Mandriva Update For Util-linux MDKSA-2007:198 (util-linux) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

The mount and umount programs in util-linux called the setuid() and setgid() functions in the wrong order and did not check the return values, which could allow attackers to grain privileges via helper applications such as mount.nfs. Updated packages have been patched to fix this issue.

Affected

util-linux on Mandriva Linux 2007.0, Mandriva Linux 2007.0/X86_64, Mandriva Linux 2007.1, Mandriva Linux 2007.1/X86_64, Mandriva Linux 2008.0, Mandriva Linux 2008.0/X86_64

Severity

Classification

CVE CVE-2007-5191

CVSS	Base Score: 6.9 AV:L/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:123 (opensc)
Mandrake Security Advisory MDVSA-2009:058 (wireshark)
Mandrake Security Advisory MDVSA-2009:038 (blender)
Mandrake Security Advisory MDVSA-2009:048-1 (epiphany)
Mandrake Security Advisory MDVSA-2009:105 (memcached)

Mandriva Update for util-linux MDKSA-2007:198 (util-linux)

Take action and discover your vulnerabilities