Mandriva Linux Security Advisory : yelp (MDVSA-2008:175)

Critical Nessus Plugin ID 37661


The remote Mandriva Linux host is missing a security update.


A format string vulnerability was discovered in yelp after version 2.19.90 and before 2.24 that could allow remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command-line or via URI helpers in Firefox, Evolution, or possibly other programs (CVE-2008-3533).

The updated packages have been patched to correct this issue.


Update the affected yelp package.

Plugin Details

Severity: Critical

ID: 37661

File Name: mandriva_MDVSA-2008-175.nasl

Version: $Revision: 1.11 $

Type: local

Published: 2009/04/23

Modified: 2015/03/30

Dependencies: 12634

Risk Information

Risk Factor: Critical


Base Score: 10

Temporal Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:POC/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:yelp, cpe:/o:mandriva:linux:2008.0, cpe:/o:mandriva:linux:2008.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2008/08/20

Reference Information

CVE: CVE-2008-3533

BID: 30690

MDVSA: 2008:175

CWE: 134