Mandrake Linux Security Advisory : MandrakeUpdate (MDKSA-2000:034)

high Nessus Plugin ID 61828

Language:

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

There is a possible race condition in MandrakeUpdate that has the potential for users to tamper with RPMs downloaded by MandrakeUpdate prior to them being installed. This is due to files being stored in the /tmp directory. This is a very low security-risk as most servers that provide user logins shouldn't be using MandrakeUpdate. These updated versions provide a fix for the problem by using /root/tmp instead of /tmp.

Solution

Update the affected MandrakeUpdate and / or grpmi packages.

Plugin Details

Severity: High

ID: 61828

File Name: mandrake_MDKSA-2000-034.nasl

Version: 1.6

Type: local

Family: Mandriva Local Security Checks

Published: 9/6/2012

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:mandrakeupdate, p-cpe:/a:mandriva:linux:grpmi, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 8/12/2000

Reference Information

MDKSA: 2000:034

Detections

Analytics