drucken bookmarks versenden konfigurieren admin pdf Sicherheit: Überschreiben von Dateien in wget
Name: |
Überschreiben von Dateien in wget |
|
ID: |
TLSA-2005-76 |
|
Distribution: |
TurboLinux |
|
Plattformen: |
Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux 7 Server, Turbolinux 7 Workstation, Turbolinux 8 Server, Turbolinux 8 Workstation, Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal, Turbolinux Appliance Server 1.0 Hosting Edition, Turbolinux Appliance Server 1.0 Workgroup Edition |
|
Datum: |
Sa, 3. September 2005, 03:50 |
|
Referenzen: |
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-2014 |
|
Applikationen: |
Wget |
|
Originalnachricht |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-------------------------------------------------------------------------- Turbolinux Security Advisory TLSA-2005-76 http://www.turbolinux.co.jp/security/ security-team@turbolinux.co.jp --------------------------------------------------------------------------
Original released date: 06 Jul 2005 Last revised: 03 Aug 2005
Package: wget
Summary: Symlink attack in wget
More information: Wget is a file retrieval utility which can use either the HTTP or FTP protocols.
A vulnerability in the manner in which wget handles temporary files could allow local users to overwrite arbitrary files via a symlink attack.
Impact: This vulerability could allow attackers to overwrite arbitrary files via a symbolic link attack.
Affected Products: - Turbolinux Appliance Server 1.0 Hosting Edition - Turbolinux Appliance Server 1.0 Workgroup Edition - Turbolinux 10 Server - Turbolinux Home - Turbolinux 10 F... - Turbolinux 10 Desktop - Turbolinux Multimedia - Turbolinux Personal - Turbolinux 8 Server - Turbolinux 8 Workstation - Turbolinux 7 Server - Turbolinux 7 Workstation
Solution: Please use the turbopkg (zabom) tool to apply the update. --------------------------------------------- [Turbolinux 10 Server, Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home, Turbolinux Multimedia, Turbolinux Personal]
# turbopkg or # zabom -u wget
[other] # turbopkg or # zabom update wget ---------------------------------------------
<Turbolinux Appliance Server 1.0 Hosting Edition>
Source Packages Size: MD5
wget-1.10-1.src.rpm 1605173 0d51aec5a055b7ef927a2a269cdbaae9
Binary Packages Size: MD5
wget-1.10-1.i586.rpm 401104 ec716b69602d475cc88037068b27047f
<Turbolinux Appliance Server 1.0 Workgroup Edition>
Source Packages Size: MD5
wget-1.10-1.src.rpm 1605173 a0a5d37c826acc1bf0d5fc5021471ea0
Binary Packages Size: MD5
wget-1.10-1.i586.rpm 401653 7a16d5f8b4449b9adb4fc44344db149e
<Turbolinux 10 Server>
Source Packages Size: MD5
wget-1.10-1.src.rpm 1605173 a2e2acf5d37d26cb8d20fb456ea8b2e6
Binary Packages Size: MD5
wget-1.10-1.i586.rpm 404540 b55a7847d740e3ec700565bb729dfcbc
<Turbolinux 10 Desktop, Turbolinux 10 F..., Turbolinux Home>
Source Packages Size: MD5
wget-1.10-1.src.rpm 1605173 6f84b0b6df89d0c7e7351e7e1cdf029f
Binary Packages Size: MD5
wget-1.10-1.i586.rpm 404962 de60c95c538b3623d622200c93dc46db
<Turbolinux 8 Server>
Source Packages Size: MD5
wget-1.10-1.src.rpm 1605173 913495954c9c5004ebbe615ace9cae95
Binary Packages Size: MD5
wget-1.10-1.i586.rpm 401524 4b1dd825eadcfd1acc9fc46e6caf258a
<Turbolinux 8 Workstation>
Source Packages Size: MD5
wget-1.10-1.src.rpm 1605173 45b2cbbcac7f2474409a80d21dcde102
Binary Packages Size: MD5
wget-1.10-1.i586.rpm 401530 cde4ac044ef3f542c171fa2e203aab82
<Turbolinux 7 Server>
Source Packages Size: MD5
wget-1.10-1.src.rpm 1605173 42e357b46085ad9d6e9688a06ecbffb7
Binary Packages Size: MD5
wget-1.10-1.i586.rpm 398818 3ef4bf1218307910b8cada6b909ce477
<Turbolinux 7 Workstation>
Source Packages Size: MD5
wget-1.10-1.src.rpm 1605173 924e2045adfe334db0cf64032a422b7e
Binary Packages Size: MD5
wget-1.10-1.i586.rpm 398598 0b41a395a80f97d8e7749122b5fb52c8
References:
CVE [CAN-2004-2014] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-2014
-------------------------------------------------------------------------- Revision History 06 Jul 2005 Initial release 03 Aug 2005 Added Turbolinux Multimedia, Turbolinux Personal to "Affected Products" --------------------------------------------------------------------------
Copyright(C) 2005 Turbolinux, Inc. All rights reserved.
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFC8G6VK0LzjOqIJMwRAm0LAJ9vNK6DqMf+mDioI60vTQ7np/dEyQCfWbXZ YhKxI4x7SXRpMW96NzcGDL8= =3aDj -----END PGP SIGNATURE-----
|
|
|
|