home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-036.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  3KB  |  99 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:036
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(14135);
12.  script_bugtraq_id(10168);
13.  script_version ("$Revision: 1.3 $");
14.  script_cve_id("CAN-2004-0409");
15.  
16.  name["english"] = "MDKSA-2004:036: xchat";
17.  
18.  script_name(english:name["english"]);
19.  
20.  desc["english"] = "
21. The remote host is missing the patch for the advisory MDKSA-2004:036 (xchat).
22.  
23.  
24. A remotely exploitable vulnerability was discovered in the Socks-5 proxy code in
25. XChat. By default, socks5 traversal is disabled, and one would also need to
26. connect to an attacker's own custom proxy server in order for this to be
27. exploited. Successful exploitation could lead to arbitrary code execution as the
28. user running XChat.
29. The provided packages are patched to prevent this problem.
30.  
31.  
32. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:036
33. Risk factor : High";
34.  
35.  
36.  
37.  script_description(english:desc["english"]);
38.  
39.  summary["english"] = "Check for the version of the xchat package";
40.  script_summary(english:summary["english"]);
41.  
42.  script_category(ACT_GATHER_INFO);
43.  
44.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
45.  family["english"] = "Mandrake Local Security Checks";
46.  script_family(english:family["english"]);
47.  
48.  script_dependencies("ssh_get_info.nasl");
49.  script_require_keys("Host/Mandrake/rpm-list");
50.  exit(0);
51. }
52.  
53. include("rpm.inc");
54. if ( rpm_check( reference:"xchat-2.0.7-6.1.100mdk", release:"MDK10.0", yank:"mdk") )
55. {
56.  security_hole(0);
57.  exit(0);
58. }
59. if ( rpm_check( reference:"xchat-perl-2.0.7-6.1.100mdk", release:"MDK10.0", yank:"mdk") )
60. {
61.  security_hole(0);
62.  exit(0);
63. }
64. if ( rpm_check( reference:"xchat-python-2.0.7-6.1.100mdk", release:"MDK10.0", yank:"mdk") )
65. {
66.  security_hole(0);
67.  exit(0);
68. }
69. if ( rpm_check( reference:"xchat-tcl-2.0.7-6.1.100mdk", release:"MDK10.0", yank:"mdk") )
70. {
71.  security_hole(0);
72.  exit(0);
73. }
74. if ( rpm_check( reference:"xchat-2.0.4-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
75. {
76.  security_hole(0);
77.  exit(0);
78. }
79. if ( rpm_check( reference:"xchat-perl-2.0.4-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
80. {
81.  security_hole(0);
82.  exit(0);
83. }
84. if ( rpm_check( reference:"xchat-python-2.0.4-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
85. {
86.  security_hole(0);
87.  exit(0);
88. }
89. if ( rpm_check( reference:"xchat-tcl-2.0.4-7.1.92mdk", release:"MDK9.2", yank:"mdk") )
90. {
91.  security_hole(0);
92.  exit(0);
93. }
94. if (rpm_exists(rpm:"xchat-", release:"MDK10.0")
95.  || rpm_exists(rpm:"xchat-", release:"MDK9.2") )
96. {
97.  set_kb_item(name:"CAN-2004-0409", value:TRUE);
98. }
99.