Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Ubuntu Local Security Checks --> Category: infos

USN161-1 : bzip2 vulnerability Vulnerability Scan

Vulnerability Scan Summary
bzip2 vulnerability

Detailed Explanation for this Vulnerability Test

Synopsis :

These remote packages are missing security patches :
- bzip2
- libbz2-1.0
- libbz2-dev

Description :

USN-158-1 fixed a command injection vulnerability in the "zgrep"
utility. It was acertaind that the "bzgrep" counterpart in the bzip2
package is vulnerable to the same flaw.

bzgrep did not handle shell metacharacters like '|' and '&' properly
when they occurred in input file names. This could be exploited to
execute arbitrary commands with user rights if bzgrep was run in
an untrusted directory with specially crafted file names.

Solution :

Upgrade to :
- bzip2-1.0.2-2ubuntu0.2 (Ubuntu 5.04)
- libbz2-1.0-1.0.2-2ubuntu0.2 (Ubuntu 5.04)
- libbz2-dev-1.0.2-2ubuntu0.2 (Ubuntu 5.04)

Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.