English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 73247 CVE descriptions
and 39212 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.55413
Category:Trustix Local Security Checks
Title:Trustix Security Advisory TSLSA-2005-0040 (Multiple packages)
Summary:Trustix Security Advisory TSLSA-2005-0040 (Multiple packages)
Description:
The remote host is missing updates announced in
advisory TSLSA-2005-0040.

bzip2 (CVE-2005-0758)
- SECURITY Fix: Command injection vulnerability in the bzgrep
- bzgrep did not handle shell metacharacters like '|' and '&' properly
when they occurred in input file names. This could be exploited to
execute arbitrary commands with user privileges if bzgrep was run in
an untrusted directory with specially crafted file names.

perl-compress-zlib (CVE-2005-1849).
- New upstream.
- SECURITY Fix: Previous version of Compress::Zlib contains a local
vulnerable version of zlib, which may lead to a buffer overflow.

proftpd (CVE-2005-2390)
- SECURITY Fix: Format string vulnerabilities
- Two vulnerabilities have been reported in ProFTPD, which can be
exploited by malicious users to disclose certain sensitive
information, cause a DoS (Denial of Service), or potentially
compromise a vulnerable system.

Solution:
Update your system with the packages as indicated in
the referenced security advisory.

http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0040

Risk factor : High
Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0758
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml
http://bugs.gentoo.org/show_bug.cgi?id=90626
http://www.mandriva.com/security/advisories?name=MDKSA-2006:026
http://www.mandriva.com/security/advisories?name=MDKSA-2006:027
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html
RedHat Security Advisories: RHSA-2005:357
http://rhn.redhat.com/errata/RHSA-2005-357.html
http://www.redhat.com/support/errata/RHSA-2005-474.html
SCO Security Bulletin: SCOSA-2005.58
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt
SGI Security Advisory: 20060301-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
http://www.ubuntu.com/usn/usn-158-1
BugTraq ID: 13582
http://www.securityfocus.com/bid/13582
BugTraq ID: 25159
http://www.securityfocus.com/bid/25159
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9797
http://www.vupen.com/english/advisories/2007/2732
http://www.osvdb.org/16371
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1081
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1107
http://securitytracker.com/id?1013928
http://secunia.com/advisories/18100
http://secunia.com/advisories/19183
http://secunia.com/advisories/22033
http://secunia.com/advisories/26235
XForce ISS Database: gzip-zgrep-file-installation(20539)
http://xforce.iss.net/xforce/xfdb/20539
Common Vulnerability Exposure (CVE) ID: CVE-2005-1849
Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search)
http://www.securityfocus.com/archive/1/archive/1/464745/100/0/threaded
http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html
http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html
Debian Security Information: DSA-763 (Google Search)
http://www.debian.org/security/2005/dsa-763
Debian Security Information: DSA-797 (Google Search)
http://www.debian.org/security/2005/dsa-797
Debian Security Information: DSA-1026 (Google Search)
http://www.debian.org/security/2006/dsa-1026
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680
http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml
http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2005:196
http://www.mandriva.com/security/advisories?name=MDKSA-2006:070
http://www.redhat.com/support/errata/RHSA-2005-584.html
http://www.redhat.com/support/errata/RHSA-2008-0629.html
SCO Security Bulletin: SCOSA-2006.6
ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt
SuSE Security Announcement: SUSE-SA:2005:043 (Google Search)
http://www.novell.com/linux/security/advisories/2005_43_zlib.html
http://www.ubuntulinux.org/usn/usn-151-3
http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz
BugTraq ID: 14340
http://www.securityfocus.com/bid/14340
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11402
http://www.vupen.com/english/advisories/2007/1267
http://www.osvdb.org/18141
http://securitytracker.com/id?1014540
http://secunia.com/advisories/16137
http://secunia.com/advisories/18377
http://secunia.com/advisories/17326
http://secunia.com/advisories/17516
http://secunia.com/advisories/19550
http://secunia.com/advisories/19334
http://secunia.com/advisories/19597
http://secunia.com/advisories/24788
http://secunia.com/advisories/31492
XForce ISS Database: zlib-codetable-dos(21456)
http://xforce.iss.net/xforce/xfdb/21456
Common Vulnerability Exposure (CVE) ID: CVE-2005-2390
Debian Security Information: DSA-795 (Google Search)
http://www.debian.org/security/2005/dsa-795
http://marc.theaimsgroup.com/?l=bugtraq&m=112604373503912&w=2
BugTraq ID: 14380
http://www.securityfocus.com/bid/14380
BugTraq ID: 14381
http://www.securityfocus.com/bid/14381
http://secunia.com/advisories/16181
CopyrightCopyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 39212 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.