home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-022.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  3KB  |  107 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:022
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(13930);
12.  script_version ("$Revision: 1.2 $");
13.  script_cve_id("CAN-2002-0059");
14.  
15.  name["english"] = "MDKSA-2002:022: zlib";
16.  
17.  script_name(english:name["english"]);
18.  
19.  desc["english"] = "
20. The remote host is missing the patch for the advisory MDKSA-2002:022 (zlib).
21.  
22.  
23. Matthias Clasen found a security issue in zlib that, when provided with certain
24. input, causes zlib to free an area of memory twice. This 'double free' bug can
25. be used to crash any programs that take untrusted compressed input, such as web
26. browsers, email clients, image viewing software, etc. This vulnerability can be
27. used to perform Denial of Service attacks and, quite possibly, the execution of
28. arbitrary code on the affected system.
29. MandrakeSoft has published two advisories concerning this incident:
30. MDKSA-2002:022 - zlib MDKSA-2002:023 - packages containing zlib
31. The second advisory contains additional packages that bring their own copies of
32. the zlib source, and as such need to be fixed and rebuilt. Updating the zlib
33. library is sufficient to protect those programs that use the system zlib, but
34. the packages as noted in MDKSA-2002:023 will need to be updated for those
35. packages that do not use the system zlib.
36.  
37.  
38. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:022
39. Risk factor : High";
40.  
41.  
42.  
43.  script_description(english:desc["english"]);
44.  
45.  summary["english"] = "Check for the version of the zlib package";
46.  script_summary(english:summary["english"]);
47.  
48.  script_category(ACT_GATHER_INFO);
49.  
50.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
51.  family["english"] = "Mandrake Local Security Checks";
52.  script_family(english:family["english"]);
53.  
54.  script_dependencies("ssh_get_info.nasl");
55.  script_require_keys("Host/Mandrake/rpm-list");
56.  exit(0);
57. }
58.  
59. include("rpm.inc");
60. if ( rpm_check( reference:"zlib-1.1.3-11.1mdk", release:"MDK7.1", yank:"mdk") )
61. {
62.  security_hole(0);
63.  exit(0);
64. }
65. if ( rpm_check( reference:"zlib-devel-1.1.3-11.1mdk", release:"MDK7.1", yank:"mdk") )
66. {
67.  security_hole(0);
68.  exit(0);
69. }
70. if ( rpm_check( reference:"zlib-1.1.3-11.1mdk", release:"MDK7.2", yank:"mdk") )
71. {
72.  security_hole(0);
73.  exit(0);
74. }
75. if ( rpm_check( reference:"zlib-devel-1.1.3-11.1mdk", release:"MDK7.2", yank:"mdk") )
76. {
77.  security_hole(0);
78.  exit(0);
79. }
80. if ( rpm_check( reference:"zlib1-1.1.3-16.1mdk", release:"MDK8.0", yank:"mdk") )
81. {
82.  security_hole(0);
83.  exit(0);
84. }
85. if ( rpm_check( reference:"zlib1-devel-1.1.3-16.1mdk", release:"MDK8.0", yank:"mdk") )
86. {
87.  security_hole(0);
88.  exit(0);
89. }
90. if ( rpm_check( reference:"zlib1-1.1.3-16.1mdk", release:"MDK8.1", yank:"mdk") )
91. {
92.  security_hole(0);
93.  exit(0);
94. }
95. if ( rpm_check( reference:"zlib1-devel-1.1.3-16.1mdk", release:"MDK8.1", yank:"mdk") )
96. {
97.  security_hole(0);
98.  exit(0);
99. }
100. if (rpm_exists(rpm:"zlib-", release:"MDK7.1")
101.  || rpm_exists(rpm:"zlib-", release:"MDK7.2")
102.  || rpm_exists(rpm:"zlib-", release:"MDK8.0")
103.  || rpm_exists(rpm:"zlib-", release:"MDK8.1") )
104. {
105.  set_kb_item(name:"CAN-2002-0059", value:TRUE);
106. }
107.