Detections
Analytics
Mandrake Linux Security Advisory : tcsh (MDKSA-2000:069)
high Nessus Plugin ID 61855
Language:
Synopsis
The remote Mandrake Linux host is missing a security update.Description
A vulnerability exists with tcsh when using the in-here documents with the << syntax. When doing this, tcsh uses a temporary file to store the data. Unfortunately, the temporary file is not created securely and standard symlink attacks can be used to make tcsh overwrite arbitrary files.Solution
Update the affected tcsh package.Plugin Details
Severity: High
ID: 61855
File Name: mandrake_MDKSA-2000-069.nasl
Version: 1.6
Type: local
Family: Mandriva Local Security Checks
Published: 9/6/2012
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:tcsh, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1, cpe:/o:mandrakesoft:mandrake_linux:7.2
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 11/13/2000
Reference Information
MDKSA: 2000:069