home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-065.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  2KB  |  85 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:065
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(13966);
12.  script_version ("$Revision: 1.2 $");
13.  script_cve_id("CAN-2001-1268", "CAN-2001-1269");
14.  
15.  name["english"] = "MDKSA-2002:065: unzip";
16.  
17.  script_name(english:name["english"]);
18.  
19.  desc["english"] = "
20. The remote host is missing the patch for the advisory MDKSA-2002:065 (unzip).
21.  
22.  
23. A directory traversal vulnerability was discovered in unzip version 5.42 and
24. earlier that allows attackers to overwrite arbitrary files during extraction of
25. the archive by using a '..' (dot dot) in an extracted filename, as well as
26. prefixing filenames in the archive with '/' (slash).
27.  
28.  
29. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:065
30. Risk factor : High";
31.  
32.  
33.  
34.  script_description(english:desc["english"]);
35.  
36.  summary["english"] = "Check for the version of the unzip package";
37.  script_summary(english:summary["english"]);
38.  
39.  script_category(ACT_GATHER_INFO);
40.  
41.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
42.  family["english"] = "Mandrake Local Security Checks";
43.  script_family(english:family["english"]);
44.  
45.  script_dependencies("ssh_get_info.nasl");
46.  script_require_keys("Host/Mandrake/rpm-list");
47.  exit(0);
48. }
49.  
50. include("rpm.inc");
51. if ( rpm_check( reference:"unzip-5.50-2.1mdk", release:"MDK7.1", yank:"mdk") )
52. {
53.  security_hole(0);
54.  exit(0);
55. }
56. if ( rpm_check( reference:"unzip-5.50-2.1mdk", release:"MDK7.2", yank:"mdk") )
57. {
58.  security_hole(0);
59.  exit(0);
60. }
61. if ( rpm_check( reference:"unzip-5.50-2.1mdk", release:"MDK8.0", yank:"mdk") )
62. {
63.  security_hole(0);
64.  exit(0);
65. }
66. if ( rpm_check( reference:"unzip-5.50-2.1mdk", release:"MDK8.1", yank:"mdk") )
67. {
68.  security_hole(0);
69.  exit(0);
70. }
71. if ( rpm_check( reference:"unzip-5.50-2.1mdk", release:"MDK8.2", yank:"mdk") )
72. {
73.  security_hole(0);
74.  exit(0);
75. }
76. if (rpm_exists(rpm:"unzip-", release:"MDK7.1")
77.  || rpm_exists(rpm:"unzip-", release:"MDK7.2")
78.  || rpm_exists(rpm:"unzip-", release:"MDK8.0")
79.  || rpm_exists(rpm:"unzip-", release:"MDK8.1")
80.  || rpm_exists(rpm:"unzip-", release:"MDK8.2") )
81. {
82.  set_kb_item(name:"CAN-2001-1268", value:TRUE);
83.  set_kb_item(name:"CAN-2001-1269", value:TRUE);
84. }
85.