Lucene search

K

Mandrake Linux Security Advisory : xli (MDKSA-2005:076)

🗓️ 21 Apr 2005 00:00:00Reported by This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.Type 
nessus
 nessus
🔗 www.tenable.com👁 18 Views

Mandrake Linux Security Advisory for xli image viewer. Fixes vulnerabilities in handling compressed images and image property validation leading to buffer management error

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
OpenVAS
Debian Security Advisory DSA 694-1 (xloadimage)
17 Jan 200800:00
openvas
OpenVAS
Debian: Security Advisory (DSA-694-1)
17 Jan 200800:00
openvas
OpenVAS
Debian: Security Advisory (DSA-695-1)
17 Jan 200800:00
openvas
OpenVAS
Debian Security Advisory DSA 695-1 (xli)
17 Jan 200800:00
openvas
OpenVAS
FreeBSD Ports: xli
4 Sep 200800:00
openvas
OpenVAS
FreeBSD Ports: xli
4 Sep 200800:00
openvas
OpenVAS
FreeBSD Ports: xli
4 Sep 200800:00
openvas
OpenVAS
FreeBSD Ports: xli
4 Sep 200800:00
openvas
Tenable Nessus
Debian DSA-694-1 : xloadimage - missing input sanitising, integer overflow
21 Mar 200500:00
nessus
Tenable Nessus
GLSA-200503-05 : xli, xloadimage: Multiple vulnerabilities
4 Mar 200500:00
nessus
Rows per page
#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:076. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(18106);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-0638", "CVE-2005-0639");
  script_xref(name:"MDKSA", value:"2005:076");

  script_name(english:"Mandrake Linux Security Advisory : xli (MDKSA-2005:076)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities have been found in the xli image viewer.
Tavis Ormandy of the Gentoo Linux Security Audit Team discovered a
flaw in the handling of compressed images where shell meta-characters
are not properly escaped (CVE-2005-0638). It was also found that
insufficient validation of image properties could potentially result
in buffer management errors (CVE-2005-0639).

The updated packages have been patched to correct these problems."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected xli package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xli");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/04/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/21");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", reference:"xli-1.17.0-8.1.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"xli-1.17.0-8.1.102mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
21 Apr 2005 00:00Current
6.7Medium risk
Vulners AI Score6.7
CVSS27.5
EPSS0.019
18
.json
Report