This script is Copyright (C) 2012-2013 Tenable Network Security, Inc.
The remote Mandrake Linux host is missing one or more security
A problem exists with the esound daemon, which is used in GNOME and
responsible for multiplexing access to audio devices. Versions of
esound prior to and including 0.2.19 create a world-writable directory
in /tmp called .esd which is owned by the user running esound. This
directory is used to store a unix domain socket. The socket is also
created world-writable, so a race condition exists in the creation of
this socket which allows a local attacker to cause an arbitrary file
or directory owned by the user running esound to become
world-writable. This update contains a patch from FreeBSD which
creates ~/.esd as the temporary directory to use and makes the unix
domain socket read and write only to the user.
Update the affected esound and / or esound-devel packages.
Risk factor :
Medium / CVSS Base Score : 6.2