Lucene search
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.MANDRIVA_MDVSA-2009-046.NASLHistoryDec 09, 2009 - 12:00 a.m.
Mandriva Linux Security Advisory : dia (MDVSA-2009:046-1)
2009-12-0900:00:00
This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
12
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Python has a variable called sys.path that contains all paths where Python loads modules by using import scripting procedure. A wrong handling of that variable enables local attackers to execute arbitrary code via Python scripting in the current dia working directory (CVE-2008-5984).
This update provides fix for that vulnerability.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2009:046.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(43074);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2008-5984");
script_bugtraq_id(33448);
script_xref(name:"MDVSA", value:"2009:046-1");
script_name(english:"Mandriva Linux Security Advisory : dia (MDVSA-2009:046-1)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandriva Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Python has a variable called sys.path that contains all paths where
Python loads modules by using import scripting procedure. A wrong
handling of that variable enables local attackers to execute arbitrary
code via Python scripting in the current dia working directory
(CVE-2008-5984).
This update provides fix for that vulnerability.
Update :
Packages for 2008.0 are provided for Corporate Desktop 2008.0
customers"
);
script_set_attribute(attribute:"solution", value:"Update the affected dia package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"exploit_framework_core", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dia");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
script_set_attribute(attribute:"patch_publication_date", value:"2009/12/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/12/09");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2008.0", reference:"dia-0.96.1-2.1mdv2008.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Related
openvas
openvas
Mandriva Security Advisory MDVSA-2009:046-1 (dia)
2009-12-14 00:00:00
Mandrake Security Advisory MDVSA-2009:040 (dia)
2009-02-18 00:00:00
Mandrake Security Advisory MDVSA-2009:046 (dia)
2009-02-23 00:00:00
freebsd
freebsd
dia -- remote command execution vulnerability
2009-01-26 00:00:00
seebug
seebug
Dia Pythonๆไปถไฝฟ็จไธๅฎๅ
จๆ็ดข่ทฏๅพๆผๆด
2009-02-19 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : dia (MDVSA-2009:040)
2009-04-23 00:00:00
FreeBSD : dia -- remote command execution vulnerability (25eb365c-fd11-11dd-8424-c213de35965d)
2009-02-18 00:00:00
Fedora 9 : dia-0.96.1-7.fc9 (2009-1057)
2009-01-27 00:00:00
prion
prion
Design/Logic Flaw
2009-01-28 11:30:00
cve
cve
CVE-2008-5984
2009-01-28 11:30:00
ubuntucve
ubuntucve
CVE-2008-5984
2009-01-28 00:00:00
nvd
nvd
CVE-2008-5984
2009-01-28 11:30:00
cvelist
cvelist
CVE-2008-5984
2009-01-28 11:00:00
debiancve
debiancve
CVE-2008-5984
2009-01-28 11:30:00
6.9 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.0004 Low
EPSS
Percentile
5.1%
Related for MANDRIVA_MDVSA-2009-046.NASL