This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
Security vulnerabilities have been identified and fixed in jhead.
Buffer overflow in the DoCommand function in jhead before 2.84 might
allow context-dependent attackers to cause a denial of service (crash)
Jhead before 2.84 allows local users to overwrite arbitrary files via
a symlink attack on a temporary file (CVE-2008-4639).
Jhead 2.84 and earlier allows local users to delete arbitrary files
via vectors involving a modified input filename (CVE-2008-4640).
jhead 2.84 and earlier allows attackers to execute arbitrary commands
via shell metacharacters in unspecified input (CVE-2008-4641).
This update provides the latest Jhead to correct these issues.
Update the affected jhead package.
Risk factor :
Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.7
Public Exploit Available : false
Family: Mandriva Local Security Checks
Nessus Plugin ID: 37496 (mandriva_MDVSA-2009-041.nasl)
Get Nessus Professional to scan unlimited IPs, run compliance checks & moreBuy Nessus Professional Now