ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2018.0362
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2018-0362)
Resumen:	The remote host is missing an update for the 'quazip' package(s) announced via the MGASA-2018-0362 advisory.
Descripción:	Summary: The remote host is missing an update for the 'quazip' package(s) announced via the MGASA-2018-0362 advisory. Vulnerability Insight: Updated quazip packages fix security vulnerability: A vulnerability has been found in the way developers have implemented the archive extraction of files. An arbitrary file write vulnerability, that can be achieved using a specially crafted zip archive (affects other archives as well, bzip2, tar,xz, war, cpio, 7z), that holds path traversal filenames. So when the filename gets concatenated to the target extraction directory, the final path ends up outside of the target folder. Of course if an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily. This affects multiple libraries that lacks of a high level APIs that provide the archive extraction functionality (CVE-2018-1002209). Affected Software/OS: 'quazip' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 4.3 CVSS Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2018-1002209 https://github.com/snyk/zip-slip-vulnerability https://snyk.io/research/zip-slip-vulnerability
Copyright	Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.