Test ID:	1.3.6.1.4.1.25623.1.0.51430
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:672
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:672. unzip is a program widely used for the distribution of multiple files concatenated/compacted (a file commonly known as an archive). A vulnerability has been found in the way unzip extracts files with invalid characters between two '.' (dot) characters in their path/names. These characters are filtered and result in a .. sequence (indicating the parent directory). By exploiting this vulnerability, an attacker can overwrite arbitrary files if the user unpacking such an archive has sufficient filesystem permissions to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2003-0282 to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://marc.theaimsgroup.com/?l=bugtraq&m=105259038503175 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0282 http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:672 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : Medium CVSS Score: 2.6
Cross-Ref:	BugTraq ID: 7550 Common Vulnerability Exposure (CVE) ID: CVE-2003-0282 http://www.securityfocus.com/bid/7550 Bugtraq: 20030509 unzip directory traversal revisited (Google Search) http://marc.info/?l=bugtraq&m=105259038503175&w=2 Bugtraq: 20030710 [OpenPKG-SA-2003.033] OpenPKG Security Advisory (infozip) (Google Search) http://marc.info/?l=bugtraq&m=105786446329347&w=2 Caldera Security Advisory: CSSA-2003-031.0 ftp://ftp.sco.com/pub/security/OpenLinux/CSSA-2003-031.0.txt Computer Incident Advisory Center Bulletin: N-111 http://www.ciac.org/ciac/bulletins/n-111.shtml Conectiva Linux advisory: CLA-2003:672 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000672 Debian Security Information: DSA-344 (Google Search) http://www.debian.org/security/2003/dsa-344 Immunix Linux Advisory: IMNX-2003-7+-017-01 http://download.immunix.org/ImmunixOS/7+/Updates/errata/IMNX-2003-7+-017-01 http://www.mandriva.com/security/advisories?name=MDKSA-2003:073 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A619 http://www.redhat.com/support/errata/RHSA-2003-199.html http://www.redhat.com/support/errata/RHSA-2003-200.html SCO Security Bulletin: CSSA-2003-031.0 TurboLinux Advisory: TLSA-2003-42 http://www.turbolinux.com/security/TLSA-2003-42.txt XForce ISS Database: unzip-dotdot-directory-traversal(12004) https://exchange.xforce.ibmcloud.com/vulnerabilities/12004
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.