Test ID:	1.3.6.1.4.1.25623.1.0.51548
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2002:538
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2002:538. tar and unzip are programs widely used for distribution of multiple files concatenated (commonly known as an archive). Both tar and unzip have directory transversal vulnerabilities in the way they extract filenames containning .. or / characteres at the beginning. By exploiting these vulnerabilities, a malicious user can overwrite arbitrary files if the user unpacking such an archive has sufficient filesystem permissions to do so. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2001-1267, CVE-2001-1268, CVE-2001-1269 and CVE-2002-0399 to this issue. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1267 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1268 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399 http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:538 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2001-1267 BugTraq ID: 3024 http://www.securityfocus.com/bid/3024 Bugtraq: 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers (Google Search) http://online.securityfocus.com/archive/1/196445 Conectiva Linux advisory: CLA-2002:538 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538 HPdes Security Advisory: HPSBTL0209-068 http://online.securityfocus.com/advisories/4514 http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066 http://www.redhat.com/support/errata/RHSA-2002-096.html http://www.redhat.com/support/errata/RHSA-2002-138.html http://www.redhat.com/support/errata/RHSA-2003-218.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1 http://www.iss.net/security_center/static/10224.php Common Vulnerability Exposure (CVE) ID: CVE-2001-1268 http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1 Common Vulnerability Exposure (CVE) ID: CVE-2001-1269 Common Vulnerability Exposure (CVE) ID: CVE-2002-0399 BugTraq ID: 5834 http://www.securityfocus.com/bid/5834 Bugtraq: 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) (Google Search) http://marc.info/?l=bugtraq&m=103419290219680&w=2 Bugtraq: 20070825 rPSA-2007-0172-1 tar (Google Search) http://www.securityfocus.com/archive/1/477731/100/0/threaded Bugtraq: 20070827 FLEA-2007-0049-1 tar (Google Search) http://www.securityfocus.com/archive/1/477865/100/0/threaded En Garde Linux Advisory: ESA-20021003-022 http://www.linuxsecurity.com/advisories/other_advisory-2400.html http://www.mandriva.com/security/advisories?name=MDKSA-2002:066 http://secunia.com/advisories/19130 http://secunia.com/advisories/26604 http://secunia.com/advisories/26673 http://secunia.com/advisories/26987 SuSE Security Announcement: SUSE-SR:2006:005 (Google Search) http://www.novell.com/linux/security/advisories/2006_05_sr.html SuSE Security Announcement: SUSE-SR:2007:019 (Google Search) http://www.novell.com/linux/security/advisories/2007_19_sr.html
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.