ID de Prueba:	1.3.6.1.4.1.25623.1.0.54330
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2005:116 (cpio)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to cpio announced via advisory MDKSA-2005:116. A race condition has been found in cpio 2.6 and earlier which allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. (CVE-2005-1111) A vulnerability has been discovered in cpio that allows a malicious cpio file to extract to an arbitrary directory of the attackers choice. Cpio will extract to the path specified in the cpio file, this path can be absolute. (CVE-2005-1229) The updated packages have been patched to address both of these issues. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:116 Risk factor : Medium CVSS Score: 4.6
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-1111 BugTraq ID: 13159 http://www.securityfocus.com/bid/13159 Bugtraq: 20050413 cpio TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111342664116120&w=2 Debian Security Information: DSA-846 (Google Search) http://www.debian.org/security/2005/dsa-846 FreeBSD Security Advisory: FreeBSD-SA-06:03 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc http://www.osvdb.org/15725 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783 http://www.redhat.com/support/errata/RHSA-2005-378.html http://www.redhat.com/support/errata/RHSA-2005-806.html SCO Security Bulletin: SCOSA-2005.32 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt SCO Security Bulletin: SCOSA-2006.2 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt http://secunia.com/advisories/16998 http://secunia.com/advisories/17123 http://secunia.com/advisories/17532 http://secunia.com/advisories/18290 http://secunia.com/advisories/18395 http://secunia.com/advisories/20117 SuSE Security Announcement: SUSE-SR:2006:010 (Google Search) http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html http://www.ubuntu.com/usn/usn-189-1 Common Vulnerability Exposure (CVE) ID: CVE-2005-1229 BugTraq ID: 13291 http://www.securityfocus.com/bid/13291 Bugtraq: 20050420 cpio directory traversal vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111403177526312&w=2 http://www.mandriva.com/security/advisories?name=MDKSA-2007:233 http://www.osvdb.org/17939 http://secunia.com/advisories/27857 XForce ISS Database: cpio-directory-traversal(20204) https://exchange.xforce.ibmcloud.com/vulnerabilities/20204
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.