This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing a security update.
A format string vulnerability in Dia allows user-complicit attackers
to cause a denial of service (crash) and possibly execute arbitrary
code by triggering errors or warnings, as demonstrated via format
string specifiers in a .bmp filename. NOTE: the original exploit was
demonstrated through a command line argument, but there are other
mechanisms inputs that are automatically process by Dia, such as a
crafted .dia file. (CVE-2006-2480)
Multiple unspecified format string vulnerabilities in Dia have
unspecified impact and attack vectors, a different set of issues than
Packages have been patched to correct this issue.
Update the affected dia package.
Risk factor :
High / CVSS Base Score : 7.5