Mandriva Linux Security Advisory : busybox (MDVSA-2015:031)

low Nessus Plugin ID 81197

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated busybox packages fix security vulnerability :

The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this (CVE-2014-9645).

Solution

Update the affected busybox and / or busybox-static packages.

See Also

http://advisories.mageia.org/MGASA-2015-0041.html

Plugin Details

Severity: Low

ID: 81197

File Name: mandriva_MDVSA-2015-031.nasl

Version: 1.5

Type: local

Published: 2/6/2015

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:busybox, p-cpe:/a:mandriva:linux:busybox-static, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 2/5/2015

Reference Information

CVE: CVE-2014-9645

BID: 72324

MDVSA: 2015:031