home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-062.nasl < prev    next >
Text File  |  2005-01-14  |  11KB  |  403 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:062-1
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(13963);
  12.  script_version ("$Revision: 1.4 $");
  13.  script_bugtraq_id(5527, 5528, 6610, 6612, 6614, 6615);
  14.  script_cve_id("CAN-2002-0972", "CAN-2002-1397", "CAN-2002-1398", "CAN-2002-1400", "CAN-2002-1401", "CAN-2002-1402");
  15.  
  16.  name["english"] = "MDKSA-2002:062-1: postgresql";
  17.  
  18.  script_name(english:name["english"]);
  19.  
  20.  desc["english"] = "
  21. The remote host is missing the patch for the advisory MDKSA-2002:062-1 (postgresql).
  22.  
  23.  
  24. Vulnerabilities were discovered in the Postgresql relational database by Mordred
  25. Labs. These vulnerabilities are buffer overflows in the rpad(), lpad(),
  26. repeat(), and cash_words() functions. The Postgresql developers also fixed a
  27. buffer overflow in functions that deal with time/date and timezone.
  28. Finally, more buffer overflows were discovered by Mordred Labs in the 7.2.2
  29. release that are currently only fixed in CVS. These buffer overflows exist in
  30. the circle_poly(), path_encode(), and path_addr() functions.
  31. In order for these vulnerabilities to be exploited, an attacker must be able to
  32. query the server somehow. However, this cannot directly lead to root privilege
  33. because the server runs as the postgresql user.
  34. Prior to upgrading, users should dump their database and retain it as backup.
  35. You can dump the database by using:
  36. $ pg_dumpall > db.out
  37. If you need to restore from the backup, you can do so by using:
  38. $ psql -f db.out template1
  39. Update:
  40. The previous update missed a few small fixes, including a buffer overflow in the
  41. cash_words() function that allows local users to cause a DoS and possibly
  42. execute arbitrary code via a malformed argument in Postgresql 7.2 and earlier.
  43. As well, buffer overflows in the TZ and SET TIME ZONE environment variables for
  44. Postgresql 7.2.1 and earlier can allow local users to cause a DoS and possibly
  45. execute arbitrary code.
  46.  
  47.  
  48. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:062-1
  49. Risk factor : High";
  50.  
  51.  
  52.  
  53.  script_description(english:desc["english"]);
  54.  
  55.  summary["english"] = "Check for the version of the postgresql package";
  56.  script_summary(english:summary["english"]);
  57.  
  58.  script_category(ACT_GATHER_INFO);
  59.  
  60.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  61.  family["english"] = "Mandrake Local Security Checks";
  62.  script_family(english:family["english"]);
  63.  
  64.  script_dependencies("ssh_get_info.nasl");
  65.  script_require_keys("Host/Mandrake/rpm-list");
  66.  exit(0);
  67. }
  68.  
  69. include("rpm.inc");
  70. if ( rpm_check( reference:"postgresql-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  71. {
  72.  security_hole(0);
  73.  exit(0);
  74. }
  75. if ( rpm_check( reference:"postgresql-devel-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  76. {
  77.  security_hole(0);
  78.  exit(0);
  79. }
  80. if ( rpm_check( reference:"postgresql-jdbc-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  81. {
  82.  security_hole(0);
  83.  exit(0);
  84. }
  85. if ( rpm_check( reference:"postgresql-odbc-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  86. {
  87.  security_hole(0);
  88.  exit(0);
  89. }
  90. if ( rpm_check( reference:"postgresql-perl-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  91. {
  92.  security_hole(0);
  93.  exit(0);
  94. }
  95. if ( rpm_check( reference:"postgresql-python-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  96. {
  97.  security_hole(0);
  98.  exit(0);
  99. }
  100. if ( rpm_check( reference:"postgresql-server-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  101. {
  102.  security_hole(0);
  103.  exit(0);
  104. }
  105. if ( rpm_check( reference:"postgresql-tcl-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  106. {
  107.  security_hole(0);
  108.  exit(0);
  109. }
  110. if ( rpm_check( reference:"postgresql-test-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  111. {
  112.  security_hole(0);
  113.  exit(0);
  114. }
  115. if ( rpm_check( reference:"postgresql-tk-7.0.2-6.2mdk", release:"MDK7.2", yank:"mdk") )
  116. {
  117.  security_hole(0);
  118.  exit(0);
  119. }
  120. if ( rpm_check( reference:"postgresql-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  121. {
