Mandrake Linux Security Advisory : xine-ui (MDKSA-2004:033)

low Nessus Plugin ID 14132

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

Shaun Colley discovered a temporary file vulnerability in the xine-check script packaged in xine-ui. This problem could allow local attackers to overwrite arbitrary files with the privileges of the user invoking the script.

The updated packages change the location of where temporary files are written to prevent this attack.

Solution

Update the affected xine-ui, xine-ui-aa and / or xine-ui-fb packages.

Plugin Details

Severity: Low

ID: 14132

File Name: mandrake_MDKSA-2004-033.nasl

Version: 1.17

Type: local

Family: Mandriva Local Security Checks

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:xine-ui-aa, p-cpe:/a:mandriva:linux:xine-ui-fb, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:9.2, p-cpe:/a:mandriva:linux:xine-ui

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 4/19/2004

Reference Information

CVE: CVE-2004-0372

MDKSA: 2004:033

Detections

Analytics