| Beschreibung: | Description:
The remote host is missing updates announced in
advisory TSLSA-2005-0030.
cpio:
Fix File Permissions Vulnerability, Race condition in cpio 2.6 and earlier
allows local users to modify permissions of arbitrary files via a hard link
attack on a file while it is being decompressed, whose permissions are changed
by cpio after the decompression is complete.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-1111 to this issue.
Fix Directory Traversal Vulnerability, cpio 2.6 and earlier allows remote
attackers to write to arbitrary directories via a .. (dot dot) in a cpio file.
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2005-1229 to this issue.
razor-agents:
New Upstream.
Security Fix:Two vulnerabilities have been reported in
Razor-agents, which can be exploited by malicious people to
cause a DoS (Denial of Service).
An unspecified error in the preprocessing of certain HTML
messages can be exploited to crash the application.
A bug in the discovery logic causes Razor-agents to go into
an infinite loop and consume a large amount of memory when
discovery fails.
sudo:
New Upstream.
Fix A race condition in Sudo's command pathname handling that could
allow a user with Sudo privileges to run arbitrary commands.
telnet:
Security Fix: Telnet information disclosure vulnerability.
Gael Delalleau discovered an information disclosure issue in the way the
telnet client handles messages from a server. An attacker could construct
a malicious telnet server that collects information from the environment of
any victim who connects to it.
The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned
the name CVE-2005-0488 to this issue.
Solution:
Update your system with the packages as indicated in
the referenced security advisory.
http://www.securityspace.com/smysecure/catid.html?in=TSLSA-2005-0030
Risk factor : Medium
CVSS Score:
5.0
|
