Test ID:	1.3.6.1.4.1.25623.1.0.69578
Category:	Slackware Local Security Checks
Title:	Slackware: Security Advisory (SSA:2011-108-01)
Summary:	The remote host is missing an update for the 'acl' package(s) announced via the SSA:2011-108-01 advisory.
Description:	Summary: The remote host is missing an update for the 'acl' package(s) announced via the SSA:2011-108-01 advisory. Vulnerability Insight: New acl packages are available for Slackware 11.0, 12.0, 12.1, 12.2, 13.0, 13.1, and -current to fix a security issue. Here are the details from the Slackware 13.1 ChangeLog: +--------------------------+ patches/packages/acl-2.2.50-i486-1_slack13.1.txz: Upgraded. Fix the --physical option in setfacl and getfacl to prevent symlink attacks. Thanks to Martijn Dekker for the notification. For more information, see: [link moved to references] (* Security fix *) +--------------------------+ Affected Software/OS: 'acl' package(s) on Slackware 11.0, Slackware 12.0, Slackware 12.1, Slackware 12.2, Slackware 13.0, Slackware 13.1, Slackware current. Solution: Please install the updated package(s). CVSS Score: 3.7 CVSS Vector: AV:L/AC:H/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-4411 BugTraq ID: 37455 http://www.securityfocus.com/bid/37455 http://www.mandriva.com/security/advisories?name=MDVSA-2009:345 http://www.openwall.com/lists/oss-security/2009/12/23/2 http://osvdb.org/61302 http://secunia.com/advisories/37907 http://secunia.com/advisories/38420 SuSE Security Announcement: SUSE-SR:2010:002 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2010-02/msg00000.html XForce ISS Database: acl-setfacl-getfacl-symlink(55004) https://exchange.xforce.ibmcloud.com/vulnerabilities/55004
Copyright	Copyright (C) 2012 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.