Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2002-061.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : glibc (MDKSA-2002:061)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
31

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.85 High

EPSS

Percentile

98.6%

JSON

A heap buffer overflow exists in the XDR decoder in glibc version 2.2.5 and earlier. XDR is a mechanism for encoding data structures for use with RPC, which is derived from Sun’s RPC implementation which is likewise vulnerable to a heap overflow. Depending on the application, this vulnerability may be exploitable and could lead to arbitrary code execution. Thanks to Solar Designer for the patches used to correct this vulnerability.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2002:061. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(13962);
  script_version("1.20");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2002-0391");
  script_xref(name:"MDKSA", value:"2002:061");

  script_name(english:"Mandrake Linux Security Advisory : glibc (MDKSA-2002:061)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A heap buffer overflow exists in the XDR decoder in glibc version
2.2.5 and earlier. XDR is a mechanism for encoding data structures for
use with RPC, which is derived from Sun's RPC implementation which is
likewise vulnerable to a heap overflow. Depending on the application,
this vulnerability may be exploitable and could lead to arbitrary code
execution. Thanks to Solar Designer for the patches used to correct
this vulnerability."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://online.securityfocus.com/archive/1/285308"
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
  script_set_attribute(attribute:"canvas_package", value:'CANVAS');

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc-profile");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:glibc_lsb");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:kernel-headers");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ldconfig");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:nscd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:7.2");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.1");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:8.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2002/09/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-2.1.3-21.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-devel-2.1.3-21.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"glibc-profile-2.1.3-21.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.1", cpu:"i386", reference:"nscd-2.1.3-21.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-2.1.3-21.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-devel-2.1.3-21.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"glibc-profile-2.1.3-21.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK7.2", cpu:"i386", reference:"nscd-2.1.3-21.2mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-2.2.2-8.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-devel-2.2.2-8.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"glibc-profile-2.2.2-8.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"ldconfig-2.2.2-8.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.0", cpu:"i386", reference:"nscd-2.2.2-8.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-2.2.4-11.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-devel-2.2.4-11.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc-profile-2.2.4-11.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"glibc_lsb-2.2.90-8.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"ldconfig-2.2.4-11.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.1", cpu:"i386", reference:"nscd-2.2.4-11.1mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-2.2.4-26.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-devel-2.2.4-26.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc-profile-2.2.4-26.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"glibc_lsb-2.2.90-8.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"kernel-headers-2.4.18-26.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"ldconfig-2.2.4-26.1mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK8.2", cpu:"i386", reference:"nscd-2.2.4-26.1mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxglibcp-cpe:/a:mandriva:linux:glibc
mandrivalinuxglibc-develp-cpe:/a:mandriva:linux:glibc-devel
mandrivalinuxglibc-profilep-cpe:/a:mandriva:linux:glibc-profile
mandrivalinuxglibc_lsbp-cpe:/a:mandriva:linux:glibc_lsb
mandrivalinuxkernel-headersp-cpe:/a:mandriva:linux:kernel-headers
mandrivalinuxldconfigp-cpe:/a:mandriva:linux:ldconfig
mandrivalinuxnscdp-cpe:/a:mandriva:linux:nscd
mandrakesoftmandrake_linux7.1cpe:/o:mandrakesoft:mandrake_linux:7.1
mandrakesoftmandrake_linux7.2cpe:/o:mandrakesoft:mandrake_linux:7.2
mandrakesoftmandrake_linux8.0cpe:/o:mandrakesoft:mandrake_linux:8.0
Rows per page:
1-10 of 121

Related

cve 2
nessus 10
canvas 2
openvas 16
debian 9
debiancve 2
osv 5
cvelist 2
suse 1
nvd 2
securityvulns 2
cert 1
cve
cve
CVE-2002-0391
2003-04-02 05:00:00
CVE-2003-0028
2003-03-25 05:00:00
nessus
nessus
Debian DSA-333-1 : acm - integer overflow
2004-09-29 00:00:00
Sun rpc.cmsd Remote Overflow
2003-03-19 00:00:00
Mandrake Linux Security Advisory : krb5 (MDKSA-2002:057)
2004-07-31 00:00:00
canvas
canvas
Immunity Canvas: TTDB_XDRARRAY
2002-08-12 04:00:00
Immunity Canvas: CMSD_XDRARRAY
2002-08-12 00:00:00
openvas
openvas
Sun rpc.cmsd overflow
2005-11-03 00:00:00
Debian Security Advisory DSA 149-2 (glibc)
2008-01-17 00:00:00
Debian Security Advisory DSA 333-1 (acm)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 149-1] New glibc packages fix security related problems
2002-08-13 08:21:57
[SECURITY] [DSA 149-1] New glibc packages fix security related problems
2002-08-13 08:21:57
[SECURITY] [DSA 146-2] New dietlibc packages fix integer overflows
2002-08-08 19:08:58
debiancve
debiancve
CVE-2002-0391
2003-04-02 05:00:00
CVE-2003-0028
2003-03-25 05:00:00
osv
osv
krb5 - integer overflow
2002-08-05 00:00:00
dietlibc - integer overflow
2002-08-08 00:00:00
acm - integer overflow
2003-06-27 00:00:00
cvelist
cvelist
CVE-2002-0391
2003-04-02 05:00:00
CVE-2003-0028
2003-03-21 05:00:00
suse
suse
local/remote privilege escalation in glibc
2002-08-30 17:06:11
nvd
nvd
CVE-2002-0391
2002-08-12 04:00:00
CVE-2003-0028
2003-03-25 05:00:00
securityvulns
securityvulns
Advisory CA-2002-25 Integer Overflow In XDR Library
2002-08-06 00:00:00
RUS-CERT Advisory 2002-08:02: Flaw in calloc and similar routines
2002-08-08 00:00:00
cert
cert
Integer overflow in xdr_array() function when deserializing the XDR stream
2002-08-01 00:00:00

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.85 High

EPSS

Percentile

98.6%

JSON
Related for MANDRAKE_MDKSA-2002-061.NASL
cve2nessus10canvas2openvas16debian9debiancve2osv5cvelist2suse1nvd2securityvulns2cert1