Mandrake Linux Security Advisory : lm_sensors (MDKSA-2005:149)

Low Nessus Plugin ID 19905


The remote Mandrake Linux host is missing one or more security updates.


Javier Fernandez-Sanguino Pena discovered that the pwmconfig script in the lm_sensors package created temporary files in an insecure manner.
This could allow a symlink attack to create or overwrite arbitrary files with full root privileges because pwmconfig is typically executed by root.

The updated packages have been patched to correct this problem by using mktemp to create the temporary files.


Update the affected packages.

Plugin Details

Severity: Low

ID: 19905

File Name: mandrake_MDKSA-2005-149.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2005/10/05

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64lm_sensors3, p-cpe:/a:mandriva:linux:lib64lm_sensors3-devel, p-cpe:/a:mandriva:linux:lib64lm_sensors3-static-devel, p-cpe:/a:mandriva:linux:liblm_sensors3, p-cpe:/a:mandriva:linux:liblm_sensors3-devel, p-cpe:/a:mandriva:linux:liblm_sensors3-static-devel, p-cpe:/a:mandriva:linux:lm_sensors, cpe:/o:mandrakesoft:mandrake_linux:10.0, cpe:/o:mandrakesoft:mandrake_linux:10.1, x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2005/08/25

Reference Information

CVE: CVE-2005-2672

MDKSA: 2005:149