Red Hat Local Security Checks : RedHat Security Advisory RHSA-2004:634

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.50937

Categoría: Red Hat Local Security Checks

Título: RedHat Security Advisory RHSA-2004:634

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing updates announced in
advisory RHSA-2004:634.

The zip program is an archiving utility which can create ZIP-compatible
archives.

A buffer overflow bug has been discovered in zip when handling long file
names. An attacker could create a specially crafted path which could
cause zip to crash or execute arbitrary instructions. The Common
Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name
CVE-2004-1010 to this issue.

Users of zip should upgrade to this updated package, which contains
backported patches and is not vulnerable to this issue.

Solution:
Please note that this update is available via
Red Hat Network. To use Red Hat Network, launch the Red
Hat Update Agent with the following command: up2date

http://rhn.redhat.com/errata/RHSA-2004-634.html
http://lists.netsys.com/pipermail/full-disclosure/2004-November/028379.html

Risk factor : Critical

CVSS Score:
10.0

Referencia Cruzada: BugTraq ID: 11603
Common Vulnerability Exposure (CVE) ID: CVE-2004-1010
http://www.securityfocus.com/bid/11603
Bugtraq: 20041103 [HV-MED] Zip/Linux long path buffer overflow (Google Search)
http://marc.info/?l=bugtraq&m=109958840611053&w=2
Computer Incident Advisory Center Bulletin: P-072
http://www.ciac.org/ciac/bulletins/p-072.shtml
Debian Security Information: DSA-624 (Google Search)
http://www.debian.org/security/2005/dsa-624
https://bugzilla.fedora.us/show_bug.cgi?id=2255
http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html
http://security.gentoo.org/glsa/glsa-200411-16.xml
http://www.mandriva.com/security/advisories?name=MDKSA-2004:141
http://www.hexview.com/docs/20041103-1.txt
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848
http://www.redhat.com/support/errata/RHSA-2004-634.html
http://secunia.com/advisories/13094/
TurboLinux Advisory: TLSA-2005-18
http://www.turbolinux.com/security/2005/TLSA-2005-18.txt
https://usn.ubuntu.com/18-1/
XForce ISS Database: infozip-compressed-folder-bo(17956)
https://exchange.xforce.ibmcloud.com/vulnerabilities/17956

Copyright Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.50937
Categoría:	Red Hat Local Security Checks
Título:	RedHat Security Advisory RHSA-2004:634
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory RHSA-2004:634. The zip program is an archiving utility which can create ZIP-compatible archives. A buffer overflow bug has been discovered in zip when handling long file names. An attacker could create a specially crafted path which could cause zip to crash or execute arbitrary instructions. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-1010 to this issue. Users of zip should upgrade to this updated package, which contains backported patches and is not vulnerable to this issue. Solution: Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date http://rhn.redhat.com/errata/RHSA-2004-634.html http://lists.netsys.com/pipermail/full-disclosure/2004-November/028379.html Risk factor : Critical CVSS Score: 10.0
Referencia Cruzada:	BugTraq ID: 11603 Common Vulnerability Exposure (CVE) ID: CVE-2004-1010 http://www.securityfocus.com/bid/11603 Bugtraq: 20041103 [HV-MED] Zip/Linux long path buffer overflow (Google Search) http://marc.info/?l=bugtraq&m=109958840611053&w=2 Computer Incident Advisory Center Bulletin: P-072 http://www.ciac.org/ciac/bulletins/p-072.shtml Debian Security Information: DSA-624 (Google Search) http://www.debian.org/security/2005/dsa-624 https://bugzilla.fedora.us/show_bug.cgi?id=2255 http://lists.grok.org.uk/pipermail/full-disclosure/2004-November/028379.html http://security.gentoo.org/glsa/glsa-200411-16.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:141 http://www.hexview.com/docs/20041103-1.txt https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9848 http://www.redhat.com/support/errata/RHSA-2004-634.html http://secunia.com/advisories/13094/ TurboLinux Advisory: TLSA-2005-18 http://www.turbolinux.com/security/2005/TLSA-2005-18.txt https://usn.ubuntu.com/18-1/ XForce ISS Database: infozip-compressed-folder-bo(17956) https://exchange.xforce.ibmcloud.com/vulnerabilities/17956
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com