Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Informations
NameMDVSA-2015:201First vendor Publication2015-04-10
VendorMandrivaLast vendor Modification2015-04-10
Severity (Vendor) N/ARevisionN/A

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score7.5Attack RangeNetwork
Cvss Impact Score6.4Attack ComplexityLow
Cvss Expoit Score10AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

Multiple vulnerabilities has been found and corrected in arj:

Jakub Wilk discovered that arj follows symlinks created during unpacking of an arj archive. A remote attacker could use this flaw to perform a directory traversal attack if a user or automated system were tricked into processing a specially crafted arj archive (CVE-2015-0556).

Jakub Wilk discovered that arj does not sufficiently protect from directory traversal while unpacking an arj archive containing file paths with multiple leading slashes. A remote attacker could use this flaw to write to arbitrary files if a user or automated system were tricked into processing a specially crafted arj archive (CVE-2015-0557).

Jakub Wilk and Guillem Jover discovered a buffer overflow vulnerability in arj. A remote attacker could use this flaw to cause an application crash or, possibly, execute arbitrary code with the privileges of the user running arj (CVE-2015-2782).

The updated packages provides a solution for these security issues.

Original Source

Url : http://www.mandriva.com/security/advisories?name=MDVSA-2015:201

CWE : Common Weakness Enumeration

%idName
33 %CWE-119Failure to Constrain Operations within the Bounds of a Memory Buffer
33 %CWE-59Improper Link Resolution Before File Access ('Link Following')
33 %CWE-22Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application1
Os1
Os3

Nessus® Vulnerability Scanner

DateDescription
2017-10-20Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_b95e5674b4d611e7b8950cc47a494882.nasl - Type : ACT_GATHER_INFO
2016-12-06Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201612-15.nasl - Type : ACT_GATHER_INFO
2015-04-22Name : The remote Fedora host is missing a security update.
File : fedora_2015-5524.nasl - Type : ACT_GATHER_INFO
2015-04-14Name : The remote Fedora host is missing a security update.
File : fedora_2015-5546.nasl - Type : ACT_GATHER_INFO
2015-04-13Name : The remote Fedora host is missing a security update.
File : fedora_2015-5603.nasl - Type : ACT_GATHER_INFO
2015-04-13Name : The remote Mandriva Linux host is missing a security update.
File : mandriva_MDVSA-2015-201.nasl - Type : ACT_GATHER_INFO
2015-04-09Name : The remote Debian host is missing a security update.
File : debian_DLA-188.nasl - Type : ACT_GATHER_INFO
2015-04-07Name : The remote Debian host is missing a security-related update.
File : debian_DSA-3213.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
1
DateInformations
2015-04-14 13:28:58
  • Multiple Updates
2015-04-10 17:24:56
  • First insertion