Mandriva Linux Security Advisory : ipython (MDVSA-2014:157)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated ipython package fixes security vulnerability :

In IPython before 1.2, the origin of websocket requests was not
verified within the IPython notebook server. If an attacker has
knowledge of an IPython kernel id they can run arbitrary code on a
user's machine when the client visits a crafted malicious page
(CVE-2014-3429).

See also :

http://advisories.mageia.org/MGASA-2014-0320.html

Solution :

Update the affected ipython package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Mandriva Local Security Checks

Nessus Plugin ID: 77096 ()

Bugtraq ID: 68680

CVE ID: CVE-2014-3429

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now