Mandriva Linux Security Advisory : shadow-utils (MDVSA-2009:062)
High Nessus Plugin ID 36812
SynopsisThe remote Mandriva Linux host is missing a security update.
DescriptionA security vulnerability has been identified and fixed in login application from shadow-utils, which could allow local users in the utmp group to overwrite arbitrary files via a symlink attack on a temporary file referenced in a line (aka ut_line) field in a utmp entry (CVE-2008-5394).
The updated packages have been patched to prevent this.
Note: Mandriva Linux is using login application from util-linux-ng by default, and therefore is not affected by this issue on default configuration.
SolutionUpdate the affected shadow-utils package.