Test ID:	1.3.6.1.4.1.25623.1.0.51432
Category:	Conectiva Local Security Checks
Title:	Conectiva Security Advisory CLA-2003:675
Summary:	NOSUMMARY
Description:	Description: The remote host is missing updates announced in advisory CLA-2003:675. ml85p[1] is a printer driver for the Samsung ML-85G and QL85G printer models. iDEFENSE published[2] the following vulnerabilities in some printer related packages, including ml85p: - mtink: this package is not distributed with Conectiva Linux - escputil: the escputil program has a buffer overflow vulnerability in the way it deals with a printer name. Long enough names can be used to execute arbitrary code or crash the program. In Conectiva Linux, escputil is NOT a SGID program, so it is not possible to obtain higher privileges by exploiting this problem, but we are nevertheless including a fix with this update. - ml85p: this is a SUID root program and it creates temporary files in an insecure way, which makes it vulnerable to a race condition exploit. A local attacker could easily guess the name of this file and create a symbolic link to anywhere on the system. If the target exists, it will be overwritten otherwise, it will be created with 0666 permissions (world writable). There is, however, a condition for this to work: the attacker must be able to execute ml85p. By default, it is only executable by root or members of the sys group. Solution: The apt tool can be used to perform RPM package upgrades by running 'apt-get update' followed by 'apt-get upgrade' http://www.securityspace.com/smysecure/catid.html?in=CLA-2003:675 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=002003 Risk factor : High
Copyright	Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.