Detections
Analytics
Mandrake Linux Security Advisory : ispell (MDKSA-2001:058)
low Nessus Plugin ID 13874
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
The ispell program uses mktemp() to open temporary files. This makes it vulnerable to symlink attacks. The program now has a patch from OpenBSD applied that uses mkstemp() instead, and switches gets() to fgets() for dealing with user input.Solution
Update the affected ispell, ispell-de and / or ispell-en packages.Plugin Details
Severity: Low
ID: 13874
File Name: mandrake_MDKSA-2001-058.nasl
Version: 1.16
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
CVSS v2
Risk Factor: Low
Base Score: 1.2
Vector: CVSS2#AV:L/AC:H/Au:N/C:N/I:P/A:N
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:ispell, p-cpe:/a:mandriva:linux:ispell-de, p-cpe:/a:mandriva:linux:ispell-en, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 6/20/2001
Reference Information
CVE: CVE-2001-1276
MDKSA: 2001:058