Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: Mandrake Local Security Checks --> Category: infos

MDKSA-2002:060: tcltk Vulnerability Scan

Vulnerability Scan Summary
Check for the version of the tcltk package

Detailed Explanation for this Vulnerability Test

The remote host is missing the patch for the advisory MDKSA-2002:060 (tcltk).

Some problems were discovered with the Tcl/Tk development environment. The
expect application would search for its libraries in /var/tmp prior to searching
in other directories, which could allow a local user to gain root privilege by
writing a trojan library and waiting for the root user to run the mkpasswd
utility. This is fixed in version 5.32 of expect. A similiar vulnerability has
been fixed in the tcltk package which searched for its libraries in the current
working directory prior to searching in other directories. This could be used to
execute arbitrary code by local users through the use of a trojan library.

Solution :
Threat Level: High

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.