  122.  security_hole(0);
  123.  exit(0);
  124. }
  125. if ( rpm_check( reference:"postgresql-devel-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  126. {
  127.  security_hole(0);
  128.  exit(0);
  129. }
  130. if ( rpm_check( reference:"postgresql-jdbc-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  131. {
  132.  security_hole(0);
  133.  exit(0);
  134. }
  135. if ( rpm_check( reference:"postgresql-odbc-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  136. {
  137.  security_hole(0);
  138.  exit(0);
  139. }
  140. if ( rpm_check( reference:"postgresql-perl-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  141. {
  142.  security_hole(0);
  143.  exit(0);
  144. }
  145. if ( rpm_check( reference:"postgresql-python-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  146. {
  147.  security_hole(0);
  148.  exit(0);
  149. }
  150. if ( rpm_check( reference:"postgresql-server-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  151. {
  152.  security_hole(0);
  153.  exit(0);
  154. }
  155. if ( rpm_check( reference:"postgresql-tcl-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  156. {
  157.  security_hole(0);
  158.  exit(0);
  159. }
  160. if ( rpm_check( reference:"postgresql-test-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  161. {
  162.  security_hole(0);
  163.  exit(0);
  164. }
  165. if ( rpm_check( reference:"postgresql-tk-7.0.3-12.3mdk", release:"MDK8.0", yank:"mdk") )
  166. {
  167.  security_hole(0);
  168.  exit(0);
  169. }
  170. if ( rpm_check( reference:"postgresql-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  171. {
  172.  security_hole(0);
  173.  exit(0);
  174. }
  175. if ( rpm_check( reference:"postgresql-contrib-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  176. {
  177.  security_hole(0);
  178.  exit(0);
  179. }
  180. if ( rpm_check( reference:"postgresql-devel-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  181. {
  182.  security_hole(0);
  183.  exit(0);
  184. }
  185. if ( rpm_check( reference:"postgresql-docs-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  186. {
  187.  security_hole(0);
  188.  exit(0);
  189. }
  190. if ( rpm_check( reference:"postgresql-jdbc-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  191. {
  192.  security_hole(0);
  193.  exit(0);
  194. }
  195. if ( rpm_check( reference:"postgresql-libs-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  196. {
  197.  security_hole(0);
  198.  exit(0);
  199. }
  200. if ( rpm_check( reference:"postgresql-odbc-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  201. {
  202.  security_hole(0);
  203.  exit(0);
  204. }
  205. if ( rpm_check( reference:"postgresql-perl-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  206. {
  207.  security_hole(0);
  208.  exit(0);
  209. }
  210. if ( rpm_check( reference:"postgresql-plperl-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  211. {
  212.  security_hole(0);
  213.  exit(0);
  214. }
  215. if ( rpm_check( reference:"postgresql-python-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  216. {
  217.  security_hole(0);
  218.  exit(0);
  219. }
  220. if ( rpm_check( reference:"postgresql-server-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  221. {
  222.  security_hole(0);
  223.  exit(0);
  224. }
  225. if ( rpm_check( reference:"postgresql-tcl-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  226. {
  227.  security_hole(0);
  228.  exit(0);
  229. }
  230. if ( rpm_check( reference:"postgresql-test-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  231. {
  232.  security_hole(0);
  233.  exit(0);
  234. }
  235. if ( rpm_check( reference:"postgresql-tk-7.1.2-19.3mdk", release:"MDK8.1", yank:"mdk") )
  236. {
  237.  security_hole(0);
  238.  exit(0);
  239. }
  240. if ( rpm_check( reference:"libecpg3-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  241. {
  242.  security_hole(0);
  243.  exit(0);
  244. }
  245. if ( rpm_check( reference:"libpgperl-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  246. {
  247.  security_hole(0);
  248.  exit(0);
  249. }
  250. if ( rpm_check( reference:"libpgsql2-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  251. {
  252.  security_hole(0);
  253.  exit(0);
  254. }
  255. if ( rpm_check( reference:"libpgsqlodbc0-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  256. {
  257.  security_hole(0);
  258.  exit(0);
  259. }
  260. if ( rpm_check( reference:"libpgtcl2-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  261. {
  262.  security_hole(0);
  263.  exit(0);
  264. }
  265. if ( rpm_check( reference:"postgresql-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  266. {
  267.  security_hole(0);
  268.  exit(0);
  269. }
  270. if ( rpm_check( reference:"postgresql-contrib-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  271. {
  272.  security_hole(0);
  273.  exit(0);
  274. }
  275. if ( rpm_check( reference:"postgresql-devel-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  276. {
  277.  security_hole(0);
  278.  exit(0);
  279. }
  280. if ( rpm_check( reference:"postgresql-docs-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  281. {
  282.  security_hole(0);
  283.  exit(0);
  284. }
  285. if ( rpm_check( reference:"postgresql-jdbc-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  286. {
  287.  security_hole(0);
  288.  exit(0);
  289. }
  290. if ( rpm_check( reference:"postgresql-python-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  291. {
  292.  security_hole(0);
  293.  exit(0);
  294. }
  295. if ( rpm_check( reference:"postgresql-server-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  296. {
  297.  security_hole(0);
  298.  exit(0);
  299. }
  300. if ( rpm_check( reference:"postgresql-tcl-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  301. {
  302.  security_hole(0);
  303.  exit(0);
  304. }
  305. if ( rpm_check( reference:"postgresql-test-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  306. {
  307.  security_hole(0);
  308.  exit(0);
  309. }
  310. if ( rpm_check( reference:"postgresql-tk-7.2-12.2mdk", release:"MDK8.2", yank:"mdk") )
  311. {
  312.  security_hole(0);
  313.  exit(0);
  314. }
  315. if ( rpm_check( reference:"libecpg3-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  316. {
  317.  security_hole(0);
  318.  exit(0);
  319. }
  320. if ( rpm_check( reference:"libpgperl-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  321. {
  322.  security_hole(0);
  323.  exit(0);
  324. }
  325. if ( rpm_check( reference:"libpgsql2-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  326. {
  327.  security_hole(0);
  328.  exit(0);
  329. }
  330. if ( rpm_check( reference:"libpgsqlodbc0-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  331. {
  332.  security_hole(0);
  333.  exit(0);
  334. }
  335. if ( rpm_check( reference:"libpgtcl2-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  336. {
  337.  security_hole(0);
  338.  exit(0);
  339. }
  340. if ( rpm_check( reference:"postgresql-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  341. {
  342.  security_hole(0);
  343.  exit(0);
  344. }
  345. if ( rpm_check( reference:"postgresql-contrib-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  346. {
  347.  security_hole(0);
  348.  exit(0);
  349. }
  350. if ( rpm_check( reference:"postgresql-devel-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  351. {
  352.  security_hole(0);
  353.  exit(0);
  354. }
  355. if ( rpm_check( reference:"postgresql-docs-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  356. {
  357.  security_hole(0);
  358.  exit(0);
  359. }
  360. if ( rpm_check( reference:"postgresql-jdbc-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  361. {
  362.  security_hole(0);
  363.  exit(0);
  364. }
  365. if ( rpm_check( reference:"postgresql-python-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  366. {
  367.  security_hole(0);
  368.  exit(0);
  369. }
  370. if ( rpm_check( reference:"postgresql-server-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  371. {
  372.  security_hole(0);
  373.  exit(0);
  374. }
  375. if ( rpm_check( reference:"postgresql-tcl-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  376. {
  377.  security_hole(0);
  378.  exit(0);
  379. }
  380. if ( rpm_check( reference:"postgresql-test-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  381. {
  382.  security_hole(0);
  383.  exit(0);
  384. }
  385. if ( rpm_check( reference:"postgresql-tk-7.2.2-1.2mdk", release:"MDK9.0", yank:"mdk") )
  386. {
  387.  security_hole(0);
  388.  exit(0);
  389. }
  390. if (rpm_exists(rpm:"postgresql-", release:"MDK7.2")
  391.  || rpm_exists(rpm:"postgresql-", release:"MDK8.0")
  392.  || rpm_exists(rpm:"postgresql-", release:"MDK8.1")
  393.  || rpm_exists(rpm:"postgresql-", release:"MDK8.2")
  394.  || rpm_exists(rpm:"postgresql-", release:"MDK9.0") )
  395. {
  396.  set_kb_item(name:"CAN-2002-0972", value:TRUE);
  397.  set_kb_item(name:"CAN-2002-1397", value:TRUE);
  398.  set_kb_item(name:"CAN-2002-1398", value:TRUE);
  399.  set_kb_item(name:"CAN-2002-1400", value:TRUE);
  400.  set_kb_item(name:"CAN-2002-1401", value:TRUE);
  401.  set_kb_item(name:"CAN-2002-1402", value:TRUE);
  402. }
  403.