Test ID:	1.3.6.1.4.1.25623.1.0.54743
Category:	Gentoo Local Security Checks
Title:	Gentoo Security Advisory GLSA 200411-22 (davfs2)
Summary:	The remote host is missing updates announced in;advisory GLSA 200411-22.
Description:	Summary: The remote host is missing updates announced in advisory GLSA 200411-22. Vulnerability Insight: Davfs2 and the lvmcreate_initrd script (included in the lvm-user package) are both vulnerable to symlink attacks, potentially allowing a local user to overwrite arbitrary files with the rights of the user running them. Solution: All Davfs2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=net-fs/davfs2-0.2.2-r1' All lvm-user users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=sys-fs/lvm-user-1.0.7-r2' CVSS Score: 2.1 CVSS Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2004-0972 BugTraq ID: 11290 http://www.securityfocus.com/bid/11290 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10632 RedHat Security Advisories: RHBA-2004:232 http://rhn.redhat.com/errata/RHBA-2004-232.html http://www.trustix.org/errata/2004/0050 XForce ISS Database: script-temporary-file-overwrite(17583) https://exchange.xforce.ibmcloud.com/vulnerabilities/17583
Copyright	Copyright (C) 2008 E-Soft Inc.

This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.