home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-097.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  3KB  |  117 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:097
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(14079);
12.  script_bugtraq_id(8702);
13.  script_version ("$Revision: 1.3 $");
14.  script_cve_id("CAN-2003-0835");
15.  
16.  name["english"] = "MDKSA-2003:097: mplayer";
17.  
18.  script_name(english:name["english"]);
19.  
20.  desc["english"] = "
21. The remote host is missing the patch for the advisory MDKSA-2003:097 (mplayer).
22.  
23.  
24. A buffer overflow vulnerability was found in MPlayer that is remotely
25. exploitable. A malicious host can craft a harmful ASX header and trick MPlayer
26. into executing arbitrary code when it parses that particular header.
27. The provided packages have been patched to fix the problem.
28.  
29.  
30. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:097
31. Risk factor : High";
32.  
33.  
34.  
35.  script_description(english:desc["english"]);
36.  
37.  summary["english"] = "Check for the version of the mplayer package";
38.  script_summary(english:summary["english"]);
39.  
40.  script_category(ACT_GATHER_INFO);
41.  
42.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
43.  family["english"] = "Mandrake Local Security Checks";
44.  script_family(english:family["english"]);
45.  
46.  script_dependencies("ssh_get_info.nasl");
47.  script_require_keys("Host/Mandrake/rpm-list");
48.  exit(0);
49. }
50.  
51. include("rpm.inc");
52. if ( rpm_check( reference:"libdha0.1-0.90-0.rc4.5.91mdk", release:"MDK9.1", yank:"mdk") )
53. {
54.  security_hole(0);
55.  exit(0);
56. }
57. if ( rpm_check( reference:"libpostproc0-0.90-0.rc4.5.91mdk", release:"MDK9.1", yank:"mdk") )
58. {
59.  security_hole(0);
60.  exit(0);
61. }
62. if ( rpm_check( reference:"libpostproc0-devel-0.90-0.rc4.5.91mdk", release:"MDK9.1", yank:"mdk") )
63. {
64.  security_hole(0);
65.  exit(0);
66. }
67. if ( rpm_check( reference:"mencoder-0.90-0.rc4.5.91mdk", release:"MDK9.1", yank:"mdk") )
68. {
69.  security_hole(0);
70.  exit(0);
71. }
72. if ( rpm_check( reference:"mplayer-0.90-0.rc4.5.91mdk", release:"MDK9.1", yank:"mdk") )
73. {
74.  security_hole(0);
75.  exit(0);
76. }
77. if ( rpm_check( reference:"mplayer-gui-0.90-0.rc4.5.91mdk", release:"MDK9.1", yank:"mdk") )
78. {
79.  security_hole(0);
80.  exit(0);
81. }
82. if ( rpm_check( reference:"libdha0.1-0.91-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
83. {
84.  security_hole(0);
85.  exit(0);
86. }
87. if ( rpm_check( reference:"libpostproc0-0.91-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
88. {
89.  security_hole(0);
90.  exit(0);
91. }
92. if ( rpm_check( reference:"libpostproc0-devel-0.91-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
93. {
94.  security_hole(0);
95.  exit(0);
96. }
97. if ( rpm_check( reference:"mencoder-0.91-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
98. {
99.  security_hole(0);
100.  exit(0);
101. }
102. if ( rpm_check( reference:"mplayer-0.91-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
103. {
104.  security_hole(0);
105.  exit(0);
106. }
107. if ( rpm_check( reference:"mplayer-gui-0.91-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
108. {
109.  security_hole(0);
110.  exit(0);
111. }
112. if (rpm_exists(rpm:"mplayer-", release:"MDK9.1")
113.  || rpm_exists(rpm:"mplayer-", release:"MDK9.2") )
114. {
115.  set_kb_item(name:"CAN-2003-0835", value:TRUE);
116. }
117.