This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
It was found that the mdev BusyBox utility could create certain
directories within /dev with world-writable permissions. A local
unprivileged user could use this flaw to manipulate portions of the
/dev directory tree. (CVE-2013-1813)
This update also fixes the following bugs :
- Previously, due to a too eager string size optimization
on the IBM System z architecture, the 'wc' BusyBox
command failed after processing standard input with the
following error :
wc: : No such file or directory
This bug was fixed by disabling the string size optimization and the
'wc' command works properly on IBM System z architectures.
- Prior to this update, the 'mknod' command was unable to
create device nodes with a major or minor number larger
than 255. Consequently, the kdump utility failed to
handle such a device. The underlying source code has
been modified, and it is now possible to use the 'mknod'
command to create device nodes with a major or minor
number larger than 255.
- If a network installation from an NFS server was
selected, the 'mount' command used the UDP protocol by
default. If only TCP mounts were supported by the
server, this led to a failure of the mount command. As a
result, Anaconda could not continue with the
installation. This bug is now fixed and NFS mount
operations default to the TCP protocol.
See also :
Update the affected busybox and / or busybox-petitboot packages.
Risk factor :
High / CVSS Base Score : 7.2
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 71295 ()
CVE ID: CVE-2013-1813