Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.60595
Category:Mandrake Local Security Checks
Title:Mandrake Security Advisory MDVSA-2008:068 (unzip)
Summary:NOSUMMARY
Description:Description:

The remote host is missing an update to unzip
announced via advisory MDVSA-2008:068.

Tavis Ormandy of Google Security discovered an invalid pointer flaw
in unzip that could lead to the execution of arbitrary code with the
privileges of the user running unzip.

The updated packages have been patched to correct this issue.

Affected: 2007.0, 2007.1, 2008.0, Corporate 3.0, Corporate 4.0,
Multi Network Firewall 2.0


Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:068

Risk factor : Critical

CVSS Score:
9.3

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2008-0888
http://lists.apple.com/archives/security-announce/2010//Mar/msg00001.html
BugTraq ID: 28288
http://www.securityfocus.com/bid/28288
Bugtraq: 20080321 rPSA-2008-0116-1 unzip (Google Search)
http://www.securityfocus.com/archive/1/489967/100/0/threaded
Bugtraq: 20080604 VMSA-2008-0009 Updates to VMware Workstation, VMware Player, VMware ACE, VMware Fusion, VMware Server, VMware VIX API, VMware ESX, VMware ESXi resolve critical security issues (Google Search)
http://www.securityfocus.com/archive/1/493080/100/0/threaded
Debian Security Information: DSA-1522 (Google Search)
http://www.debian.org/security/2008/dsa-1522
http://security.gentoo.org/glsa/glsa-200804-06.xml
http://www.mandriva.com/en/security/advisories?name=MDVSA-2008:068
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9733
http://www.redhat.com/support/errata/RHSA-2008-0196.html
http://www.securitytracker.com/id?1019634
http://secunia.com/advisories/29392
http://secunia.com/advisories/29406
http://secunia.com/advisories/29415
http://secunia.com/advisories/29427
http://secunia.com/advisories/29432
http://secunia.com/advisories/29440
http://secunia.com/advisories/29495
http://secunia.com/advisories/29681
http://secunia.com/advisories/30535
http://secunia.com/advisories/31204
SuSE Security Announcement: SUSE-SR:2008:007 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2008-03/msg00008.html
http://www.ubuntu.com/usn/usn-589-1
http://www.vupen.com/english/advisories/2008/0913/references
http://www.vupen.com/english/advisories/2008/1744
XForce ISS Database: unzip-inflatedynamic-code-execution(41246)
https://exchange.xforce.ibmcloud.com/vulnerabilities/41246
CopyrightCopyright (c) 2008 E-Soft Inc. http://www.securityspace.com

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.