This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
A vulnerability has been found and corrected in roundcubemail :
A local file inclusion flaw was found in the way RoundCube Webmail, a
browser-based multilingual IMAP client, performed validation of the
'generic_message_footer' value provided via web user interface in
certain circumstances. A remote attacker could issue a specially
crafted request that, when processed by RoundCube Webmail could allow
an attacker to obtain arbitrary file on the system, accessible with
the privileges of the user running RoundCube Webmail client
The updated packages have been upgraded to the 0.8.6 version which is
not affected by this issue.
See also :
Update the affected roundcubemail package.
Risk factor :
Medium / CVSS Base Score : 5.0
CVSS Temporal Score : 4.3
Public Exploit Available : true