Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-173.NASL
HistoryJan 15, 2006 - 12:00 a.m.

Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2005:173)

2006-01-1500:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
10
JSON

New updates are available for Mozilla Firefox :

A regression in the LE2005 Firefox package caused problems with cursor movement that has been fixed.

The run-mozilla.sh script, with debugging enabled, would allow local users to create or overwrite arbitrary files via a symlink attack on temporary files (CVE-2005-2353).

nsScriptSecurityManager::GetBaseURIScheme didn’t handle jar:view-source:… correctly because the jar: and view-source: cases didn’t use recursion as they were supposed to. This was corrected in Firefox 1.0.4 and only affects the LE2005 package.

The updated packages have been patched to correct these issues.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2005:173. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(20427);
  script_version("1.14");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2005-2353");
  script_xref(name:"MDKSA", value:"2005:173");

  script_name(english:"Mandrake Linux Security Advisory : mozilla-firefox (MDKSA-2005:173)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"New updates are available for Mozilla Firefox :

A regression in the LE2005 Firefox package caused problems with cursor
movement that has been fixed.

The run-mozilla.sh script, with debugging enabled, would allow local
users to create or overwrite arbitrary files via a symlink attack on
temporary files (CVE-2005-2353).

nsScriptSecurityManager::GetBaseURIScheme didn't handle
jar:view-source:... correctly because the jar: and view-source: cases
didn't use recursion as they were supposed to. This was corrected in
Firefox 1.0.4 and only affects the LE2005 package.

The updated packages have been patched to correct these issues."
  );
  script_set_attribute(attribute:"solution", value:"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nspr4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:lib64nss3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnspr4-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libnss3-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-firefox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mozilla-firefox-devel");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");

  script_set_attribute(attribute:"patch_publication_date", value:"2005/10/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64nspr4-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64nspr4-devel-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64nss3-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"x86_64", reference:"lib64nss3-devel-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnspr4-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnspr4-devel-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnss3-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", cpu:"i386", reference:"libnss3-devel-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"mozilla-firefox-1.0.2-10.1.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK10.2", reference:"mozilla-firefox-devel-1.0.2-10.1.102mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64nspr4-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64nspr4-devel-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64nss3-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"x86_64", reference:"lib64nss3-devel-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libnspr4-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libnspr4-devel-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libnss3-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", cpu:"i386", reference:"libnss3-devel-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"mozilla-firefox-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"mozilla-firefox-devel-1.0.6-16.1.20060mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
  else security_note(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxlib64nspr4p-cpe:/a:mandriva:linux:lib64nspr4
mandrivalinuxlib64nspr4-develp-cpe:/a:mandriva:linux:lib64nspr4-devel
mandrivalinuxlib64nss3p-cpe:/a:mandriva:linux:lib64nss3
mandrivalinuxlib64nss3-develp-cpe:/a:mandriva:linux:lib64nss3-devel
mandrivalinuxlibnspr4p-cpe:/a:mandriva:linux:libnspr4
mandrivalinuxlibnspr4-develp-cpe:/a:mandriva:linux:libnspr4-devel
mandrivalinuxlibnss3p-cpe:/a:mandriva:linux:libnss3
mandrivalinuxlibnss3-develp-cpe:/a:mandriva:linux:libnss3-devel
mandrivalinuxmozilla-firefoxp-cpe:/a:mandriva:linux:mozilla-firefox
mandrivalinuxmozilla-firefox-develp-cpe:/a:mandriva:linux:mozilla-firefox-devel
Rows per page:
1-10 of 121

Related

debiancve 1
cve 1
ubuntucve 1
nessus 4
ubuntu 1
openvas 4
osv 2
debian 4
debiancve
debiancve
CVE-2005-2353
2005-08-05 04:00:00
cve
cve
CVE-2005-2353
2005-08-05 04:00:00
ubuntucve
ubuntucve
CVE-2005-2353
2005-08-05 00:00:00
nessus
nessus
Ubuntu 4.10 / 5.04 : mozilla-thunderbird vulnerabilities (USN-157-1)
2006-01-15 00:00:00
Mandrake Linux Security Advisory : mozilla-thunderbird (MDKSA-2005:174)
2006-01-15 00:00:00
Debian DSA-1051-1 : mozilla-thunderbird - several vulnerabilities
2006-10-14 00:00:00
ubuntu
ubuntu
Mozilla Thunderbird vulnerabilities
2005-08-01 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-1051-1)
2008-01-17 00:00:00
Debian Security Advisory DSA 1051-1 (mozilla-thunderbird)
2008-01-17 00:00:00
Debian Security Advisory DSA 1046-1 (mozilla)
2008-01-17 00:00:00
osv
osv
mozilla-thunderbird - several vulnerabilities
2006-05-04 00:00:00
mozilla - several
2006-04-27 00:00:00
debian
debian
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
2006-05-04 08:20:07
[SECURITY] [DSA 1051-1] New Mozilla Thunderbird packages fix several vulnerabilities
2006-05-04 08:20:07
[SECURITY] [DSA 1046-1] New Mozilla packages fix several vulnerabilities
2006-04-27 07:08:35
JSON
Related for MANDRAKE_MDKSA-2005-173.NASL
debiancve1cve1ubuntucve1nessus4ubuntu1openvas4osv2debian4