Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Titleruby-archive-tar-minitar security update
Informations
NameDSA-3778First vendor Publication2017-01-31
VendorDebianLast vendor Modification2017-01-31
Severity (Vendor) N/ARevision1

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score5Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Michal Marek discovered that ruby-archive-tar-minitar, a Ruby library that provides the ability to deal with POSIX tar archive files, is prone to a directory traversal vulnerability. An attacker can take advantage of this flaw to overwrite arbitrary files during archive extraction via a .. (dot dot) in an extracted filename.

For the stable distribution (jessie), this problem has been fixed in version 0.5.2-2+deb8u1.

We recommend that you upgrade your ruby-archive-tar-minitar packages.

Original Source

Url : http://www.debian.org/security/2017/dsa-3778

CWE : Common Weakness Enumeration

%idName
100 %CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Application1

Nessus® Vulnerability Scanner

DateDescription
2017-02-23Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201702-32.nasl - Type : ACT_GATHER_INFO
2017-02-10Name : The remote openSUSE host is missing a security update.
File : openSUSE-2017-231.nasl - Type : ACT_GATHER_INFO
2017-02-01Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3778.nasl - Type : ACT_GATHER_INFO
2017-01-31Name : The remote Debian host is missing a security update.
File : debian_DLA-808.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
2
DateInformations
2017-11-04 09:25:46
  • Multiple Updates
2017-02-02 13:25:45
  • Multiple Updates
2017-01-31 21:24:05
  • First insertion