Mandriva Security Advisory MDVSA-2009:341 (dstat) Network Vulnerability

Summary

The remote host is missing an update to dstat announced via advisory MDVSA-2009:341.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:341

Insight

Multiple vulnerabilities has been found and corrected in dstat: Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory (CVE-2009-3894, CVE-2009-4081). This update provides a solution to these vulnerabilities. Affected: Corporate 4.0

Severity

Classification

CVE CVE-2009-3894, CVE-2009-4081
CVSS Base Score: 4.4
AV:L/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:206 (wget)
Mandrake Security Advisory MDVSA-2009:039 (gedit)
Mandrake Security Advisory MDVSA-2009:172 (dhcp)
Mandrake Security Advisory MDVSA-2009:188 (php4-eaccelerator)
Mandrake Security Advisory MDVSA-2009:123 (opensc)

Take action and discover your vulnerabilities