 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.52729 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandrake Security Advisory MDKSA-2005:089 (cdrdao) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to cdrdao announced via advisory MDKSA-2005:089. The cdrdao package contains two vulnerabilities the first allows local users to read arbitrary files via the show-data command and the second allows local users to overwrite arbitrary files via a symlink attack on the ~ /.cdrdao configuration file. This can also lead to elevated privileges (a root shell) due to cdrdao being installed suid root. The provided packages have been patched to correct these issues. Affected versions: 10.0, 10.1, 10.2, Corporate 3.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:089 Risk factor : High CVSS Score: 7.2 |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2002-0137 BugTraq ID: 3865 http://www.securityfocus.com/bid/3865 Bugtraq: 20020112 cdrdao insecure filehandling (Google Search) http://marc.info/?l=bugtraq&m=101102759631000&w=2 Common Vulnerability Exposure (CVE) ID: CVE-2002-0138 Bugtraq: 20020115 Re: cdrdao insecure filehandling (Google Search) http://marc.info/?l=bugtraq&m=101111688819855&w=2 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |