NASLDB: Fedora 7 : comix-3.6.4-6.fc7 (2008-2993)
General
ID: 31823
Name: Fedora 7 : comix-3.6.4-6.fc7 (2008-2993)
Summary: Checks rpm output for the updated package
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Temporal Vector: –
Port: 0
Family: Fedora Local Security Checks
Type: Local
Description
Several security flaws are reported against comix 3.6.4. One issue is
that comix uses os.popen() to execute external commands without
handling filenames properly. This may allow malicios users to execute
arbitrary commands by opening some files with crafted names. This
issue is now identified as CVE-2008-1568. Another issue is that comix
creates a directory under /tmp with the name easily predictable by any
users. This will cause DOS attach for multiuser system. This new
package will fix these issues.
Exploiting
Exploit Available: –
Exploitability Ease: –
Sources
CVE: CVE-2008-1568
OSVDB: –
Bugtraq: –
scipID: –
Timeline
Vulnerability Disclosure: –
Patch Release: 2008/04/08
Plugin Release: 2008/04/11
Plugin
Version: 1.8
Filename: fedora_2008-2993.nasl
Filesize: 3184 bytes
MD5 Hash: cea6a39fa38833fad55f4ceff7122933
Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list
Dependencies: "ssh_get_info.nasl"
Copyright: This script is Copyright© 2008-2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack