Test ID:	1.3.6.1.4.1.25623.1.0.55413
Category:	Trustix Local Security Checks
Title:	Trustix Security Advisory TSLSA-2005-0040 (Multiple packages)
Summary:	Trustix Security Advisory TSLSA-2005-0040 (Multiple packages)
Description:	The remote host is missing updates announced in advisory TSLSA-2005-0040. bzip2 (CVE-2005-0758) - SECURITY Fix: Command injection vulnerability in the bzgrep - bzgrep did not handle shell metacharacters like '|' and '&' properly when they occurred in input file names. This could be exploited to execute arbitrary commands with user privileges if bzgrep was run in an untrusted directory with specially crafted file names. perl-compress-zlib (CVE-2005-1849). - New upstream. - SECURITY Fix: Previous version of Compress::Zlib contains a local vulnerable version of zlib, which may lead to a buffer overflow. proftpd (CVE-2005-2390) - SECURITY Fix: Format string vulnerabilities - Two vulnerabilities have been reported in ProFTPD, which can be exploited by malicious users to disclose certain sensitive information, cause a DoS (Denial of Service), or potentially compromise a vulnerable system. Solution: Update your system with the packages as indicated in the referenced security advisory. http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0040 Risk factor : High
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0758 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml http://bugs.gentoo.org/show_bug.cgi?id=90626 http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 http://www.mandriva.com/security/advisories?name=MDKSA-2006:027 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html RedHat Security Advisories: RHSA-2005:357 http://rhn.redhat.com/errata/RHSA-2005-357.html http://www.redhat.com/support/errata/RHSA-2005-474.html SCO Security Bulletin: SCOSA-2005.58 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt SGI Security Advisory: 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 http://www.ubuntu.com/usn/usn-158-1 BugTraq ID: 13582 http://www.securityfocus.com/bid/13582 BugTraq ID: 25159 http://www.securityfocus.com/bid/25159 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9797 http://www.vupen.com/english/advisories/2007/2732 http://www.osvdb.org/16371 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1081 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1107 http://securitytracker.com/id?1013928 http://secunia.com/advisories/18100 http://secunia.com/advisories/19183 http://secunia.com/advisories/22033 http://secunia.com/advisories/26235 XForce ISS Database: gzip-zgrep-file-installation(20539) http://xforce.iss.net/xforce/xfdb/20539 Common Vulnerability Exposure (CVE) ID: CVE-2005-1849 Bugtraq: 20070404 VMSA-2007-0003 VMware ESX 3.0.1 and 3.0.0 server security updates (Google Search) http://www.securityfocus.com/archive/1/archive/1/464745/100/0/threaded http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html Debian Security Information: DSA-763 (Google Search) http://www.debian.org/security/2005/dsa-763 Debian Security Information: DSA-797 (Google Search) http://www.debian.org/security/2005/dsa-797 Debian Security Information: DSA-1026 (Google Search) http://www.debian.org/security/2006/dsa-1026 https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=162680 http://www.gentoo.org/security/en/glsa/glsa-200509-18.xml http://www.gentoo.org/security/en/glsa/glsa-200603-18.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:196 http://www.mandriva.com/security/advisories?name=MDKSA-2006:070 http://www.redhat.com/support/errata/RHSA-2005-584.html http://www.redhat.com/support/errata/RHSA-2008-0629.html SCO Security Bulletin: SCOSA-2006.6 ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.6/SCOSA-2006.6.txt SuSE Security Announcement: SUSE-SA:2005:043 (Google Search) http://www.novell.com/linux/security/advisories/2005_43_zlib.html http://www.ubuntulinux.org/usn/usn-151-3 http://security.debian.org/pool/updates/main/z/zlib/zlib_1.2.2-4.sarge.2.diff.gz BugTraq ID: 14340 http://www.securityfocus.com/bid/14340 http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:11402 http://www.vupen.com/english/advisories/2007/1267 http://www.osvdb.org/18141 http://securitytracker.com/id?1014540 http://secunia.com/advisories/16137 http://secunia.com/advisories/18377 http://secunia.com/advisories/17326 http://secunia.com/advisories/17516 http://secunia.com/advisories/19550 http://secunia.com/advisories/19334 http://secunia.com/advisories/19597 http://secunia.com/advisories/24788 http://secunia.com/advisories/31492 XForce ISS Database: zlib-codetable-dos(21456) http://xforce.iss.net/xforce/xfdb/21456 Common Vulnerability Exposure (CVE) ID: CVE-2005-2390 Debian Security Information: DSA-795 (Google Search) http://www.debian.org/security/2005/dsa-795 http://marc.theaimsgroup.com/?l=bugtraq&m=112604373503912&w=2 BugTraq ID: 14380 http://www.securityfocus.com/bid/14380 BugTraq ID: 14381 http://www.securityfocus.com/bid/14381 http://secunia.com/advisories/16181
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: