Mandriva Linux Security Advisory : libgssglue (MDVSA-2013:043)

medium Nessus Plugin ID 66057

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

This update fixes insecure getenv() usage in libgssglue, which could be used under some circumstances by local attackers do gain root privileges (CVE-2011-2709).

Solution

Update the affected lib64gssglue-devel and / or lib64gssglue1 packages.

Plugin Details

Severity: Medium

ID: 66057

File Name: mandriva_MDVSA-2013-043.nasl

Version: 1.7

Type: local

Family: Mandriva Local Security Checks

Published: 4/20/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.2

Temporal Score: 5.4

Vector: CVSS2#AV:L/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64gssglue-devel, p-cpe:/a:mandriva:linux:lib64gssglue1, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/5/2013

Reference Information

CVE: CVE-2011-2709

BID: 48490

MDVSA: 2013:043

MGASA: 2012-0159

Detections

Analytics