Mandrake Local Security Checks : Mandrake Security Advisory MDVSA-2008:172 (amarok)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61414

Categoría: Mandrake Local Security Checks

Título: Mandrake Security Advisory MDVSA-2008:172 (amarok)

Resumen: NOSUMMARY

Descripción: Description:

The remote host is missing an update to amarok
announced via advisory MDVSA-2008:172.

A flaw in Amarok prior to 1.4.10 would allow local users to overwrite
arbitrary files via a symlink attack on a temporary file that Amarok
created with a predictable name (CVE-2008-3699).

The updated packages have been patched to correct this issue.

Affected: 2008.0, 2008.1

Solution:
To upgrade automatically use MandrakeUpdate or urpmi. The verification
of md5 checksums and GPG signatures is performed automatically for you.

https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:172

Risk factor : Medium

CVSS Score:
3.3

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3699
BugTraq ID: 30662
http://www.securityfocus.com/bid/30662
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00097.html
https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00057.html
http://security.gentoo.org/glsa/glsa-200809-08.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:172
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765
http://secunia.com/advisories/31418
http://secunia.com/advisories/31663
http://secunia.com/advisories/31839
http://secunia.com/advisories/32357
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.455790
http://www.ubuntu.com/usn/usn-657-1
http://www.vupen.com/english/advisories/2008/2338
XForce ISS Database: amarok-magnatunebrowser-symlink(44399)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44399

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61414
Categoría:	Mandrake Local Security Checks
Título:	Mandrake Security Advisory MDVSA-2008:172 (amarok)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing an update to amarok announced via advisory MDVSA-2008:172. A flaw in Amarok prior to 1.4.10 would allow local users to overwrite arbitrary files via a symlink attack on a temporary file that Amarok created with a predictable name (CVE-2008-3699). The updated packages have been patched to correct this issue. Affected: 2008.0, 2008.1 Solution: To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:172 Risk factor : Medium CVSS Score: 3.3
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3699 BugTraq ID: 30662 http://www.securityfocus.com/bid/30662 https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00097.html https://www.redhat.com/archives/fedora-package-announce/2008-September/msg00057.html http://security.gentoo.org/glsa/glsa-200809-08.xml http://www.mandriva.com/security/advisories?name=MDVSA-2008:172 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=494765 http://secunia.com/advisories/31418 http://secunia.com/advisories/31663 http://secunia.com/advisories/31839 http://secunia.com/advisories/32357 http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.455790 http://www.ubuntu.com/usn/usn-657-1 http://www.vupen.com/english/advisories/2008/2338 XForce ISS Database: amarok-magnatunebrowser-symlink(44399) https://exchange.xforce.ibmcloud.com/vulnerabilities/44399
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com