Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-087.nasl < prev next >

Wrap

Text File | 2005-01-14 | 5KB | 194 lines

# # (C) Tenable Network Security # # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:087 # if ( ! defined_func("bn_random") ) exit(0); if(description) { script_id(13985); script_version ("$Revision: 1.2 $"); script_cve_id("CAN-2002-1373", "CAN-2002-1374", "CAN-2002-1375", "CAN-2002-1376"); name["english"] = "MDKSA-2002:087: MySQL"; script_name(english:name["english"]); desc["english"] = " The remote host is missing the patch for the advisory MDKSA-2002:087 (MySQL). Two vulnerabilities were discovered in all versions of MySQL prior to 3.23.53a and 4.0.5a by Stefan Esser. The first can be used by any valid MySQL user to crash the MySQL server, the other allows anyone to bypass the MySQL password check or execute arbitraty code with the privilege of the user running mysqld. Another two vulnerabilities were found, one an arbitrary size heap overflow in the mysql client library and another that allows one to write ' Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087 Risk factor : High"; script_description(english:desc["english"]); summary["english"] = "Check for the version of the MySQL package"; script_summary(english:summary["english"]); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security"); family["english"] = "Mandrake Local Security Checks"; script_family(english:family["english"]); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/Mandrake/rpm-list"); exit(0); } include("rpm.inc"); if ( rpm_check( reference:"MySQL-3.23.31-1.3mdk", release:"MDK7.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-bench-3.23.31-1.3mdk", release:"MDK7.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-client-3.23.31-1.3mdk", release:"MDK7.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-devel-3.23.31-1.3mdk", release:"MDK7.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-shared-3.23.31-1.3mdk", release:"MDK7.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-3.23.36-2.2mdk", release:"MDK8.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-bench-3.23.36-2.2mdk", release:"MDK8.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-client-3.23.36-2.2mdk", release:"MDK8.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-devel-3.23.36-2.2mdk", release:"MDK8.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-shared-3.23.36-2.2mdk", release:"MDK8.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-3.23.41-5.2mdk", release:"MDK8.1", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-bench-3.23.41-5.2mdk", release:"MDK8.1", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-client-3.23.41-5.2mdk", release:"MDK8.1", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-devel-3.23.41-5.2mdk", release:"MDK8.1", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-shared-3.23.41-5.2mdk", release:"MDK8.1", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-3.23.47-5.2mdk", release:"MDK8.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-bench-3.23.47-5.2mdk", release:"MDK8.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-client-3.23.47-5.2mdk", release:"MDK8.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"libmysql10-3.23.47-5.2mdk", release:"MDK8.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"libmysql10-devel-3.23.47-5.2mdk", release:"MDK8.2", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-3.23.52-1.2mdk", release:"MDK9.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-Max-3.23.52-1.2mdk", release:"MDK9.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-bench-3.23.52-1.2mdk", release:"MDK9.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"MySQL-client-3.23.52-1.2mdk", release:"MDK9.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"libmysql10-3.23.52-1.2mdk", release:"MDK9.0", yank:"mdk") ) { security_hole(0); exit(0); } if ( rpm_check( reference:"libmysql10-devel-3.23.52-1.2mdk", release:"MDK9.0", yank:"mdk") ) { security_hole(0); exit(0); } if (rpm_exists(rpm:"MySQL-", release:"MDK7.2") || rpm_exists(rpm:"MySQL-", release:"MDK8.0") || rpm_exists(rpm:"MySQL-", release:"MDK8.1") || rpm_exists(rpm:"MySQL-", release:"MDK8.2") || rpm_exists(rpm:"MySQL-", release:"MDK9.0") ) { set_kb_item(name:"CAN-2002-1373", value:TRUE); set_kb_item(name:"CAN-2002-1374", value:TRUE); set_kb_item(name:"CAN-2002-1375", value:TRUE); set_kb_item(name:"CAN-2002-1376", value:TRUE); }