Test ID:	1.3.6.1.4.1.25623.1.1.10.2017.0263
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2017-0263)
Summary:	The remote host is missing an update for the 'supervisor' package(s) announced via the MGASA-2017-0263 advisory.
Description:	Summary: The remote host is missing an update for the 'supervisor' package(s) announced via the MGASA-2017-0263 advisory. Vulnerability Insight: A vulnerability has been found where an authenticated client can send a malicious XML-RPC request to supervisord that will run arbitrary shell commands on the server. The commands will be run as the same user as supervisord. Depending on how supervisord has been configured, this may be root (CVE-2017-11610). Affected Software/OS: 'supervisor' package(s) on Mageia 5, Mageia 6. Solution: Please install the updated package(s). CVSS Score: 9.0 CVSS Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2017-11610 Debian Security Information: DSA-3942 (Google Search) http://www.debian.org/security/2017/dsa-3942 https://www.exploit-db.com/exploits/42779/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4GMSCGMM477N64Z3BM34RWYBGSLK466B/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JXGWOJNSWWK2TTWQJZJUP66FLFIWDMBQ/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/DTPDZV4ZRICDYAYZVUHSYZAYDLRMG2IM/ https://security.gentoo.org/glsa/201709-06 RedHat Security Advisories: RHSA-2017:3005 https://access.redhat.com/errata/RHSA-2017:3005
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.