[Openvas-commits] r12042 - trunk/openvas-plugins/scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Nov 8 16:37:54 CET 2011
Author: antu123
Date: 2011-11-08 16:37:51 +0100 (Tue, 08 Nov 2011)
New Revision: 12042
Added:
trunk/openvas-plugins/scripts/gb_fedora_2011_15117_tor_fc15.nasl
trunk/openvas-plugins/scripts/gb_fedora_2011_15241_kernel_fc14.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2011_068.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_165.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_166.nasl
trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_167.nasl
Log:
Added New LSC plugins
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_15117_tor_fc15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_15117_tor_fc15.nasl 2011-11-08 14:30:19 UTC (rev 12041)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_15117_tor_fc15.nasl 2011-11-08 15:37:51 UTC (rev 12042)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for tor FEDORA-2011-15117
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863607);
+ script_version("$Revision: $");
+ script_tag(name:"last_modification", value:"$Date: $");
+ script_tag(name:"creation_date", value:"2011-11-08 19:01:20 +0530 (Tue, 08 Nov 2011)");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "FEDORA", value: "2011-15117");
+ script_cve_id("CVE-2011-2768", "CVE-2011-2769");
+ script_name("Fedora Update for tor FEDORA-2011-15117");
+ desc = "
+
+ Vulnerability Insight:
+ Tor is a connection-based low-latency anonymous communication system.
+
+ Applications connect to the local Tor proxy using the SOCKS protocol. The
+ local proxy chooses a path through a set of relays, in which each relay
+ knows its predecessor and successor, but no others. Traffic flowing down
+ the circuit is unwrapped by a symmetric key at each relay, which reveals
+ the downstream relay.
+
+ Warnings: Tor does no protocol cleaning. That means there is a danger
+ that application protocols and associated programs can be induced to
+ reveal information about the initiator. Tor depends on Privoxy and
+ similar protocol cleaners to solve this problem. This is alpha code,
+ and is even more likely than released code to have anonymity-spoiling
+ bugs. The present network is very small -- this further reduces the
+ strength of the anonymity provided. Tor is not presently suitable for
+ high-stakes anonymity.
+
+
+ Affected Software/OS:
+ tor on Fedora 15
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068757.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of tor");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC15")
+{
+
+ if(isrpmvuln(pkg:"tor", rpm:"tor~0.2.1.31~1500.fc15", rls:"FC15"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
Added: trunk/openvas-plugins/scripts/gb_fedora_2011_15241_kernel_fc14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_fedora_2011_15241_kernel_fc14.nasl 2011-11-08 14:30:19 UTC (rev 12041)
+++ trunk/openvas-plugins/scripts/gb_fedora_2011_15241_kernel_fc14.nasl 2011-11-08 15:37:51 UTC (rev 12042)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Fedora Update for kernel FEDORA-2011-15241
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(863606);
+ script_version("$Revision: $");
+ script_tag(name:"last_modification", value:"$Date: $");
+ script_tag(name:"creation_date", value:"2011-11-08 19:07:44 +0530 (Tue, 08 Nov 2011)");
+ script_tag(name:"cvss_base", value:"8.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "FEDORA", value: "2011-15241");
+ script_cve_id("CVE-2011-4081", "CVE-2011-4077", "CVE-2011-1083", "CVE-2011-2699",
+ "CVE-2011-1161", "CVE-2011-3353", "CVE-2011-2918", "CVE-2011-3188",
+ "CVE-2011-2723", "CVE-2011-2928", "CVE-2011-3191", "CVE-2011-1833",
+ "CVE-2011-2905", "CVE-2011-2695", "CVE-2011-2497", "CVE-2011-2517",
+ "CVE-2011-1770", "CVE-2011-1494", "CVE-2011-1495", "CVE-2011-1745",
+ "CVE-2011-1746", "CVE-2010-4668", "CVE-2010-4073", "CVE-2010-4072",
+ "CVE-2010-3880", "CVE-2010-2962", "CVE-2010-3698", "CVE-2010-2963",
+ "CVE-2010-3904");
+ script_name("Fedora Update for kernel FEDORA-2011-15241");
+ desc = "
+
+ Vulnerability Insight:
+ The kernel package contains the Linux kernel (vmlinuz), the core of any
+ Linux operating system. The kernel handles the basic functions
+ of the operating system: memory allocation, process allocation, device
+ input and output, etc.
+
+
+ Affected Software/OS:
+ kernel on Fedora 14
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.fedoraproject.org/pipermail/package-announce/2011-November/068760.html
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of kernel");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Fedora Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "FC14")
+{
+
+ if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.35.14~103.fc14", rls:"FC14"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2011_068.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2011_068.nasl 2011-11-08 14:30:19 UTC (rev 12041)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVA_2011_068.nasl 2011-11-08 15:37:51 UTC (rev 12042)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for php-apc MDVA-2011:068 (php-apc)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(831486);
+ script_version("$Revision: $");
+ script_tag(name:"last_modification", value:"$Date: $");
+ script_tag(name:"creation_date", value:"2011-11-08 19:05:59 +0530 (Tue, 08 Nov 2011)");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "MDVA", value: "2011:068");
+ script_name("Mandriva Update for php-apc MDVA-2011:068 (php-apc)");
+ desc = "
+
+ Vulnerability Insight:
+
+ A regression was found with php-apc-3.1.9 and with php-5.3.8. The
+ updates packages has been patched to corrrect this issue.
