home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-095.nasl < prev    next >
Text File  |  2005-01-14  |  4KB  |  153 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:095-1
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14751);
  12.  script_version ("$Revision: 1.3 $");
  13.  script_cve_id("CAN-2004-0753", "CAN-2004-0782", "CAN-2004-0783", "CAN-2004-0788");
  14.  
  15.  name["english"] = "MDKSA-2004:095-1: gdk-pixbuf/gtk+2";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2004:095-1 (gdk-pixbuf/gtk+2).
  21.  
  22.  
  23. A vulnerability was found in the gdk-pixbug bmp loader where a bad BMP image
  24. could send the bmp loader into an infinite loop (CAN-2004-0753).
  25. Chris Evans found a heap-based overflow and a stack-based overflow in the xpm
  26. loader of gdk-pixbuf (CAN-2004-0782 and CAN-2004-0783).
  27. Chris Evans also discovered an integer overflow in the ico loader of gdk-pixbuf
  28. (CAN-2004-0788).
  29. All four problems have been corrected in these updated packages.
  30. Update:
  31. The previous package had an incorrect patch applied that would cause some
  32. problems with other programs. The updated packages have the correct patch
  33. applied.
  34. As well, patched gtk+2 packages, which also contain gdk-pixbuf, are now
  35. provided.
  36.  
  37.  
  38. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:095-1
  39. Risk factor : High";
  40.  
  41.  
  42.  
  43.  script_description(english:desc["english"]);
  44.  
  45.  summary["english"] = "Check for the version of the gdk-pixbuf/gtk+2 package";
  46.  script_summary(english:summary["english"]);
  47.  
  48.  script_category(ACT_GATHER_INFO);
  49.  
  50.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  51.  family["english"] = "Mandrake Local Security Checks";
  52.  script_family(english:family["english"]);
  53.  
  54.  script_dependencies("ssh_get_info.nasl");
  55.  script_require_keys("Host/Mandrake/rpm-list");
  56.  exit(0);
  57. }
  58.  
  59. include("rpm.inc");
  60. if ( rpm_check( reference:"gdk-pixbuf-loaders-0.22.0-2.2.100mdk", release:"MDK10.0", yank:"mdk") )
  61. {
  62.  security_hole(0);
  63.  exit(0);
  64. }
  65. if ( rpm_check( reference:"libgdk-pixbuf2-0.22.0-2.2.100mdk", release:"MDK10.0", yank:"mdk") )
  66. {
  67.  security_hole(0);
  68.  exit(0);
  69. }
  70. if ( rpm_check( reference:"gtk+2.0-2.2.4-10.1.100mdk", release:"MDK10.0", yank:"mdk") )
  71. {
  72.  security_hole(0);
  73.  exit(0);
  74. }
  75. if ( rpm_check( reference:"libgdk_pixbuf2.0_0-2.2.4-10.1.100mdk", release:"MDK10.0", yank:"mdk") )
  76. {
  77.  security_hole(0);
  78.  exit(0);
  79. }
  80. if ( rpm_check( reference:"libgtk+-x11-2.0_0-2.2.4-10.1.100mdk", release:"MDK10.0", yank:"mdk") )
  81. {
  82.  security_hole(0);
  83.  exit(0);
  84. }
  85. if ( rpm_check( reference:"libgtk+2.0_0-2.2.4-10.1.100mdk", release:"MDK10.0", yank:"mdk") )
  86. {
  87.  security_hole(0);
  88.  exit(0);
  89. }
  90. if ( rpm_check( reference:"libgtk+2.0_0-devel-2.2.4-10.1.100mdk", release:"MDK10.0", yank:"mdk") )
  91. {
  92.  security_hole(0);
  93.  exit(0);
  94. }
  95. if ( rpm_check( reference:"gdk-pixbuf-loaders-0.22.0-2.2.92mdk", release:"MDK9.2", yank:"mdk") )
  96. {
  97.  security_hole(0);
  98.  exit(0);
  99. }
  100. if ( rpm_check( reference:"libgdk-pixbuf-xlib2-0.22.0-2.2.92mdk", release:"MDK9.2", yank:"mdk") )
  101. {
  102.  security_hole(0);
  103.  exit(0);
  104. }
  105. if ( rpm_check( reference:"libgdk-pixbuf2-0.22.0-2.2.92mdk", release:"MDK9.2", yank:"mdk") )
  106. {
  107.  security_hole(0);
  108.  exit(0);
  109. }
  110. if ( rpm_check( reference:"libgdk-pixbuf2-devel-0.22.0-2.2.92mdk", release:"MDK9.2", yank:"mdk") )
  111. {
  112.  security_hole(0);
  113.  exit(0);
  114. }
  115. if ( rpm_check( reference:"gtk+2.0-2.2.4-2.1.92mdk", release:"MDK9.2", yank:"mdk") )
  116. {
  117.  security_hole(0);
  118.  exit(0);
  119. }
  120. if ( rpm_check( reference:"libgdk_pixbuf2.0_0-2.2.4-2.1.92mdk", release:"MDK9.2", yank:"mdk") )
  121. {
  122.  security_hole(0);
  123.  exit(0);
  124. }
  125. if ( rpm_check( reference:"libgtk+-linuxfb-2.0_0-2.2.4-2.1.92mdk", release:"MDK9.2", yank:"mdk") )
  126. {
  127.  security_hole(0);
  128.  exit(0);
  129. }
  130. if ( rpm_check( reference:"libgtk+-x11-2.0_0-2.2.4-2.1.92mdk", release:"MDK9.2", yank:"mdk") )
  131. {
  132.  security_hole(0);
  133.  exit(0);
  134. }
  135. if ( rpm_check( reference:"libgtk+2.0_0-2.2.4-2.1.92mdk", release:"MDK9.2", yank:"mdk") )
  136. {
  137.  security_hole(0);
  138.  exit(0);
  139. }
  140. if ( rpm_check( reference:"libgtk+2.0_0-devel-2.2.4-2.1.92mdk", release:"MDK9.2", yank:"mdk") )
  141. {
  142.  security_hole(0);
  143.  exit(0);
  144. }
  145. if (rpm_exists(rpm:"gdk-pixbuf-", release:"MDK10.0")
  146.  || rpm_exists(rpm:"gdk-pixbuf-", release:"MDK9.2") )
  147. {
  148.  set_kb_item(name:"CAN-2004-0753", value:TRUE);
  149.  set_kb_item(name:"CAN-2004-0782", value:TRUE);
  150.  set_kb_item(name:"CAN-2004-0783", value:TRUE);
  151.  set_kb_item(name:"CAN-2004-0788", value:TRUE);
  152. }
  153.