home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-001.nasl < prev    next >
Text File  |  2005-01-14  |  6KB  |  202 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:001
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(13986);
  12.  script_bugtraq_id(6433, 6434, 6435, 6436, 6437, 6438, 6439, 6440, 6475);
  13.  script_version ("$Revision: 1.4 $");
  14.  script_cve_id("CAN-2002-1366", "CAN-2002-1367", "CAN-2002-1368", "CAN-2002-1369", "CAN-2002-1371", "CAN-2002-1372", "CAN-2002-1383", "CAN-2002-1384");
  15.  
  16.  name["english"] = "MDKSA-2003:001: cups";
  17.  
  18.  script_name(english:name["english"]);
  19.  
  20.  desc["english"] = "
  21. The remote host is missing the patch for the advisory MDKSA-2003:001 (cups).
  22.  
  23.  
  24. iDefense reported several security problems in CUPS that can lead to local and
  25. remote root compromise. An integer overflow in the HTTP interface can be used to
  26. gain remote access with CUPS privilege. A local file race condition can be used
  27. to gain root privilege, although the previous bug must be exploited first. An
  28. attacker can remotely add printers to the vulnerable system. A remote DoS can be
  29. accomplished due to negative length in the memcpy() call. An integer overflow in
  30. image handling code can be used to gain higher privilege. An attacker can gain
  31. local root privilege due to a buffer overflow of the 'options' buffer. A design
  32. problem can be exploited to gain local root access, however this needs an added
  33. printer (which can also be done, as per a previously noted bug). Wrong handling
  34. of zero-width images can be abused to gain higher privilege. Finally, a file
  35. descriptor leak and DoS due to missing checks of return values of file/socket
  36. operations.
  37. MandrakeSoft recommends all users upgrade these CUPS packages immediately.
  38.  
  39.  
  40. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
  41. Risk factor : High";
  42.  
  43.  
  44.  
  45.  script_description(english:desc["english"]);
  46.  
  47.  summary["english"] = "Check for the version of the cups package";
  48.  script_summary(english:summary["english"]);
  49.  
  50.  script_category(ACT_GATHER_INFO);
  51.  
  52.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  53.  family["english"] = "Mandrake Local Security Checks";
  54.  script_family(english:family["english"]);
  55.  
  56.  script_dependencies("ssh_get_info.nasl");
  57.  script_require_keys("Host/Mandrake/rpm-list");
  58.  exit(0);
  59. }
  60.  
  61. include("rpm.inc");
  62. if ( rpm_check( reference:"cups-1.1.18-1.4mdk", release:"MDK7.2", yank:"mdk") )
  63. {
  64.  security_hole(0);
  65.  exit(0);
  66. }
  67. if ( rpm_check( reference:"cups-devel-1.1.18-1.4mdk", release:"MDK7.2", yank:"mdk") )
  68. {
  69.  security_hole(0);
  70.  exit(0);
  71. }
  72. if ( rpm_check( reference:"cups-serial-1.1.18-1.4mdk", release:"MDK7.2", yank:"mdk") )
  73. {
  74.  security_hole(0);
  75.  exit(0);
  76. }
  77. if ( rpm_check( reference:"printer-testpages-1.1.18-1.4mdk", release:"MDK7.2", yank:"mdk") )
  78. {
  79.  security_hole(0);
  80.  exit(0);
  81. }
  82. if ( rpm_check( reference:"cups-1.1.18-1.4mdk", release:"MDK8.0", yank:"mdk") )
  83. {
  84.  security_hole(0);
  85.  exit(0);
  86. }
  87. if ( rpm_check( reference:"cups-common-1.1.18-1.4mdk", release:"MDK8.0", yank:"mdk") )
  88. {
  89.  security_hole(0);
  90.  exit(0);
  91. }
  92. if ( rpm_check( reference:"cups-serial-1.1.18-1.4mdk", release:"MDK8.0", yank:"mdk") )
