English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 75803 CVE descriptions
and 40037 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.51548
Category:Conectiva Local Security Checks
Title:Conectiva Security Advisory CLA-2002:538
Summary:Conectiva Security Advisory CLA-2002:538
Description:
The remote host is missing updates announced in
advisory CLA-2002:538.

tar and unzip are programs widely used for distribution of multiple
files concatenated (commonly known as an archive).

Both tar and unzip have directory transversal vulnerabilities in the
way they extract filenames containning .. or / characteres at the
beginning.

By exploiting these vulnerabilities, a malicious user can overwrite
arbitrary files if the user unpacking such an archive has sufficient
filesystem permissions to do so.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has
assigned the names CVE-2001-1267, CVE-2001-1268, CVE-2001-1269 and
CVE-2002-0399 to this issue.


Solution:
The apt tool can be used to perform RPM package upgrades
by running 'apt-get update' followed by 'apt-get upgrade'

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1267
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1268
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2001-1269
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2002-0399
http://www.securityspace.com/smysecure/catid.html?in=CLA-2002:538
http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002002

Risk factor : Medium
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2001-1267
Bugtraq: 20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers (Google Search)
http://online.securityfocus.com/archive/1/196445
Conectiva Linux advisory: CLA-2002:538
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
HPdes Security Advisory: HPSBTL0209-068
http://online.securityfocus.com/advisories/4514
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066
http://www.redhat.com/support/errata/RHSA-2002-096.html
http://www.redhat.com/support/errata/RHSA-2002-138.html
http://www.redhat.com/support/errata/RHSA-2003-218.html
http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
BugTraq ID: 3024
http://www.securityfocus.com/bid/3024
http://www.iss.net/security_center/static/10224.php
Common Vulnerability Exposure (CVE) ID: CVE-2001-1268
http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000928.1-1
Common Vulnerability Exposure (CVE) ID: CVE-2001-1269
Common Vulnerability Exposure (CVE) ID: CVE-2002-0399
Bugtraq: 20020928 GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) (Google Search)
http://marc.theaimsgroup.com/?l=bugtraq&m=103419290219680&w=2
Bugtraq: 20070825 rPSA-2007-0172-1 tar (Google Search)
http://www.securityfocus.com/archive/1/archive/1/477731/100/0/threaded
Bugtraq: 20070827 FLEA-2007-0049-1 tar (Google Search)
http://www.securityfocus.com/archive/1/archive/1/477865/100/0/threaded
http://www.mandriva.com/security/advisories?name=MDKSA-2002:066
En Garde Linux Advisory: ESA-20021003-022
http://www.linuxsecurity.com/advisories/other_advisory-2400.html
SuSE Security Announcement: SUSE-SR:2006:005 (Google Search)
http://www.novell.com/linux/security/advisories/2006_05_sr.html
SuSE Security Announcement: SUSE-SR:2007:019 (Google Search)
http://www.novell.com/linux/security/advisories/2007_19_sr.html
BugTraq ID: 5834
http://www.securityfocus.com/bid/5834
http://secunia.com/advisories/19130
http://secunia.com/advisories/26604
http://secunia.com/advisories/26673
http://secunia.com/advisories/26987
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 40037 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.