Mandrake Linux Security Advisory : usermode (MDKSA-2003:031-1)
High Nessus Plugin ID 14015
SynopsisThe remote Mandrake Linux host is missing one or more security updates.
DescriptionThe /usr/bin/shutdown command that comes with the usermode package can be executed by local users to shutdown all running processes and drop into a root shell. This command is not really needed to shutdown a system, so it has been removed and all users are encouraged to upgrade. Please note that the user must have local console access in order to obtain a root shell in this fashion.
The previous updated packages did not properly fix the problem. The pam files that allow a (physically) local user to shutdown were not removed. This has been corrected.
SolutionUpdate the affected usermode and / or usermode-consoleonly packages.