Mandrake Linux Security Advisory : rpm (MDKSA-2006:200)

medium Nessus Plugin ID 24585

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

A heap-based buffer overflow was discovered in librpm when the LANG or LC_ALL environment variable is set to ru_RU.UTF-8 (and possibly other locales), which could allow for user-assisted attackers to execute arbitrary code via crafted RPM packages.

Updated packages have been patched to correct this issue.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=212833

Plugin Details

Severity: Medium

ID: 24585

File Name: mandrake_MDKSA-2006-200.nasl

Version: 1.17

Type: local

Published: 2/18/2007

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64popt0, p-cpe:/a:mandriva:linux:lib64popt0-devel, p-cpe:/a:mandriva:linux:lib64rpm4.4, p-cpe:/a:mandriva:linux:lib64rpm4.4-devel, p-cpe:/a:mandriva:linux:libpopt0, p-cpe:/a:mandriva:linux:libpopt0-devel, p-cpe:/a:mandriva:linux:librpm4.4, p-cpe:/a:mandriva:linux:librpm4.4-devel, p-cpe:/a:mandriva:linux:perl-rpm, p-cpe:/a:mandriva:linux:popt-data, p-cpe:/a:mandriva:linux:python-rpm, p-cpe:/a:mandriva:linux:rpm, p-cpe:/a:mandriva:linux:rpm-build, cpe:/o:mandriva:linux:2006, cpe:/o:mandriva:linux:2007

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 11/7/2006

Reference Information

CVE: CVE-2006-5466

MDKSA: 2006:200