home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2003-113.nasl < prev    next >
Text File  |  2005-01-14  |  2KB  |  75 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2003:113
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14095);
  12.  script_bugtraq_id(9117);
  13.  script_version ("$Revision: 1.3 $");
  14.  script_cve_id("CAN-2003-0972");
  15.  
  16.  name["english"] = "MDKSA-2003:113: screen";
  17.  
  18.  script_name(english:name["english"]);
  19.  
  20.  desc["english"] = "
  21. The remote host is missing the patch for the advisory MDKSA-2003:113 (screen).
  22.  
  23.  
  24. A vulnerability was discovered and fixed in screen by Timo Sirainen who found an
  25. exploitable buffer overflow that allowed privilege escalation. This
  26. vulnerability also has the potential to allow attackers to gain control of
  27. another user's screen session. The ability to exploit is not trivial and
  28. requires approximately 2GB of data to be transferred in order to do so.
  29. Updated packages are available that fix the vulnerability.
  30.  
  31.  
  32. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:113
  33. Risk factor : High";
  34.  
  35.  
  36.  
  37.  script_description(english:desc["english"]);
  38.  
  39.  summary["english"] = "Check for the version of the screen package";
  40.  script_summary(english:summary["english"]);
  41.  
  42.  script_category(ACT_GATHER_INFO);
  43.  
  44.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  45.  family["english"] = "Mandrake Local Security Checks";
  46.  script_family(english:family["english"]);
  47.  
  48.  script_dependencies("ssh_get_info.nasl");
  49.  script_require_keys("Host/Mandrake/rpm-list");
  50.  exit(0);
  51. }
  52.  
  53. include("rpm.inc");
  54. if ( rpm_check( reference:"screen-3.9.11-4.1.90mdk", release:"MDK9.0", yank:"mdk") )
  55. {
  56.  security_hole(0);
  57.  exit(0);
  58. }
  59. if ( rpm_check( reference:"screen-3.9.13-2.1.91mdk", release:"MDK9.1", yank:"mdk") )
  60. {
  61.  security_hole(0);
  62.  exit(0);
  63. }
  64. if ( rpm_check( reference:"screen-3.9.15-2.1.92mdk", release:"MDK9.2", yank:"mdk") )
  65. {
  66.  security_hole(0);
  67.  exit(0);
  68. }
  69. if (rpm_exists(rpm:"screen-", release:"MDK9.0")
  70.  || rpm_exists(rpm:"screen-", release:"MDK9.1")
  71.  || rpm_exists(rpm:"screen-", release:"MDK9.2") )
  72. {
  73.  set_kb_item(name:"CAN-2003-0972", value:TRUE);
  74. }
  75.