home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-127.nasl < prev    next >
Text File  |  2005-01-14  |  4KB  |  153 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:127
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(15638);
  12.  script_version ("$Revision: 1.1 $");
  13.  script_cve_id("CAN-2004-0989");
  14.  
  15.  name["english"] = "MDKSA-2004:127: libxml/libxml2";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2004:127 (libxml/libxml2).
  21.  
  22.  
  23.  
  24. Multiple buffer overflows were reported in the libxml XML parsing library.
  25. These vulnerabilities may allow remote attackers to execute arbitray code via a
  26. long FTP URL that is not properly handled by the xmlNanoFTPScanURL() function,
  27. a long proxy URL containing FTP data that is not properly handled by the
  28. xmlNanoFTPScanProxy() function, and other overflows in the code that resolves
  29. names via DNS.
  30.  
  31. The updated packages have been patched to prevent these issues.
  32.  
  33.  
  34.  
  35. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:127
  36. Risk factor : High";
  37.  
  38.  
  39.  
  40.  script_description(english:desc["english"]);
  41.  
  42.  summary["english"] = "Check for the version of the libxml/libxml2 package";
  43.  script_summary(english:summary["english"]);
  44.  
  45.  script_category(ACT_GATHER_INFO);
  46.  
  47.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  48.  family["english"] = "Mandrake Local Security Checks";
  49.  script_family(english:family["english"]);
  50.  
  51.  script_dependencies("ssh_get_info.nasl");
  52.  script_require_keys("Host/Mandrake/rpm-list");
  53.  exit(0);
  54. }
  55.  
  56. include("rpm.inc");
  57. if ( rpm_check( reference:"libxml1-1.8.17-6.1.100mdk", release:"MDK10.0", yank:"mdk") )
  58. {
  59.  security_hole(0);
  60.  exit(0);
  61. }
  62. if ( rpm_check( reference:"libxml1-devel-1.8.17-6.1.100mdk", release:"MDK10.0", yank:"mdk") )
  63. {
  64.  security_hole(0);
  65.  exit(0);
  66. }
  67. if ( rpm_check( reference:"libxml2-2.6.6-1.1.100mdk", release:"MDK10.0", yank:"mdk") )
  68. {
  69.  security_hole(0);
  70.  exit(0);
  71. }
  72. if ( rpm_check( reference:"libxml2-devel-2.6.6-1.1.100mdk", release:"MDK10.0", yank:"mdk") )
  73. {
  74.  security_hole(0);
  75.  exit(0);
  76. }
  77. if ( rpm_check( reference:"libxml2-python-2.6.6-1.1.100mdk", release:"MDK10.0", yank:"mdk") )
  78. {
  79.  security_hole(0);
  80.  exit(0);
  81. }
  82. if ( rpm_check( reference:"libxml2-utils-2.6.6-1.1.100mdk", release:"MDK10.0", yank:"mdk") )
  83. {
  84.  security_hole(0);
  85.  exit(0);
  86. }
  87. if ( rpm_check( reference:"libxml1-1.8.17-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
  88. {
  89.  security_hole(0);
  90.  exit(0);
  91. }
  92. if ( rpm_check( reference:"libxml1-devel-1.8.17-7.1.101mdk", release:"MDK10.1", yank:"mdk") )
  93. {
  94.  security_hole(0);
  95.  exit(0);
  96. }
  97. if ( rpm_check( reference:"libxml2-2.6.13-1.1.101mdk", release:"MDK10.1", yank:"mdk") )
  98. {
  99.  security_hole(0);
  100.  exit(0);
  101. }
  102. if ( rpm_check( reference:"libxml2-devel-2.6.13-1.1.101mdk", release:"MDK10.1", yank:"mdk") )
  103. {
  104.  security_hole(0);
  105.  exit(0);
  106. }
  107. if ( rpm_check( reference:"libxml2-python-2.6.13-1.1.101mdk", release:"MDK10.1", yank:"mdk") )
  108. {
  109.  security_hole(0);
  110.  exit(0);
  111. }
  112. if ( rpm_check( reference:"libxml2-utils-2.6.13-1.1.101mdk", release:"MDK10.1", yank:"mdk") )
  113. {
  114.  security_hole(0);
  115.  exit(0);
  116. }
  117. if ( rpm_check( reference:"libxml1-1.8.17-5.1.92mdk", release:"MDK9.2", yank:"mdk") )
  118. {
  119.  security_hole(0);
  120.  exit(0);
  121. }
  122. if ( rpm_check( reference:"libxml1-devel-1.8.17-5.1.92mdk", release:"MDK9.2", yank:"mdk") )
  123. {
  124.  security_hole(0);
  125.  exit(0);
  126. }
  127. if ( rpm_check( reference:"libxml2-2.5.11-1.3.92mdk", release:"MDK9.2", yank:"mdk") )
  128. {
  129.  security_hole(0);
  130.  exit(0);
  131. }
  132. if ( rpm_check( reference:"libxml2-devel-2.5.11-1.3.92mdk", release:"MDK9.2", yank:"mdk") )
  133. {
  134.  security_hole(0);
  135.  exit(0);
  136. }
  137. if ( rpm_check( reference:"libxml2-python-2.5.11-1.3.92mdk", release:"MDK9.2", yank:"mdk") )
  138. {
  139.  security_hole(0);
  140.  exit(0);
  141. }
  142. if ( rpm_check( reference:"libxml2-utils-2.5.11-1.3.92mdk", release:"MDK9.2", yank:"mdk") )
  143. {
  144.  security_hole(0);
  145.  exit(0);
  146. }
  147. if (rpm_exists(rpm:"libxml-", release:"MDK10.0")
  148.  || rpm_exists(rpm:"libxml-", release:"MDK10.1")
  149.  || rpm_exists(rpm:"libxml-", release:"MDK9.2") )
  150. {
  151.  set_kb_item(name:"CAN-2004-0989", value:TRUE);
  152. }
  153.