Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2009:046 (dia)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.63423

Kategorie: Mandrake Local Security Checks

Titel: Mandrake Security Advisory MDVSA-2009:046 (dia)

Zusammenfassung: The remote host is missing an update to dia;announced via advisory MDVSA-2009:046.

Beschreibung: Summary:
The remote host is missing an update to dia
announced via advisory MDVSA-2009:046.

Vulnerability Insight:
Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current dia working directory
(CVE-2008-5984).

This update provides fix for that vulnerability.

Affected: Corporate 3.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

CVSS Score:
6.9

CVSS Vector:
AV:L/AC:M/Au:N/C:C/I:C/A:C

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2008-5984
BugTraq ID: 33448
http://www.securityfocus.com/bid/33448
https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01065.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:040
http://www.mandriva.com/security/advisories?name=MDVSA-2009:046
http://www.openwall.com/lists/oss-security/2009/01/26/2
http://secunia.com/advisories/33672
http://secunia.com/advisories/33703
XForce ISS Database: dia-pysyssetargv-privilege-escalation(48262)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48262

Copyright Copyright (C) 2009 E-Soft Inc.

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.63423
Kategorie:	Mandrake Local Security Checks
Titel:	Mandrake Security Advisory MDVSA-2009:046 (dia)
Zusammenfassung:	The remote host is missing an update to dia;announced via advisory MDVSA-2009:046.
Beschreibung:	Summary: The remote host is missing an update to dia announced via advisory MDVSA-2009:046. Vulnerability Insight: Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory (CVE-2008-5984). This update provides fix for that vulnerability. Affected: Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. CVSS Score: 6.9 CVSS Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2008-5984 BugTraq ID: 33448 http://www.securityfocus.com/bid/33448 https://www.redhat.com/archives/fedora-package-announce/2009-January/msg01065.html http://www.mandriva.com/security/advisories?name=MDVSA-2009:040 http://www.mandriva.com/security/advisories?name=MDVSA-2009:046 http://www.openwall.com/lists/oss-security/2009/01/26/2 http://secunia.com/advisories/33672 http://secunia.com/advisories/33703 XForce ISS Database: dia-pysyssetargv-privilege-escalation(48262) https://exchange.xforce.ibmcloud.com/vulnerabilities/48262
Copyright	Copyright (C) 2009 E-Soft Inc.