Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2006:027: gzip Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the gzip package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2006:027 (gzip).
Zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows
local users to execute arbitrary commands via filenames that are injected into
a sed script. This was previously corrected in MDKSA-2005:092, however the fix
was incomplete. These updated packages provide a more comprehensive fix to the
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2006:027
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.