Mandrake Linux Security Advisory : leafnode (MDKSA-2005:114)

2005-07-12T00:00:00
ID MANDRAKE_MDKSA-2005-114.NASL
Type nessus
Reporter Tenable
Modified 2018-07-19T00:00:00

Description

A number of vulnerabilities in the leafnode NNTP server package have been found :

A vulnerability in the fetchnews program that could under some circumstances cause a wait for input that never arrives, which in turn would cause fetchnews to hang (CVE-2004-2068).

Two vulnerabilities in the fetchnews program can cause fetchnews to crash when the upstream server closes the connection and leafnode is receiving an article header or an article body, which prevent leafnode from querying other servers that are listed after that particular server in the configuration file (CVE-2005-1453).

Finally, another vulnerability in the fetchnews program could also cuase a wait for input that never arrives, causing fetchnews to hang (CVE-2005-1911).

The updated packages have been patched to correct this problem.

                                        
                                            #%NASL_MIN_LEVEL 70103

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:114. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(18676);
  script_version ("1.16");
  script_cvs_date("Date: 2018/07/19 20:59:13");

  script_cve_id("CVE-2004-2068", "CVE-2005-1453", "CVE-2005-1911");
  script_xref(name:"MDKSA", value:"2005:114");

  script_name(english:"Mandrake Linux Security Advisory : leafnode (MDKSA-2005:114)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A number of vulnerabilities in the leafnode NNTP server package have
been found :

A vulnerability in the fetchnews program that could under some
circumstances cause a wait for input that never arrives, which in turn
would cause fetchnews to hang (CVE-2004-2068).

Two vulnerabilities in the fetchnews program can cause fetchnews to
crash when the upstream server closes the connection and leafnode is
receiving an article header or an article body, which prevent leafnode
from querying other servers that are listed after that particular
server in the configuration file (CVE-2005-1453).

Finally, another vulnerability in the fetchnews program could also
cuase a wait for input that never arrives, causing fetchnews to hang
(CVE-2005-1911).

The updated packages have been patched to correct this problem."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected leafnode package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:leafnode");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/07/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/12");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", reference:"leafnode-1.10.4-1.1.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"leafnode-1.10.4-1.1.102mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");