Test ID:	1.3.6.1.4.1.25623.1.0.50536
Category:	Mandrake Local Security Checks
Title:	Mandrake Security Advisory MDKSA-2004:053 (xpcd)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to xpcd announced via advisory MDKSA-2004:053. A vulnerability in xpcd-svga, part of xpcd, was discovered by Jaguar. xpcd-svga uses svgalib to display graphics on the console and it would copy user-supplied data of an arbitrary length into a fixed-size buffer in the pcd_open function. As well, Steve Kemp previously discovered a buffer overflow in xpcd-svga that could be triggered by a long HOME environment variable, which could be exploited by a local attacker to obtain root privileges. The updated packages resolve these vulnerabilities. Affected versions: 10.0, 9.2 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2004:053 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2003-0649 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0402 Risk factor : High CVSS Score: 7.2
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2003-0649 Debian Security Information: DSA-368 (Google Search) http://www.debian.org/security/2003/dsa-368 http://www.mandriva.com/security/advisories?name=MDKSA-2004:053 Common Vulnerability Exposure (CVE) ID: CVE-2004-0402 BugTraq ID: 10403 http://www.securityfocus.com/bid/10403 Debian Security Information: DSA-508 (Google Search) http://www.debian.org/security/2004/dsa-508 XForce ISS Database: xpcd-svga-pcdopen-bo(16236) https://exchange.xforce.ibmcloud.com/vulnerabilities/16236
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.