home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-021.nasl < prev    next >
Text File  |  2005-01-14  |  5KB  |  179 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:021
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14006);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2003-0041");
  14.  
  15.  name["english"] = "MDKSA-2003:021: krb5";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2003:021 (krb5).
  21.  
  22.  
  23. A vulnerability was discovered in the Kerberos FTP client. When the client
  24. retrieves a file that has a filename beginning with a pipe character, the FTP
  25. client will pass that filename to the command shell in a system() call. This
  26. could allow a malicious remote FTP server to write to files outside of the
  27. current directory or even execute arbitrary commands as the user using the FTP
  28. client.
  29.  
  30.  
  31. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:021
  32. Risk factor : High";
  33.  
  34.  
  35.  
  36.  script_description(english:desc["english"]);
  37.  
  38.  summary["english"] = "Check for the version of the krb5 package";
  39.  script_summary(english:summary["english"]);
  40.  
  41.  script_category(ACT_GATHER_INFO);
  42.  
  43.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  44.  family["english"] = "Mandrake Local Security Checks";
  45.  script_family(english:family["english"]);
  46.  
  47.  script_dependencies("ssh_get_info.nasl");
  48.  script_require_keys("Host/Mandrake/rpm-list");
  49.  exit(0);
  50. }
  51.  
  52. include("rpm.inc");
  53. if ( rpm_check( reference:"ftp-client-krb5-1.2.2-17.4mdk", release:"MDK8.1", yank:"mdk") )
  54. {
  55.  security_hole(0);
  56.  exit(0);
  57. }
  58. if ( rpm_check( reference:"ftp-server-krb5-1.2.2-17.4mdk", release:"MDK8.1", yank:"mdk") )
  59. {
  60.  security_hole(0);
  61.  exit(0);
  62. }
  63. if ( rpm_check( reference:"krb5-devel-1.2.2-17.4mdk", release:"MDK8.1", yank:"mdk") )
  64. {
  65.  security_hole(0);
  66.  exit(0);
  67. }
  68. if ( rpm_check( reference:"krb5-libs-1.2.2-17.4mdk", release:"MDK8.1", yank:"mdk") )
  69. {
  70.  security_hole(0);
  71.  exit(0);
  72. }
  73. if ( rpm_check( reference:"krb5-server-1.2.2-17.4mdk", release:"MDK8.1", yank:"mdk") )
  74. {
  75.  security_hole(0);
  76.  exit(0);
  77. }
  78. if ( rpm_check( reference:"krb5-workstation-1.2.2-17.4mdk", release:"MDK8.1", yank:"mdk") )
  79. {
  80.  security_hole(0);
  81.  exit(0);
  82. }
  83. if ( rpm_check( reference:"telnet-client-krb5-1.2.2-17.4mdk", release:"MDK8.1", yank:"mdk") )
  84. {
  85.  security_hole(0);
  86.  exit(0);
  87. }
  88. if ( rpm_check( reference:"telnet-server-krb5-1.2.2-17.4mdk", release:"MDK8.1", yank:"mdk") )
  89. {
  90.  security_hole(0);
  91.  exit(0);
  92. }
  93. if ( rpm_check( reference:"ftp-client-krb5-1.2.2-17.4mdk", release:"MDK8.2", yank:"mdk") )
  94. {
  95.  security_hole(0);
  96.  exit(0);
  97. }
  98. if ( rpm_check( reference:"ftp-server-krb5-1.2.2-17.4mdk", release:"MDK8.2", yank:"mdk") )
  99. {
  100.  security_hole(0);
  101.  exit(0);
  102. }
  103. if ( rpm_check( reference:"krb5-devel-1.2.2-17.4mdk", release:"MDK8.2", yank:"mdk") )
  104. {
  105.  security_hole(0);
  106.  exit(0);
  107. }
  108. if ( rpm_check( reference:"krb5-libs-1.2.2-17.4mdk", release:"MDK8.2", yank:"mdk") )
  109. {
  110.  security_hole(0);
  111.  exit(0);
  112. }
  113. if ( rpm_check( reference:"krb5-server-1.2.2-17.4mdk", release:"MDK8.2", yank:"mdk") )
  114. {
  115.  security_hole(0);
  116.  exit(0);
  117. }
  118. if ( rpm_check( reference:"krb5-workstation-1.2.2-17.4mdk", release:"MDK8.2", yank:"mdk") )
  119. {
  120.  security_hole(0);
  121.  exit(0);
  122. }
  123. if ( rpm_check( reference:"telnet-client-krb5-1.2.2-17.4mdk", release:"MDK8.2", yank:"mdk") )
  124. {
  125.  security_hole(0);
  126.  exit(0);
  127. }
  128. if ( rpm_check( reference:"telnet-server-krb5-1.2.2-17.4mdk", release:"MDK8.2", yank:"mdk") )
  129. {
  130.  security_hole(0);
  131.  exit(0);
  132. }
  133. if ( rpm_check( reference:"ftp-client-krb5-1.2.5-1.3mdk", release:"MDK9.0", yank:"mdk") )
  134. {
  135.  security_hole(0);
  136.  exit(0);
  137. }
  138. if ( rpm_check( reference:"ftp-server-krb5-1.2.5-1.3mdk", release:"MDK9.0", yank:"mdk") )
  139. {
  140.  security_hole(0);
  141.  exit(0);
  142. }
  143. if ( rpm_check( reference:"krb5-devel-1.2.5-1.3mdk", release:"MDK9.0", yank:"mdk") )
  144. {
  145.  security_hole(0);
  146.  exit(0);
  147. }
  148. if ( rpm_check( reference:"krb5-libs-1.2.5-1.3mdk", release:"MDK9.0", yank:"mdk") )
  149. {
  150.  security_hole(0);
  151.  exit(0);
  152. }
  153. if ( rpm_check( reference:"krb5-server-1.2.5-1.3mdk", release:"MDK9.0", yank:"mdk") )
  154. {
  155.  security_hole(0);
  156.  exit(0);
  157. }
  158. if ( rpm_check( reference:"krb5-workstation-1.2.5-1.3mdk", release:"MDK9.0", yank:"mdk") )
  159. {
  160.  security_hole(0);
  161.  exit(0);
  162. }
  163. if ( rpm_check( reference:"telnet-client-krb5-1.2.5-1.3mdk", release:"MDK9.0", yank:"mdk") )
  164. {
  165.  security_hole(0);
  166.  exit(0);
  167. }
  168. if ( rpm_check( reference:"telnet-server-krb5-1.2.5-1.3mdk", release:"MDK9.0", yank:"mdk") )
  169. {
  170.  security_hole(0);
  171.  exit(0);
  172. }
  173. if (rpm_exists(rpm:"krb5-", release:"MDK8.1")
  174.  || rpm_exists(rpm:"krb5-", release:"MDK8.2")
  175.  || rpm_exists(rpm:"krb5-", release:"MDK9.0") )
  176. {
  177.  set_kb_item(name:"CAN-2003-0041", value:TRUE);
  178. }
  179.