home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / redhat-RHSA-2004-536.nasl < prev    next >
Text File  |  2005-01-14  |  3KB  |  77 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. #
  5. # The text of this plugin is (C) Red Hat Inc.
  6.  
  7. if ( ! defined_func("bn_random") ) exit(0);
  8. if(description)
  9. {
  10.  script_id(15959);
  11.  script_version ("$Revision: 1.1 $");
  12.  script_cve_id("CAN-2001-1413");
  13.  
  14.  name["english"] = "RHSA-2004-536: ncompress";
  15.  
  16.  script_name(english:name["english"]);
  17.  
  18.  desc["english"] = '
  19.                                                                                
  20.   An updated ncompress package that fixes a buffer overflow and problem in     
  21.   the handling of files larger than 2 GB is now available.                     
  22.                                                                                
  23.   The ncompress package contains the compress and uncompress file compression  
  24.   and decompression utilities, which are compatible with the original UNIX     
  25.   compress utility (.Z file extensions).                                       
  26.                                                                                
  27.   A bug in the way ncompress handles long filenames has been discovered.       
  28.   ncompress versions 4.2.4 and earlier contain a stack based buffer overflow   
  29.   when handling very long filenames. It is possible that an attacker could     
  30.   execute arbitrary code on a victims machine by tricking the user into        
  31.   decompressing a carefully crafted filename. The Common Vulnerabilities and   
  32.   Exposures project (cve.mitre.org) has assigned the name CAN-2001-1413 to     
  33.   this issue.                                                                  
  34.                                                                                
  35.   This updated ncompress package also fixes a problem in the handling of       
  36.   files larger than 2 GB.                                                      
  37.                                                                                
  38.   All users of ncompress should upgrade to this updated package, which         
  39.   contains fixes for these issues.                                             
  40.                                                                                
  41.                                                                                
  42.  
  43.  
  44. Solution : http://rhn.redhat.com/errata/RHSA-2004-536.html
  45. Risk factor : High';
  46.  
  47.  script_description(english:desc["english"]);
  48.  
  49.  summary["english"] = "Check for the version of the ncompress packages";
  50.  script_summary(english:summary["english"]);
  51.  
  52.  script_category(ACT_GATHER_INFO);
  53.  
  54.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  55.  family["english"] = "Red Hat Local Security Checks";
  56.  script_family(english:family["english"]);
  57.  
  58.  script_dependencies("ssh_get_info.nasl");
  59.  
  60.  script_require_keys("Host/RedHat/rpm-list");
  61.  exit(0);
  62. }
  63.  
  64. include("rpm.inc");
  65. if ( rpm_check( reference:"ncompress-4.2.4-37", release:"RHEL2.1") )
  66. {
  67.  security_hole(0);
  68.  exit(0);
  69. }
  70.  
  71. if ( rpm_exists(rpm:"ncompress-", release:"RHEL2.1") )
  72. {
  73.  set_kb_item(name:"CAN-2001-1413", value:TRUE);
  74. }
  75.  
  76. set_kb_item(name:"RHSA-2004-536", value:TRUE);
  77.