Debian Local Security Checks : Debian Security Advisory DSA 3562-1 (tardiff

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.703562

Kategorie: Debian Local Security Checks

Titel: Debian Security Advisory DSA 3562-1 (tardiff - security update)

Zusammenfassung: Several vulnerabilities were discovered;in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures;project identifies the following problems:;;CVE-2015-0857;Rainer Mueller and Florian Weimer discovered that tardiff is prone;to shell command injections via shell meta-characters in filenames;in tar files or via shell meta-characters in the tar filename;itself.;;CVE-2015-0858;Florian Weimer discovered that tardiff uses predictable temporary;directories for unpacking tarballs. A malicious user can use this;flaw to overwrite files with permissions of the user running the;tardiff command line tool.

Beschreibung: Summary:
Several vulnerabilities were discovered
in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2015-0857
Rainer Mueller and Florian Weimer discovered that tardiff is prone
to shell command injections via shell meta-characters in filenames
in tar files or via shell meta-characters in the tar filename
itself.

CVE-2015-0858
Florian Weimer discovered that tardiff uses predictable temporary
directories for unpacking tarballs. A malicious user can use this
flaw to overwrite files with permissions of the user running the
tardiff command line tool.

Affected Software/OS:
tardiff on Debian Linux

Solution:
For the stable distribution (jessie),
these problems have been fixed in version 0.1-2+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 0.1-5 and partially in earlier versions.

We recommend that you upgrade your tardiff packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-0857
Debian Security Information: DSA-3562 (Google Search)
http://www.debian.org/security/2016/dsa-3562
Common Vulnerability Exposure (CVE) ID: CVE-2015-0858

Copyright Copyright (C) 2016 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.703562
Kategorie:	Debian Local Security Checks
Titel:	Debian Security Advisory DSA 3562-1 (tardiff - security update)
Zusammenfassung:	Several vulnerabilities were discovered;in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures;project identifies the following problems:;;CVE-2015-0857;Rainer Mueller and Florian Weimer discovered that tardiff is prone;to shell command injections via shell meta-characters in filenames;in tar files or via shell meta-characters in the tar filename;itself.;;CVE-2015-0858;Florian Weimer discovered that tardiff uses predictable temporary;directories for unpacking tarballs. A malicious user can use this;flaw to overwrite files with permissions of the user running the;tardiff command line tool.
Beschreibung:	Summary: Several vulnerabilities were discovered in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2015-0857 Rainer Mueller and Florian Weimer discovered that tardiff is prone to shell command injections via shell meta-characters in filenames in tar files or via shell meta-characters in the tar filename itself. CVE-2015-0858 Florian Weimer discovered that tardiff uses predictable temporary directories for unpacking tarballs. A malicious user can use this flaw to overwrite files with permissions of the user running the tardiff command line tool. Affected Software/OS: tardiff on Debian Linux Solution: For the stable distribution (jessie), these problems have been fixed in version 0.1-2+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 0.1-5 and partially in earlier versions. We recommend that you upgrade your tardiff packages. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-0857 Debian Security Information: DSA-3562 (Google Search) http://www.debian.org/security/2016/dsa-3562 Common Vulnerability Exposure (CVE) ID: CVE-2015-0858
Copyright	Copyright (C) 2016 Greenbone Networks GmbH