Summary
The remote host is missing an update to mime-support announced via advisory DSA 292-2.
Solution
https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20292-2
Insight
Unfortunately yesterday's update for mime-support did not exactly work as expected, which requires an update. For completeness we include the advisory text:
Colin Phipps discovered several problems in mime-support, that contains support programs for the MIME control files 'mime.types' and 'mailcap'.
When a temporary file is to be used it is created insecurely, allowing an attacker to overwrite arbitrary under the user id of the person executing run-mailcap, most probably root. Additionally the program did not properly escape shell escape characters when executing a command.
This is unlikely to be exploitable, though.
For the stable distribution (woody) these problems have been fixed in version 3.18-1.2.
For the old stable distribution (potato) these problems have been fixed in version 3.9-1.2.
For the unstable distribution (sid) these problems have been fixed in version 3.22-1 (same as DSA 292-1).
We recommend that you upgrade your mime-support packages.
Severity
Classification
-
CVE CVE-2003-0214 -
CVSS Base Score: 4.6
AV:L/AC:L/Au:N/C:P/I:P/A:P
Related Vulnerabilities