This script is Copyright (C) 2013 Tenable Network Security, Inc.
The remote Mandriva Linux host is missing a security update.
A vulnerability has been discovered and corrected in roundcubemail :
It was discovered that roundcube does not properly sanitize the
_session parameter in steps/utils/save_pref.inc during saving
preferences. The vulnerability can be exploited to overwrite
configuration settings and subsequently allowing random file access,
manipulated SQL queries and even code execution (CVE-2013-6172).
The updated packages have been patched to correct this issue.
See also :
Update the affected roundcubemail package.
Risk factor :
High / CVSS Base Score : 7.5
CVSS Temporal Score : 6.5
Public Exploit Available : false