Executive Summary
Summary | |
---|---|
Title | New fastjar packages fix directory traversal |
Informations | |||
---|---|---|---|
Name | DSA-1170 | First vendor Publication | 2006-09-06 |
Vendor | Debian | Last vendor Modification | 2006-09-06 |
Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:H/Au:N/C:N/I:P/A:N) | |||
---|---|---|---|
Cvss Base Score | 2.6 | Attack Range | Network |
Cvss Impact Score | 2.9 | Attack Complexity | High |
Cvss Expoit Score | 4.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Jürgen Weigert discovered that upon unpacking JAR archives fastjar from the GNU Compiler Collection does not check the path for included files and allows to create or overwrite files in upper directories. For the stable distribution (sarge) this problem has been fixed in version 3.4.3-13sarge1. For the unstable distribution (sid) this problem has been fixed in version 4.1.1-11. We recommend that you upgrade your fastjar package. |
Original Source
Url : http://www.debian.org/security/2006/dsa-1170 |
OVAL Definitions
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 1 |
OpenVAS Exploits
Date | Description |
---|---|
2010-06-25 | Name : Mandriva Update for fastjar MDVSA-2010:122 (fastjar) File : nvt/gb_mandriva_MDVSA_2010_122.nasl |
2009-04-09 | Name : Mandriva Update for gcc MDVSA-2008:066 (gcc) File : nvt/gb_mandriva_MDVSA_2008_066.nasl |
2008-09-24 | Name : Gentoo Security Advisory GLSA 200711-23 (vmware-workstation vmware-player) File : nvt/glsa_200711_23.nasl |
2008-01-17 | Name : Debian Security Advisory DSA 1170-1 (gcc-3.4) File : nvt/deb_1170_1.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
27380 | Gnu GCC fastjar JAR Processing Traversal Arbitrary File Write |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0220.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0473.nasl - Type : ACT_GATHER_INFO |
2013-06-29 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0220.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070501_gcc_on_SL4.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20070611_gcc_on_SL3.nasl - Type : ACT_GATHER_INFO |
2010-06-23 | Name : The remote Mandriva Linux host is missing a security update. File : mandriva_MDVSA-2010-122.nasl - Type : ACT_GATHER_INFO |
2009-07-27 | Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2007-0006.nasl - Type : ACT_GATHER_INFO |
2009-04-23 | Name : The remote Mandriva Linux host is missing one or more security updates. File : mandriva_MDVSA-2008-066.nasl - Type : ACT_GATHER_INFO |
2007-11-20 | Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-23.nasl - Type : ACT_GATHER_INFO |
2007-06-14 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0473.nasl - Type : ACT_GATHER_INFO |
2007-06-12 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0473.nasl - Type : ACT_GATHER_INFO |
2007-05-02 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0220.nasl - Type : ACT_GATHER_INFO |
2006-10-14 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-1170.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:26:11 |
|