Mandriva Linux Security Advisory : sleuthkit (MDVSA-2013:125)

low Nessus Plugin ID 66137

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated sleuthkit packages fix security vulnerabilities :

A security flaw was found in the way the Sleuth Kit (TSK), a collection of UNIX-based command line tools allowing to investigate a computer, performed management of \'.\' (dotfile) file system entry.
An attacker could use this flaw to evade detection by forensic analysis (hide certain files not to be scanned) by renaming the file in question it to be \'.\' file system entry.

The original reports speaks about this attack vector to be present when scanning FAT (File Allocation Table) file system. It is possible though, the flaw to be present on other file systems, which do not reserve usage of \'.\' entry for special purpose, too.

Solution

Update the affected lib64tsk3-devel, lib64tsk3_9 and / or sleuthkit packages.

Plugin Details

Severity: Low

ID: 66137

File Name: mandriva_MDVSA-2013-125.nasl

Version: 1.9

Type: local

Family: Mandriva Local Security Checks

Published: 4/20/2013

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.4

CVSS v2

Risk Factor: Low

Base Score: 2.1

Temporal Score: 1.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64tsk3-devel, p-cpe:/a:mandriva:linux:lib64tsk3_9, p-cpe:/a:mandriva:linux:sleuthkit, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Ease: No known exploits are available

Patch Publication Date: 4/10/2013

Reference Information

CVE: CVE-2012-5619

BID: 56810

MDVSA: 2013:125

MGASA: 2013-0031

Detections

Analytics