This script is Copyright (C) 2012-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing one or more security
Multiple vulnerabilities was discovered and fixed in glibc :
The addmntent function in the GNU C Library (aka glibc or libc6) 2.13
and earlier does not report an error status for failed attempts to
write to the /etc/mtab file, which makes it easier for local users to
trigger corruption of this file, as demonstrated by writes from a
process with a small RLIMIT_FSIZE value, a different vulnerability
than CVE-2010-0296 (CVE-2011-1089).
Integer overflow in posix/fnmatch.c in the GNU C Library (aka glibc or
libc6) 2.13 and earlier allows context-dependent attackers to cause a
denial of service (application crash) via a long UTF8 string that is
used in an fnmatch call with a crafted pattern argument, a different
vulnerability than CVE-2011-1071 (CVE-2011-1659).
crypt_blowfish before 1.1, as used in glibc on certain platforms, does
not properly handle 8-bit characters, which makes it easier for
context-dependent attackers to determine a cleartext password by
leveraging knowledge of a password hash (CVE-2011-2483).
The updated packages have been patched to correct these issues.
Update the affected packages.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : false