Mandrake Linux Security Advisory : perl-Archive-Zip (MDKSA-2004:118)

This script is Copyright (C) 2004-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing a security update.

Description :

Recently, it was noticed that several antivirus programs miss viruses
that are contained in ZIP archives with manipulated directory data.
The global archive directory of these ZIP file have been manipulated
to indicate zero file sizes.

Archive::Zip produces files of zero length when decompressing this
type of ZIP file. This causes AV products that use Archive::ZIP to
fail to detect viruses in manipulated ZIP archives. One of these
products is amavisd-new.

The updated packages are patched to fix this problem.

See also :

http://rt.cpan.org/NoAuth/Bug.html?id=8077

Solution :

Update the affected perl-Archive-Zip package.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 15598 (mandrake_MDKSA-2004-118.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0932
CVE-2004-0933
CVE-2004-0934
CVE-2004-0935
CVE-2004-0936
CVE-2004-0937
CVE-2004-1096
CVE-2004-2442

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now