home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-023.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  2KB  |  86 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:023
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(14008);
12.  script_version ("$Revision: 1.2 $");
13.  script_cve_id("CAN-2002-1405");
14.  
15.  name["english"] = "MDKSA-2003:023: lynx";
16.  
17.  script_name(english:name["english"]);
18.  
19.  desc["english"] = "
20. The remote host is missing the patch for the advisory MDKSA-2003:023 (lynx).
21.  
22.  
23. A vulnerability was discovered in lynx, a text-mode web browser. The HTTP
24. queries that lynx constructs are from arguments on the command line or the
25. $WWW_HOME environment variable, but lynx does not properly sanitize special
26. characters such as carriage returns or linefeeds. Extra headers can be inserted
27. into the request because of this, which can cause scripts that use lynx to fetch
28. data from the wrong site from servers that use virtual hosting.
29.  
30.  
31. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
32. Risk factor : High";
33.  
34.  
35.  
36.  script_description(english:desc["english"]);
37.  
38.  summary["english"] = "Check for the version of the lynx package";
39.  script_summary(english:summary["english"]);
40.  
41.  script_category(ACT_GATHER_INFO);
42.  
43.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
44.  family["english"] = "Mandrake Local Security Checks";
45.  script_family(english:family["english"]);
46.  
47.  script_dependencies("ssh_get_info.nasl");
48.  script_require_keys("Host/Mandrake/rpm-list");
49.  exit(0);
50. }
51.  
52. include("rpm.inc");
53. if ( rpm_check( reference:"lynx-2.8.5-0.10mdk.dev.8", release:"MDK7.2", yank:"mdk") )
54. {
55.  security_hole(0);
56.  exit(0);
57. }
58. if ( rpm_check( reference:"lynx-2.8.5-0.10mdk.dev.8", release:"MDK8.0", yank:"mdk") )
59. {
60.  security_hole(0);
61.  exit(0);
62. }
63. if ( rpm_check( reference:"lynx-2.8.5-0.10mdk.dev.8", release:"MDK8.1", yank:"mdk") )
64. {
65.  security_hole(0);
66.  exit(0);
67. }
68. if ( rpm_check( reference:"lynx-2.8.5-0.10mdk.dev.8", release:"MDK8.2", yank:"mdk") )
69. {
70.  security_hole(0);
71.  exit(0);
72. }
73. if ( rpm_check( reference:"lynx-2.8.5-0.10mdk.dev.8", release:"MDK9.0", yank:"mdk") )
74. {
75.  security_hole(0);
76.  exit(0);
77. }
78. if (rpm_exists(rpm:"lynx-", release:"MDK7.2")
79.  || rpm_exists(rpm:"lynx-", release:"MDK8.0")
80.  || rpm_exists(rpm:"lynx-", release:"MDK8.1")
81.  || rpm_exists(rpm:"lynx-", release:"MDK8.2")
82.  || rpm_exists(rpm:"lynx-", release:"MDK9.0") )
83. {
84.  set_kb_item(name:"CAN-2002-1405", value:TRUE);
85. }
86.