ID de Prueba:	1.3.6.1.4.1.25623.1.0.53975
Categoría:	FreeBSD Local Security Checks
Título:	FreeBSD Security Advisory (FreeBSD-SA-05:14.bzip2.asc)
Resumen:	The remote host is missing an update to the system; as announced in the referenced advisory FreeBSD-SA-05:14.bzip2.asc
Descripción:	Summary: The remote host is missing an update to the system as announced in the referenced advisory FreeBSD-SA-05:14.bzip2.asc Vulnerability Insight: bzip2 is a block-sorting file compression utility. Two problems have been discovered relating to the extraction of bzip2-compressed files. First, a carefully constructed invalid bzip2 archive can cause bzip2 to enter an infinite loop. Second, when creating a new file, bzip2 closes the file before setting its permissions. Solution: Upgrade your system to the appropriate stable release or security branch dated after the correction date. CVSS Score: 3.7 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0953 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BugTraq ID: 12954 http://www.securityfocus.com/bid/12954 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111229375217633&w=2 Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search) http://www.securityfocus.com/archive/1/456430/30/8730/threaded Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html Debian Security Information: DSA-730 (Google Search) http://www.debian.org/security/2005/dsa-730 http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 NETBSD Security Advisory: NetBSD-SA2008-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154 http://www.redhat.com/support/errata/RHSA-2005-474.html http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://secunia.com/advisories/29940 SGI Security Advisory: 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http://www.vupen.com/english/advisories/2007/3525 http://www.vupen.com/english/advisories/2007/3868 XForce ISS Database: bzip2-toctou-symlink(19926) https://exchange.xforce.ibmcloud.com/vulnerabilities/19926
Copyright	Copyright (C) 2008 E-Soft Inc.

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.