home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-151.nasl < prev    next >
Text File  |  2005-01-14  |  4KB  |  133 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:151
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(15998);
  12.  script_version ("$Revision: 1.1 $");
  13.  script_cve_id("CAN-2004-1019", "CAN-2004-1065");
  14.  
  15.  name["english"] = "MDKSA-2004:151: php";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2004:151 (php).
  21.  
  22.  
  23.  
  24. A number of vulnerabilities in PHP versions prior to 4.3.10 were discovered by
  25. Stefan Esser. Some of these vulnerabilities were not deemed to be severe enough
  26. to warrant CVE names, however the packages provided, with the exception of the
  27. Corporate Server 2.1 packages, include fixes for all of the vulnerabilities,
  28. thanks to the efforts of the OpenPKG team who extracted and backported the
  29. fixes.
  30.  
  31. The vulnerabilities fixed in all provided packages include a fix for a possible
  32. information disclosure, double free, and negative reference index array
  33. underflow in deserialization code (CAN-2004-1019). As well, the exif_read_data
  34. () function suffers from an overflow on a long sectionname; this vulnerability
  35. was discovered by Ilia Alshanetsky (CAN-2004-1065).
  36.  
  37. The other fixes that appear in Mandrakelinux 9.2 and newer packages include a
  38. fix for out of bounds memory write access in shmop_write() and integer overflow
  39. /underflows in the pack() and unpack() functions. The addslashes() function did
  40. not properly escape '
  41.  
  42.  
  43.  
  44. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:151
  45. Risk factor : High";
  46.  
  47.  
  48.  
  49.  script_description(english:desc["english"]);
  50.  
  51.  summary["english"] = "Check for the version of the php package";
  52.  script_summary(english:summary["english"]);
  53.  
  54.  script_category(ACT_GATHER_INFO);
  55.  
  56.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  57.  family["english"] = "Mandrake Local Security Checks";
  58.  script_family(english:family["english"]);
  59.  
  60.  script_dependencies("ssh_get_info.nasl");
  61.  script_require_keys("Host/Mandrake/rpm-list");
  62.  exit(0);
  63. }
  64.  
  65. include("rpm.inc");
  66. if ( rpm_check( reference:"libphp_common432-4.3.4-4.3.100mdk", release:"MDK10.0", yank:"mdk") )
  67. {
  68.  security_hole(0);
  69.  exit(0);
  70. }
  71. if ( rpm_check( reference:"php-cgi-4.3.4-4.3.100mdk", release:"MDK10.0", yank:"mdk") )
  72. {
  73.  security_hole(0);
  74.  exit(0);
  75. }
  76. if ( rpm_check( reference:"php-cli-4.3.4-4.3.100mdk", release:"MDK10.0", yank:"mdk") )
  77. {
  78.  security_hole(0);
  79.  exit(0);
  80. }
  81. if ( rpm_check( reference:"php432-devel-4.3.4-4.3.100mdk", release:"MDK10.0", yank:"mdk") )
  82. {
  83.  security_hole(0);
  84.  exit(0);
  85. }
  86. if ( rpm_check( reference:"libphp_common432-4.3.8-3.2.101mdk", release:"MDK10.1", yank:"mdk") )
  87. {
  88.  security_hole(0);
  89.  exit(0);
  90. }
  91. if ( rpm_check( reference:"php-cgi-4.3.8-3.2.101mdk", release:"MDK10.1", yank:"mdk") )
  92. {
  93.  security_hole(0);
  94.  exit(0);
  95. }
  96. if ( rpm_check( reference:"php-cli-4.3.8-3.2.101mdk", release:"MDK10.1", yank:"mdk") )
  97. {
  98.  security_hole(0);
  99.  exit(0);
  100. }
  101. if ( rpm_check( reference:"php432-devel-4.3.8-3.2.101mdk", release:"MDK10.1", yank:"mdk") )
  102. {
  103.  security_hole(0);
  104.  exit(0);
  105. }
  106. if ( rpm_check( reference:"libphp_common432-4.3.3-2.3.92mdk", release:"MDK9.2", yank:"mdk") )
  107. {
  108.  security_hole(0);
  109.  exit(0);
  110. }
  111. if ( rpm_check( reference:"php-cgi-4.3.3-2.3.92mdk", release:"MDK9.2", yank:"mdk") )
  112. {
  113.  security_hole(0);
  114.  exit(0);
  115. }
  116. if ( rpm_check( reference:"php-cli-4.3.3-2.3.92mdk", release:"MDK9.2", yank:"mdk") )
  117. {
  118.  security_hole(0);
  119.  exit(0);
  120. }
  121. if ( rpm_check( reference:"php432-devel-4.3.3-2.3.92mdk", release:"MDK9.2", yank:"mdk") )
  122. {
  123.  security_hole(0);
  124.  exit(0);
  125. }
  126. if (rpm_exists(rpm:"php-", release:"MDK10.0")
  127.  || rpm_exists(rpm:"php-", release:"MDK10.1")
  128.  || rpm_exists(rpm:"php-", release:"MDK9.2") )
  129. {
  130.  set_kb_item(name:"CAN-2004-1019", value:TRUE);
  131.  set_kb_item(name:"CAN-2004-1065", value:TRUE);
  132. }
  133.