home *** CD-ROM | disk | FTP | other *** search

---

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-139.nasl

< prev

next >

Wrap

Text File  |  2005-01-14  |  3KB  |  119 lines

---

1. #
2. # (C) Tenable Network Security
3. #
4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:139
5. #
6.  
7.  
8. if ( ! defined_func("bn_random") ) exit(0);
9. if(description)
10. {
11.  script_id(15836);
12.  script_version ("$Revision: 1.1 $");
13.  script_cve_id("CAN-2004-1011", "CAN-2004-1012", "CAN-2004-1013", "CAN-2004-1015");
14.  
15.  name["english"] = "MDKSA-2004:139: cyrus-imapd";
16.  
17.  script_name(english:name["english"]);
18.  
19.  desc["english"] = "
20. The remote host is missing the patch for the advisory MDKSA-2004:139 (cyrus-imapd).
21.  
22.  
23.  
24. A number of vulnerabilities in the Cyrus-IMAP server were found by Stefan
25. Esser. Due to insufficient checking within the argument parser of the 'partial'
26. and 'fetch' commands, a buffer overflow could be exploited to execute arbitrary
27. attacker-supplied code. Another exploitable buffer overflow could be triggered
28. in situations when memory allocation files.
29.  
30. The provided packages have been patched to prevent these problems.
31.  
32.  
33.  
34. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:139
35. Risk factor : High";
36.  
37.  
38.  
39.  script_description(english:desc["english"]);
40.  
41.  summary["english"] = "Check for the version of the cyrus-imapd package";
42.  script_summary(english:summary["english"]);
43.  
44.  script_category(ACT_GATHER_INFO);
45.  
46.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
47.  family["english"] = "Mandrake Local Security Checks";
48.  script_family(english:family["english"]);
49.  
50.  script_dependencies("ssh_get_info.nasl");
51.  script_require_keys("Host/Mandrake/rpm-list");
52.  exit(0);
53. }
54.  
55. include("rpm.inc");
56. if ( rpm_check( reference:"cyrus-imapd-2.1.16-5.3.100mdk", release:"MDK10.0", yank:"mdk") )
57. {
58.  security_hole(0);
59.  exit(0);
60. }
61. if ( rpm_check( reference:"cyrus-imapd-devel-2.1.16-5.3.100mdk", release:"MDK10.0", yank:"mdk") )
62. {
63.  security_hole(0);
64.  exit(0);
65. }
66. if ( rpm_check( reference:"cyrus-imapd-murder-2.1.16-5.3.100mdk", release:"MDK10.0", yank:"mdk") )
67. {
68.  security_hole(0);
69.  exit(0);
70. }
71. if ( rpm_check( reference:"cyrus-imapd-utils-2.1.16-5.3.100mdk", release:"MDK10.0", yank:"mdk") )
72. {
73.  security_hole(0);
74.  exit(0);
75. }
76. if ( rpm_check( reference:"perl-Cyrus-2.1.16-5.3.100mdk", release:"MDK10.0", yank:"mdk") )
77. {
78.  security_hole(0);
79.  exit(0);
80. }
81. if ( rpm_check( reference:"cyrus-imapd-2.2.8-4.1.101mdk", release:"MDK10.1", yank:"mdk") )
82. {
83.  security_hole(0);
84.  exit(0);
85. }
86. if ( rpm_check( reference:"cyrus-imapd-devel-2.2.8-4.1.101mdk", release:"MDK10.1", yank:"mdk") )
87. {
88.  security_hole(0);
89.  exit(0);
90. }
91. if ( rpm_check( reference:"cyrus-imapd-murder-2.2.8-4.1.101mdk", release:"MDK10.1", yank:"mdk") )
92. {
93.  security_hole(0);
94.  exit(0);
95. }
96. if ( rpm_check( reference:"cyrus-imapd-nntp-2.2.8-4.1.101mdk", release:"MDK10.1", yank:"mdk") )
97. {
98.  security_hole(0);
99.  exit(0);
100. }
101. if ( rpm_check( reference:"cyrus-imapd-utils-2.2.8-4.1.101mdk", release:"MDK10.1", yank:"mdk") )
102. {
103.  security_hole(0);
104.  exit(0);
105. }
106. if ( rpm_check( reference:"perl-Cyrus-2.2.8-4.1.101mdk", release:"MDK10.1", yank:"mdk") )
107. {
108.  security_hole(0);
109.  exit(0);
110. }
111. if (rpm_exists(rpm:"cyrus-imapd-", release:"MDK10.0")
112.  || rpm_exists(rpm:"cyrus-imapd-", release:"MDK10.1") )
113. {
114.  set_kb_item(name:"CAN-2004-1011", value:TRUE);
115.  set_kb_item(name:"CAN-2004-1012", value:TRUE);
116.  set_kb_item(name:"CAN-2004-1013", value:TRUE);
117.  set_kb_item(name:"CAN-2004-1015", value:TRUE);
118. }
119.