Mandriva Linux Security Advisory : yelp (MDVSA-2008:175)

critical Nessus Plugin ID 37661

Synopsis

The remote Mandriva Linux host is missing a security update.

Description

A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs (CVE-2008-3533).

The updated packages have been patched to correct this issue.

Solution

Update the affected yelp package.

Plugin Details

Severity: Critical

ID: 37661

File Name: mandriva_MDVSA-2008-175.nasl

Version: 1.14

Type: local

Family: Mandriva Local Security Checks

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.7

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:yelp, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/20/2008

Reference Information

CVE: CVE-2008-3533

BID: 30690

CWE: 134

MDVSA: 2008:175

Detections

Analytics