Mandriva Security Advisory MDVSA-2009:341 (dstat) Network Vulnerability

Summary

The remote host is missing an update to dstat announced via advisory MDVSA-2009:341.

Solution

To upgrade automatically use MandrakeUpdate or urpmi. The verification of md5 checksums and GPG signatures is performed automatically for you. https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:341

Insight

Multiple vulnerabilities has been found and corrected in dstat: Multiple untrusted search path vulnerabilities in dstat before 0.7.0 allow local users to gain privileges via a Trojan horse Python module in (1) the current working directory or (2) a certain subdirectory of the current working directory (CVE-2009-3894, CVE-2009-4081). This update provides a solution to these vulnerabilities. Affected: Corporate 4.0

Severity

Classification

CVE CVE-2009-3894, CVE-2009-4081

CVSS	Base Score: 4.4 AV:L/AC:M/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:126 (eggdrop)
Mandrake Security Advisory MDVSA-2009:180 (compface)
Mandrake Security Advisory MDVSA-2009:133 (irssi)
Mandrake Security Advisory MDVSA-2009:048-2 (epiphany)
Mandrake Security Advisory MDVSA-2009:046 (dia)

Take action and discover your vulnerabilities