Detections
Analytics
Mandrake Linux Security Advisory : sharutils (MDKSA-2002:052)
high Nessus Plugin ID 13955
Synopsis
The remote Mandrake Linux host is missing a security update.Description
The uudecode utility creates output files without checking to see if it is about to write to a symlink or pipe. This could be exploited by a local attacker to overwrite files or lead to privilege escalation if users decode data into share directories, such as /tmp. This update fixes this vulnerability by checking to see if the destination output file is a symlink or pipe.Solution
Update the affected sharutils package.See Also
http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
Plugin Details
Severity: High
ID: 13955
File Name: mandrake_MDKSA-2002-052.nasl
Version: 1.18
Type: local
Family: Mandriva Local Security Checks
Published: 7/31/2004
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: High
Base Score: 7.2
Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:sharutils, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2, cpe:/o:mandrakesoft:mandrake_linux:8.0, cpe:/o:mandrakesoft:mandrake_linux:8.1, cpe:/o:mandrakesoft:mandrake_linux:8.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 8/14/2002
Reference Information
CVE: CVE-2002-0178
MDKSA: 2002:052