Red Hat Local Security Checks : RedHat Security Advisory RHSA-2007:0873

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.58942

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2007:0873

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2007:0873.

Star is a tar-like archiver. It saves multiple files into a single tape or
disk archive, and can restore individual files from the archive. Star
includes multi-volume support, automatic archive format detection and ACL
support.

A path traversal flaw was discovered in the way star extracted archives. A
malicious user could create a tar archive that would cause star to write to
arbitrary files to which the user running star had write access.
(CVE-2007-4134)

Red Hat would like to thank Robert Buchholz for reporting this issue.

As well, this update adds the command line argument -.. to the Red Hat
Enterprise Linux 3 version of star. This allows star to extract files
containing /../ in their pathname.

Users of star should upgrade to this updated package, which contain
backported patches to correct these issues.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2007-0873.html
http://www.redhat.com/security/updates/classification/#moderate

Risk factor : High

CVSS Score:
6.8

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2007-4134
1018646
http://securitytracker.com/id?1018646
20070901-01-P
ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc
20070907 FLEA-2007-0051-1 star
http://www.securityfocus.com/archive/1/478797/100/200/threaded
26626
http://secunia.com/advisories/26626
26672
http://secunia.com/advisories/26672
26673
http://secunia.com/advisories/26673
26857
http://secunia.com/advisories/26857
27318
http://secunia.com/advisories/27318
27544
http://secunia.com/advisories/27544
FEDORA-2007-1852
http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html
GLSA-200710-23
http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml
RHSA-2007:0873
http://www.redhat.com/support/errata/RHSA-2007-0873.html
ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84
http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm
https://bugs.gentoo.org/show_bug.cgi?id=189690
https://issues.rpath.com/browse/RPL-1669
oval:org.mitre.oval:def:11098
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098

Copyright Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.58942
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2007:0873
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2007:0873. Star is a tar-like archiver. It saves multiple files into a single tape or disk archive, and can restore individual files from the archive. Star includes multi-volume support, automatic archive format detection and ACL support. A path traversal flaw was discovered in the way star extracted archives. A malicious user could create a tar archive that would cause star to write to arbitrary files to which the user running star had write access. (CVE-2007-4134) Red Hat would like to thank Robert Buchholz for reporting this issue. As well, this update adds the command line argument -.. to the Red Hat Enterprise Linux 3 version of star. This allows star to extract files containing /../ in their pathname. Users of star should upgrade to this updated package, which contain backported patches to correct these issues. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2007-0873.html http://www.redhat.com/security/updates/classification/#moderate Risk factor : High CVSS Score: 6.8
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2007-4134 1018646 http://securitytracker.com/id?1018646 20070901-01-P ftp://patches.sgi.com/support/free/security/advisories/20070901-01-P.asc 20070907 FLEA-2007-0051-1 star http://www.securityfocus.com/archive/1/478797/100/200/threaded 26626 http://secunia.com/advisories/26626 26672 http://secunia.com/advisories/26672 26673 http://secunia.com/advisories/26673 26857 http://secunia.com/advisories/26857 27318 http://secunia.com/advisories/27318 27544 http://secunia.com/advisories/27544 FEDORA-2007-1852 http://www.redhat.com/archives/fedora-package-announce/2007-August/msg00425.html GLSA-200710-23 http://www.gentoo.org/security/en/glsa/glsa-200710-23.xml RHSA-2007:0873 http://www.redhat.com/support/errata/RHSA-2007-0873.html ftp://ftp.berlios.de/pub/star/alpha/AN-1.5a84 http://support.avaya.com/elmodocs2/security/ASA-2007-414.htm https://bugs.gentoo.org/show_bug.cgi?id=189690 https://issues.rpath.com/browse/RPL-1669 oval:org.mitre.oval:def:11098 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11098
Copyright	Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com