home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-017.nasl < prev    next >
Text File  |  2005-01-14  |  3KB  |  111 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:017
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(13925);
  12.  script_version ("$Revision: 1.2 $");
  13.  
  14.  name["english"] = "MDKSA-2002:017: php";
  15.  
  16.  script_name(english:name["english"]);
  17.  
  18.  desc["english"] = "
  19. The remote host is missing the patch for the advisory MDKSA-2002:017 (php).
  20.  
  21.  
  22. Several flaws exist in various versions of PHP in the way it handles
  23. multipart/form-data POST requests, which are used for file uploads. The
  24. php_mime_split() function could be used by an attacker to execute arbitrary code
  25. on the server. This affects both PHP4 and PHP3. The authors have fixed this in
  26. PHP 4.1.2 and provided patches for older versions of PHP.
  27.  
  28.  
  29. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:017
  30. Risk factor : High";
  31.  
  32.  
  33.  
  34.  script_description(english:desc["english"]);
  35.  
  36.  summary["english"] = "Check for the version of the php package";
  37.  script_summary(english:summary["english"]);
  38.  
  39.  script_category(ACT_GATHER_INFO);
  40.  
  41.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  42.  family["english"] = "Mandrake Local Security Checks";
  43.  script_family(english:family["english"]);
  44.  
  45.  script_dependencies("ssh_get_info.nasl");
  46.  script_require_keys("Host/Mandrake/rpm-list");
  47.  exit(0);
  48. }
  49.  
  50. include("rpm.inc");
  51. if ( rpm_check( reference:"php-4.0.6-5.8mdk", release:"MDK7.1", yank:"mdk") )
  52. {
  53.  security_hole(0);
  54.  exit(0);
  55. }
  56. if ( rpm_check( reference:"php-common-4.0.6-5.8mdk", release:"MDK7.1", yank:"mdk") )
  57. {
  58.  security_hole(0);
  59.  exit(0);
  60. }
  61. if ( rpm_check( reference:"php-devel-4.0.6-5.8mdk", release:"MDK7.1", yank:"mdk") )
  62. {
  63.  security_hole(0);
  64.  exit(0);
  65. }
  66. if ( rpm_check( reference:"php-4.0.6-5.7mdk", release:"MDK7.2", yank:"mdk") )
  67. {
  68.  security_hole(0);
  69.  exit(0);
  70. }
  71. if ( rpm_check( reference:"php-common-4.0.6-5.7mdk", release:"MDK7.2", yank:"mdk") )
  72. {
  73.  security_hole(0);
  74.  exit(0);
  75. }
  76. if ( rpm_check( reference:"php-devel-4.0.6-5.7mdk", release:"MDK7.2", yank:"mdk") )
  77. {
  78.  security_hole(0);
  79.  exit(0);
  80. }
  81. if ( rpm_check( reference:"php-4.0.6-5.6mdk", release:"MDK8.0", yank:"mdk") )
  82. {
  83.  security_hole(0);
  84.  exit(0);
  85. }
  86. if ( rpm_check( reference:"php-common-4.0.6-5.6mdk", release:"MDK8.0", yank:"mdk") )
  87. {
  88.  security_hole(0);
  89.  exit(0);
  90. }
  91. if ( rpm_check( reference:"php-devel-4.0.6-5.6mdk", release:"MDK8.0", yank:"mdk") )
  92. {
  93.  security_hole(0);
  94.  exit(0);
  95. }
  96. if ( rpm_check( reference:"php-4.0.6-5.5mdk", release:"MDK8.1", yank:"mdk") )
  97. {
  98.  security_hole(0);
  99.  exit(0);
  100. }
  101. if ( rpm_check( reference:"php-common-4.0.6-5.5mdk", release:"MDK8.1", yank:"mdk") )
  102. {
  103.  security_hole(0);
  104.  exit(0);
  105. }
  106. if ( rpm_check( reference:"php-devel-4.0.6-5.5mdk", release:"MDK8.1", yank:"mdk") )
  107. {
  108.  security_hole(0);
  109.  exit(0);
  110. }
  111.