home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2002-049.nasl < prev    next >
Encoding:
Text File  |  2005-01-14  |  3.0 KB  |  110 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2002:049
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(13952);
  12.  script_version ("$Revision: 1.2 $");
  13.  
  14.  name["english"] = "MDKSA-2002:049: libpng";
  15.  
  16.  script_name(english:name["english"]);
  17.  
  18.  desc["english"] = "
  19. The remote host is missing the patch for the advisory MDKSA-2002:049 (libpng).
  20.  
  21.  
  22. A buffer overflow was found in the in the progressive reader of the PNG library
  23. when the PNG datastream contains more IDAT data than indicated by the IHDR
  24. chunk. These deliberately malformed datastreams would crash applications thus
  25. potentially allowing an attacker to execute malicious code. Many programs make
  26. use of the PNG libraries, including web browsers. This overflow is corrected in
  27. versions 1.0.14 and 1.2.4 of the PNG library.
  28. In order to have the system utilize the upgraded packages after the upgrade, you
  29. must restart all running applications that are linked to libpng. You can obtain
  30. this list by executing 'lsof|grep libpng' or 'fuser -v /usr/lib/libpng.so'.
  31.  
  32.  
  33. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:049
  34. Risk factor : High";
  35.  
  36.  
  37.  
  38.  script_description(english:desc["english"]);
  39.  
  40.  summary["english"] = "Check for the version of the libpng package";
  41.  script_summary(english:summary["english"]);
  42.  
  43.  script_category(ACT_GATHER_INFO);
  44.  
  45.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  46.  family["english"] = "Mandrake Local Security Checks";
  47.  script_family(english:family["english"]);
  48.  
  49.  script_dependencies("ssh_get_info.nasl");
  50.  script_require_keys("Host/Mandrake/rpm-list");
  51.  exit(0);
  52. }
  53.  
  54. include("rpm.inc");
  55. if ( rpm_check( reference:"libpng-1.0.5-2.1mdk", release:"MDK7.1", yank:"mdk") )
  56. {
  57.  security_hole(0);
  58.  exit(0);
  59. }
  60. if ( rpm_check( reference:"libpng-devel-1.0.5-2.1mdk", release:"MDK7.1", yank:"mdk") )
  61. {
  62.  security_hole(0);
  63.  exit(0);
  64. }
  65. if ( rpm_check( reference:"libpng-1.0.8-2.1mdk", release:"MDK7.2", yank:"mdk") )
  66. {
  67.  security_hole(0);
  68.  exit(0);
  69. }
  70. if ( rpm_check( reference:"libpng-devel-1.0.8-2.1mdk", release:"MDK7.2", yank:"mdk") )
  71. {
  72.  security_hole(0);
  73.  exit(0);
  74. }
  75. if ( rpm_check( reference:"libpng2-1.0.9-1.1mdk", release:"MDK8.0", yank:"mdk") )
  76. {
  77.  security_hole(0);
  78.  exit(0);
  79. }
  80. if ( rpm_check( reference:"libpng2-devel-1.0.9-1.1mdk", release:"MDK8.0", yank:"mdk") )
  81. {
  82.  security_hole(0);
  83.  exit(0);
  84. }
  85. if ( rpm_check( reference:"libpng2-1.0.12-2.1mdk", release:"MDK8.1", yank:"mdk") )
  86. {
  87.  security_hole(0);
  88.  exit(0);
  89. }
  90. if ( rpm_check( reference:"libpng2-devel-1.0.12-2.1mdk", release:"MDK8.1", yank:"mdk") )
  91. {
  92.  security_hole(0);
  93.  exit(0);
  94. }
  95. if ( rpm_check( reference:"libpng3-1.2.4-3.1mdk", release:"MDK8.2", yank:"mdk") )
  96. {
  97.  security_hole(0);
  98.  exit(0);
  99. }
  100. if ( rpm_check( reference:"libpng3-devel-1.2.4-3.1mdk", release:"MDK8.2", yank:"mdk") )
  101. {
  102.  security_hole(0);
  103.  exit(0);
  104. }
  105. if ( rpm_check( reference:"libpng3-static-devel-1.2.4-3.1mdk", release:"MDK8.2", yank:"mdk") )
  106. {
  107.  security_hole(0);
  108.  exit(0);
  109. }
  110.