|
|
Family: Mandrake Local Security Checks --> Category: infos
MDKSA-2003:016: util-linux Vulnerability Scan
Vulnerability Scan Summary
Check for the version of the util-linux package
Detailed Explanation for this Vulnerability Test
The remote host is missing the patch for the advisory MDKSA-2003:016 (util-linux).
The util-linux package provides the mcookie utility, a tool for generating
random cookies that can be used for X authentication. The util-linux packages
that were distributed with Mandrake Linux 8.2 and 9.0 had a patch that made it
use /dev/urandom instead of /dev/random, which resulted in the mcookie being
more predictable than it would otherwise be. This patch has been removed in
these updates, giving mcookie a better source of entropy and making the
generated cookies less predictable. Thanks to Dirk Mueller for pointing this
out.
Solution : http://wwwnew.mandriva.com/security/advisories?name=MDKSA-2003:016
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|
