Slackware 10.0 / 10.1 / 10.2 / current : arts (SSA:2006-178-03)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Slackware host is missing a security update.

Description :

New aRts packages are available for Slackware 10.0, 10.1, 10.2, and
-current to fix a possible security issue with artswrapper. The
artswrapper program and the artsd daemon can be used to gain root
privileges if artswrapper is setuid root and the system is running a
2.6.x kernel. Note that artswrapper is not setuid root on Slackware by
default. Some people have recommended setting it that way online
though, so it's at least worth warning about. It's far safer to just
add users to the audio group. The official KDE security advisory may
be found here:
http://www.kde.org/info/security/advisory-20060614-2.txt

See also :

http://www.kde.org/info/security/advisory-20060614-2.txt
http://www.nessus.org/u?086b2a3e

Solution :

Update the affected arts package.

Risk factor :

Medium / CVSS Base Score : 6.0
(CVSS2#AV:L/AC:H/Au:S/C:C/I:C/A:C)

Family: Slackware Local Security Checks

Nessus Plugin ID: 21767 ()

Bugtraq ID:

CVE ID: CVE-2006-2916