Test ID:	1.3.6.1.4.1.25623.1.0.60576
Category:	Debian Local Security Checks
Title:	Debian: Security Advisory (DSA-1522-1)
Summary:	The remote host is missing an update for the Debian 'unzip' package(s) announced via the DSA-1522-1 advisory.
Description:	Summary: The remote host is missing an update for the Debian 'unzip' package(s) announced via the DSA-1522-1 advisory. Vulnerability Insight: Tavis Ormandy discovered that unzip, when processing specially crafted ZIP archives, could pass invalid pointers to the C library's free routine, potentially leading to arbitrary code execution (CVE-2008-0888). For the old stable distribution (sarge), this problem has been fixed in version 5.52-1sarge5. For the stable distribution (etch), this problem has been fixed in version 5.52-9etch1. The unstable distribution (sid) will be fixed soon. We recommend that you upgrade your unzip package. Affected Software/OS: 'unzip' package(s) on Debian 3.1, Debian 4. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-0888 1019634 http://www.securitytracker.com/id?1019634 20080321 rPSA-2008-0116-1 unzip http://www.securityfocus.com/archive/1/489967/100/0/threaded 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues http://www.securityfocus.com/archive/1/493080/100/0/threaded 28288 http://www.securityfocus.com/bid/28288 29392 http://secunia.com/advisories/29392 29406 http://secunia.com/advisories/29406 29415 http://secunia.com/advisories/29415 29427 http://secunia.com/advisories/29427 29432 http://secunia.com/advisories/29432 29440 http://secunia.com/advisories/29440 29495 http://secunia.com/advisories/29495 29681 http://secunia.com/advisories/29681 30535 http://secunia.com/advisories/30535 31204 http://secunia.com/advisories/31204 ADV-2008-0913 http://www.vupen.com/english/advisories/2008/0913/references ADV-2008-1744 http://www.vupen.com/english/advisories/2008/1744 APPLE-SA-2010-03-29-1 http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html DSA-1522 http://www.debian.org/security/2008/dsa-1522 GLSA-200804-06 http://security.gentoo.org/glsa/glsa-200804-06.xml MDVSA-2008:068 http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:068 RHSA-2008:0196 http://www.redhat.com/support/errata/RHSA-2008-0196.html SUSE-SR:2008:007 http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html USN-589-1 http://www.ubuntu.com/usn/usn-589-1 http://support.apple.com/kb/HT4077 http://wiki.rpath.com/Advisories:rPSA-2008-0116 http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0116 http://www.ipcop.org/index.php?name=News&file=article&sid=40 http://www.vmware.com/security/advisories/VMSA-2008-0009.html https://issues.rpath.com/browse/RPL-2317 oval:org.mitre.oval:def:9733 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9733 unzip-inflatedynamic-code-execution(41246) https://exchange.xforce.ibmcloud.com/vulnerabilities/41246
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.