 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.50622 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandrake Security Advisory MDKSA-2004:142 (gzip) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to gzip announced via advisory MDKSA-2004:142. The Trustix developers found some insecure temporary file creation problems in the zdiff, znew, and gzeze supplemental scripts in the gzip package. These flaws could allow local users to overwrite files via a symlink attack. A similar problem was fixed last year (CVE-2003-0367) in which this same problem was found in znew. At that time, Mandrakesoft also used mktemp to correct the problems in gzexe. This update uses mktemp to handle temporary files in the zdiff script. Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1, Multi Network Firewall 8.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:142 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0970 Risk factor : Medium CVSS Score: 2.1 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2003-0367 BugTraq ID: 7872 http://www.securityfocus.com/bid/7872 Debian Security Information: DSA-308 (Google Search) http://www.debian.org/security/2003/dsa-308 http://www.mandriva.com/security/advisories?name=MDKSA-2003:068 TurboLinux Advisory: TLSA-2003-38 http://www.turbolinux.com/security/TLSA-2003-38.txt Common Vulnerability Exposure (CVE) ID: CVE-2004-0970 BugTraq ID: 11288 http://www.securityfocus.com/bid/11288 Debian Security Information: DSA-588 (Google Search) http://www.debian.org/security/2004/dsa-588 http://www.zataz.net/adviso/ncompress-09052005.txt http://secunia.com/advisories/13131 http://www.trustix.org/errata/2004/0050 XForce ISS Database: script-temporary-file-overwrite(17583) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |