home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-048.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  2KB  |  87 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:048
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(13951);
12.  script_bugtraq_id(5084);
13.  script_version ("$Revision: 1.3 $");
14.  script_cve_id("CAN-2002-0653");
15.  
16.  name["english"] = "MDKSA-2002:048: mod_ssl";
17.  
18.  script_name(english:name["english"]);
19.  
20.  desc["english"] = "
21. The remote host is missing the patch for the advisory MDKSA-2002:048 (mod_ssl).
22.  
23.  
24. Frank Denis discovered an off-by-one error in mod_ssl dealing with the handling
25. of older configuration directorives (the rewrite_command hook). A malicious user
26. could use a specially-crafted .htaccess file to execute arbitrary commands as
27. the apache user or execute a DoS against the apache child processes.
28. This vulnerability is fixed in mod_ssl 2.8.10; patches have been applied to
29. correct this problem in these packages.
30.  
31.  
32. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:048
33. Risk factor : High";
34.  
35.  
36.  
37.  script_description(english:desc["english"]);
38.  
39.  summary["english"] = "Check for the version of the mod_ssl package";
40.  script_summary(english:summary["english"]);
41.  
42.  script_category(ACT_GATHER_INFO);
43.  
44.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
45.  family["english"] = "Mandrake Local Security Checks";
46.  script_family(english:family["english"]);
47.  
48.  script_dependencies("ssh_get_info.nasl");
49.  script_require_keys("Host/Mandrake/rpm-list");
50.  exit(0);
51. }
52.  
53. include("rpm.inc");
54. if ( rpm_check( reference:"mod_ssl-2.8.5-3.1mdk", release:"MDK7.1", yank:"mdk") )
55. {
56.  security_hole(0);
57.  exit(0);
58. }
59. if ( rpm_check( reference:"mod_ssl-2.8.5-3.1mdk", release:"MDK7.2", yank:"mdk") )
60. {
61.  security_hole(0);
62.  exit(0);
63. }
64. if ( rpm_check( reference:"mod_ssl-2.8.5-3.1mdk", release:"MDK8.0", yank:"mdk") )
65. {
66.  security_hole(0);
67.  exit(0);
68. }
69. if ( rpm_check( reference:"mod_ssl-2.8.5-3.1mdk", release:"MDK8.1", yank:"mdk") )
70. {
71.  security_hole(0);
72.  exit(0);
73. }
74. if ( rpm_check( reference:"mod_ssl-2.8.7-3.1mdk", release:"MDK8.2", yank:"mdk") )
75. {
76.  security_hole(0);
77.  exit(0);
78. }
79. if (rpm_exists(rpm:"mod_ssl-", release:"MDK7.1")
80.  || rpm_exists(rpm:"mod_ssl-", release:"MDK7.2")
81.  || rpm_exists(rpm:"mod_ssl-", release:"MDK8.0")
82.  || rpm_exists(rpm:"mod_ssl-", release:"MDK8.1")
83.  || rpm_exists(rpm:"mod_ssl-", release:"MDK8.2") )
84. {
85.  set_kb_item(name:"CAN-2002-0653", value:TRUE);
86. }
87.