Mandrake Linux Security Advisory : MandrakeUpdate (MDKSA-2000:034)

High Nessus Plugin ID 61828


The remote Mandrake Linux host is missing one or more security updates.


There is a possible race condition in MandrakeUpdate that has the potential for users to tamper with RPMs downloaded by MandrakeUpdate prior to them being installed. This is due to files being stored in the /tmp directory. This is a very low security-risk as most servers that provide user logins shouldn't be using MandrakeUpdate. These updated versions provide a fix for the problem by using /root/tmp instead of /tmp.


Update the affected MandrakeUpdate and / or grpmi packages.

Plugin Details

Severity: High

ID: 61828

File Name: mandrake_MDKSA-2000-034.nasl

Version: $Revision: 1.3 $

Type: local

Published: 2012/09/06

Modified: 2013/05/31

Dependencies: 12634

Risk Information

Risk Factor: High

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:MandrakeUpdate, p-cpe:/a:mandriva:linux:grpmi, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 2000/08/12

Reference Information

MDKSA: 2000:034