Test ID:	1.3.6.1.4.1.25623.1.0.50840
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2002:066 (tar)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to tar announced via advisory MDKSA-2002:066. A directory traversal vulnerability was discovered in GNU tar version 1.13.25 and earlier that allows attackers to overwrite arbitrary files during extraction of the archive by using a .. (dot dot) in an extracted filename. Affected versions: 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, Corporate Server 1.0.1, Single Network Firewall 7.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2002:066 http://online.securityfocus.com/archive/1/196445 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1267 BugTraq ID: 3024 http://www.securityfocus.com/bid/3024 Bugtraq: 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers (Google Search) http://online.securityfocus.com/archive/1/196445 Conectiva Linux advisory: CLA-2002:538 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 HPdes Security Advisory: HPSBTL0209-068 http://online.securityfocus.com/advisories/4514 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 http://www.redhat.com/support/errata/RHSA-2002-096.html http://www.redhat.com/support/errata/RHSA-2002-138.html http://www.redhat.com/support/errata/RHSA-2003-218.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1 http://www.iss.net/security_center/static/10224.php Common Vulnerability Exposure (CVE) ID: CVE-2002-0399 BugTraq ID: 5834 http://www.securityfocus.com/bid/5834 Bugtraq: 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) (Google Search) http://marc.info/?l=bugtraq&m=103419290219680&w=2 Bugtraq: 20070825 rPSA-2007-0172-1 tar (Google Search) http://www.securityfocus.com/archive/1/477731/100/0/threaded Bugtraq: 20070827 FLEA-2007-0049-1 tar (Google Search) http://www.securityfocus.com/archive/1/477865/100/0/threaded En Garde Linux Advisory: ESA-20021003-022 http://www.linuxsecurity.com/advisories/other_advisory-2400.html http://www.mandriva.com/security/advisories?name=MDKSA-2002:066 http://secunia.com/advisories/19130 http://secunia.com/advisories/26604 http://secunia.com/advisories/26673 http://secunia.com/advisories/26987 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1 SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.