Mandrake Linux Security Advisory : mtools (MDKSA-2004:016)

Low Nessus Plugin ID 14116


The remote Mandrake Linux host is missing a security update.


Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files.

The updated packages remove the suid bit from mformat.


Update the affected mtools package.

Plugin Details

Severity: Low

ID: 14116

File Name: mandrake_MDKSA-2004-016.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mtools, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/02/25

Reference Information

CVE: CVE-2004-2303

MDKSA: 2004:016