Detections
Analytics

RHEL 5 : mcstrans (RHSA-2007:0542)

low Nessus Plugin ID 27830

Synopsis

The remote Red Hat host is missing a security update.

Description

An updated mcstrans package that fixes a security issue and a bug is now available.

This update has been rated as having low security impact by the Red Hat Security Response Team.

mcstrans is the translation daemon used on SELinux machines to translate program context into human readable form.

An algorithmic complexity weakness was found in the way the mcstrans daemon handled ranges of compartments in sensitivity labels. A local user could trigger this flaw causing mctransd to temporarily stop responding to other requests; a partial denial of service.
(CVE-2007-4570)

This update also fixes a problem where the mcstrans daemon was preventing SSH connections into an SELinux box, that was running a Multi-Level Security (MLS) Policy with multiple categories.

Users of mcstrans are advised to upgrade to this updated package, which resolves this issue.

Solution

Update the affected mcstrans package.

See Also

https://access.redhat.com/security/cve/cve-2007-4570

https://access.redhat.com/errata/RHSA-2007:0542

Plugin Details

Severity: Low

ID: 27830

File Name: redhat-RHSA-2007-0542.nasl

Version: 1.23

Type: local

Agent: unix

Published: 11/8/2007

Updated: 1/14/2021

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

CVSS v2

Risk Factor: Low

Base Score: 1.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:N/I:N/A:P

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:mcstrans, cpe:/o:redhat:enterprise_linux:5

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Patch Publication Date: 11/7/2007

Vulnerability Publication Date: 11/9/2007

Reference Information

CVE: CVE-2007-4570

CWE: 20

RHSA: 2007:0542