home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-040.nasl < prev    next >
Encoding:
Text File  |  2005-01-14  |  5.6 KB  |  196 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:040-1
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(13944);
  12.  script_version ("$Revision: 1.3 $");
  13.  
  14.  name["english"] = "MDKSA-2002:040-1: openssh";
  15.  
  16.  script_name(english:name["english"]);
  17.  
  18.  desc["english"] = "
  19. The remote host is missing the patch for the advisory MDKSA-2002:040-1 (openssh).
  20.  
  21.  
  22. An input validation error exists in the OpenSSH server between versions 2.3.1
  23. and 3.3 that can result in an integer overflow and privilege escalation. This
  24. error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3,
  25. and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3. OpenSSH
  26. 3.4 and later are not affected, and OpenSSH 3.2 and later prevent privilege
  27. escalation if UsePrivilegeSeparation is enabled; in OpenSSH 3.3 and higher this
  28. is the default behaviour of OpenSSH.
  29. To protect yourself, users should be using OpenSSH 3.3 with
  30. UsePrivilegeSeparation enabled (see MDKSA:2002-040). However, it is highly
  31. recommended that all Mandrake Linux users upgrade to version 3.4 which corrects
  32. these errors.
  33. There are a few caveats with this upgrade, however, that users should be aware
  34. of:
  35. - On Linux kernel 2.2 (the default for Mandrake Linux 7.x), the use of
  36. Compression and UsePrivilegeSeparation are mutually exclusive. You can use one
  37. feature or the other, not both; we recommend disabling Compression and using
  38. privsep until this can be resolved.
  39. - Using privsep may cause some PAM modules which expect to run with root
  40. privilege to fail. For instance, users will not be able to change their password
  41. if they attempt to log into an account with an expired password.
  42. If you absolutely must use one of these features that conflict with privsep, you
  43. can disable it in /etc/ssh/sshd_config by using:
  44. UsePrivilegeSeparation no
  45. However, if you do this, be sure you are running OpenSSH 3.4. Updates to OpenSSH
  46. will be made available once these problems are resolved.
  47.  
  48.  
  49. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040-1
  50. Risk factor : High";
  51.  
  52.  
  53.  
  54.  script_description(english:desc["english"]);
  55.  
  56.  summary["english"] = "Check for the version of the openssh package";
  57.  script_summary(english:summary["english"]);
  58.  
  59.  script_category(ACT_GATHER_INFO);
  60.  
  61.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  62.  family["english"] = "Mandrake Local Security Checks";
  63.  script_family(english:family["english"]);
  64.  
  65.  script_dependencies("ssh_get_info.nasl");
  66.  script_require_keys("Host/Mandrake/rpm-list");
  67.  exit(0);
  68. }
  69.  
  70. include("rpm.inc");
  71. if ( rpm_check( reference:"openssh-3.4p1-1.2mdk", release:"MDK7.1", yank:"mdk") )
  72. {
  73.  security_hole(0);
  74.  exit(0);
  75. }
  76. if ( rpm_check( reference:"openssh-askpass-3.4p1-1.2mdk", release:"MDK7.1", yank:"mdk") )
  77. {
  78.  security_hole(0);
  79.  exit(0);
  80. }
  81. if ( rpm_check( reference:"openssh-askpass-gnome-3.4p1-1.2mdk", release:"MDK7.1", yank:"mdk") )
  82. {
  83.  security_hole(0);
  84.  exit(0);
  85. }
