home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-071.nasl < prev    next >
Text File  |  2005-01-14  |  6KB  |  206 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:071
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14170);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2004-0600", "CAN-2004-0686");
  14.  
  15.  name["english"] = "MDKSA-2004:071: samba";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2004:071 (samba).
  21.  
  22.  
  23. A vulnerability was discovered in SWAT, the Samba Web Administration Tool. The
  24. routine used to decode the base64 data during HTTP basic authentication is
  25. subject to a buffer overrun caused by an invalid base64 character. This same
  26. code is also used to internally decode the sambaMungedDial attribute value when
  27. using the ldapsam passdb backend, and to decode input given to the ntlm_auth
  28. tool.
  29. This vulnerability only exists in Samba versions 3.0.2 or later; the 3.0.5
  30. release fixes the vulnerability. Systems using SWAT, the ldapsam passdb backend,
  31. and tose running winbindd and allowing third- party applications to issue
  32. authentication requests via ntlm_auth tool should upgrade immediately.
  33. (CAN-2004-0600)
  34. A buffer overrun has been located in the code used to support the 'mangling
  35. method = hash' smb.conf option. Please be aware that the default setting for
  36. this parameter is 'mangling method = hash2' and therefore not vulnerable. This
  37. bug is present in Samba 3.0.0 and later, as well as Samba 2.2.X (CAN-2004-0686)
  38. This update also fixes a bug where attempting to print in some cases would cause
  39. smbd to exit with a signal 11.
  40.  
  41.  
  42. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:071
  43. Risk factor : High";
  44.  
  45.  
  46.  
  47.  script_description(english:desc["english"]);
  48.  
  49.  summary["english"] = "Check for the version of the samba package";
  50.  script_summary(english:summary["english"]);
  51.  
  52.  script_category(ACT_GATHER_INFO);
  53.  
  54.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  55.  family["english"] = "Mandrake Local Security Checks";
  56.  script_family(english:family["english"]);
  57.  
  58.  script_dependencies("ssh_get_info.nasl");
  59.  script_require_keys("Host/Mandrake/rpm-list");
  60.  exit(0);
  61. }
  62.  
  63. include("rpm.inc");
  64. if ( rpm_check( reference:"libsmbclient0-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  65. {
  66.  security_hole(0);
  67.  exit(0);
  68. }
  69. if ( rpm_check( reference:"nss_wins-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  70. {
  71.  security_hole(0);
  72.  exit(0);
  73. }
  74. if ( rpm_check( reference:"samba-client-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  75. {
  76.  security_hole(0);
  77.  exit(0);
  78. }
  79. if ( rpm_check( reference:"samba-common-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  80. {
  81.  security_hole(0);
  82.  exit(0);
  83. }
  84. if ( rpm_check( reference:"samba-doc-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  85. {
  86.  security_hole(0);
  87.  exit(0);
  88. }
  89. if ( rpm_check( reference:"samba-passdb-mysql-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  90. {
  91.  security_hole(0);
  92.  exit(0);
  93. }
  94. if ( rpm_check( reference:"samba-passdb-xml-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  95. {
  96.  security_hole(0);
  97.  exit(0);
  98. }
  99. if ( rpm_check( reference:"samba-server-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  100. {
  101.  security_hole(0);
  102.  exit(0);
  103. }
  104. if ( rpm_check( reference:"samba-swat-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  105. {
  106.  security_hole(0);
  107.  exit(0);
  108. }
  109. if ( rpm_check( reference:"samba-winbind-3.0.2a-3.2.100mdk", release:"MDK10.0", yank:"mdk") )
  110. {
  111.  security_hole(0);
  112.  exit(0);
  113. }
  114. if ( rpm_check( reference:"nss_wins-2.2.7a-9.4.91mdk", release:"MDK9.1", yank:"mdk") )
  115. {
  116.  security_hole(0);
  117.  exit(0);
  118. }
  119. if ( rpm_check( reference:"samba-client-2.2.7a-9.4.91mdk", release:"MDK9.1", yank:"mdk") )
  120. {
  121.  security_hole(0);
  122.  exit(0);
  123. }
  124. if ( rpm_check( reference:"samba-common-2.2.7a-9.4.91mdk", release:"MDK9.1", yank:"mdk") )
  125. {
  126.  security_hole(0);
  127.  exit(0);
  128. }
  129. if ( rpm_check( reference:"samba-doc-2.2.7a-9.4.91mdk", release:"MDK9.1", yank:"mdk") )
  130. {
  131.  security_hole(0);
  132.  exit(0);
  133. }
  134. if ( rpm_check( reference:"samba-server-2.2.7a-9.4.91mdk", release:"MDK9.1", yank:"mdk") )
  135. {
  136.  security_hole(0);
  137.  exit(0);
  138. }
  139. if ( rpm_check( reference:"samba-swat-2.2.7a-9.4.91mdk", release:"MDK9.1", yank:"mdk") )
  140. {
  141.  security_hole(0);
  142.  exit(0);
  143. }
  144. if ( rpm_check( reference:"samba-winbind-2.2.7a-9.4.91mdk", release:"MDK9.1", yank:"mdk") )
  145. {
  146.  security_hole(0);
  147.  exit(0);
  148. }
  149. if ( rpm_check( reference:"libsmbclient0-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  150. {
  151.  security_hole(0);
  152.  exit(0);
  153. }
  154. if ( rpm_check( reference:"libsmbclient0-devel-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  155. {
  156.  security_hole(0);
  157.  exit(0);
  158. }
  159. if ( rpm_check( reference:"nss_wins-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  160. {
  161.  security_hole(0);
  162.  exit(0);
  163. }
  164. if ( rpm_check( reference:"samba-client-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  165. {
  166.  security_hole(0);
  167.  exit(0);
  168. }
  169. if ( rpm_check( reference:"samba-common-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  170. {
  171.  security_hole(0);
  172.  exit(0);
  173. }
  174. if ( rpm_check( reference:"samba-debug-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  175. {
  176.  security_hole(0);
  177.  exit(0);
  178. }
  179. if ( rpm_check( reference:"samba-doc-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  180. {
  181.  security_hole(0);
  182.  exit(0);
  183. }
  184. if ( rpm_check( reference:"samba-server-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  185. {
  186.  security_hole(0);
  187.  exit(0);
  188. }
  189. if ( rpm_check( reference:"samba-swat-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  190. {
  191.  security_hole(0);
  192.  exit(0);
  193. }
  194. if ( rpm_check( reference:"samba-winbind-2.2.8a-13.2.92mdk", release:"MDK9.2", yank:"mdk") )
  195. {
  196.  security_hole(0);
  197.  exit(0);
  198. }
  199. if (rpm_exists(rpm:"samba-", release:"MDK10.0")
  200.  || rpm_exists(rpm:"samba-", release:"MDK9.1")
  201.  || rpm_exists(rpm:"samba-", release:"MDK9.2") )
  202. {
  203.  set_kb_item(name:"CAN-2004-0600", value:TRUE);
  204.  set_kb_item(name:"CAN-2004-0686", value:TRUE);
  205. }
  206.