Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.54314
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2005-0030 (Multiple packages)
Summary:NOSUMMARY
Description:Description:

The remote host is missing updates announced in
advisory TSLSA-2005-0030.

cpio:
Fix File Permissions Vulnerability, Race condition in cpio 2.6 and earlier
allows local users to modify permissions of arbitrary files via a hard link
attack on a file while it is being decompressed, whose permissions are changed
by cpio after the decompression is complete.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-1111 to this issue.

Fix Directory Traversal Vulnerability, cpio 2.6 and earlier allows remote
attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.

The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-1229 to this issue.

razor-agents:
New Upstream.
Security Fix:Two vulnerabilities have been reported in
Razor-agents, which can be exploited by malicious people to
cause a DoS (Denial of Service).

An unspecified error in the preprocessing of certain HTML
messages can be exploited to crash the application.

A bug in the discovery logic causes Razor-agents to go into
an infinite loop and consume a large amount of memory when
discovery fails.

sudo:
New Upstream.
Fix A race condition in Sudo's command pathname handling that could
allow a user with Sudo privileges to run arbitrary commands.

telnet:
Security Fix: Telnet information disclosure vulnerability.
Gael Delalleau discovered an information disclosure issue in the way the
telnet client handles messages from a server. An attacker could construct
a malicious telnet server that collects information from the environment of
any victim who connects to it.

The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2005-0488 to this issue.


Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0030

Risk factor : Medium

CVSS Score:
5.0

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-1111
BugTraq ID: 13159
http://www.securityfocus.com/bid/13159
Bugtraq: 20050413 cpio TOCTOU file-permissions vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=111342664116120&w=2
Debian Security Information: DSA-846 (Google Search)
http://www.debian.org/security/2005/dsa-846
FreeBSD Security Advisory: FreeBSD-SA-06:03
ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc
http://www.osvdb.org/15725
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A358
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9783
http://www.redhat.com/support/errata/RHSA-2005-378.html
http://www.redhat.com/support/errata/RHSA-2005-806.html
SCO Security Bulletin: SCOSA-2005.32
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.32/SCOSA-2005.32.txt
SCO Security Bulletin: SCOSA-2006.2
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.2/SCOSA-2006.2.txt
http://secunia.com/advisories/16998
http://secunia.com/advisories/17123
http://secunia.com/advisories/17532
http://secunia.com/advisories/18290
http://secunia.com/advisories/18395
http://secunia.com/advisories/20117
SuSE Security Announcement: SUSE-SR:2006:010 (Google Search)
http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html
http://www.ubuntu.com/usn/usn-189-1
Common Vulnerability Exposure (CVE) ID: CVE-2005-1229
BugTraq ID: 13291
http://www.securityfocus.com/bid/13291
Bugtraq: 20050420 cpio directory traversal vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=111403177526312&w=2
http://www.mandriva.com/security/advisories?name=MDKSA-2007:233
http://www.osvdb.org/17939
http://secunia.com/advisories/27857
XForce ISS Database: cpio-directory-traversal(20204)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20204
Common Vulnerability Exposure (CVE) ID: CVE-2005-0488
http://lists.apple.com/archives/security-announce/2006//Aug/msg00000.html
BugTraq ID: 13940
http://www.securityfocus.com/bid/13940
BugTraq ID: 19289
http://www.securityfocus.com/bid/19289
Cert/CC Advisory: TA06-214A
http://www.us-cert.gov/cas/techalerts/TA06-214A.html
CERT/CC vulnerability note: VU#800829
http://www.kb.cert.org/vuls/id/800829
http://idefense.com/application/poi/display?id=260&type=vulnerabilities
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11373
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1139
http://www.redhat.com/support/errata/RHSA-2005-504.html
http://www.redhat.com/support/errata/RHSA-2005-562.html
http://securitytracker.com/id?1014203
http://secunia.com/advisories/17135
http://secunia.com/advisories/21253
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101665-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-101671-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57755-1
http://sunsolve.sun.com/search/document.do?assetkey=1-26-57761-1
SuSE Security Announcement: SUSE-SR:2005:016 (Google Search)
http://www.novell.com/linux/security/advisories/2005_16_sr.html
http://www.vupen.com/english/advisories/2006/3101
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.