home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-122.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  8KB  |  314 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:122
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(15602);
12.  script_version ("$Revision: 1.1 $");
13.  script_cve_id("CAN-2004-0885");
14.  
15.  name["english"] = "MDKSA-2004:122: mod_ssl/apache2-mod_ssl";
16.  
17.  script_name(english:name["english"]);
18.  
19.  desc["english"] = "
20. The remote host is missing the patch for the advisory MDKSA-2004:122 (mod_ssl/apache2-mod_ssl).
21.  
22.  
23.  
24. A vulnerability in mod_ssl was discovered by Hartmut Keil. After a
25. renegotiation, mod_ssl would fail to ensure that the requested cipher suite is
26. actually negotiated. The provided packages have been patched to prevent this
27. problem.
28.  
29.  
30.  
31. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:122
32. Risk factor : High";
33.  
34.  
35.  
36.  script_description(english:desc["english"]);
37.  
38.  summary["english"] = "Check for the version of the mod_ssl/apache2-mod_ssl package";
39.  script_summary(english:summary["english"]);
40.  
41.  script_category(ACT_GATHER_INFO);
42.  
43.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
44.  family["english"] = "Mandrake Local Security Checks";
45.  script_family(english:family["english"]);
46.  
47.  script_dependencies("ssh_get_info.nasl");
48.  script_require_keys("Host/Mandrake/rpm-list");
49.  exit(0);
50. }
51.  
52. include("rpm.inc");
53. if ( rpm_check( reference:"apache2-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
54. {
55.  security_hole(0);
56.  exit(0);
57. }
58. if ( rpm_check( reference:"apache2-common-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
59. {
60.  security_hole(0);
61.  exit(0);
62. }
63. if ( rpm_check( reference:"apache2-devel-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
64. {
65.  security_hole(0);
66.  exit(0);
67. }
68. if ( rpm_check( reference:"apache2-manual-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
69. {
70.  security_hole(0);
71.  exit(0);
72. }
73. if ( rpm_check( reference:"apache2-mod_cache-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
74. {
75.  security_hole(0);
76.  exit(0);
77. }
78. if ( rpm_check( reference:"apache2-mod_dav-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
79. {
80.  security_hole(0);
81.  exit(0);
82. }
83. if ( rpm_check( reference:"apache2-mod_deflate-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
84. {
85.  security_hole(0);
86.  exit(0);
87. }
88. if ( rpm_check( reference:"apache2-mod_disk_cache-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
89. {
90.  security_hole(0);
91.  exit(0);
92. }
93. if ( rpm_check( reference:"apache2-mod_file_cache-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
94. {
95.  security_hole(0);
96.  exit(0);
97. }
98. if ( rpm_check( reference:"apache2-mod_ldap-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
99. {
100.  security_hole(0);
101.  exit(0);
102. }
103. if ( rpm_check( reference:"apache2-mod_mem_cache-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
104. {
105.  security_hole(0);
106.  exit(0);
107. }
108. if ( rpm_check( reference:"apache2-mod_proxy-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
109. {
110.  security_hole(0);
111.  exit(0);
112. }
113. if ( rpm_check( reference:"apache2-mod_ssl-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
114. {
115.  security_hole(0);
116.  exit(0);
117. }
118. if ( rpm_check( reference:"apache2-modules-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
119. {
120.  security_hole(0);
121.  exit(0);
122. }
123. if ( rpm_check( reference:"apache2-source-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
124. {
125.  security_hole(0);
126.  exit(0);
127. }
128. if ( rpm_check( reference:"libapr0-2.0.48-6.7.100mdk", release:"MDK10.0", yank:"mdk") )
129. {
130.  security_hole(0);
131.  exit(0);
132. }
133. if ( rpm_check( reference:"mod_ssl-2.8.16-1.3.100mdk", release:"MDK10.0", yank:"mdk") )
134. {
135.  security_hole(0);
136.  exit(0);
137. }
138. if ( rpm_check( reference:"apache2-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
139. {
140.  security_hole(0);
141.  exit(0);
142. }
143. if ( rpm_check( reference:"apache2-common-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
144. {
145.  security_hole(0);
146.  exit(0);
147. }
148. if ( rpm_check( reference:"apache2-devel-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
149. {
150.  security_hole(0);
151.  exit(0);
152. }
153. if ( rpm_check( reference:"apache2-manual-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
154. {
155.  security_hole(0);
156.  exit(0);
157. }
158. if ( rpm_check( reference:"apache2-mod_cache-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
