Mandrake Linux Security Advisory : groff (MDKSA-2006:038)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandrake Linux host is missing one or more security
updates.

Description :

The Trustix Secure Linux team discovered a vulnerability in the
groffer utility, part of the groff package. It created a temporary
directory in an insecure way which allowed for the exploitation of a
race condition to create or overwrite files the privileges of the user
invoking groffer.

Likewise, similar temporary file issues were fixed in the pic2graph
and eqn2graph programs which now use mktemp to create temporary files,
as discovered by Javier Fernandez-Sanguino Pena.

The updated packages have been patched to correct this issue.

Solution :

Update the affected packages.

Risk factor :

Low / CVSS Base Score : 2.1
(CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N)

Family: Mandriva Local Security Checks

Nessus Plugin ID: 20878 (mandrake_MDKSA-2006-038.nasl)

Bugtraq ID:

CVE ID: CVE-2004-0969

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now