home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-045.nasl < prev    next >
Text File  |  2005-01-14  |  3KB  |  110 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:045
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(13948);
  12.  script_bugtraq_id(5352);
  13.  script_version ("$Revision: 1.3 $");
  14.  script_cve_id("CAN-2002-0658");
  15.  
  16.  name["english"] = "MDKSA-2002:045: mm";
  17.  
  18.  script_name(english:name["english"]);
  19.  
  20.  desc["english"] = "
  21. The remote host is missing the patch for the advisory MDKSA-2002:045 (mm).
  22.  
  23.  
  24. Marcus Meissner and Sebastian Krahmer discovered a temporary file vulnerability
  25. in the mm library which is used by the Apache webserver. This vulnerability can
  26. be exploited to obtain root privilege if shell access to the apache user
  27. (typically apache or nobody) is already obtained.
  28.  
  29.  
  30. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:045
  31. Risk factor : High";
  32.  
  33.  
  34.  
  35.  script_description(english:desc["english"]);
  36.  
  37.  summary["english"] = "Check for the version of the mm package";
  38.  script_summary(english:summary["english"]);
  39.  
  40.  script_category(ACT_GATHER_INFO);
  41.  
  42.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  43.  family["english"] = "Mandrake Local Security Checks";
  44.  script_family(english:family["english"]);
  45.  
  46.  script_dependencies("ssh_get_info.nasl");
  47.  script_require_keys("Host/Mandrake/rpm-list");
  48.  exit(0);
  49. }
  50.  
  51. include("rpm.inc");
  52. if ( rpm_check( reference:"mm-1.1.3-8.5mdk", release:"MDK7.1", yank:"mdk") )
  53. {
  54.  security_hole(0);
  55.  exit(0);
  56. }
  57. if ( rpm_check( reference:"mm-devel-1.1.3-8.5mdk", release:"MDK7.1", yank:"mdk") )
  58. {
  59.  security_hole(0);
  60.  exit(0);
  61. }
  62. if ( rpm_check( reference:"mm-1.1.3-8.5mdk", release:"MDK7.2", yank:"mdk") )
  63. {
  64.  security_hole(0);
  65.  exit(0);
  66. }
  67. if ( rpm_check( reference:"mm-devel-1.1.3-8.5mdk", release:"MDK7.2", yank:"mdk") )
  68. {
  69.  security_hole(0);
  70.  exit(0);
  71. }
  72. if ( rpm_check( reference:"mm-1.1.3-8.4mdk", release:"MDK8.0", yank:"mdk") )
  73. {
  74.  security_hole(0);
  75.  exit(0);
  76. }
  77. if ( rpm_check( reference:"mm-devel-1.1.3-8.4mdk", release:"MDK8.0", yank:"mdk") )
  78. {
  79.  security_hole(0);
  80.  exit(0);
  81. }
  82. if ( rpm_check( reference:"libmm1-1.1.3-9.1mdk", release:"MDK8.1", yank:"mdk") )
  83. {
  84.  security_hole(0);
  85.  exit(0);
  86. }
  87. if ( rpm_check( reference:"libmm1-devel-1.1.3-9.1mdk", release:"MDK8.1", yank:"mdk") )
  88. {
  89.  security_hole(0);
  90.  exit(0);
  91. }
  92. if ( rpm_check( reference:"libmm1-1.1.3-9.1mdk", release:"MDK8.2", yank:"mdk") )
  93. {
  94.  security_hole(0);
  95.  exit(0);
  96. }
  97. if ( rpm_check( reference:"libmm1-devel-1.1.3-9.1mdk", release:"MDK8.2", yank:"mdk") )
  98. {
  99.  security_hole(0);
  100.  exit(0);
  101. }
  102. if (rpm_exists(rpm:"mm-", release:"MDK7.1")
  103.  || rpm_exists(rpm:"mm-", release:"MDK7.2")
  104.  || rpm_exists(rpm:"mm-", release:"MDK8.0")
  105.  || rpm_exists(rpm:"mm-", release:"MDK8.1")
  106.  || rpm_exists(rpm:"mm-", release:"MDK8.2") )
  107. {
  108.  set_kb_item(name:"CAN-2002-0658", value:TRUE);
  109. }
  110.