home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-033.nasl < prev    next >
Text File  |  2005-01-14  |  2KB  |  87 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:033
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14132);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2004-0372");
  14.  
  15.  name["english"] = "MDKSA-2004:033: xine-ui";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2004:033 (xine-ui).
  21.  
  22.  
  23. Shaun Colley discovered a temporary file vulnerability in the xine-check script
  24. packaged in xine-ui. This problem could allow local attackers to overwrite
  25. arbitrary files with the privileges of the user invoking the script.
  26. The updated packages change the location of where temporary files are written to
  27. prevent this attack.
  28.  
  29.  
  30. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:033
  31. Risk factor : High";
  32.  
  33.  
  34.  
  35.  script_description(english:desc["english"]);
  36.  
  37.  summary["english"] = "Check for the version of the xine-ui package";
  38.  script_summary(english:summary["english"]);
  39.  
  40.  script_category(ACT_GATHER_INFO);
  41.  
  42.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  43.  family["english"] = "Mandrake Local Security Checks";
  44.  script_family(english:family["english"]);
  45.  
  46.  script_dependencies("ssh_get_info.nasl");
  47.  script_require_keys("Host/Mandrake/rpm-list");
  48.  exit(0);
  49. }
  50.  
  51. include("rpm.inc");
  52. if ( rpm_check( reference:"xine-ui-0.9.23-3.1.100mdk", release:"MDK10.0", yank:"mdk") )
  53. {
  54.  security_hole(0);
  55.  exit(0);
  56. }
  57. if ( rpm_check( reference:"xine-ui-aa-0.9.23-3.1.100mdk", release:"MDK10.0", yank:"mdk") )
  58. {
  59.  security_hole(0);
  60.  exit(0);
  61. }
  62. if ( rpm_check( reference:"xine-ui-fb-0.9.23-3.1.100mdk", release:"MDK10.0", yank:"mdk") )
  63. {
  64.  security_hole(0);
  65.  exit(0);
  66. }
  67. if ( rpm_check( reference:"xine-ui-0.9.22-5.1.92mdk", release:"MDK9.2", yank:"mdk") )
  68. {
  69.  security_hole(0);
  70.  exit(0);
  71. }
  72. if ( rpm_check( reference:"xine-ui-aa-0.9.22-5.1.92mdk", release:"MDK9.2", yank:"mdk") )
  73. {
  74.  security_hole(0);
  75.  exit(0);
  76. }
  77. if ( rpm_check( reference:"xine-ui-fb-0.9.22-5.1.92mdk", release:"MDK9.2", yank:"mdk") )
  78. {
  79.  security_hole(0);
  80.  exit(0);
  81. }
  82. if (rpm_exists(rpm:"xine-ui-", release:"MDK10.0")
  83.  || rpm_exists(rpm:"xine-ui-", release:"MDK9.2") )
  84. {
  85.  set_kb_item(name:"CAN-2004-0372", value:TRUE);
  86. }
  87.