|
|
Family: Ubuntu Local Security Checks --> Category: infos
USN161-1 : bzip2 vulnerability Vulnerability Scan
Vulnerability Scan Summary
bzip2 vulnerability
Detailed Explanation for this Vulnerability Test
Synopsis :
These remote packages are missing security patches :
- bzip2
- libbz2-1.0
- libbz2-dev
Description :
USN-158-1 fixed a command injection vulnerability in the "zgrep"
utility. It was acertaind that the "bzgrep" counterpart in the bzip2
package is vulnerable to the same flaw.
bzgrep did not handle shell metacharacters like '|' and '&' properly
when they occurred in input file names. This could be exploited to
execute arbitrary commands with user rights if bzgrep was run in
an untrusted directory with specially crafted file names.
Solution :
Upgrade to :
- bzip2-1.0.2-2ubuntu0.2 (Ubuntu 5.04)
- libbz2-1.0-1.0.2-2ubuntu0.2 (Ubuntu 5.04)
- libbz2-dev-1.0.2-2ubuntu0.2 (Ubuntu 5.04)
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
