Mandriva Linux Security Advisory : file (MDVSA-2012:035)

This script is Copyright (C) 2012-2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple out-of heap-based buffer read flaws and invalid pointer
dereference flaws were found in the way file, utility for determining
of file types processed header section for certain Composite Document
Format (CDF) files. A remote attacker could provide a specially
crafted CDF file, which once inspected by the file utility of the
victim would lead to file executable crash (CVE-2012-1571).

The updated packages for Mandriva Linux 2011 have been upgraded to the
5.11 version and the packages for Mandriva Linux 2010.2 has been
patched to correct these issues.

See also :

https://bugzilla.redhat.com/show_bug.cgi?id=805197

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.7
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 58474 ()

Bugtraq ID: 52225

CVE ID: CVE-2012-1571

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now