home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-047.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  2KB  |  89 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:047
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(14146);
12.  script_version ("$Revision: 1.2 $");
13.  script_cve_id("CAN-2004-0411");
14.  
15.  name["english"] = "MDKSA-2004:047: kdelibs";
16.  
17.  script_name(english:name["english"]);
18.  
19.  desc["english"] = "
20. The remote host is missing the patch for the advisory MDKSA-2004:047 (kdelibs).
21.  
22.  
23. A vulnerability in the Opera web browser was identified by iDEFENSE; the same
24. type of vulnerability exists in KDE. The telnet, rlogin, ssh, and mailto URI
25. handlers do not check for '-' at the beginning of the hostname passed, which
26. makes it possible to pass an option to the programs started by the handlers.
27. This can allow remote attackers to create or truncate arbitrary files.
28. The updated packages contain patches provided by the KDE team to fix this
29. problem.
30.  
31.  
32. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:047
33. Risk factor : High";
34.  
35.  
36.  
37.  script_description(english:desc["english"]);
38.  
39.  summary["english"] = "Check for the version of the kdelibs package";
40.  script_summary(english:summary["english"]);
41.  
42.  script_category(ACT_GATHER_INFO);
43.  
44.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
45.  family["english"] = "Mandrake Local Security Checks";
46.  script_family(english:family["english"]);
47.  
48.  script_dependencies("ssh_get_info.nasl");
49.  script_require_keys("Host/Mandrake/rpm-list");
50.  exit(0);
51. }
52.  
53. include("rpm.inc");
54. if ( rpm_check( reference:"kdelibs-common-3.2-36.2.100mdk", release:"MDK10.0", yank:"mdk") )
55. {
56.  security_hole(0);
57.  exit(0);
58. }
59. if ( rpm_check( reference:"libkdecore4-3.2-36.2.100mdk", release:"MDK10.0", yank:"mdk") )
60. {
61.  security_hole(0);
62.  exit(0);
63. }
64. if ( rpm_check( reference:"libkdecore4-devel-3.2-36.2.100mdk", release:"MDK10.0", yank:"mdk") )
65. {
66.  security_hole(0);
67.  exit(0);
68. }
69. if ( rpm_check( reference:"kdelibs-common-3.1.3-35.2.92mdk", release:"MDK9.2", yank:"mdk") )
70. {
71.  security_hole(0);
72.  exit(0);
73. }
74. if ( rpm_check( reference:"libkdecore4-3.1.3-35.2.92mdk", release:"MDK9.2", yank:"mdk") )
75. {
76.  security_hole(0);
77.  exit(0);
78. }
79. if ( rpm_check( reference:"libkdecore4-devel-3.1.3-35.2.92mdk", release:"MDK9.2", yank:"mdk") )
80. {
81.  security_hole(0);
82.  exit(0);
83. }
84. if (rpm_exists(rpm:"kdelibs-", release:"MDK10.0")
85.  || rpm_exists(rpm:"kdelibs-", release:"MDK9.2") )
86. {
87.  set_kb_item(name:"CAN-2004-0411", value:TRUE);
88. }
89.