Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2002:082-1: python Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the python package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2002:082-1 (python).
A vulnerability was discovered in python by Zack Weinberg in the way that the
execvpe() method from the os.py module uses a temporary file name. The file is
created in an unsafe manner and execvpe() tries to execute it, which can be used
by a local attacker to execute arbitrary code with the privilege of the user
running the python code that is using this method.
The previously released packages for 9.0 had an incorrect dependency on
libdb.so.2 instead of libdb.so.3. This update corrects that problem.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2002:082-1
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.