Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2004-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2004-032.NASL
HistoryJul 31, 2004 - 12:00 a.m.

Mandrake Linux Security Advisory : libneon (MDKSA-2004:032)

2004-07-3100:00:00
This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.
www.tenable.com
12
JSON

A number of various format string vulnerabilities were discovered in the error output handling of Neon, the HTTP and WebDAV client library, by Thomas Wana. These problems affect all versions of Neon from 0.19.0 up to and including 0.24.4.

All users are encouraged to upgrade. All client software using this library is affected.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2004:032. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(14131);
  script_version("1.17");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2004-0179");
  script_xref(name:"MDKSA", value:"2004:032");

  script_name(english:"Mandrake Linux Security Advisory : libneon (MDKSA-2004:032)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of various format string vulnerabilities were discovered in
the error output handling of Neon, the HTTP and WebDAV client library,
by Thomas Wana. These problems affect all versions of Neon from 0.19.0
up to and including 0.24.4.

All users are encouraged to upgrade. All client software using this
library is affected."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64neon0.24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64neon0.24-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64neon0.24-static-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libneon0.24");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libneon0.24-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libneon0.24-static-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2");

  script_set_attribute(attribute:"patch_publication_date", value:"2004/04/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libneon0.24-0.24.5-0.1.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libneon0.24-devel-0.24.5-0.1.100mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.0", cpu:"i386", reference:"libneon0.24-static-devel-0.24.5-0.1.100mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64neon0.24-0.24.5-0.1.92mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64neon0.24-devel-0.24.5-0.1.92mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", cpu:"amd64", reference:"lib64neon0.24-static-devel-0.24.5-0.1.92mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libneon0.24-0.24.5-0.1.92mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libneon0.24-devel-0.24.5-0.1.92mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.2", cpu:"i386", reference:"libneon0.24-static-devel-0.24.5-0.1.92mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64neon0.24p-cpe:/a:mandriva:linux:lib64neon0.24
mandrivalinuxlib64neon0.24-develp-cpe:/a:mandriva:linux:lib64neon0.24-devel
mandrivalinuxlib64neon0.24-static-develp-cpe:/a:mandriva:linux:lib64neon0.24-static-devel
mandrivalinuxlibneon0.24p-cpe:/a:mandriva:linux:libneon0.24
mandrivalinuxlibneon0.24-develp-cpe:/a:mandriva:linux:libneon0.24-devel
mandrivalinuxlibneon0.24-static-develp-cpe:/a:mandriva:linux:libneon0.24-static-devel
mandrakesoftmandrake_linux10.0cpe:/o:mandrakesoft:mandrake_linux:10.0
mandrakesoftmandrake_linux9.2cpe:/o:mandrakesoft:mandrake_linux:9.2

Related

openvas 5
nessus 9
redhat 2
gentoo 3
debian 1
ubuntucve 1
securityvulns 8
freebsd 1
cve 1
osv 1
suse 10
cert 1
openvas
openvas
Debian Security Advisory DSA 487-1 (neon)
2008-01-17 00:00:00
Gentoo Security Advisory GLSA 200405-04 (openoffice)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200405-01 (neon)
2008-09-24 00:00:00
nessus
nessus
FreeBSD : neon format string vulnerabilities (127)
2004-07-06 00:00:00
RHEL 2.1 : cadaver (RHSA-2004:157)
2004-07-06 00:00:00
FreeBSD : neon format string vulnerabilities (84237895-8f39-11d8-8b29-0020ed76ef5a)
2009-04-23 00:00:00
redhat
redhat
(RHSA-2004:157) cadaver security update
2004-04-14 00:00:00
(RHSA-2004:160) openoffice.org security update
2004-04-14 00:00:00
gentoo
gentoo
Multiple format string vulnerabilities in cadaver
2004-04-19 00:00:00
Multiple format string vulnerabilities in neon 0.24.4 and earlier
2004-05-09 00:00:00
OpenOffice.org vulnerability when using DAV servers
2004-05-11 00:00:00
debian
debian
[SECURITY] [DSA 487-1] New neon packages fix format string vulnerabilities
2004-04-17 01:44:24
ubuntucve
ubuntucve
CVE-2004-0179
2004-06-01 00:00:00
securityvulns
securityvulns
[ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers
2004-05-12 00:00:00
[Full-Disclosure] [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon)
2004-04-17 00:00:00
[Full-Disclosure] [RHSA-2004:158-01] Updated cadaver package fixes security vulnerability in neon
2004-04-14 00:00:00
freebsd
freebsd
neon format string vulnerabilities
2004-04-14 00:00:00
cve
cve
CVE-2004-0179
2004-06-01 04:00:00
osv
osv
neon - format string
2004-04-16 00:00:00
suse
suse
remote system compromise in subversion
2004-06-17 09:42:39
remote system compromise in squid
2004-06-09 14:47:16
local denial-of-service attack in kernel
2004-06-16 14:13:55
cert
cert
Linux kernel fails to properly handle floating point signals generated by "fsave" and "frstor"
2004-06-15 00:00:00
JSON
Related for MANDRAKE_MDKSA-2004-032.NASL
openvas5nessus9redhat2gentoo3debian1ubuntucve1securityvulns8freebsd1cve1osv1suse10cert1