Mandrake Linux Security Advisory : gtk+ (MDKSA-2001:061-1)

High Nessus Plugin ID 13876


The remote Mandrake Linux host is missing one or more security updates.


A vulnerability exists with the GTK+ toolkit in that the GTK_MODULES environment variable allows a local user to enter a directory path to a module that does not necessarily need to be associated with GTK+.
With this, an attacker could create a custom module and load it using the toolkit which could result in elevated privileges, the overwriting of system files, and the execution of malicious code.

Update :

The packages for 7.2 and Single Network Firewall 7.2 were not signed with our GnuPG key. Please note the changed MD5 values of the below packages.


Update the affected packages.

See Also

Plugin Details

Severity: High

ID: 13876

File Name: mandrake_MDKSA-2001-061.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:gtk+, p-cpe:/a:mandriva:linux:gtk+-devel, p-cpe:/a:mandriva:linux:libgtk+1.2, p-cpe:/a:mandriva:linux:libgtk+1.2-devel, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2001/07/09

Reference Information

MDKSA: 2001:061-1