Test ID:	1.3.6.1.4.1.25623.1.0.55872
Category:	Fedora Local Security Checks
Title:	Fedora Legacy Security Advisory FLSA-2005:158801
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory FLSA-2005:158801. A bug was found in the way bzgrep processes file names. If a user can be tricked into running bzgrep on a file with a carefully crafted file name, arbitrary commands could be executed as the user running bzgrep. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2005-0758 to this issue. A bug was found in the way bzip2 modifies file permissions during decompression. If an attacker has write access to the directory into which bzip2 is decompressing files, it is possible for them to modify permissions on files owned by the user running bzip2 (CVE-2005-0953). A bug was found in the way bzip2 decompresses files. It is possible for an attacker to create a specially crafted bzip2 file which will cause bzip2 to cause a denial of service (by filling disk space) if decompressed by a victim (CVE-2005-1260). Users of Bzip2 should upgrade to these updated packages, which contain backported patches to correct these issues. Affected platforms: Redhat 7.3 Redhat 9 Fedora Core 1 Fedora Core 2 Solution: http://www.securityspace.com/smysecure/catid.html?in=FLSA-2005:158801 Risk factor : Medium CVSS Score: 5.0
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0758 1013928 http://securitytracker.com/id?1013928 13582 http://www.securityfocus.com/bid/13582 16371 http://www.osvdb.org/16371 18100 http://secunia.com/advisories/18100 19183 http://secunia.com/advisories/19183 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc 22033 http://secunia.com/advisories/22033 25159 http://www.securityfocus.com/bid/25159 26235 http://secunia.com/advisories/26235 ADV-2007-2732 http://www.vupen.com/english/advisories/2007/2732 APPLE-SA-2007-07-31 http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html FLSA:158801 http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html GLSA-200505-05 http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml MDKSA-2006:026 http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 MDKSA-2006:027 http://www.mandriva.com/security/advisories?name=MDKSA-2006:027 OpenPKG-SA-2007.002 http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html RHSA-2005:357 http://rhn.redhat.com/errata/RHSA-2005-357.html RHSA-2005:474 http://www.redhat.com/support/errata/RHSA-2005-474.html SCOSA-2005.58 ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt SSA:2006-262 http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852 USN-158-1 http://www.ubuntu.com/usn/usn-158-1 gzip-zgrep-file-installation(20539) https://exchange.xforce.ibmcloud.com/vulnerabilities/20539 http://bugs.gentoo.org/show_bug.cgi?id=90626 http://docs.info.apple.com/article.html?artnum=306172 oval:org.mitre.oval:def:1081 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081 oval:org.mitre.oval:def:1107 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107 oval:org.mitre.oval:def:9797 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797 Common Vulnerability Exposure (CVE) ID: CVE-2005-0953 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BugTraq ID: 12954 http://www.securityfocus.com/bid/12954 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111229375217633&w=2 Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search) http://www.securityfocus.com/archive/1/456430/30/8730/threaded Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html Debian Security Information: DSA-730 (Google Search) http://www.debian.org/security/2005/dsa-730 NETBSD Security Advisory: NetBSD-SA2008-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://secunia.com/advisories/29940 SGI Security Advisory: 20060301-01-U http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http://www.vupen.com/english/advisories/2007/3525 http://www.vupen.com/english/advisories/2007/3868 XForce ISS Database: bzip2-toctou-symlink(19926) https://exchange.xforce.ibmcloud.com/vulnerabilities/19926 Common Vulnerability Exposure (CVE) ID: CVE-2005-1260 103118 13657 http://www.securityfocus.com/bid/13657 15447 http://secunia.com/advisories/15447 200191 26444 27274 27643 ADV-2007-3525 ADV-2007-3868 APPLE-SA-2007-11-14 DSA-741 http://www.debian.org/security/2005/dsa-741 TA07-319A USN-127-1 https://usn.ubuntu.com/127-1/ http://docs.info.apple.com/article.html?artnum=307041 oval:org.mitre.oval:def:10700 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700 oval:org.mitre.oval:def:749 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.