ID de Prueba:	1.3.6.1.4.1.25623.1.0.55067
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLA-2005:973 (gzip)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLA-2005:973. The installed version of gzip contains several vulnerabilities. A race condition vulnerability when decompressing a gzip file allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. A directory traversal vulnerability[3] via 'gunzip -N' allows remote attackers to write to arbitrary directories via a '..' (dot dot) in the original filename within a compressed file. Solution: Upgrade your software. http://www.gzip.org http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000974 Risk factor : Medium CVSS Score: 5.0
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0988 http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html BugTraq ID: 12996 http://www.securityfocus.com/bid/12996 BugTraq ID: 19289 http://www.securityfocus.com/bid/19289 Bugtraq: 20050404 gzip TOCTOU file-permissions vulnerability (Google Search) http://www.securityfocus.com/archive/1/394965 Cert/CC Advisory: TA06-214A http://www.us-cert.gov/cas/techalerts/TA06-214A.html Debian Security Information: DSA-752 (Google Search) http://www.debian.org/security/2005/dsa-752 http://www.osvdb.org/15487 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10242 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1169 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A765 RedHat Security Advisories: RHSA-2005:357 http://rhn.redhat.com/errata/RHSA-2005-357.html SCO Security Bulletin: SCOSA-2005.58 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt http://secunia.com/advisories/18100 http://secunia.com/advisories/21253 http://secunia.com/advisories/22033 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://sunsolve.sun.com/search/document.do?assetkey=1-26-101816-1 http://www.vupen.com/english/advisories/2006/3101 Common Vulnerability Exposure (CVE) ID: CVE-2005-1228 Bugtraq: 20050420 gzip directory traversal vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111402732406477&w=2 http://www.osvdb.org/15721 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11057 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A170 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A382 http://secunia.com/advisories/15047 XForce ISS Database: gzip-n-directory-traversal(20199) https://exchange.xforce.ibmcloud.com/vulnerabilities/20199
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.