Test ID:	1.3.6.1.4.1.25623.1.0.53898
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2003-141-06)
Summary:	The remote host is missing an update for the 'quotacheck' package(s) announced via the SSA:2003-141-06 advisory.
Description:	Summary: The remote host is missing an update for the 'quotacheck' package(s) announced via the SSA:2003-141-06 advisory. Vulnerability Insight: An upgraded sysvinit package is available which fixes a problem with the use of quotacheck in /etc/rc.d/rc.M. The original version of rc.M calls quotacheck like this: echo 'Checking filesystem quotas: /sbin/quotacheck -avugM' /sbin/quotacheck -avugM The 'M' option is wrong. This causes the filesystem to be remounted, and in the process any mount flags such as nosuid, nodev, noexec, and the like, will be reset. The correct option to use here is 'm', which does not attempt to remount the partition: echo 'Checking filesystem quotas: /sbin/quotacheck -avugm' /sbin/quotacheck -avugm We recommend sites using file system quotas upgrade to this new package, or edit /etc/rc.d/rc.M accordingly. Here are the details from the Slackware 9.0 ChangeLog: +--------------------------+ Tue May 20 20:13:09 PDT 2003 patches/packages/sysvinit-2.84-i386-26.tgz: Use option M, not m, for quotacheck. Otherwise, the partition might be remounted losing flags like nosuid,nodev, noexec. Thanks to Jem Berkes for pointing this out. (* Security fix *) +--------------------------+ Affected Software/OS: 'quotacheck' package(s) on Slackware 9.0. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.