Test ID:	1.3.6.1.4.1.25623.1.0.66685
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2009:345 (acl)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to acl announced via advisory MDVSA-2009:345. A vulnerability was discovered and corrected in acl: The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack (CVE-2009-4411). This update provides a fix for this vulnerability. Affected: 2009.0, 2009.1, 2010.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2009:345 Risk factor : Medium CVSS Score: 3.7
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4411 BugTraq ID: 37455 http://www.securityfocus.com/bid/37455 http://www.mandriva.com/security/advisories?name=MDVSA-2009:345 http://www.openwall.com/lists/oss-security/2009/12/23/2 http://osvdb.org/61302 http://secunia.com/advisories/37907 http://secunia.com/advisories/38420 SuSE Security Announcement: SUSE-SR:2010:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html XForce ISS Database: acl-setfacl-getfacl-symlink(55004) https://exchange.xforce.ibmcloud.com/vulnerabilities/55004
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.