Slackware: Security Advisory (SSA:2006-081-01)

2012-09-1000:00:00
plugins.openvas.org
6.4 Medium
AI Score
Confidence
Low
0.94 High
EPSS
Percentile
99.1%
JSON
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2012 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.56478");
  script_cve_id("CVE-2006-0058");
  script_tag(name:"creation_date", value:"2012-09-10 23:34:21 +0000 (Mon, 10 Sep 2012)");
  script_version("2024-02-01T14:37:10+0000");
  script_tag(name:"last_modification", value:"2024-02-01 14:37:10 +0000 (Thu, 01 Feb 2024)");
  script_tag(name:"cvss_base", value:"7.6");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:C/I:C/A:C");

  script_name("Slackware: Security Advisory (SSA:2006-081-01)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2012 Greenbone AG");
  script_family("Slackware Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/slackware_linux", "ssh/login/slackpack", re:"ssh/login/release=SLK(10\.0|10\.1|10\.2|8\.1|9\.0|9\.1|current)");

  script_xref(name:"Advisory-ID", value:"SSA:2006-081-01");
  script_xref(name:"URL", value:"http://www.slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.619600");
  script_xref(name:"URL", value:"http://www.sendmail.com/company/advisory/index.shtml");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'sendmail' package(s) announced via the SSA:2006-081-01 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"New sendmail packages are available for Slackware 8.1, 9.0, 9.1, 10.0, 10.1,
10.2, and -current to fix a security issue.

Sendmail's advisory concerning this issue may be found here:
 [link moved to references]

This issue will appear in the Common Vulnerabilities and Exposures (CVE)
database at the following location:
 [link moved to references]


Here are the details from the Slackware 10.2 ChangeLog:
+--------------------------+
patches/packages/sendmail-8.13.6-i486-1.tgz: Upgraded to sendmail-8.13.6.
 This new version of sendmail contains a fix for a security problem
 discovered by Mark Dowd of ISS X-Force. From sendmail's advisory:
 Sendmail was notified by security researchers at ISS that, under some
 specific timing conditions, this vulnerability may permit a specifically
 crafted attack to take over the sendmail MTA process, allowing remote
 attackers to execute commands and run arbitrary programs on the system
 running the MTA, affecting email delivery, or tampering with other
 programs and data on this system. Sendmail is not aware of any public
 exploit code for this vulnerability. This connection-oriented
 vulnerability does not occur in the normal course of sending and
 receiving email. It is only triggered when specific conditions are
 created through SMTP connection layer commands.
 Sendmail's complete advisory may be found here:
 [link moved to references]
 The CVE entry for this issue may be found here:
 [link moved to references]
 (* Security fix *)
patches/packages/sendmail-cf-8.13.6-noarch-1.tgz:
 Upgraded to sendmail-8.13.6 configuration files.
+--------------------------+");

  script_tag(name:"affected", value:"'sendmail' package(s) on Slackware 8.1, Slackware 9.0, Slackware 9.1, Slackware 10.0, Slackware 10.1, Slackware 10.2, Slackware current.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-slack.inc");

release = slk_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "SLK10.0") {

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail", ver:"8.13.6-i486-1", rls:"SLK10.0"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail-cf", ver:"8.13.6-noarch-1", rls:"SLK10.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK10.1") {

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail", ver:"8.13.6-i486-1", rls:"SLK10.1"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail-cf", ver:"8.13.6-noarch-1", rls:"SLK10.1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK10.2") {

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail", ver:"8.13.6-i486-1", rls:"SLK10.2"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail-cf", ver:"8.13.6-noarch-1", rls:"SLK10.2"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK8.1") {

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail", ver:"8.13.6-i386-1", rls:"SLK8.1"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail-cf", ver:"8.13.6-noarch-1", rls:"SLK8.1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK9.0") {

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail", ver:"8.13.6-i386-1", rls:"SLK9.0"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail-cf", ver:"8.13.6-noarch-1", rls:"SLK9.0"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLK9.1") {

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail", ver:"8.13.6-i486-1", rls:"SLK9.1"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail-cf", ver:"8.13.6-noarch-1", rls:"SLK9.1"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

if(release == "SLKcurrent") {

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail", ver:"8.13.6-i486-1", rls:"SLKcurrent"))) {
    report += res;
  }

  if(!isnull(res = isslkpkgvuln(pkg:"sendmail-cf", ver:"8.13.6-noarch-1", rls:"SLKcurrent"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);