home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-053.nasl < prev    next >
Text File  |  2005-01-14  |  3KB  |  109 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:053
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14037);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2002-1391", "CAN-2002-1392");
  14.  
  15.  name["english"] = "MDKSA-2003:053: mgetty";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2003:053 (mgetty).
  21.  
  22.  
  23. Two vulnerabilities were discovered in mgetty versions prior to 1.1.29. An
  24. internal buffer could be overflowed if the caller name reported by the modem,
  25. via Caller ID information, was too long. As well, the faxspool script that comes
  26. with mgetty used a simple permissions scheme to allow or deny fax transmission
  27. privileges. Because the spooling directory used for outgoing faxes was
  28. world-writeable, this scheme was easily circumvented.
  29.  
  30.  
  31. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:053
  32. Risk factor : High";
  33.  
  34.  
  35.  
  36.  script_description(english:desc["english"]);
  37.  
  38.  summary["english"] = "Check for the version of the mgetty package";
  39.  script_summary(english:summary["english"]);
  40.  
  41.  script_category(ACT_GATHER_INFO);
  42.  
  43.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  44.  family["english"] = "Mandrake Local Security Checks";
  45.  script_family(english:family["english"]);
  46.  
  47.  script_dependencies("ssh_get_info.nasl");
  48.  script_require_keys("Host/Mandrake/rpm-list");
  49.  exit(0);
  50. }
  51.  
  52. include("rpm.inc");
  53. if ( rpm_check( reference:"mgetty-1.1.30-1.1mdk", release:"MDK8.2", yank:"mdk") )
  54. {
  55.  security_hole(0);
  56.  exit(0);
  57. }
  58. if ( rpm_check( reference:"mgetty-contrib-1.1.30-1.1mdk", release:"MDK8.2", yank:"mdk") )
  59. {
  60.  security_hole(0);
  61.  exit(0);
  62. }
  63. if ( rpm_check( reference:"mgetty-sendfax-1.1.30-1.1mdk", release:"MDK8.2", yank:"mdk") )
  64. {
  65.  security_hole(0);
  66.  exit(0);
  67. }
  68. if ( rpm_check( reference:"mgetty-viewfax-1.1.30-1.1mdk", release:"MDK8.2", yank:"mdk") )
  69. {
  70.  security_hole(0);
  71.  exit(0);
  72. }
  73. if ( rpm_check( reference:"mgetty-voice-1.1.30-1.1mdk", release:"MDK8.2", yank:"mdk") )
  74. {
  75.  security_hole(0);
  76.  exit(0);
  77. }
  78. if ( rpm_check( reference:"mgetty-1.1.30-1.1mdk", release:"MDK9.0", yank:"mdk") )
  79. {
  80.  security_hole(0);
  81.  exit(0);
  82. }
  83. if ( rpm_check( reference:"mgetty-contrib-1.1.30-1.1mdk", release:"MDK9.0", yank:"mdk") )
  84. {
  85.  security_hole(0);
  86.  exit(0);
  87. }
  88. if ( rpm_check( reference:"mgetty-sendfax-1.1.30-1.1mdk", release:"MDK9.0", yank:"mdk") )
  89. {
  90.  security_hole(0);
  91.  exit(0);
  92. }
  93. if ( rpm_check( reference:"mgetty-viewfax-1.1.30-1.1mdk", release:"MDK9.0", yank:"mdk") )
  94. {
  95.  security_hole(0);
  96.  exit(0);
  97. }
  98. if ( rpm_check( reference:"mgetty-voice-1.1.30-1.1mdk", release:"MDK9.0", yank:"mdk") )
  99. {
  100.  security_hole(0);
  101.  exit(0);
  102. }
  103. if (rpm_exists(rpm:"mgetty-", release:"MDK8.2")
  104.  || rpm_exists(rpm:"mgetty-", release:"MDK9.0") )
  105. {
  106.  set_kb_item(name:"CAN-2002-1391", value:TRUE);
  107.  set_kb_item(name:"CAN-2002-1392", value:TRUE);
  108. }
  109.