home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-064.nasl < prev    next >
Text File  |  2005-01-14  |  6KB  |  236 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:064
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14163);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2004-0493");
  14.  
  15.  name["english"] = "MDKSA-2004:064: apache2";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2004:064 (apache2).
  21.  
  22.  
  23. A Denial of Service (Dos) condition was discovered in Apache 2.x by George
  24. Guninski. Exploiting this can lead to httpd consuming an arbitrary amount of
  25. memory. On 64bit systems with more than 4GB of virtual memory, this may also
  26. lead to a heap-based overflow.
  27. The updated packages contain a patch from the ASF to correct the problem.
  28. It is recommended that you stop Apache prior to updating and then restart it
  29. again once the update is complete ('service httpd stop' and 'service httpd
  30. start' respectively).
  31.  
  32.  
  33. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:064
  34. Risk factor : High";
  35.  
  36.  
  37.  
  38.  script_description(english:desc["english"]);
  39.  
  40.  summary["english"] = "Check for the version of the apache2 package";
  41.  script_summary(english:summary["english"]);
  42.  
  43.  script_category(ACT_GATHER_INFO);
  44.  
  45.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  46.  family["english"] = "Mandrake Local Security Checks";
  47.  script_family(english:family["english"]);
  48.  
  49.  script_dependencies("ssh_get_info.nasl");
  50.  script_require_keys("Host/Mandrake/rpm-list");
  51.  exit(0);
  52. }
  53.  
  54. include("rpm.inc");
  55. if ( rpm_check( reference:"apache2-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  56. {
  57.  security_hole(0);
  58.  exit(0);
  59. }
  60. if ( rpm_check( reference:"apache2-common-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  61. {
  62.  security_hole(0);
  63.  exit(0);
  64. }
  65. if ( rpm_check( reference:"apache2-devel-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  66. {
  67.  security_hole(0);
  68.  exit(0);
  69. }
  70. if ( rpm_check( reference:"apache2-manual-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  71. {
  72.  security_hole(0);
  73.  exit(0);
  74. }
  75. if ( rpm_check( reference:"apache2-mod_cache-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  76. {
  77.  security_hole(0);
  78.  exit(0);
  79. }
  80. if ( rpm_check( reference:"apache2-mod_dav-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  81. {
  82.  security_hole(0);
  83.  exit(0);
  84. }
  85. if ( rpm_check( reference:"apache2-mod_ldap-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  86. {
  87.  security_hole(0);
  88.  exit(0);
  89. }
  90. if ( rpm_check( reference:"apache2-mod_proxy-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  91. {
  92.  security_hole(0);
  93.  exit(0);
  94. }
  95. if ( rpm_check( reference:"apache2-mod_ssl-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  96. {
  97.  security_hole(0);
  98.  exit(0);
  99. }
  100. if ( rpm_check( reference:"apache2-modules-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  101. {
  102.  security_hole(0);
  103.  exit(0);
  104. }
  105. if ( rpm_check( reference:"apache2-source-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  106. {
  107.  security_hole(0);
  108.  exit(0);
  109. }
  110. if ( rpm_check( reference:"libapr0-2.0.48-6.3.100mdk", release:"MDK10.0", yank:"mdk") )
  111. {
  112.  security_hole(0);
  113.  exit(0);
  114. }
  115. if ( rpm_check( reference:"apache2-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  116. {
  117.  security_hole(0);
  118.  exit(0);
  119. }
  120. if ( rpm_check( reference:"apache2-common-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  121. {
  122.  security_hole(0);
  123.  exit(0);
  124. }
  125. if ( rpm_check( reference:"apache2-devel-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  126. {
  127.  security_hole(0);
  128.  exit(0);
  129. }
  130. if ( rpm_check( reference:"apache2-manual-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  131. {
  132.  security_hole(0);
  133.  exit(0);
  134. }
  135. if ( rpm_check( reference:"apache2-mod_dav-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  136. {
  137.  security_hole(0);
  138.  exit(0);
  139. }
  140. if ( rpm_check( reference:"apache2-mod_ldap-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  141. {
  142.  security_hole(0);
  143.  exit(0);
  144. }
  145. if ( rpm_check( reference:"apache2-mod_ssl-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  146. {
  147.  security_hole(0);
  148.  exit(0);
  149. }
  150. if ( rpm_check( reference:"apache2-modules-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  151. {
  152.  security_hole(0);
  153.  exit(0);
  154. }
  155. if ( rpm_check( reference:"apache2-source-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  156. {
  157.  security_hole(0);
  158.  exit(0);
  159. }
  160. if ( rpm_check( reference:"libapr0-2.0.47-1.9.91mdk", release:"MDK9.1", yank:"mdk") )
  161. {
  162.  security_hole(0);
  163.  exit(0);
  164. }
  165. if ( rpm_check( reference:"apache2-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  166. {
  167.  security_hole(0);
  168.  exit(0);
  169. }
  170. if ( rpm_check( reference:"apache2-common-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  171. {
  172.  security_hole(0);
  173.  exit(0);
  174. }
  175. if ( rpm_check( reference:"apache2-devel-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  176. {
  177.  security_hole(0);
  178.  exit(0);
  179. }
  180. if ( rpm_check( reference:"apache2-manual-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  181. {
  182.  security_hole(0);
  183.  exit(0);
  184. }
  185. if ( rpm_check( reference:"apache2-mod_cache-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  186. {
  187.  security_hole(0);
  188.  exit(0);
  189. }
  190. if ( rpm_check( reference:"apache2-mod_dav-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  191. {
  192.  security_hole(0);
  193.  exit(0);
  194. }
  195. if ( rpm_check( reference:"apache2-mod_deflate-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  196. {
  197.  security_hole(0);
  198.  exit(0);
  199. }
  200. if ( rpm_check( reference:"apache2-mod_ldap-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  201. {
  202.  security_hole(0);
  203.  exit(0);
  204. }
  205. if ( rpm_check( reference:"apache2-mod_proxy-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  206. {
  207.  security_hole(0);
  208.  exit(0);
  209. }
  210. if ( rpm_check( reference:"apache2-mod_ssl-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  211. {
  212.  security_hole(0);
  213.  exit(0);
  214. }
  215. if ( rpm_check( reference:"apache2-modules-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  216. {
  217.  security_hole(0);
  218.  exit(0);
  219. }
  220. if ( rpm_check( reference:"apache2-source-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  221. {
  222.  security_hole(0);
  223.  exit(0);
  224. }
  225. if ( rpm_check( reference:"libapr0-2.0.47-6.6.92mdk", release:"MDK9.2", yank:"mdk") )
  226. {
  227.  security_hole(0);
  228.  exit(0);
  229. }
  230. if (rpm_exists(rpm:"apache2-", release:"MDK10.0")
  231.  || rpm_exists(rpm:"apache2-", release:"MDK9.1")
  232.  || rpm_exists(rpm:"apache2-", release:"MDK9.2") )
  233. {
  234.  set_kb_item(name:"CAN-2004-0493", value:TRUE);
  235. }
  236.