home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-077.nasl < prev    next >
Text File  |  2005-01-14  |  3KB  |  81 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:077
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14060);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2003-0504", "CAN-2003-0582");
  14.  
  15.  name["english"] = "MDKSA-2003:077: phpgroupware";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2003:077 (phpgroupware).
  21.  
  22.  
  23. Several vulnerabilities were discovered in all versions of phpgroupware prior to
  24. 0.9.14.006. This latest version fixes an exploitable condition in all versions
  25. that can be exploited remotely without authentication and can lead to arbitrary
  26. code execution on the web server. This vulnerability is being actively
  27. exploited.
  28. Version 0.9.14.005 fixed several other vulnerabilities including cross-site
  29. scripting issues that can be exploited to obtain sensitive information such as
  30. authentication cookies.
  31. This update provides the latest stable version of phpgroupware and all users are
  32. encouraged to update immediately. In addition, you should also secure your
  33. installation by including the following in your Apache configuration files:
  34. Order allow,deny Deny from all
  35.  
  36.  
  37. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:077
  38. Risk factor : High";
  39.  
  40.  
  41.  
  42.  script_description(english:desc["english"]);
  43.  
  44.  summary["english"] = "Check for the version of the phpgroupware package";
  45.  script_summary(english:summary["english"]);
  46.  
  47.  script_category(ACT_GATHER_INFO);
  48.  
  49.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  50.  family["english"] = "Mandrake Local Security Checks";
  51.  script_family(english:family["english"]);
  52.  
  53.  script_dependencies("ssh_get_info.nasl");
  54.  script_require_keys("Host/Mandrake/rpm-list");
  55.  exit(0);
  56. }
  57.  
  58. include("rpm.inc");
  59. if ( rpm_check( reference:"phpgroupware-0.9.14.006-0.1mdk", release:"MDK8.2", yank:"mdk") )
  60. {
  61.  security_hole(0);
  62.  exit(0);
  63. }
  64. if ( rpm_check( reference:"phpgroupware-0.9.14.006-0.1mdk", release:"MDK9.0", yank:"mdk") )
  65. {
  66.  security_hole(0);
  67.  exit(0);
  68. }
  69. if ( rpm_check( reference:"phpgroupware-0.9.14.006-0.1mdk", release:"MDK9.1", yank:"mdk") )
  70. {
  71.  security_hole(0);
  72.  exit(0);
  73. }
  74. if (rpm_exists(rpm:"phpgroupware-", release:"MDK8.2")
  75.  || rpm_exists(rpm:"phpgroupware-", release:"MDK9.0")
  76.  || rpm_exists(rpm:"phpgroupware-", release:"MDK9.1") )
  77. {
  78.  set_kb_item(name:"CAN-2003-0504", value:TRUE);
  79.  set_kb_item(name:"CAN-2003-0582", value:TRUE);
  80. }
  81.