Mandrake Linux Security Advisory : xine-ui (MDKSA-2004:033)

Low Nessus Plugin ID 14132


The remote Mandrake Linux host is missing one or more security updates.


Shaun Colley discovered a temporary file vulnerability in the xine-check script packaged in xine-ui. This problem could allow local attackers to overwrite arbitrary files with the privileges of the user invoking the script.

The updated packages change the location of where temporary files are written to prevent this attack.


Update the affected xine-ui, xine-ui-aa and / or xine-ui-fb packages.

Plugin Details

Severity: Low

ID: 14132

File Name: mandrake_MDKSA-2004-033.nasl

Version: $Revision: 1.14 $

Type: local

Published: 2004/07/31

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:xine-ui, p-cpe:/a:mandriva:linux:xine-ui-aa, p-cpe:/a:mandriva:linux:xine-ui-fb, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2004/04/19

Reference Information

CVE: CVE-2004-0372

MDKSA: 2004:033