Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2007-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2006-178.NASL
HistoryFeb 18, 2007 - 12:00 a.m.

Mandrake Linux Security Advisory : ntp (MDKSA-2006:178)

2007-02-1800:00:00
This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.
www.tenable.com
11
JSON

Openssl recently had several vulnerabilities which were patched (CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built against a static copy of the SSL libraries. As a precaution an updated copy built against the new libraries in being made available.

#%NASL_MIN_LEVEL 70300

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:178. 
# The text itself is copyright (C) Mandriva S.A.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(24564);
  script_version("1.19");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");

  script_cve_id("CVE-2006-2937", "CVE-2006-2940", "CVE-2006-3738", "CVE-2006-4339", "CVE-2006-4343", "CVE-2006-5201", "CVE-2006-7140", "CVE-2007-5135");
  script_bugtraq_id(19849, 20246, 20248, 20249);
  script_xref(name:"MDKSA", value:"2006:178");

  script_name(english:"Mandrake Linux Security Advisory : ntp (MDKSA-2006:178)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Openssl recently had several vulnerabilities which were patched
(CVE-2006-2937,2940,3738,4339, 4343). Some versions of ntp are built
against a static copy of the SSL libraries. As a precaution an updated
copy built against the new libraries in being made available."
  );
  script_set_attribute(
    attribute:"solution", 
    value:"Update the affected ntp and / or ntp-client packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");
  script_cwe_id(119, 189, 310, 399);

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ntp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:ntp-client");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/10/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2006.0", reference:"ntp-4.2.0-21.2.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"ntp-client-4.2.0-21.2.20060mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2007.0", reference:"ntp-4.2.0-31.2mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"ntp-client-4.2.0-31.2mdv2007.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
mandrivalinuxntpp-cpe:/a:mandriva:linux:ntp
mandrivalinuxntp-clientp-cpe:/a:mandriva:linux:ntp-client
mandrivalinux2006cpe:/o:mandriva:linux:2006
mandrivalinux2007cpe:/o:mandriva:linux:2007

Related

nessus 76
openvas 73
f5 5
oraclelinux 2
centos 2
debian 4
altlinux 3
freebsd_advisory 2
slackware 3
ubuntu 2
gentoo 3
osv 2
redhat 4
suse 1
freebsd 1
securityvulns 4
cve 3
prion 1
ubuntucve 2
checkpoint_advisories 2
debiancve 1
vmware 2
cbl_mariner 1
nessus
nessus
Mandrake Linux Security Advisory : MySQL (MDKSA-2006:177)
2007-02-18 00:00:00
Solaris 10 (x86) : 121230-02
2018-03-12 00:00:00
Solaris 10 (x86) : 121230-02
2005-12-07 00:00:00
openvas
openvas
Solaris Update for kernel 127127-11
2009-06-03 00:00:00
Solaris Update for kernel 127127-11
2009-06-03 00:00:00
Solaris Update for bootconfchk 123377-01
2009-06-03 00:00:00
f5
f5
SOL8106 - OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135
2007-11-15 00:00:00
K8106 : OpenSSL SSL_get_shared_ciphers vulnerability CVE-2007-5135
2013-03-27 00:00:00
K6734 : Local OpenSSL vulnerabilities VU#547300 and VU#386964, CAN-2006-3738, CAN-2006-2940, CAN-2006-2937, CAN-2006-4343
2013-03-27 00:00:00
oraclelinux
oraclelinux
Important openssl security update
2006-11-30 00:00:00
Important openssl security update
2006-11-30 00:00:00
centos
centos
openssl, openssl096b security update
2006-09-29 03:35:21
openssl, openssl095a, openssl096 security update
2006-10-02 01:43:05
debian
debian
[SECURITY] [DSA 1185-1] New openssl packages fix denial of service
2006-09-28 17:28:09
[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service
2006-10-10 20:35:20
[SECURITY] [DSA 1195-1] new openssl096 packages fix denial of service
2006-10-10 20:35:20
altlinux
altlinux
Security fix for the ALT Linux 8 package openssl10 version 0.9.7g-alt5
2006-09-27 00:00:00
Security fix for the ALT Linux 9 package openssl1.1 version 0.9.7g-alt5
2006-09-27 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 0.9.7g-alt5
2006-09-27 00:00:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-06:23.openssl
2006-09-28 00:00:00
FreeBSD-SA-07:08.openssl
2007-10-03 00:00:00
slackware
slackware
[slackware-security] openssl
2006-09-29 07:57:13
[slackware-security] bind
2006-11-07 06:26:27
[slackware-security] openssl
2006-09-14 22:05:20
ubuntu
ubuntu
openssl vulnerabilities
2006-09-29 00:00:00
OpenSSL vulnerability
2006-09-05 00:00:00
gentoo
gentoo
AMD64 x86 emulation base libraries: OpenSSL multiple vulnerabilities
2006-12-11 00:00:00
OpenSSL: Multiple vulnerabilities
2006-10-24 00:00:00
OpenSSL: Multiple vulnerabilities
2007-10-07 00:00:00
osv
osv
openssl
2006-09-28 00:00:00
openssl096
2006-10-10 00:00:00
redhat
redhat
(RHSA-2006:0695) openssl security update
2006-09-28 00:00:00
(RHSA-2008:0525) Moderate: Red Hat Network Satellite Server Solaris client security update
2008-06-30 00:00:00
(RHSA-2008:0629) Moderate: Red Hat Network Satellite Server Solaris client security update
2008-08-13 00:00:00
suse
suse
remote denial of service in openssl
2006-09-28 16:40:53
freebsd
freebsd
OpenSSL -- Multiple problems in crypto(3)
2006-09-28 00:00:00
securityvulns
securityvulns
[OpenPKG-SA-2006.021] OpenPKG Security Advisory (openssl)
2006-09-29 00:00:00
VMSA-2008-0005 Updated VMware Workstation, VMware Player, VMware Server, VMware ACE, and VMware Fusion resolve critical security issues
2008-03-18 00:00:00
OpenSSL Security Advisory [5th September 2006] RSA Signature Forgery (CVE-2006-4339)
2006-09-05 00:00:00
cve
cve
CVE-2006-7140
2007-03-07 20:19:00
CVE-2007-5135
2007-09-27 20:17:00
CVE-2006-5201
2006-10-10 04:06:00
prion
prion
Buffer overflow
2007-09-27 20:17:00
ubuntucve
ubuntucve
CVE-2007-5135
2007-09-27 00:00:00
CVE-2006-5201
2006-10-10 00:00:00
checkpoint_advisories
checkpoint_advisories
OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow (CVE-2006-3738; CVE-2007-5135)
2008-01-20 00:00:00
Update Protection against OpenSSL RSA Key Signature Forgery Vulnerability
2006-11-13 00:00:00
debiancve
debiancve
CVE-2007-5135
2007-09-27 20:17:00
vmware
vmware
Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line
2008-03-17 00:00:00
Several critical security vulnerabilities have been addressed in the newest releases of VMware's hosted product line
2008-03-17 00:00:00
cbl_mariner
cbl_mariner
CVE-2006-5201 affecting package nss 3.44-2
2022-01-10 03:59:22
JSON
Related for MANDRAKE_MDKSA-2006-178.NASL
nessus76openvas73f55oraclelinux2centos2debian4altlinux3freebsd_advisory2slackware3ubuntu2gentoo3osv2redhat4suse1freebsd1securityvulns4cve3prion1ubuntucve2checkpoint_advisories2debiancve1vmware2cbl_mariner1