Lucene search
Mandriva Linux Security Advisory : wml (MDVSA-2008:076)
🗓️ 23 Apr 2009 00:00:00Reported by This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.Type 
nessus🔗 www.tenable.com👁 17 Views
Mandriva Linux Security Advisory for WML package updat
Show more
| Reporter | Title | Published | Views | Family All 28 |
|---|---|---|---|---|
| GLSA-200803-23 : Website META Language: Insecure temporary file usage | 17 Mar 200800:00 | – | nessus |
| Debian DSA-1492-1 : wml - insecure temporary files | 11 Feb 200800:00 | – | nessus |
 | Mandriva Update for wml MDVSA-2008:076 (wml) | 9 Apr 200900:00 | – | openvas |
| Gentoo Security Advisory GLSA 200803-23 (wml) | 24 Sep 200800:00 | – | openvas |
| Debian Security Advisory DSA 1492-1 (wml) | 15 Feb 200800:00 | – | openvas |
| Debian: Security Advisory (DSA-1492-1) | 15 Feb 200800:00 | – | openvas |
| Gentoo Security Advisory GLSA 200803-23 (wml) | 24 Sep 200800:00 | – | openvas |
| Mandriva Update for wml MDVSA-2008:076 (wml) | 9 Apr 200900:00 | – | openvas |
 | wml | 10 Feb 200800:00 | – | osv |
 | [SECURITY] [DSA 1492-1] New wml packages fix denial of service | 12 Feb 200800:00 | – | securityvulns |
10
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandriva Linux Security Advisory MDVSA-2008:076.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(37681);
script_version("1.13");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2008-0665", "CVE-2008-0666");
script_xref(name:"MDVSA", value:"2008:076");
script_name(english:"Mandriva Linux Security Advisory : wml (MDVSA-2008:076)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandriva Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Two vulnerabilities were found in the Website META Language (WML)
package that allowed local users to overwrite arbitrary files via
symlink attacks.
The updated packages have been patched to correct these issues."
);
script_set_attribute(attribute:"solution", value:"Update the affected wml package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:P/A:P");
script_cwe_id(59);
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:wml");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007.1");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2008.0");
script_set_attribute(attribute:"patch_publication_date", value:"2008/03/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2009/04/23");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2009-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK2007.1", reference:"wml-2.0.11-1.1mdv2007.1", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2008.0", reference:"wml-2.0.11-1.1mdv2008.0", yank:"mdv")) flag++;
if (flag)
{
if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
else security_note(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo23 Apr 2009 00:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS23.6
EPSS0.0004