home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-105.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  3KB  |  102 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:105
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(15434);
12.  script_version ("$Revision: 1.1 $");
13.  
14.  name["english"] = "MDKSA-2004:105: xine-lib";
15.  
16.  script_name(english:name["english"]);
17.  
18.  desc["english"] = "
19. The remote host is missing the patch for the advisory MDKSA-2004:105 (xine-lib).
20.  
21.  
22. A number of string overflows were discovered in the xine-lib program, some of
23. which can be used for remote buffer overflow exploits that lead to the execution
24. of arbitrary code with the permissions of the user running a xine-lib-based
25. media application. xine-lib versions 1-rc2 through, and including, 1-rc5 are
26. vulnerable to these problems.
27. As well, a heap overflow was found in the DVD subpicture decoder of xine-lib;
28. this vulnerability is also remotely exploitable. All versions of xine-lib prior
29. to and including 0.5.2 through, and including, 1-rc5 are vulnerable to this
30. problem.
31. Patches from the xine-lib team have been backported and applied to the program
32. to solve these problems.
33.  
34.  
35. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:105
36. Risk factor : High";
37.  
38.  
39.  
40.  script_description(english:desc["english"]);
41.  
42.  summary["english"] = "Check for the version of the xine-lib package";
43.  script_summary(english:summary["english"]);
44.  
45.  script_category(ACT_GATHER_INFO);
46.  
47.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
48.  family["english"] = "Mandrake Local Security Checks";
49.  script_family(english:family["english"]);
50.  
51.  script_dependencies("ssh_get_info.nasl");
52.  script_require_keys("Host/Mandrake/rpm-list");
53.  exit(0);
54. }
55.  
56. include("rpm.inc");
57. if ( rpm_check( reference:"libxine1-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
58. {
59.  security_hole(0);
60.  exit(0);
61. }
62. if ( rpm_check( reference:"libxine1-devel-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
63. {
64.  security_hole(0);
65.  exit(0);
66. }
67. if ( rpm_check( reference:"xine-aa-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
68. {
69.  security_hole(0);
70.  exit(0);
71. }
72. if ( rpm_check( reference:"xine-arts-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
73. {
74.  security_hole(0);
75.  exit(0);
76. }
77. if ( rpm_check( reference:"xine-dxr3-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
78. {
79.  security_hole(0);
80.  exit(0);
81. }
82. if ( rpm_check( reference:"xine-esd-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
83. {
84.  security_hole(0);
85.  exit(0);
86. }
87. if ( rpm_check( reference:"xine-flac-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
88. {
89.  security_hole(0);
90.  exit(0);
91. }
92. if ( rpm_check( reference:"xine-gnomevfs-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
93. {
94.  security_hole(0);
95.  exit(0);
96. }
97. if ( rpm_check( reference:"xine-plugins-1-0.rc3.6.2.100mdk", release:"MDK10.0", yank:"mdk") )
98. {
99.  security_hole(0);
100.  exit(0);
101. }
102.