Startseite ▼ Bookkeeping
Online ▼ Sicherheits
Überprüfungs ▼
Verwaltetes
DNS ▼
Info
Bestellen/Erneuern
FAQ
AUP
Dynamic DNS Clients
Domaine konfigurieren Dyanmic DNS Update Password Netzwerk
Überwachung ▼
Enterprise
Erweiterte
Standard
Gratis Test
FAQ
Preis/Funktionszusammenfassung
Bestellen
Beispiele
Konfigurieren/Status Alarm Profile | |||
Test Kennung: | 1.3.6.1.4.1.25623.1.1.2.2020.1462 |
Kategorie: | Huawei EulerOS Local Security Checks |
Titel: | Huawei EulerOS: Security Advisory for unzip (EulerOS-SA-2020-1462) |
Zusammenfassung: | The remote host is missing an update for the Huawei EulerOS 'unzip' package(s) announced via the EulerOS-SA-2020-1462 advisory. |
Beschreibung: | Summary: The remote host is missing an update for the Huawei EulerOS 'unzip' package(s) announced via the EulerOS-SA-2020-1462 advisory. Vulnerability Insight: A heap-based buffer overflow exists in Info-Zip UnZip version <= 6.00 in the processing of password-protected archives that allows an attacker to perform a denial of service or to possibly achieve code execution.(CVE-2018-1000035) Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (infinite loop) via empty bzip2 data in a ZIP archive.(CVE-2015-7697) Info-ZIP UnZip 6.0 allows remote attackers to cause a denial of service (heap-based buffer over-read and application crash) or possibly execute arbitrary code via a crafted password-protected ZIP archive, possibly related to an Extra-Field size value.(CVE-2015-7696) Info-ZIP UnZip 6.0 mishandles the overlapping of files inside a ZIP container, leading to denial of service (resource consumption), aka a 'better zip bomb' issue.(CVE-2019-13232) Affected Software/OS: 'unzip' package(s) on Huawei EulerOS Virtualization 3.0.2.2. Solution: Please install the updated package(s). CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P |
Querverweis: |
Common Vulnerability Exposure (CVE) ID: CVE-2015-7696 BugTraq ID: 76863 http://www.securityfocus.com/bid/76863 Debian Security Information: DSA-3386 (Google Search) http://www.debian.org/security/2015/dsa-3386 http://www.openwall.com/lists/oss-security/2015/09/07/4 http://www.openwall.com/lists/oss-security/2015/09/15/6 http://www.openwall.com/lists/oss-security/2015/09/21/6 http://www.openwall.com/lists/oss-security/2015/10/11/5 http://www.securitytracker.com/id/1034027 http://www.ubuntu.com/usn/USN-2788-1 http://www.ubuntu.com/usn/USN-2788-2 Common Vulnerability Exposure (CVE) ID: CVE-2015-7697 http://sourceforge.net/p/infozip/patches/23/ |
Copyright | Copyright (C) 2020 Greenbone Networks GmbH |
Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten. |