Mandrake Linux Security Advisory : libgtop (MDKSA-2001:094)

This script is Copyright (C) 2004-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

A remote format string vulnerability was found in the libgtop daemon
by Laboratory intexxia. By sending a specially crafted format string
to the server, a remote attacker could potentially execute arbitrary
code on the remote system with the daemon's permissions. By default
libgtop runs as the user nobody, but the flaw could be used to
compromise local system security by allowing the attacker to exploit
other local vulnerabilities. A buffer overflow was also found by
Flavio Veloso which could allow the client to execute code on the
server. Both vulnerabilities are patched in this update and will be
fixed upstream in version 1.0.14. libgtop_daemon is not invoked by
default anywhere in Mandrake Linux.

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.5
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 13907 (mandrake_MDKSA-2001-094.nasl)

Bugtraq ID: 3594

CVE ID: CVE-2001-0928

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now