  86. if ( rpm_check( reference:"openssh-clients-3.4p1-1.2mdk", release:"MDK7.1", yank:"mdk") )
  87. {
  88.  security_hole(0);
  89.  exit(0);
  90. }
  91. if ( rpm_check( reference:"openssh-server-3.4p1-1.2mdk", release:"MDK7.1", yank:"mdk") )
  92. {
  93.  security_hole(0);
  94.  exit(0);
  95. }
  96. if ( rpm_check( reference:"openssh-3.4p1-1.2mdk", release:"MDK7.2", yank:"mdk") )
  97. {
  98.  security_hole(0);
  99.  exit(0);
  100. }
  101. if ( rpm_check( reference:"openssh-askpass-3.4p1-1.2mdk", release:"MDK7.2", yank:"mdk") )
  102. {
  103.  security_hole(0);
  104.  exit(0);
  105. }
  106. if ( rpm_check( reference:"openssh-askpass-gnome-3.4p1-1.2mdk", release:"MDK7.2", yank:"mdk") )
  107. {
  108.  security_hole(0);
  109.  exit(0);
  110. }
  111. if ( rpm_check( reference:"openssh-clients-3.4p1-1.2mdk", release:"MDK7.2", yank:"mdk") )
  112. {
  113.  security_hole(0);
  114.  exit(0);
  115. }
  116. if ( rpm_check( reference:"openssh-server-3.4p1-1.2mdk", release:"MDK7.2", yank:"mdk") )
  117. {
  118.  security_hole(0);
  119.  exit(0);
  120. }
  121. if ( rpm_check( reference:"openssh-3.4p1-1.1mdk", release:"MDK8.0", yank:"mdk") )
  122. {
  123.  security_hole(0);
  124.  exit(0);
  125. }
  126. if ( rpm_check( reference:"openssh-askpass-3.4p1-1.1mdk", release:"MDK8.0", yank:"mdk") )
  127. {
  128.  security_hole(0);
  129.  exit(0);
  130. }
  131. if ( rpm_check( reference:"openssh-askpass-gnome-3.4p1-1.1mdk", release:"MDK8.0", yank:"mdk") )
  132. {
  133.  security_hole(0);
  134.  exit(0);
  135. }
  136. if ( rpm_check( reference:"openssh-clients-3.4p1-1.1mdk", release:"MDK8.0", yank:"mdk") )
  137. {
  138.  security_hole(0);
  139.  exit(0);
  140. }
  141. if ( rpm_check( reference:"openssh-server-3.4p1-1.1mdk", release:"MDK8.0", yank:"mdk") )
  142. {
  143.  security_hole(0);
  144.  exit(0);
  145. }
  146. if ( rpm_check( reference:"openssh-3.4p1-1.1mdk", release:"MDK8.1", yank:"mdk") )
  147. {
  148.  security_hole(0);
  149.  exit(0);
  150. }
  151. if ( rpm_check( reference:"openssh-askpass-3.4p1-1.1mdk", release:"MDK8.1", yank:"mdk") )
  152. {
  153.  security_hole(0);
  154.  exit(0);
  155. }
  156. if ( rpm_check( reference:"openssh-askpass-gnome-3.4p1-1.1mdk", release:"MDK8.1", yank:"mdk") )
  157. {
  158.  security_hole(0);
  159.  exit(0);
  160. }
  161. if ( rpm_check( reference:"openssh-clients-3.4p1-1.1mdk", release:"MDK8.1", yank:"mdk") )
  162. {
  163.  security_hole(0);
  164.  exit(0);
  165. }
  166. if ( rpm_check( reference:"openssh-server-3.4p1-1.1mdk", release:"MDK8.1", yank:"mdk") )
  167. {
  168.  security_hole(0);
  169.  exit(0);
  170. }
  171. if ( rpm_check( reference:"openssh-3.4p1-1.1mdk", release:"MDK8.2", yank:"mdk") )
  172. {
  173.  security_hole(0);
  174.  exit(0);
  175. }
  176. if ( rpm_check( reference:"openssh-askpass-3.4p1-1.1mdk", release:"MDK8.2", yank:"mdk") )
  177. {
  178.  security_hole(0);
  179.  exit(0);
  180. }
  181. if ( rpm_check( reference:"openssh-askpass-gnome-3.4p1-1.1mdk", release:"MDK8.2", yank:"mdk") )
  182. {
  183.  security_hole(0);
  184.  exit(0);
  185. }
  186. if ( rpm_check( reference:"openssh-clients-3.4p1-1.1mdk", release:"MDK8.2", yank:"mdk") )
  187. {
  188.  security_hole(0);
  189.  exit(0);
  190. }
  191. if ( rpm_check( reference:"openssh-server-3.4p1-1.1mdk", release:"MDK8.2", yank:"mdk") )
  192. {
  193.  security_hole(0);
  194.  exit(0);
  195. }
  196.