159. {
160.  security_hole(0);
161.  exit(0);
162. }
163. if ( rpm_check( reference:"apache2-mod_dav-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
164. {
165.  security_hole(0);
166.  exit(0);
167. }
168. if ( rpm_check( reference:"apache2-mod_deflate-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
169. {
170.  security_hole(0);
171.  exit(0);
172. }
173. if ( rpm_check( reference:"apache2-mod_disk_cache-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
174. {
175.  security_hole(0);
176.  exit(0);
177. }
178. if ( rpm_check( reference:"apache2-mod_file_cache-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
179. {
180.  security_hole(0);
181.  exit(0);
182. }
183. if ( rpm_check( reference:"apache2-mod_ldap-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
184. {
185.  security_hole(0);
186.  exit(0);
187. }
188. if ( rpm_check( reference:"apache2-mod_mem_cache-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
189. {
190.  security_hole(0);
191.  exit(0);
192. }
193. if ( rpm_check( reference:"apache2-mod_proxy-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
194. {
195.  security_hole(0);
196.  exit(0);
197. }
198. if ( rpm_check( reference:"apache2-mod_ssl-2.0.50-4.1.101mdk", release:"MDK10.1", yank:"mdk") )
199. {
200.  security_hole(0);
201.  exit(0);
202. }
203. if ( rpm_check( reference:"apache2-modules-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
204. {
205.  security_hole(0);
206.  exit(0);
207. }
208. if ( rpm_check( reference:"apache2-source-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
209. {
210.  security_hole(0);
211.  exit(0);
212. }
213. if ( rpm_check( reference:"apache2-worker-2.0.50-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
214. {
215.  security_hole(0);
216.  exit(0);
217. }
218. if ( rpm_check( reference:"mod_ssl-2.8.19-1.1.101mdk", release:"MDK10.1", yank:"mdk") )
219. {
220.  security_hole(0);
221.  exit(0);
222. }
223. if ( rpm_check( reference:"apache2-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
224. {
225.  security_hole(0);
226.  exit(0);
227. }
228. if ( rpm_check( reference:"apache2-common-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
229. {
230.  security_hole(0);
231.  exit(0);
232. }
233. if ( rpm_check( reference:"apache2-devel-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
234. {
235.  security_hole(0);
236.  exit(0);
237. }
238. if ( rpm_check( reference:"apache2-manual-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
239. {
240.  security_hole(0);
241.  exit(0);
242. }
243. if ( rpm_check( reference:"apache2-mod_cache-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
244. {
245.  security_hole(0);
246.  exit(0);
247. }
248. if ( rpm_check( reference:"apache2-mod_dav-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
249. {
250.  security_hole(0);
251.  exit(0);
252. }
253. if ( rpm_check( reference:"apache2-mod_deflate-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
254. {
255.  security_hole(0);
256.  exit(0);
257. }
258. if ( rpm_check( reference:"apache2-mod_disk_cache-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
259. {
260.  security_hole(0);
261.  exit(0);
262. }
263. if ( rpm_check( reference:"apache2-mod_file_cache-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
264. {
265.  security_hole(0);
266.  exit(0);
267. }
268. if ( rpm_check( reference:"apache2-mod_ldap-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
269. {
270.  security_hole(0);
271.  exit(0);
272. }
273. if ( rpm_check( reference:"apache2-mod_mem_cache-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
274. {
275.  security_hole(0);
276.  exit(0);
277. }
278. if ( rpm_check( reference:"apache2-mod_proxy-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
279. {
280.  security_hole(0);
281.  exit(0);
282. }
283. if ( rpm_check( reference:"apache2-mod_ssl-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
284. {
285.  security_hole(0);
286.  exit(0);
287. }
288. if ( rpm_check( reference:"apache2-modules-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
289. {
290.  security_hole(0);
291.  exit(0);
292. }
293. if ( rpm_check( reference:"apache2-source-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
294. {
295.  security_hole(0);
296.  exit(0);
297. }
298. if ( rpm_check( reference:"libapr0-2.0.47-6.10.92mdk", release:"MDK9.2", yank:"mdk") )
299. {
300.  security_hole(0);
301.  exit(0);
302. }
303. if ( rpm_check( reference:"mod_ssl-2.8.15-1.3.92mdk", release:"MDK9.2", yank:"mdk") )
304. {
305.  security_hole(0);
306.  exit(0);
307. }
308. if (rpm_exists(rpm:"mod_ssl-", release:"MDK10.0")
309.  || rpm_exists(rpm:"mod_ssl-", release:"MDK10.1")
310.  || rpm_exists(rpm:"mod_ssl-", release:"MDK9.2") )
311. {
312.  set_kb_item(name:"CAN-2004-0885", value:TRUE);
313. }
314.