7.2 High
AI Score
Confidence
Low
10 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.5%
The remote host is missing an update to analog
announced via advisory DSA 033-1.
# SPDX-FileCopyrightText: 2008 E-Soft Inc.
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.53795");
script_cve_id("CVE-2001-0301");
script_version("2023-07-19T05:05:15+0000");
script_tag(name:"last_modification", value:"2023-07-19 05:05:15 +0000 (Wed, 19 Jul 2023)");
script_tag(name:"creation_date", value:"2008-01-17 14:24:38 +0100 (Thu, 17 Jan 2008)");
script_tag(name:"cvss_base", value:"10.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_name("Debian Security Advisory DSA 033-1 (analog)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2008 E-Soft Inc.");
script_family("Debian Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages", re:"ssh/login/release=DEB2\.2");
script_xref(name:"URL", value:"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20033-1");
script_tag(name:"insight", value:"The author of analog, Stephen Turner, has found a buffer overflow bug
in all versions of analog except of version 4.16. A malicious user
could use an ALIAS command to construct very long strings which were
not checked for length and boundaries. This bug is particularly
dangerous if the form interface (which allows unknown users to run the
program via a CGI script) has been installed. There doesn't seem to
be a known exploit.
The bugfix has been backported to the version of analog from Debian
2.2. Version 4.01-1potato1 is fixed.
We recommend you upgrade your analog packages immediately.");
script_tag(name:"summary", value:"The remote host is missing an update to analog
announced via advisory DSA 033-1.");
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-deb.inc");
res = "";
report = "";
if((res = isdpkgvuln(pkg:"analog", ver:"4.01-1potato1", rls:"DEB2.2")) != NULL) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}