Mandrake Local Security Checks : Mandrake Security Advisory MDKSA-2004:141 (zip)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50620

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDKSA-2004:141 (zip)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to zip
announced via advisory MDKSA-2004:141.

A vulnerability in zip was discovered where zip would not check the
resulting path length when doing recursive folder compression, which
could allow a malicious person to convince a user to create an archive
containing a specially-crafted path name. By doing so, arbitrary code
could be executed with the permissions of the user running zip.

The updated packages are patched to prevent this problem.

Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:141
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1010
http://www.hexview.com/docs/20041103-1.txt

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: BugTraq ID: 11603
Common Vulnerability Exposure (CVE) ID: CVE-2004-1010
http://www.securityfocus.com/bid/11603
Bugtraq: 20041103 [HV-MED] Zip/Linux long path buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=109958840611053&w=2
Computer Incident Advisory Center Bulletin: P-072
http://www.ciac.org/ciac/bulletins/p-072.shtml
Debian Security Information: DSA-624 (Google Search)
http://www.debian.org/security/2005/dsa-624
https://bugzilla.fedora.us/show_bug.cgi?id=2255
http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html
http://security.gentoo.org/glsa/glsa-200411-16.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:141
http://www.hexview.com/docs/20041103-1.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848
http://www.redhat.com/support/errata/RHSA-2004-634.html
http://secunia.com/advisories/13094/
TurboLinux Advisory: TLSA-2005-18
http://www.turbolinux.com/security/2005/TLSA-2005-18.txt
https://usn.ubuntu.com/18-1/
XForce ISS Database: infozip-compressed-folder-bo(17956)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17956

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50620
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDKSA-2004:141 (zip)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to zip announced via advisory MDKSA-2004:141. A vulnerability in zip was discovered where zip would not check the resulting path length when doing recursive folder compression, which could allow a malicious person to convince a user to create an archive containing a specially-crafted path name. By doing so, arbitrary code could be executed with the permissions of the user running zip. The updated packages are patched to prevent this problem. Affected versions: 10.0, 10.1, 9.2, Corporate Server 2.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:141 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1010 http://www.hexview.com/docs/20041103-1.txt Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 11603 Common Vulnerability Exposure (CVE) ID: CVE-2004-1010 http://www.securityfocus.com/bid/11603 Bugtraq: 20041103 [HV-MED] Zip/Linux long path buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=109958840611053&w=2 Computer Incident Advisory Center Bulletin: P-072 http://www.ciac.org/ciac/bulletins/p-072.shtml Debian Security Information: DSA-624 (Google Search) http://www.debian.org/security/2005/dsa-624 https://bugzilla.fedora.us/show_bug.cgi?id=2255 http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html http://security.gentoo.org/glsa/glsa-200411-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:141 http://www.hexview.com/docs/20041103-1.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848 http://www.redhat.com/support/errata/RHSA-2004-634.html http://secunia.com/advisories/13094/ TurboLinux Advisory: TLSA-2005-18 http://www.turbolinux.com/security/2005/TLSA-2005-18.txt https://usn.ubuntu.com/18-1/ XForce ISS Database: infozip-compressed-folder-bo(17956) https://exchange.xforce.ibmcloud.com/vulnerabilities/17956
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com