Advisories » MGASA-2013-0358

Updated busybox package fixes security vulnerability

Publication date: 30 Nov 2013
Modification date: 30 Nov 2013
Type: security
Affected Mageia releases : 3
CVE: CVE-2013-1813

Description

It was found that the mdev BusyBox utility could create certain
directories within /dev with world-writable permissions. A local
unprivileged user could use this flaw to manipulate portions of the /dev
directory tree (CVE-2013-1813).
                

References

• https://bugs.mageia.org/show_bug.cgi?id=11722
• https://rhn.redhat.com/errata/RHSA-2013-1732.html
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1813

SRPMS

3/core

• busybox-1.20.2-2.1.mga3