Detections
Analytics
Mandrake Linux Security Advisory : esound (MDKSA-2000:051)
medium Nessus Plugin ID 61841
Language:
Synopsis
The remote Mandrake Linux host is missing one or more security updates.Description
A problem exists with the esound daemon, which is used in GNOME and responsible for multiplexing access to audio devices. Versions of esound prior to and including 0.2.19 create a world-writable directory in /tmp called .esd which is owned by the user running esound. This directory is used to store a unix domain socket. The socket is also created world-writable, so a race condition exists in the creation of this socket which allows a local attacker to cause an arbitrary file or directory owned by the user running esound to become world-writable. This update contains a patch from FreeBSD which creates ~/.esd as the temporary directory to use and makes the unix domain socket read and write only to the user.Solution
Update the affected esound and / or esound-devel packages.Plugin Details
Severity: Medium
ID: 61841
File Name: mandrake_MDKSA-2000-051.nasl
Version: 1.6
Type: local
Family: Mandriva Local Security Checks
Published: 9/6/2012
Updated: 1/6/2021
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: Medium
Base Score: 6.2
Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C
Vulnerability Information
CPE: p-cpe:/a:mandriva:linux:esound, p-cpe:/a:mandriva:linux:esound-devel, cpe:/o:mandrakesoft:mandrake_linux:6.0, cpe:/o:mandrakesoft:mandrake_linux:6.1, cpe:/o:mandrakesoft:mandrake_linux:7.0, cpe:/o:mandrakesoft:mandrake_linux:7.1
Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list
Patch Publication Date: 9/27/2000
Reference Information
CVE: CVE-2000-0864
CWE: 362
MDKSA: 2000:051