Test ID:	1.3.6.1.4.1.25623.1.1.10.2018.0379
Category:	Mageia Linux Local Security Checks
Title:	Mageia: Security Advisory (MGASA-2018-0379)
Summary:	The remote host is missing an update for the 'unixODBC' package(s) announced via the MGASA-2018-0379 advisory.
Description:	Summary: The remote host is missing an update for the 'unixODBC' package(s) announced via the MGASA-2018-0379 advisory. Vulnerability Insight: unixODBC before version 2.3.5 is vulnerable to a buffer overflow in the DriverManager/__info.c:unicode_to_ansi_copy() method. An attacker could exploit this to cause a denial of service or other unspecified impact (CVE-2018-7409). The SQLWriteFileDSN function in odbcinst/SQLWriteFileDSN.c in unixODBC 2.3.5 has strncpy arguments in the wrong order, which allows attackers to cause a denial of service or possibly have unspecified other impact (CVE-2018-7485). Affected Software/OS: 'unixODBC' package(s) on Mageia 6. Solution: Please install the updated package(s). CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2018-7409 http://www.unixodbc.org/unixODBC-2.3.5.tar.gz https://sourceforge.net/projects/unixodbc/files/unixODBC/2.3.5/ChangeLog/download RedHat Security Advisories: RHSA-2019:2336 https://access.redhat.com/errata/RHSA-2019:2336 Common Vulnerability Exposure (CVE) ID: CVE-2018-7485 BugTraq ID: 103193 http://www.securityfocus.com/bid/103193 https://github.com/lurcher/unixODBC/commit/45ef78e037f578b15fc58938a3a3251655e71d6f#diff-d52750c7ba4e594410438569d8e2963aL24
Copyright	Copyright (C) 2022 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.