Test Kennung:	1.3.6.1.4.1.25623.1.0.52982
Kategorie:	Turbolinux Local Security Tests
Titel:	Turbolinux TLSA-2005-60 (bzip2)
Zusammenfassung:	NOSUMMARY
Beschreibung:	Description: The remote host is missing an update to bzip2 announced via advisory TLSA-2005-60. Bzip2 is high-quality data compressor. - A vulnerability in the manner in which bzip2 handles bzip2 file could allow local users to overwrite arbitrary files via a symlink attack. - The bzip2 allows attackers to cause a denial of service (excessive CPU consumption due to an infinite loop) via a malformed gzip2 file. These vulerabilities could allow attackers to overwrite arbitrary files via a symbolic link attack, and/or allow attackers to cause a denial of service. Solution: Please use the turbopkg (zabom) tool to apply the update. http://www.securityspace.com/smysecure/catid.html?in=TLSA-2005-60 Risk factor : Medium CVSS Score: 5.0
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2005-0953 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html BugTraq ID: 12954 http://www.securityfocus.com/bid/12954 BugTraq ID: 26444 http://www.securityfocus.com/bid/26444 Bugtraq: 20050330 bzip2 TOCTOU file-permissions vulnerability (Google Search) http://marc.info/?l=bugtraq&m=111229375217633&w=2 Bugtraq: 20070109 rPSA-2007-0004-1 bzip2 (Google Search) http://www.securityfocus.com/archive/1/456430/30/8730/threaded Cert/CC Advisory: TA07-319A http://www.us-cert.gov/cas/techalerts/TA07-319A.html Debian Security Information: DSA-730 (Google Search) http://www.debian.org/security/2005/dsa-730 http://www.fedoralegacy.org/updates/FC2/2005-11-14-FLSA_2005_158801__Updated_bzip2_packages_fix_security_issues.html http://www.mandriva.com/security/advisories?name=MDKSA-2006:026 NETBSD Security Advisory: NetBSD-SA2008-004 ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2008-004.txt.asc http://www.openpkg.com/security/advisories/OpenPKG-SA-2007.002.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10902 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1154 http://www.redhat.com/support/errata/RHSA-2005-474.html http://secunia.com/advisories/19183 http://secunia.com/advisories/27274 http://secunia.com/advisories/27643 http://secunia.com/advisories/29940 SGI Security Advisory: 20060301-01-U ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc http://sunsolve.sun.com/search/document.do?assetkey=1-26-103118-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200191-1 http://www.vupen.com/english/advisories/2007/3525 http://www.vupen.com/english/advisories/2007/3868 XForce ISS Database: bzip2-toctou-symlink(19926) https://exchange.xforce.ibmcloud.com/vulnerabilities/19926 Common Vulnerability Exposure (CVE) ID: CVE-2005-1260 BugTraq ID: 13657 http://www.securityfocus.com/bid/13657 Debian Security Information: DSA-741 (Google Search) http://www.debian.org/security/2005/dsa-741 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10700 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A749 http://secunia.com/advisories/15447 https://usn.ubuntu.com/127-1/
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.