Detections
Analytics

Mandrake Linux Security Advisory : gtk+ (MDKSA-2001:061-1)

high Nessus Plugin ID 13876

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A vulnerability exists with the GTK+ toolkit in that the GTK_MODULES environment variable allows a local user to enter a directory path to a module that does not necessarily need to be associated with GTK+.
With this, an attacker could create a custom module and load it using the toolkit which could result in elevated privileges, the overwriting of system files, and the execution of malicious code.

Update :

The packages for 7.2 and Single Network Firewall 7.2 were not signed with our GnuPG key. Please note the changed MD5 values of the below packages.

Solution

Update the affected packages.

See Also

http://www.securityfocus.com/vdb/bottom.html?vid=2165

Plugin Details

Severity: High

ID: 13876

File Name: mandrake_MDKSA-2001-061.nasl

Version: 1.17

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gtk%2b, p-cpe:/a:mandriva:linux:gtk%2b-devel, p-cpe:/a:mandriva:linux:libgtk%2b1.2, p-cpe:/a:mandriva:linux:libgtk%2b1.2-devel, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 7/9/2001

Reference Information

MDKSA: 2001:061-1