ID de Prueba:	1.3.6.1.4.1.25623.1.0.58232
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0203
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0203. The unzip utility is used to list, test, or extract files from a zip archive. A race condition was found in Unzip. Local users could use this flaw to modify permissions of arbitrary files via a hard link attack on a file while it was being decompressed (CVE-2005-2475) A buffer overflow was found in Unzip command line argument handling. If a user could be tricked into running Unzip with a specially crafted long file name, an attacker could execute arbitrary code with that user's privileges. (CVE-2005-4667) As well, this update adds support for files larger than 2GB. All users of unzip should upgrade to these updated packages, which contain backported patches that resolve these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0203.html http://www.redhat.com/security/updates/classification/#low Risk factor : Medium CVSS Score: 3.7
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2005-2475 BugTraq ID: 14450 http://www.securityfocus.com/bid/14450 Bugtraq: 20050801 unzip TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=112300046224117&w=2 Debian Security Information: DSA-903 (Google Search) http://www.debian.org/security/2005/dsa-903 http://www.mandriva.com/security/advisories?name=MDKSA-2005:197 http://www.osvdb.org/18530 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9975 http://www.redhat.com/support/errata/RHSA-2007-0203.html SCO Security Bulletin: SCOSA-2005.39 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.39/SCOSA-2005.39.txt http://secunia.com/advisories/16309 http://secunia.com/advisories/16985 http://secunia.com/advisories/17006 http://secunia.com/advisories/17045 http://secunia.com/advisories/17342 http://secunia.com/advisories/17653 http://secunia.com/advisories/25098 http://securityreason.com/securityalert/32 http://www.trustix.org/errata/2005/0053/ http://www.ubuntu.com/usn/usn-191-1 Common Vulnerability Exposure (CVE) ID: CVE-2005-4667 BugTraq ID: 15968 http://www.securityfocus.com/bid/15968 Debian Security Information: DSA-1012 (Google Search) http://www.debian.org/security/2006/dsa-1012 http://www.securityfocus.com/archive/1/430300/100/0/threaded http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0930.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:050 http://www.osvdb.org/22400 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11252 http://www.trustix.org/errata/2006/0006 https://usn.ubuntu.com/248-1/ https://usn.ubuntu.com/248-2/
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.