English | Deutsch | Español
 
Home ▼
Home About Us Contact Us Privacy Partner Programs Testimonials In Press Mailing Lists Abuse Developer APIs
Bookkeeping
Online ▼
Home Free Trial FAQ
Open/Create Company File Accept an Invite Order/Renew
Security
Audits ▼
Home Dedicated audits Advanced audits Standard audits Recurring audits No Risk audits Desktop audits Basic audit Security Seal FAQ Price/Feature Summary Order New Tests All Tests Confidentiality Vulnerability search Run Audit Scheduler IP Permissions Audit Configuration Editor Scan Queue Reminder Notification Schedule Seal Reports Reports Style Editor
Managed
DNS ▼
About Order FAQ Acceptable Use Policy Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password
Network
Monitor ▼
Enterprise Package Advanced Package Standard Package Free Trial FAQ Price/Feature Summary Order/Renew Examples
Configure/Status Alert Profiles
Research
Reports ▼
Home FAQ Glossary Archive
 Login/Register 
 
 Vulnerability   
Search   		     Search 324607 CVE descriptions
and 145615 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.56591
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDKSA-2006:026 (bzip2)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to bzip2
announced via advisory MDKSA-2006:026.

A bug was found in the way that bzgrep processed file names. If a
user could be tricked into running bzgrep on a file with a special
file name, it would be possible to execute arbitrary code with the
privileges of the user running bzgrep.

As well, the bzip2 package provided with Mandriva Linux 2006 did not
the patch applied to correct CVE-2005-0953 which was previously fixed
by MDKSA-2005:091
those packages are now properly patched.

The updated packages have been patched to correct these problems.

Affected: 10.1, 10.2, 2006.0, Corporate 2.1, Corporate 3.0,
Multi Network Firewall 2.0


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2006:026

Risk factor : Medium

CVSS Score:
4.6

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2005-0953
http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html
BugTraq ID: 12954
http://www.securityfocus.com/bid/12954
BugTraq ID: 26444
http://www.securityfocus.com/bid/26444
Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search)
http://marc.info/?l=bugtraq&m=111229375217633&w=2
Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search)
http://www.securityfocus.com/archive/1/456430/30/8730/threaded
Cert/CC Advisory: TA07-319A
http://www.us-cert.gov/cas/techalerts/TA07-319A.html
Debian Security Information: DSA-730 (Google Search)
http://www.debian.org/security/2005/dsa-730
http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html
http://www.mandriva.com/security/advisories?name=MDKSA-2006:026
NETBSD Security Advisory: NetBSD-SA2008-004
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc
http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154
http://www.redhat.com/support/errata/RHSA-2005-474.html
http://secunia.com/advisories/19183
http://secunia.com/advisories/27274
http://secunia.com/advisories/27643
http://secunia.com/advisories/29940
SGI Security Advisory: 20060301-01-U
ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc
http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1
http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1
http://www.vupen.com/english/advisories/2007/3525
http://www.vupen.com/english/advisories/2007/3868
XForce ISS Database: bzip2-toctou-symlink(19926)
https://exchange.xforce.ibmcloud.com/vulnerabilities/19926
Common Vulnerability Exposure (CVE) ID: CVE-2005-0758
1013928
http://securitytracker.com/id?1013928
13582
http://www.securityfocus.com/bid/13582
16371
http://www.osvdb.org/16371
18100
http://secunia.com/advisories/18100
19183
20060301-01-U
22033
http://secunia.com/advisories/22033
25159
http://www.securityfocus.com/bid/25159
26235
http://secunia.com/advisories/26235
ADV-2007-2732
http://www.vupen.com/english/advisories/2007/2732
APPLE-SA-2007-07-31
http://lists.apple.com/archives/security-announce//2007/Jul/msg00004.html
FLSA:158801
GLSA-200505-05
http://www.gentoo.org/security/en/glsa/glsa-200505-05.xml
MDKSA-2006:026
MDKSA-2006:027
http://www.mandriva.com/security/advisories?name=MDKSA-2006:027
OpenPKG-SA-2007.002
RHSA-2005:357
http://rhn.redhat.com/errata/RHSA-2005-357.html
RHSA-2005:474
SCOSA-2005.58
ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt
SSA:2006-262
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.555852
USN-158-1
http://www.ubuntu.com/usn/usn-158-1
gzip-zgrep-file-installation(20539)
https://exchange.xforce.ibmcloud.com/vulnerabilities/20539
http://bugs.gentoo.org/show_bug.cgi?id=90626
http://docs.info.apple.com/article.html?artnum=306172
oval:org.mitre.oval:def:1081
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1081
oval:org.mitre.oval:def:1107
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1107
oval:org.mitre.oval:def:9797
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9797
CopyrightCopyright (c) 2006 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.



© 1998-2025 E-Soft Inc. All rights reserved.