Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.703562
Category:Debian Local Security Checks
Title:Debian Security Advisory DSA 3562-1 (tardiff - security update)
Summary:Several vulnerabilities were discovered;in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures;project identifies the following problems:;;CVE-2015-0857;Rainer Mueller and Florian Weimer discovered that tardiff is prone;to shell command injections via shell meta-characters in filenames;in tar files or via shell meta-characters in the tar filename;itself.;;CVE-2015-0858;Florian Weimer discovered that tardiff uses predictable temporary;directories for unpacking tarballs. A malicious user can use this;flaw to overwrite files with permissions of the user running the;tardiff command line tool.
Description:Summary:
Several vulnerabilities were discovered
in tardiff, a tarball comparison tool. The Common Vulnerabilities and Exposures
project identifies the following problems:

CVE-2015-0857
Rainer Mueller and Florian Weimer discovered that tardiff is prone
to shell command injections via shell meta-characters in filenames
in tar files or via shell meta-characters in the tar filename
itself.

CVE-2015-0858
Florian Weimer discovered that tardiff uses predictable temporary
directories for unpacking tarballs. A malicious user can use this
flaw to overwrite files with permissions of the user running the
tardiff command line tool.

Affected Software/OS:
tardiff on Debian Linux

Solution:
For the stable distribution (jessie),
these problems have been fixed in version 0.1-2+deb8u2.

For the unstable distribution (sid), these problems have been fixed in
version 0.1-5 and partially in earlier versions.

We recommend that you upgrade your tardiff packages.

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2015-0857
Debian Security Information: DSA-3562 (Google Search)
http://www.debian.org/security/2016/dsa-3562
Common Vulnerability Exposure (CVE) ID: CVE-2015-0858
CopyrightCopyright (C) 2016 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.