Detections
Analytics
Mandriva Linux Security Advisory : file (MDVSA-2009:129)
medium Nessus Plugin ID 48147
Language:
Synopsis
The remote Mandriva Linux host is missing one or more security updates.Description
A security vulnerability has been identified and fixed in file :Heap-based buffer overflow in the cdf_read_sat function in src/cdf.c in Christos Zoulas file 5.00 allows user-assisted remote attackers to execute arbitrary code via a crafted compound document file, as demonstrated by a .msi, .doc, or .mpp file. NOTE: some of these details are obtained from third-party information (CVE-2009-1515).
This update provides file-5.03, which is not vulnerable to this, and other unspecified issues.
Solution
Update the affected packages.Plugin Details
Severity: Medium
ID: 48147
File Name: mandriva_MDVSA-2009-129.nasl
Version: 1.12
Type: local
Family: Mandriva Local Security Checks
Published: 7/30/2010
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:file, p-cpe:/a:mandriva:linux:lib64magic-devel, p-cpe:/a:mandriva:linux:lib64magic-static-devel, p-cpe:/a:mandriva:linux:lib64magic1, p-cpe:/a:mandriva:linux:libmagic-devel, p-cpe:/a:mandriva:linux:libmagic-static-devel, p-cpe:/a:mandriva:linux:libmagic1, p-cpe:/a:mandriva:linux:python-magic, cpe:/o:mandriva:linux:2009.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 6/5/2009
Reference Information
CVE: CVE-2009-1515
CWE: 119
MDVSA: 2009:129