  93. {
  94.  security_hole(0);
  95.  exit(0);
  96. }
  97. if ( rpm_check( reference:"libcups1-1.1.18-1.4mdk", release:"MDK8.0", yank:"mdk") )
  98. {
  99.  security_hole(0);
  100.  exit(0);
  101. }
  102. if ( rpm_check( reference:"libcups1-devel-1.1.18-1.4mdk", release:"MDK8.0", yank:"mdk") )
  103. {
  104.  security_hole(0);
  105.  exit(0);
  106. }
  107. if ( rpm_check( reference:"printer-testpages-1.1.18-1.4mdk", release:"MDK8.0", yank:"mdk") )
  108. {
  109.  security_hole(0);
  110.  exit(0);
  111. }
  112. if ( rpm_check( reference:"cups-1.1.18-1.4mdk", release:"MDK8.1", yank:"mdk") )
  113. {
  114.  security_hole(0);
  115.  exit(0);
  116. }
  117. if ( rpm_check( reference:"cups-common-1.1.18-1.4mdk", release:"MDK8.1", yank:"mdk") )
  118. {
  119.  security_hole(0);
  120.  exit(0);
  121. }
  122. if ( rpm_check( reference:"cups-serial-1.1.18-1.4mdk", release:"MDK8.1", yank:"mdk") )
  123. {
  124.  security_hole(0);
  125.  exit(0);
  126. }
  127. if ( rpm_check( reference:"libcups1-1.1.18-1.4mdk", release:"MDK8.1", yank:"mdk") )
  128. {
  129.  security_hole(0);
  130.  exit(0);
  131. }
  132. if ( rpm_check( reference:"libcups1-devel-1.1.18-1.4mdk", release:"MDK8.1", yank:"mdk") )
  133. {
  134.  security_hole(0);
  135.  exit(0);
  136. }
  137. if ( rpm_check( reference:"cups-1.1.18-1.1mdk", release:"MDK8.2", yank:"mdk") )
  138. {
  139.  security_hole(0);
  140.  exit(0);
  141. }
  142. if ( rpm_check( reference:"cups-common-1.1.18-1.1mdk", release:"MDK8.2", yank:"mdk") )
  143. {
  144.  security_hole(0);
  145.  exit(0);
  146. }
  147. if ( rpm_check( reference:"cups-serial-1.1.18-1.1mdk", release:"MDK8.2", yank:"mdk") )
  148. {
  149.  security_hole(0);
  150.  exit(0);
  151. }
  152. if ( rpm_check( reference:"libcups1-1.1.18-1.1mdk", release:"MDK8.2", yank:"mdk") )
  153. {
  154.  security_hole(0);
  155.  exit(0);
  156. }
  157. if ( rpm_check( reference:"libcups1-devel-1.1.18-1.1mdk", release:"MDK8.2", yank:"mdk") )
  158. {
  159.  security_hole(0);
  160.  exit(0);
  161. }
  162. if ( rpm_check( reference:"cups-1.1.18-1.1mdk", release:"MDK9.0", yank:"mdk") )
  163. {
  164.  security_hole(0);
  165.  exit(0);
  166. }
  167. if ( rpm_check( reference:"cups-common-1.1.18-1.1mdk", release:"MDK9.0", yank:"mdk") )
  168. {
  169.  security_hole(0);
  170.  exit(0);
  171. }
  172. if ( rpm_check( reference:"cups-serial-1.1.18-1.1mdk", release:"MDK9.0", yank:"mdk") )
  173. {
  174.  security_hole(0);
  175.  exit(0);
  176. }
  177. if ( rpm_check( reference:"libcups1-1.1.18-1.1mdk", release:"MDK9.0", yank:"mdk") )
  178. {
  179.  security_hole(0);
  180.  exit(0);
  181. }
  182. if ( rpm_check( reference:"libcups1-devel-1.1.18-1.1mdk", release:"MDK9.0", yank:"mdk") )
  183. {
  184.  security_hole(0);
  185.  exit(0);
  186. }
  187. if (rpm_exists(rpm:"cups-", release:"MDK7.2")
  188.  || rpm_exists(rpm:"cups-", release:"MDK8.0")
  189.  || rpm_exists(rpm:"cups-", release:"MDK8.1")
  190.  || rpm_exists(rpm:"cups-", release:"MDK8.2")
  191.  || rpm_exists(rpm:"cups-", release:"MDK9.0") )
  192. {
  193.  set_kb_item(name:"CAN-2002-1366", value:TRUE);
  194.  set_kb_item(name:"CAN-2002-1367", value:TRUE);
  195.  set_kb_item(name:"CAN-2002-1368", value:TRUE);
  196.  set_kb_item(name:"CAN-2002-1369", value:TRUE);
  197.  set_kb_item(name:"CAN-2002-1371", value:TRUE);
  198.  set_kb_item(name:"CAN-2002-1372", value:TRUE);
  199.  set_kb_item(name:"CAN-2002-1383", value:TRUE);
  200.  set_kb_item(name:"CAN-2002-1384", value:TRUE);
  201. }
  202.