Mandrake Local Security Checks : Mandriva Security Advisory MDVSA-2010:024 (coreutils)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.66764

Categoría: Mandrake Local Security Checks

Título: Mandriva Security Advisory MDVSA-2010:024 (coreutils)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing an update to coreutils
announced via advisory MDVSA-2010:024.

A vulnerability were discovered and corrected in coreutils:

The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through
8.1 allows local users to gain privileges via a symlink attack on a
file in a directory tree under /tmp (CVE-2009-4135).

Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers.

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0,
Enterprise Server 5.0

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:024

Risk factor : Medium

CVSS Score:
4.4

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-4135
37256
http://www.securityfocus.com/bid/37256
37645
http://secunia.com/advisories/37645
37860
http://secunia.com/advisories/37860
60853
http://www.osvdb.org/60853
62226
http://secunia.com/advisories/62226
ADV-2009-3453
http://www.vupen.com/english/advisories/2009/3453
FEDORA-2009-13181
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html
FEDORA-2009-13216
https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html
USN-2473-1
http://www.ubuntu.com/usn/USN-2473-1
[bug-coreutils] 20091208 Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html
[bug-coreutils] 20091209 [PATCH] doc: NEWS: mention the "make distcheck" vulnerability
http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html
[oss-security] 20091208 CVE Request -- coreutils -- unsafe temporary directory location use
http://www.openwall.com/lists/oss-security/2009/12/08/4
[oss-security] 20091208 Re: CVE Request -- coreutils -- unsafe temporary directory location use
http://marc.info/?l=oss-security&m=126030454503441&w=2
gnu-core-distcheck-symlink(54673)
https://exchange.xforce.ibmcloud.com/vulnerabilities/54673
http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5
https://bugzilla.redhat.com/show_bug.cgi?id=545439

Copyright Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.66764
Categoría:	Mandrake Local Security Checks
Título:	Mandriva Security Advisory MDVSA-2010:024 (coreutils)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to coreutils announced via advisory MDVSA-2010:024. A vulnerability were discovered and corrected in coreutils: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp (CVE-2009-4135). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:024 Risk factor : Medium CVSS Score: 4.4
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4135 37256 http://www.securityfocus.com/bid/37256 37645 http://secunia.com/advisories/37645 37860 http://secunia.com/advisories/37860 60853 http://www.osvdb.org/60853 62226 http://secunia.com/advisories/62226 ADV-2009-3453 http://www.vupen.com/english/advisories/2009/3453 FEDORA-2009-13181 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html FEDORA-2009-13216 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html USN-2473-1 http://www.ubuntu.com/usn/USN-2473-1 [bug-coreutils] 20091208 Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html [bug-coreutils] 20091209 [PATCH] doc: NEWS: mention the "make distcheck" vulnerability http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html [oss-security] 20091208 CVE Request -- coreutils -- unsafe temporary directory location use http://www.openwall.com/lists/oss-security/2009/12/08/4 [oss-security] 20091208 Re: CVE Request -- coreutils -- unsafe temporary directory location use http://marc.info/?l=oss-security&m=126030454503441&w=2 gnu-core-distcheck-symlink(54673) https://exchange.xforce.ibmcloud.com/vulnerabilities/54673 http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 https://bugzilla.redhat.com/show_bug.cgi?id=545439
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com