Detections
Analytics

Mandrake Linux Security Advisory : perl-Archive-Zip (MDKSA-2004:118)

high Nessus Plugin ID 15598

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

Recently, it was noticed that several antivirus programs miss viruses that are contained in ZIP archives with manipulated directory data.
The global archive directory of these ZIP file have been manipulated to indicate zero file sizes.

Archive::Zip produces files of zero length when decompressing this type of ZIP file. This causes AV products that use Archive::ZIP to fail to detect viruses in manipulated ZIP archives. One of these products is amavisd-new.

The updated packages are patched to fix this problem.

Solution

Update the affected perl-Archive-Zip package.

See Also

http://rt.cpan.org/NoAuth/Bug.html?id=8077

Plugin Details

Severity: High

ID: 15598

File Name: mandrake_MDKSA-2004-118.nasl

Version: 1.19

Type: local

Published: 11/2/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:perl-archive-zip, cpe:/o:mandrakesoft:mandrake_linux:10.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 11/1/2004

Reference Information

CVE: CVE-2004-0932, CVE-2004-0933, CVE-2004-0934, CVE-2004-0935, CVE-2004-0936, CVE-2004-0937, CVE-2004-1096, CVE-2004-2442

MDKSA: 2004:118