Mandriva Linux Security Advisory : erlang (MDVSA-2015:174)

high Nessus Plugin ID 82484

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated erlang packages fixes security vulnerability :

An FTP command injection flaw was found in Erlang's FTP module.
Several functions in the FTP module do not properly sanitize the input before passing it into a control socket. A local attacker can use this flaw to execute arbitrary FTP commands on a system that uses this module (CVE-2014-1693).

This update also disables SSLv3 by default to mitigate the POODLE issue.

Solution

Update the affected packages.

See Also

http://advisories.mageia.org/MGASA-2014-0553.html

Plugin Details

Severity: High

ID: 82484

File Name: mandriva_MDVSA-2015-174.nasl

Version: 1.4

Type: local

Published: 4/1/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:erlang-appmon, p-cpe:/a:mandriva:linux:erlang-asn1, p-cpe:/a:mandriva:linux:erlang-base, p-cpe:/a:mandriva:linux:erlang-common_test, p-cpe:/a:mandriva:linux:erlang-compiler, p-cpe:/a:mandriva:linux:erlang-cosevent, p-cpe:/a:mandriva:linux:erlang-coseventdomain, p-cpe:/a:mandriva:linux:erlang-cosfiletransfer, p-cpe:/a:mandriva:linux:erlang-cosnotification, p-cpe:/a:mandriva:linux:erlang-cosproperty, p-cpe:/a:mandriva:linux:erlang-costime, p-cpe:/a:mandriva:linux:erlang-costransactions, p-cpe:/a:mandriva:linux:erlang-crypto, p-cpe:/a:mandriva:linux:erlang-debugger, p-cpe:/a:mandriva:linux:erlang-webtool, p-cpe:/a:mandriva:linux:erlang-wx, p-cpe:/a:mandriva:linux:erlang-xmerl, cpe:/o:mandriva:business_server:2, p-cpe:/a:mandriva:linux:erlang-devel, p-cpe:/a:mandriva:linux:erlang-dialyzer, p-cpe:/a:mandriva:linux:erlang-diameter, p-cpe:/a:mandriva:linux:erlang-docbuilder, p-cpe:/a:mandriva:linux:erlang-edoc, p-cpe:/a:mandriva:linux:erlang-eldap, p-cpe:/a:mandriva:linux:erlang-emacs, p-cpe:/a:mandriva:linux:erlang-erl_docgen, p-cpe:/a:mandriva:linux:erlang-erl_interface, p-cpe:/a:mandriva:linux:erlang-et, p-cpe:/a:mandriva:linux:erlang-eunit, p-cpe:/a:mandriva:linux:erlang-gs, p-cpe:/a:mandriva:linux:erlang-hipe, p-cpe:/a:mandriva:linux:erlang-ic, p-cpe:/a:mandriva:linux:erlang-inets, p-cpe:/a:mandriva:linux:erlang-jinterface, p-cpe:/a:mandriva:linux:erlang-manpages, p-cpe:/a:mandriva:linux:erlang-megaco, p-cpe:/a:mandriva:linux:erlang-mnesia, p-cpe:/a:mandriva:linux:erlang-observer, p-cpe:/a:mandriva:linux:erlang-odbc, p-cpe:/a:mandriva:linux:erlang-orber, p-cpe:/a:mandriva:linux:erlang-os_mon, p-cpe:/a:mandriva:linux:erlang-otp_mibs, p-cpe:/a:mandriva:linux:erlang-parsetools, p-cpe:/a:mandriva:linux:erlang-percept, p-cpe:/a:mandriva:linux:erlang-pman, p-cpe:/a:mandriva:linux:erlang-public_key, p-cpe:/a:mandriva:linux:erlang-reltool, p-cpe:/a:mandriva:linux:erlang-runtime_tools, p-cpe:/a:mandriva:linux:erlang-snmp, p-cpe:/a:mandriva:linux:erlang-ssh, p-cpe:/a:mandriva:linux:erlang-ssl, p-cpe:/a:mandriva:linux:erlang-stack, p-cpe:/a:mandriva:linux:erlang-syntax_tools, p-cpe:/a:mandriva:linux:erlang-test_server, p-cpe:/a:mandriva:linux:erlang-toolbar, p-cpe:/a:mandriva:linux:erlang-tools, p-cpe:/a:mandriva:linux:erlang-tv, p-cpe:/a:mandriva:linux:erlang-typer

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/30/2015

Reference Information

CVE: CVE-2014-1693

MDVSA: 2015:174