Mandriva Update for wml MDVSA-2008:076 (wml). Two vulnerabilities in Website META Language package patched
Reporter | Title | Published | Views | Family All 28 |
---|---|---|---|---|
![]() | [SECURITY] [DSA 1492-1] New wml packages fix denial of service | 12 Feb 200800:00 | – | securityvulns |
![]() | [ GLSA 200803-23 ] Website META Language: Insecure temporary file usage | 17 Mar 200800:00 | – | securityvulns |
![]() | WML symbolic links vulnerability | 12 Feb 200800:00 | – | securityvulns |
![]() | Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl) | 17 Mar 200800:00 | – | securityvulns |
![]() | Mandriva Update for wml MDVSA-2008:076 (wml) | 9 Apr 200900:00 | – | openvas |
![]() | Gentoo Security Advisory GLSA 200803-23 (wml) | 24 Sep 200800:00 | – | openvas |
![]() | Debian Security Advisory DSA 1492-1 (wml) | 15 Feb 200800:00 | – | openvas |
![]() | Gentoo Security Advisory GLSA 200803-23 (wml) | 24 Sep 200800:00 | – | openvas |
![]() | Debian: Security Advisory (DSA-1492-1) | 15 Feb 200800:00 | – | openvas |
![]() | wml | 10 Feb 200800:00 | – | osv |
###############################################################################
# OpenVAS Vulnerability Test
#
# Mandriva Update for wml MDVSA-2008:076 (wml)
#
# Authors:
# System Generated Check
#
# Copyright:
# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
include("revisions-lib.inc");
tag_insight = "Two vulnerabilities were found in the Website META Language (WML)
package that allowed local users to overwrite arbitrary files via
symlink attacks.
The updated packages have been patched to correct these issues.";
tag_affected = "wml on Mandriva Linux 2007.1,
Mandriva Linux 2007.1/X86_64,
Mandriva Linux 2008.0,
Mandriva Linux 2008.0/X86_64";
tag_solution = "Please Install the Updated Packages.";
if(description)
{
script_xref(name : "URL" , value : "http://lists.mandriva.com/security-announce/2008-03/msg00029.php");
script_oid("1.3.6.1.4.1.25623.1.0.830720");
script_version("$Revision: 9370 $");
script_tag(name:"last_modification", value:"$Date: 2018-04-06 10:53:14 +0200 (Fri, 06 Apr 2018) $");
script_tag(name:"creation_date", value:"2009-04-09 14:18:58 +0200 (Thu, 09 Apr 2009)");
script_tag(name:"cvss_base", value:"3.6");
script_tag(name:"cvss_base_vector", value:"AV:L/AC:L/Au:N/C:N/I:P/A:P");
script_xref(name: "MDVSA", value: "2008:076");
script_cve_id("CVE-2008-0665", "CVE-2008-0666");
script_name( "Mandriva Update for wml MDVSA-2008:076 (wml)");
script_tag(name:"summary", value:"Check for the Version of wml");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
script_family("Mandrake Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/mandriva_mandrake_linux", "ssh/login/release");
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "insight" , value : tag_insight);
script_tag(name:"qod_type", value:"package");
script_tag(name:"solution_type", value:"VendorFix");
exit(0);
}
include("pkg-lib-rpm.inc");
release = get_kb_item("ssh/login/release");
res = "";
if(release == NULL){
exit(0);
}
if(release == "MNDK_2007.1")
{
if ((res = isrpmvuln(pkg:"wml", rpm:"wml~2.0.11~1.1mdv2007.1", rls:"MNDK_2007.1")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
if(release == "MNDK_2008.0")
{
if ((res = isrpmvuln(pkg:"wml", rpm:"wml~2.0.11~1.1mdv2008.0", rls:"MNDK_2008.0")) != NULL)
{
security_message(data:res);
exit(0);
}
if (__pkg_match) exit(99); # Not vulnerable.
exit(0);
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo