Conectiva Local Security Checks : Conectiva Security Advisory CLSA-2005:1049

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.56166

Categoría: Conectiva Local Security Checks

Título: Conectiva Security Advisory CLSA-2005:1049

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory CLSA-2005:1049.

This announcement fixes a security vulnerability in unzip
that could allow a local attacker to modify permissions
of arbitrary files via a hard link attack on a file while
it is being decompressed, whose permissions were changed
by unzip after the decompression is completed.

Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001049
http://www.info-zip.org/pub/infozip/UnZip.html

Risk factor : Low

CVSS Score:
1.2

Referencia Cruzada: BugTraq ID: 14450
Common Vulnerability Exposure (CVE) ID: CVE-2005-2475
http://www.securityfocus.com/bid/14450
Bugtraq: 20050801 unzip TOCTOU file-permissions vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=112300046224117&w=2
Debian Security Information: DSA-903 (Google Search)
http://www.debian.org/security/2005/dsa-903
http://www.mandriva.com/security/advisories?name=MDKSA-2005:197
http://www.osvdb.org/18530
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9975
http://www.redhat.com/support/errata/RHSA-2007-0203.html
SCO Security Bulletin: SCOSA-2005.39
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt
http://secunia.com/advisories/16309
http://secunia.com/advisories/16985
http://secunia.com/advisories/17006
http://secunia.com/advisories/17045
http://secunia.com/advisories/17342
http://secunia.com/advisories/17653
http://secunia.com/advisories/25098
http://securityreason.com/securityalert/32
http://www.trustix.org/errata/2005/0053/
http://www.ubuntu.com/usn/usn-191-1

Copyright Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.56166
Categoría:	Conectiva Local Security Checks
Título:	Conectiva Security Advisory CLSA-2005:1049
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory CLSA-2005:1049. This announcement fixes a security vulnerability in unzip that could allow a local attacker to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions were changed by unzip after the decompression is completed. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=001049 http://www.info-zip.org/pub/infozip/UnZip.html Risk factor : Low CVSS Score: 1.2
Referencia Cruzada:	BugTraq ID: 14450 Common Vulnerability Exposure (CVE) ID: CVE-2005-2475 http://www.securityfocus.com/bid/14450 Bugtraq: 20050801 unzip TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=112300046224117&w=2 Debian Security Information: DSA-903 (Google Search) http://www.debian.org/security/2005/dsa-903 http://www.mandriva.com/security/advisories?name=MDKSA-2005:197 http://www.osvdb.org/18530 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9975 http://www.redhat.com/support/errata/RHSA-2007-0203.html SCO Security Bulletin: SCOSA-2005.39 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt http://secunia.com/advisories/16309 http://secunia.com/advisories/16985 http://secunia.com/advisories/17006 http://secunia.com/advisories/17045 http://secunia.com/advisories/17342 http://secunia.com/advisories/17653 http://secunia.com/advisories/25098 http://securityreason.com/securityalert/32 http://www.trustix.org/errata/2005/0053/ http://www.ubuntu.com/usn/usn-191-1
Copyright	Copyright (c) 2006 E-Soft Inc. http://www.securityspace.com