home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-052.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  5KB  |  183 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:052
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(14036);
12.  script_bugtraq_id(7178);
13.  script_version ("$Revision: 1.3 $");
14.  script_cve_id("CAN-2003-0209");
15.  
16.  name["english"] = "MDKSA-2003:052: snort";
17.  
18.  script_name(english:name["english"]);
19.  
20.  desc["english"] = "
21. The remote host is missing the patch for the advisory MDKSA-2003:052 (snort).
22.  
23.  
24. An integer overflow was discovered in the Snort stream4 preprocessor by the
25. Sourcefire Vulnerability Research Team. This preprocessor (spp_stream4)
26. incorrectly calculates segment size parameters during stream reassembly for
27. certainm sequence number ranges. This can lead to an integer overflow that can
28. in turn lead to a heap overflow that can be exploited to perform a denial of
29. service (DoS) or even remote command excution on the host running Snort.
30. Disabling the stream4 preprocessor will make Snort invulnerable to this attack,
31. and the flaw has been fixed upstream in Snort version 2.0. Snort versions 1.8
32. through 1.9.1 are vulnerable.
33.  
34.  
35. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:052
36. Risk factor : High";
37.  
38.  
39.  
40.  script_description(english:desc["english"]);
41.  
42.  summary["english"] = "Check for the version of the snort package";
43.  script_summary(english:summary["english"]);
44.  
45.  script_category(ACT_GATHER_INFO);
46.  
47.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
48.  family["english"] = "Mandrake Local Security Checks";
49.  script_family(english:family["english"]);
50.  
51.  script_dependencies("ssh_get_info.nasl");
52.  script_require_keys("Host/Mandrake/rpm-list");
53.  exit(0);
54. }
55.  
56. include("rpm.inc");
57. if ( rpm_check( reference:"snort-2.0.0-2.1mdk", release:"MDK8.2", yank:"mdk") )
58. {
59.  security_hole(0);
60.  exit(0);
61. }
62. if ( rpm_check( reference:"snort-bloat-2.0.0-2.1mdk", release:"MDK8.2", yank:"mdk") )
63. {
64.  security_hole(0);
65.  exit(0);
66. }
67. if ( rpm_check( reference:"snort-mysql+flexresp-2.0.0-2.1mdk", release:"MDK8.2", yank:"mdk") )
68. {
69.  security_hole(0);
70.  exit(0);
71. }
72. if ( rpm_check( reference:"snort-mysql-2.0.0-2.1mdk", release:"MDK8.2", yank:"mdk") )
73. {
74.  security_hole(0);
75.  exit(0);
76. }
77. if ( rpm_check( reference:"snort-plain+flexresp-2.0.0-2.1mdk", release:"MDK8.2", yank:"mdk") )
78. {
79.  security_hole(0);
80.  exit(0);
81. }
82. if ( rpm_check( reference:"snort-postgresql-2.0.0-2.1mdk", release:"MDK8.2", yank:"mdk") )
83. {
84.  security_hole(0);
85.  exit(0);
86. }
87. if ( rpm_check( reference:"snort-snmp+flexresp-2.0.0-2.1mdk", release:"MDK8.2", yank:"mdk") )
88. {
89.  security_hole(0);
90.  exit(0);
91. }
92. if ( rpm_check( reference:"snort-snmp-2.0.0-2.1mdk", release:"MDK8.2", yank:"mdk") )
93. {
94.  security_hole(0);
95.  exit(0);
96. }
97. if ( rpm_check( reference:"snort-2.0.0-2.1mdk", release:"MDK9.0", yank:"mdk") )
98. {
99.  security_hole(0);
100.  exit(0);
101. }
102. if ( rpm_check( reference:"snort-bloat-2.0.0-2.1mdk", release:"MDK9.0", yank:"mdk") )
103. {
104.  security_hole(0);
105.  exit(0);
106. }
107. if ( rpm_check( reference:"snort-mysql+flexresp-2.0.0-2.1mdk", release:"MDK9.0", yank:"mdk") )
108. {
109.  security_hole(0);
110.  exit(0);
111. }
112. if ( rpm_check( reference:"snort-mysql-2.0.0-2.1mdk", release:"MDK9.0", yank:"mdk") )
113. {
114.  security_hole(0);
115.  exit(0);
116. }
117. if ( rpm_check( reference:"snort-plain+flexresp-2.0.0-2.1mdk", release:"MDK9.0", yank:"mdk") )
118. {
119.  security_hole(0);
120.  exit(0);
121. }
122. if ( rpm_check( reference:"snort-postgresql-2.0.0-2.1mdk", release:"MDK9.0", yank:"mdk") )
123. {
124.  security_hole(0);
125.  exit(0);
126. }
127. if ( rpm_check( reference:"snort-snmp+flexresp-2.0.0-2.1mdk", release:"MDK9.0", yank:"mdk") )
128. {
129.  security_hole(0);
130.  exit(0);
131. }
132. if ( rpm_check( reference:"snort-snmp-2.0.0-2.1mdk", release:"MDK9.0", yank:"mdk") )
133. {
134.  security_hole(0);
135.  exit(0);
136. }
137. if ( rpm_check( reference:"snort-2.0.0-2.1mdk", release:"MDK9.1", yank:"mdk") )
138. {
139.  security_hole(0);
140.  exit(0);
141. }
142. if ( rpm_check( reference:"snort-bloat-2.0.0-2.1mdk", release:"MDK9.1", yank:"mdk") )
143. {
144.  security_hole(0);
145.  exit(0);
146. }
147. if ( rpm_check( reference:"snort-mysql+flexresp-2.0.0-2.1mdk", release:"MDK9.1", yank:"mdk") )
148. {
149.  security_hole(0);
150.  exit(0);
151. }
152. if ( rpm_check( reference:"snort-mysql-2.0.0-2.1mdk", release:"MDK9.1", yank:"mdk") )
153. {
154.  security_hole(0);
155.  exit(0);
156. }
157. if ( rpm_check( reference:"snort-plain+flexresp-2.0.0-2.1mdk", release:"MDK9.1", yank:"mdk") )
158. {
159.  security_hole(0);
160.  exit(0);
161. }
162. if ( rpm_check( reference:"snort-postgresql-2.0.0-2.1mdk", release:"MDK9.1", yank:"mdk") )
163. {
164.  security_hole(0);
165.  exit(0);
166. }
167. if ( rpm_check( reference:"snort-snmp+flexresp-2.0.0-2.1mdk", release:"MDK9.1", yank:"mdk") )
168. {
169.  security_hole(0);
170.  exit(0);
171. }
172. if ( rpm_check( reference:"snort-snmp-2.0.0-2.1mdk", release:"MDK9.1", yank:"mdk") )
173. {
174.  security_hole(0);
175.  exit(0);
176. }
177. if (rpm_exists(rpm:"snort-", release:"MDK8.2")
178.  || rpm_exists(rpm:"snort-", release:"MDK9.0")
179.  || rpm_exists(rpm:"snort-", release:"MDK9.1") )
180. {
181.  set_kb_item(name:"CAN-2003-0209", value:TRUE);
182. }
183.