Mandriva Linux Security Advisory : busybox (MDVSA-2015:031)

Low Nessus Plugin ID 81197


The remote Mandriva Linux host is missing one or more security updates.


Updated busybox packages fix security vulnerability :

The modprobe command in busybox before 1.23.0 uses the basename of the module argument as the module to load, allowing arbitrary modules, even when some kernel subsystems try to prevent this (CVE-2014-9645).


Update the affected busybox and / or busybox-static packages.

See Also

Plugin Details

Severity: Low

ID: 81197

File Name: mandriva_MDVSA-2015-031.nasl

Version: $Revision: 1.1 $

Type: local

Published: 2015/02/06

Modified: 2015/02/06

Dependencies: 12634

Risk Information

Risk Factor: Low


Base Score: 2.1

Temporal Score: 1.8

Vector: CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:busybox, p-cpe:/a:mandriva:linux:busybox-static, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2015/02/05

Reference Information

CVE: CVE-2014-9645

BID: 72324

MDVSA: 2015:031