/packages/infozip-5.52-i486-1.tgz: Upgraded to unzip552.tar.gz and
zip231.tar.gz. These fix some buffer overruns if deep directory paths are
packed into a Zip archive which could be a security vulnerability (for
example, in a case of automated archiving or backups that use Zip). However,
it also appears that these now use certain assembly instructions that might
not be available on older CPUs, so if you have an older machine you may wish
to take this into account before deciding whether you should upgrade.
(* Security fix *)
+--------------------------+

Affected Software/OS:
'infozip' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware current.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Copyright Copyright (C) 2012 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.53956
Categoría:	Slackware Local Security Checks
Título:	Slackware: Security Advisory (SSA:2005-121-01)
Resumen:	The remote host is missing an update for the 'infozip' package(s) announced via the SSA:2005-121-01 advisory.
Descripción:	Summary: The remote host is missing an update for the 'infozip' package(s) announced via the SSA:2005-121-01 advisory. Vulnerability Insight: New infozip (zip/unzip) packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1, and -current to fix security issues. - From the www.info-zip.org site: Zip 2.3 and (presumably) all previous versions have a buffer- overrun vulnerability relating to deep directory paths that could potentially lead to local privilege escalation (e.g., in the case of automated, Zip-based backups). See the FAQ page for details. All versions of UnZip through 5.50 have a number of directory- traversal vulnerabilities, and version 5.50 also has a textmode data- corruption bug that affects 16-bit ports such as MS-DOS. See the FAQ page for details. Here are the details from the Slackware 10.1 ChangeLog: +--------------------------+ patches/packages/infozip-5.52-i486-1.tgz: Upgraded to unzip552.tar.gz and zip231.tar.gz. These fix some buffer overruns if deep directory paths are packed into a Zip archive which could be a security vulnerability (for example, in a case of automated archiving or backups that use Zip). However, it also appears that these now use certain assembly instructions that might not be available on older CPUs, so if you have an older machine you may wish to take this into account before deciding whether you should upgrade. (* Security fix *) +--------------------------+ Affected Software/OS: 'infozip' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2012 Greenbone AG