Lucene search
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2004-016.NASLHistoryJul 31, 2004 - 12:00 a.m.
Mandrake Linux Security Advisory : mtools (MDKSA-2004:016)
2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
6
Sebastian Krahmer found that the mformat program, when installed suid root, can create any file with 0666 permissions as root, and that it also does not drop privileges when reading local configuration files.
The updated packages remove the suid bit from mformat.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2004:016.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(14116);
script_version("1.18");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2004-2303");
script_xref(name:"MDKSA", value:"2004:016");
script_name(english:"Mandrake Linux Security Advisory : mtools (MDKSA-2004:016)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandrake Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Sebastian Krahmer found that the mformat program, when installed suid
root, can create any file with 0666 permissions as root, and that it
also does not drop privileges when reading local configuration files.
The updated packages remove the suid bit from mformat."
);
script_set_attribute(
attribute:"solution",
value:"Update the affected mtools package."
);
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mtools");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");
script_set_attribute(attribute:"patch_publication_date", value:"2004/02/25");
script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK9.2", reference:"mtools-3.9.9-2.1.92mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | mtools | p-cpe:/a:mandriva:linux:mtools |
| mandrakesoft | mandrake_linux | 9.2 | cpe:/o:mandrakesoft:mandrake_linux:9.2 |
Related for MANDRAKE_MDKSA-2004-016.NASL