|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200505-05] gzip: Multiple vulnerabilities Vulnerability Scan
Vulnerability Scan Summary gzip: Multiple vulnerabilities
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200505-05
(gzip: Multiple vulnerabilities)
The gzip and gunzip programs are vulnerable to a race condition
when setting file permissions (CVE-2005-0988), as well as improper
handling of filename restoration (CVE-2005-1228). The zgrep utility
improperly sanitizes arguments, which may come from an untrusted source
(CVE-2005-0758).
Impact
These vulnerabilities could allow arbitrary command execution,
changing the permissions of arbitrary files, and installation of files
to an aribitrary location in the filesystem.
Workaround
There is no known workaround at this time.
References:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0758
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0988
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-1228
Solution:
All gzip users should upgrade to the latest stable version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=app-arch/gzip-1.3.5-r6"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|