home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / modules / nessus-2.2.8.mo / usr / lib / nessus / plugins / mandrake_MDKSA-2004-018.nasl < prev    next >
Encoding:
Text File  |  2005-01-14  |  2.6 KB  |  99 lines
  1. #
  2. # (C) Tenable Network Security
  3. #
  4. # This plugin text was extracted from Mandrake Linux Security Advisory MDKSA-2004:018
  5. #
  6.  
  7.  
  8. if ( ! defined_func("bn_random") ) exit(0);
  9. if(description)
  10. {
  11.  script_id(14118);
  12.  script_version ("$Revision: 1.2 $");
  13.  script_cve_id("CAN-2004-0110");
  14.  
  15.  name["english"] = "MDKSA-2004:018: libxml2";
  16.  
  17.  script_name(english:name["english"]);
  18.  
  19.  desc["english"] = "
  20. The remote host is missing the patch for the advisory MDKSA-2004:018 (libxml2).
  21.  
  22.  
  23. A flaw in libxml2 versions prior to 2.6.6 was found by Yuuichi Teranishi. When
  24. fetching a remote source via FTP or HTTP, libxml2 uses special parsing routines
  25. that can overflow a buffer if passed a very long URL. In the event that the
  26. attacker can find a program that uses libxml2 which parses remote resources and
  27. allows them to influence the URL, this flaw could be used to execute arbitrary
  28. code.
  29. The updated packages provide a backported fix to correct the problem.
  30.  
  31.  
  32. Solution : http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:018
  33. Risk factor : High";
  34.  
  35.  
  36.  
  37.  script_description(english:desc["english"]);
  38.  
  39.  summary["english"] = "Check for the version of the libxml2 package";
  40.  script_summary(english:summary["english"]);
  41.  
  42.  script_category(ACT_GATHER_INFO);
  43.  
  44.  script_copyright(english:"This script is Copyright (C) 2004 Tenable Network Security");
  45.  family["english"] = "Mandrake Local Security Checks";
  46.  script_family(english:family["english"]);
  47.  
  48.  script_dependencies("ssh_get_info.nasl");
  49.  script_require_keys("Host/Mandrake/rpm-list");
  50.  exit(0);
  51. }
  52.  
  53. include("rpm.inc");
  54. if ( rpm_check( reference:"libxml2-2.5.4-1.2.91mdk", release:"MDK9.1", yank:"mdk") )
  55. {
  56.  security_hole(0);
  57.  exit(0);
  58. }
  59. if ( rpm_check( reference:"libxml2-devel-2.5.4-1.2.91mdk", release:"MDK9.1", yank:"mdk") )
  60. {
  61.  security_hole(0);
  62.  exit(0);
  63. }
  64. if ( rpm_check( reference:"libxml2-python-2.5.4-1.2.91mdk", release:"MDK9.1", yank:"mdk") )
  65. {
  66.  security_hole(0);
  67.  exit(0);
  68. }
  69. if ( rpm_check( reference:"libxml2-utils-2.5.4-1.2.91mdk", release:"MDK9.1", yank:"mdk") )
  70. {
  71.  security_hole(0);
  72.  exit(0);
  73. }
  74. if ( rpm_check( reference:"libxml2-2.5.11-1.2.92mdk", release:"MDK9.2", yank:"mdk") )
  75. {
  76.  security_hole(0);
  77.  exit(0);
  78. }
  79. if ( rpm_check( reference:"libxml2-devel-2.5.11-1.2.92mdk", release:"MDK9.2", yank:"mdk") )
  80. {
  81.  security_hole(0);
  82.  exit(0);
  83. }
  84. if ( rpm_check( reference:"libxml2-python-2.5.11-1.2.92mdk", release:"MDK9.2", yank:"mdk") )
  85. {
  86.  security_hole(0);
  87.  exit(0);
  88. }
  89. if ( rpm_check( reference:"libxml2-utils-2.5.11-1.2.92mdk", release:"MDK9.2", yank:"mdk") )
  90. {
  91.  security_hole(0);
  92.  exit(0);
  93. }
  94. if (rpm_exists(rpm:"libxml2-", release:"MDK9.1")
  95.  || rpm_exists(rpm:"libxml2-", release:"MDK9.2") )
  96. {
  97.  set_kb_item(name:"CAN-2004-0110", value:TRUE);
  98. }
  99.