Test ID:	1.3.6.1.4.1.25623.1.0.66764
Category:	Mandrake Local Security Checks
Title:	Mandriva Security Advisory MDVSA-2010:024 (coreutils)
Summary:	NOSUMMARY
Description:	Description: The remote host is missing an update to coreutils announced via advisory MDVSA-2010:024. A vulnerability were discovered and corrected in coreutils: The distcheck rule in dist-check.mk in GNU coreutils 5.2.1 through 8.1 allows local users to gain privileges via a symlink attack on a file in a directory tree under /tmp (CVE-2009-4135). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers. The updated packages have been patched to correct this issue. Affected: 2008.0, 2009.0, 2009.1, 2010.0, Corporate 4.0, Enterprise Server 5.0 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. http://www.securityspace.com/smysecure/catid.html?in=MDVSA-2010:024 Risk factor : Medium CVSS Score: 4.4
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4135 37256 http://www.securityfocus.com/bid/37256 37645 http://secunia.com/advisories/37645 37860 http://secunia.com/advisories/37860 60853 http://www.osvdb.org/60853 62226 http://secunia.com/advisories/62226 ADV-2009-3453 http://www.vupen.com/english/advisories/2009/3453 FEDORA-2009-13181 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00972.html FEDORA-2009-13216 https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00954.html USN-2473-1 http://www.ubuntu.com/usn/USN-2473-1 [bug-coreutils] 20091208 Re: build: distcheck: do not leave a $TMPDIR/coreutils directory behind http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18779.html [bug-coreutils] 20091209 [PATCH] doc: NEWS: mention the "make distcheck" vulnerability http://www.mail-archive.com/bug-coreutils%40gnu.org/msg18787.html [oss-security] 20091208 CVE Request -- coreutils -- unsafe temporary directory location use http://www.openwall.com/lists/oss-security/2009/12/08/4 [oss-security] 20091208 Re: CVE Request -- coreutils -- unsafe temporary directory location use http://marc.info/?l=oss-security&m=126030454503441&w=2 gnu-core-distcheck-symlink(54673) https://exchange.xforce.ibmcloud.com/vulnerabilities/54673 http://git.savannah.gnu.org/cgit/coreutils.git/commit/?id=ae034822c535fa5 https://bugzilla.redhat.com/show_bug.cgi?id=545439
Copyright	Copyright (c) 2010 E-Soft Inc. http://www.securityspace.com

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.