Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:026: bzip2 Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the bzip2 package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:026 (bzip2).
A bug was found in the way that bzgrep processed file names. If a user could be
tricked into running bzgrep on a file with a special file name, it would be
possible to execute arbitrary code with the rights of the user running
bzgrep. As well, the bzip2 package provided with Mandriva Linux 2006 did not
the patch applied to correct CVE-2005-0953 which was previously fixed by
those packages are now properly patched. The updated packages
have been patched to correct these problems.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:026
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.