home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-036.nasl < prev    next >
Text File  |  2005-01-14  |  3KB  |  113 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:036
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14020);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2003-0146");
  14.  
  15.  name["english"] = "MDKSA-2003:036: netpbm";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2003:036 (netpbm).
  21.  
  22.  
  23. Several math overflow errors were found in NetPBM by Al Viro and Alan Cox. While
  24. these programs are not installed suid root, they are often used to prepare data
  25. for processing. These errors may permit remote attackers to cause a denial of
  26. service or execute arbitrary code in any programs or scripts that use these
  27. graphics conversion tools.
  28.  
  29.  
  30. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:036
  31. Risk factor : High";
  32.  
  33.  
  34.  
  35.  script_description(english:desc["english"]);
  36.  
  37.  summary["english"] = "Check for the version of the netpbm package";
  38.  script_summary(english:summary["english"]);
  39.  
  40.  script_category(ACT_GATHER_INFO);
  41.  
  42.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  43.  family["english"] = "Mandrake Local Security Checks";
  44.  script_family(english:family["english"]);
  45.  
  46.  script_dependencies("ssh_get_info.nasl");
  47.  script_require_keys("Host/Mandrake/rpm-list");
  48.  exit(0);
  49. }
  50.  
  51. include("rpm.inc");
  52. if ( rpm_check( reference:"libnetpbm9-9.20-2.1mdk", release:"MDK8.2", yank:"mdk") )
  53. {
  54.  security_hole(0);
  55.  exit(0);
  56. }
  57. if ( rpm_check( reference:"libnetpbm9-devel-9.20-2.1mdk", release:"MDK8.2", yank:"mdk") )
  58. {
  59.  security_hole(0);
  60.  exit(0);
  61. }
  62. if ( rpm_check( reference:"netpbm-9.20-2.1mdk", release:"MDK8.2", yank:"mdk") )
  63. {
  64.  security_hole(0);
  65.  exit(0);
  66. }
  67. if ( rpm_check( reference:"libnetpbm9-9.24-4.1mdk", release:"MDK9.0", yank:"mdk") )
  68. {
  69.  security_hole(0);
  70.  exit(0);
  71. }
  72. if ( rpm_check( reference:"libnetpbm9-devel-9.24-4.1mdk", release:"MDK9.0", yank:"mdk") )
  73. {
  74.  security_hole(0);
  75.  exit(0);
  76. }
  77. if ( rpm_check( reference:"libnetpbm9-static-devel-9.24-4.1mdk", release:"MDK9.0", yank:"mdk") )
  78. {
  79.  security_hole(0);
  80.  exit(0);
  81. }
  82. if ( rpm_check( reference:"netpbm-9.24-4.1mdk", release:"MDK9.0", yank:"mdk") )
  83. {
  84.  security_hole(0);
  85.  exit(0);
  86. }
  87. if ( rpm_check( reference:"libnetpbm9-9.24-4.1mdk", release:"MDK9.1", yank:"mdk") )
  88. {
  89.  security_hole(0);
  90.  exit(0);
  91. }
  92. if ( rpm_check( reference:"libnetpbm9-devel-9.24-4.1mdk", release:"MDK9.1", yank:"mdk") )
  93. {
  94.  security_hole(0);
  95.  exit(0);
  96. }
  97. if ( rpm_check( reference:"libnetpbm9-static-devel-9.24-4.1mdk", release:"MDK9.1", yank:"mdk") )
  98. {
  99.  security_hole(0);
  100.  exit(0);
  101. }
  102. if ( rpm_check( reference:"netpbm-9.24-4.1mdk", release:"MDK9.1", yank:"mdk") )
  103. {
  104.  security_hole(0);
  105.  exit(0);
  106. }
  107. if (rpm_exists(rpm:"netpbm-", release:"MDK8.2")
  108.  || rpm_exists(rpm:"netpbm-", release:"MDK9.0")
  109.  || rpm_exists(rpm:"netpbm-", release:"MDK9.1") )
  110. {
  111.  set_kb_item(name:"CAN-2003-0146", value:TRUE);
  112. }
  113.