 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.882143 |
| Categoría: | CentOS Local Security Checks |
| Título: | CentOS Update for unzip CESA-2015:0700 centos7 |
| Resumen: | Check the version of unzip |
| Descripción: | Summary: Check the version of unzip Vulnerability Insight: The unzip utility is used to list, test, or extract files from a zip archive. A buffer overflow was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash or, possibly, execute arbitrary code when the archive was tested with unzip's '-t' option. (CVE-2014-9636) A buffer overflow flaw was found in the way unzip computed the CRC32 checksum of certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8139) An integer underflow flaw, leading to a buffer overflow, was found in the way unzip uncompressed certain extra fields of a file. A specially crafted Zip archive could cause unzip to crash when the archive was tested with unzip's '-t' option. (CVE-2014-8140) A buffer overflow flaw was found in the way unzip handled Zip64 files. A specially crafted Zip archive could possibly cause unzip to crash when the archive was uncompressed. (CVE-2014-8141) Red Hat would like to thank oCERT for reporting the CVE-2014-8139, CVE-2014-8140, and CVE-2014-8141 issues. oCERT acknowledges Michele Spagnuolo of the Google Security Team as the original reporter of these issues. All unzip users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Affected Software/OS: unzip on CentOS 7 Solution: Please install the updated packages. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2014-8139 http://www.ocert.org/advisories/ocert-2014-011.html http://www.securitytracker.com/id/1031433 https://access.redhat.com/errata/RHSA-2015:0700 https://bugzilla.redhat.com/show_bug.cgi?id=1174844 Common Vulnerability Exposure (CVE) ID: CVE-2014-8140 https://bugzilla.redhat.com/show_bug.cgi?id=1174851 Common Vulnerability Exposure (CVE) ID: CVE-2014-8141 https://bugzilla.redhat.com/show_bug.cgi?id=1174856 Common Vulnerability Exposure (CVE) ID: CVE-2014-9636 BugTraq ID: 71825 http://www.securityfocus.com/bid/71825 Debian Security Information: DSA-3152 (Google Search) http://www.debian.org/security/2015/dsa-3152 http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148792.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148849.html https://security.gentoo.org/glsa/201611-01 http://seclists.org/oss-sec/2014/q4/489 http://seclists.org/oss-sec/2014/q4/496 http://seclists.org/oss-sec/2015/q1/216 http://seclists.org/oss-sec/2014/q4/1131 http://secunia.com/advisories/62738 http://secunia.com/advisories/62751 http://www.ubuntu.com/usn/USN-2489-1 |
| Copyright | Copyright (C) 2015 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |