Huawei EulerOS Local Security Checks : Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1462)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.2.2020.1462

Kategorie: Huawei EulerOS Local Security Checks

Titel: Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1462)

Zusammenfassung: The remote host is missing an update for the Huawei EulerOS 'unzip' package(s) announced via the EulerOS-SA-2020-1462 advisory.

Beschreibung: Summary:
The remote host is missing an update for the Huawei EulerOS 'unzip' package(s) announced via the EulerOS-SA-2020-1462 advisory.

Vulnerability Insight:
A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035)

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697)

Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696)

Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232)

Affected Software/OS:
'unzip' package(s) on Huawei EulerOS Virtualization 3.0.2.2.

Solution:
Please install the updated package(s).

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2015-7696
BugTraq ID: 76863
http://www.securityfocus.com/bid/76863
Debian Security Information: DSA-3386 (Google Search)
http://www.debian.org/security/2015/dsa-3386
http://www.openwall.com/lists/oss-security/2015/09/07/4
http://www.openwall.com/lists/oss-security/2015/09/15/6
http://www.openwall.com/lists/oss-security/2015/09/21/6
http://www.openwall.com/lists/oss-security/2015/10/11/5
http://www.securitytracker.com/id/1034027
http://www.ubuntu.com/usn/USN-2788-1
http://www.ubuntu.com/usn/USN-2788-2
Common Vulnerability Exposure (CVE) ID: CVE-2015-7697
http://sourceforge.net/p/infozip/patches/23/

Copyright Copyright (C) 2020 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.2.2020.1462
Kategorie:	Huawei EulerOS Local Security Checks
Titel:	Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1462)
Zusammenfassung:	The remote host is missing an update for the Huawei EulerOS 'unzip' package(s) announced via the EulerOS-SA-2020-1462 advisory.
Beschreibung:	Summary: The remote host is missing an update for the Huawei EulerOS 'unzip' package(s) announced via the EulerOS-SA-2020-1462 advisory. Vulnerability Insight: A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232) Affected Software/OS: 'unzip' package(s) on Huawei EulerOS Virtualization 3.0.2.2. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-7696 BugTraq ID: 76863 http://www.securityfocus.com/bid/76863 Debian Security Information: DSA-3386 (Google Search) http://www.debian.org/security/2015/dsa-3386 http://www.openwall.com/lists/oss-security/2015/09/07/4 http://www.openwall.com/lists/oss-security/2015/09/15/6 http://www.openwall.com/lists/oss-security/2015/09/21/6 http://www.openwall.com/lists/oss-security/2015/10/11/5 http://www.securitytracker.com/id/1034027 http://www.ubuntu.com/usn/USN-2788-1 http://www.ubuntu.com/usn/USN-2788-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-7697 http://sourceforge.net/p/infozip/patches/23/
Copyright	Copyright (C) 2020 Greenbone Networks GmbH