Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:008: jmcce Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the jmcce package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:008 (jmcce).
A problem exists in the jmcce program that is used for Chinese text on the
console. jmcce is installed setuid root and places log files in /tmp
jmcce does not perform suitable checking on the files it writes to and because
it uses a predictable logfile name, a possible hacker could exploit this to
arbitrarily overwrite any file on the system.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:008
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.