Description: | Description:
The remote host is missing updates announced in advisory TSLSA-2005-0030.
cpio: Fix File Permissions Vulnerability, Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1111 to this issue.
Fix Directory Traversal Vulnerability, cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-1229 to this issue.
razor-agents: New Upstream. Security Fix:Two vulnerabilities have been reported in Razor-agents, which can be exploited by malicious people to cause a DoS (Denial of Service).
An unspecified error in the preprocessing of certain HTML messages can be exploited to crash the application.
A bug in the discovery logic causes Razor-agents to go into an infinite loop and consume a large amount of memory when discovery fails.
sudo: New Upstream. Fix A race condition in Sudo's command pathname handling that could allow a user with Sudo privileges to run arbitrary commands.
telnet: Security Fix: Telnet information disclosure vulnerability. Gael Delalleau discovered an information disclosure issue in the way the telnet client handles messages from a server. An attacker could construct a malicious telnet server that collects information from the environment of any victim who connects to it.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0488 to this issue.
Solution: Update your system with the packages as indicated in the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0030
Risk factor : Medium
CVSS Score: 5.0
|