Mandrake Linux Security Advisory : mtools (MDKSA-2004:016)

low Nessus Plugin ID 14116

Synopsis

The remote Mandrake Linux host is missing a security update.

Description

Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files.

The updated packages remove the suid bit from mformat.

Solution

Update the affected mtools package.

Plugin Details

Severity: Low

ID: 14116

File Name: mandrake_MDKSA-2004-016.nasl

Version: 1.18

Type: local

Family: Mandriva Local Security Checks

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.8

CVSS v2

Risk Factor: Low

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: cpe:/o:mandrakesoft:mandrake_linux:9.2, p-cpe:/a:mandriva:linux:mtools

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2/25/2004

Reference Information

CVE: CVE-2004-2303

MDKSA: 2004:016

Detections

Analytics