Mandrake Linux Security Advisory : tcpdump (MDKSA-2001:056)

2004-07-31T00:00:00
ID MANDRAKE_MDKSA-2001-056.NASL
Type nessus
Reporter Tenable
Modified 2018-07-19T00:00:00

Description

A number of remote buffer overflows were discovered in the tcpdump package that would allow a remote attack of the local tcpdump process. Intrusion detection using tcpdump would no longer be useful due to the attack stoping all network activity on the system. As well, this new version of tcpdump fixes the vulnerability with decoding AFS ACL packets which would allow a remote attacker to run arbitrary code on the local system with root privilege.

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2001:056. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(13873);
  script_version ("1.14");
  script_cvs_date("Date: 2018/07/19 20:59:12");

  script_xref(name:"MDKSA", value:"2001:056");

  script_name(english:"Mandrake Linux Security Advisory : tcpdump (MDKSA-2001:056)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of remote buffer overflows were discovered in the tcpdump
package that would allow a remote attack of the local tcpdump process.
Intrusion detection using tcpdump would no longer be useful due to the
attack stoping all network activity on the system. As well, this new
version of tcpdump fixes the vulnerability with decoding AFS ACL
packets which would allow a remote attacker to run arbitrary code on
the local system with root privilege."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.ciac.org/ciac/bulletins/l-015.shtml"
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected tcpdump package."
  );
  script_set_attribute(attribute:"risk_factor", value:"High");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:tcpdump");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2001/06/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2018 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"tcpdump-3.6.2-1.2mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"tcpdump-3.6.2-1.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"tcpdump-3.6.2-1.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");