 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.55906 |
| Category: | Mandrake Local Security Checks |
| Title: | Mandrake Security Advisory MDKSA-2005:216 (fuse) |
| Summary: | NOSUMMARY |
| Description: | Description: The remote host is missing an update to fuse announced via advisory MDKSA-2005:216. Thomas Beige found that fusermount failed to securely handle special characters specified in mount points, which could allow a local attacker to corrupt the contents of /etc/mtab by mounting over a maliciously-named directory using fusermount. This could potentially allow the attacker to set unauthorized mount options. This is only possible when fusermount is installed setuid root, which is the case in Mandriva Linux. The updated packages have been patched to address these problems. Affected: 2006.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDKSA-2005:216 Risk factor : Medium CVSS Score: 2.1 |
| Cross-Ref: |
BugTraq ID: 15529 Common Vulnerability Exposure (CVE) ID: CVE-2005-3531 http://www.securityfocus.com/bid/15529 http://www.gentoo.org/security/en/glsa/glsa-200511-17.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:216 http://secunia.com/advisories/17691 http://secunia.com/advisories/17695 http://www.vupen.com/english/advisories/2005/2529 |
| Copyright | Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com |
| This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |