Mandrake Linux Security Advisory : dhcpcd (MDKSA-2005:117)

2005-07-1300:00:00

www.tenable.com

‘infamous42md’ discovered that the dhcpcd DHCP client could be tricked into reading past the end of the supplied DHCP buffer, which could lead to the daemon crashing.

The updated packages have been patched to address this issue.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:117. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(19191);
  script_version("1.18");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-1848");
  script_xref(name:"MDKSA", value:"2005:117");

  script_name(english:"Mandrake Linux Security Advisory : dhcpcd (MDKSA-2005:117)");
  script_summary(english:"Checks rpm output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Mandrake Linux host is missing a security update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"'infamous42md' discovered that the dhcpcd DHCP client could be tricked
into reading past the end of the supplied DHCP buffer, which could
lead to the daemon crashing.

The updated packages have been patched to address this issue."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected dhcpcd package."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:dhcpcd");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/07/12");
  script_set_attribute(attribute:"plugin_publication_date", value:"2005/07/13");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2005-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.1", reference:"dhcpcd-1.3.22pl4-4.1.101mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK10.2", reference:"dhcpcd-1.3.22pl4-4.1.102mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
mandrivalinuxdhcpcdp-cpe:/a:mandriva:linux:dhcpcd
mandrakesoftmandrake_linux10.1cpe:/o:mandrakesoft:mandrake_linux:10.1
mandrakesoftmandrake_linuxle2005x-cpe:/o:mandrakesoft:mandrake_linux:le2005

Vendor	Product	Version	CPE
mandriva	linux	dhcpcd	p-cpe:/a:mandriva:linux:dhcpcd
mandrakesoft	mandrake_linux	10.1	cpe:/o:mandrakesoft:mandrake_linux:10.1
mandrakesoft	mandrake_linux	le2005	x-cpe:/o:mandrakesoft:mandrake_linux:le2005