+
+ Affected Software/OS:
+ php-apc on Mandriva Linux 2010.1,
+ Mandriva Linux 2010.1/X86_64
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.mandriva.com/security-announce/2011-11/msg00006.php
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of php-apc");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_2010.1")
+{
+
+ if(isrpmvuln(pkg:"php-apc", rpm:"php-apc~3.1.9~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-apc-admin", rpm:"php-apc-admin~3.1.9~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_165.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_165.nasl 2011-11-08 14:30:19 UTC (rev 12041)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_165.nasl 2011-11-08 15:37:51 UTC (rev 12042)
@@ -0,0 +1,669 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for php MDVSA-2011:165 (php)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(831484);
+ script_version("$Revision: $");
+ script_tag(name:"last_modification", value:"$Date: $");
+ script_tag(name:"creation_date", value:"2011-11-08 19:08:19 +0530 (Tue, 08 Nov 2011)");
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "MDVSA", value: "2011:165");
+ script_cve_id("CVE-2011-1148", "CVE-2011-1657", "CVE-2011-1938", "CVE-2011-2202",
+ "CVE-2011-2483", "CVE-2011-3182", "CVE-2011-3267", "CVE-2011-3268");
+ script_name("Mandriva Update for php MDVSA-2011:165 (php)");
+ desc = "
+
+ Vulnerability Insight:
+
+ Multiple vulnerabilities has been identified and fixed in php:
+
+ Use-after-free vulnerability in the substr_replace function in PHP
+ 5.3.6 and earlier allows context-dependent attackers to cause a
+ denial of service (memory corruption) or possibly have unspecified
+ other impact by using the same variable for multiple arguments
+ (CVE-2011-1148).
+
+ The (1) ZipArchive::addGlob and (2) ZipArchive::addPattern functions
+ in ext/zip/php_zip.c in PHP 5.3.6 allow context-dependent attackers
+ to cause a denial of service (application crash) via certain flags
+ arguments, as demonstrated by (a) GLOB_ALTDIRFUNC and (b) GLOB_APPEND
+ (CVE-2011-1657).
+
+ Stack-based buffer overflow in the socket_connect function in
+ ext/sockets/sockets.c in PHP 5.3.3 through 5.3.6 might allow
+ context-dependent attackers to execute arbitrary code via a long
+ pathname for a UNIX socket (CVE-2011-1938).
+
+ The rfc1867_post_handler function in main/rfc1867.c in PHP before
+ 5.3.7 does not properly restrict filenames in multipart/form-data
+ POST requests, which allows remote attackers to conduct absolute
+ path traversal attacks, and possibly create or overwrite arbitrary
+ files, via a crafted upload request, related to a file path injection
+ vulnerability. (CVE-2011-2202).
+
+ crypt_blowfish before 1.1, as used in PHP before 5.3.7 on certain
+ platforms, does not properly handle 8-bit characters, which makes
+ it easier for context-dependent attackers to determine a cleartext
+ password by leveraging knowledge of a password hash (CVE-2011-2483).
+
+ PHP before 5.3.7 does not properly check the return values of
+ the malloc, calloc, and realloc library functions, which allows
+ context-dependent attackers to cause a denial of service (NULL
+ pointer dereference and application crash) or trigger a buffer
+ overflow by leveraging the ability to provide an arbitrary value
+ for a function argument, related to (1) ext/curl/interface.c, (2)
+ ext/date/lib/parse_date.c, (3) ext/date/lib/parse_iso_intervals.c,
+ (4) ext/date/lib/parse_tz.c, (5) ext/date/lib/timelib.c, (6)
+ ext/pdo_odbc/pdo_odbc.c, (7) ext/reflection/php_reflection.c,
+ (8) ext/soap/php_sdl.c, (9) ext/xmlrpc/libxmlrpc/base64.c, (10)
+ TSRM/tsrm_win32.c, and (11) the strtotime function (CVE-2011-3182).
+
+ PHP before 5.3.7 does not properly implement the error_log function,
+ which allows context-dependent attackers to cause a denial of service
+ (application crash) via unspecified vectors (CVE-2011-3267).
+
+ Buffer overflow in the crypt function in PHP before 5.3.7 allows
+ context-dependent attackers to ...
+
+ Description truncated, for more information please check the Reference URL
+
+ Affected Software/OS:
+ php on Mandriva Linux 2010.1,
+ Mandriva Linux 2010.1/X86_64
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.mandriva.com/security-announce/2011-11/msg00003.php
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of php");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_2010.1")
+{
+
+ if(isrpmvuln(pkg:"apache-mod_php", rpm:"apache-mod_php~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"libphp5_common5", rpm:"libphp5_common5~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-apc", rpm:"php-apc~3.1.9~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-apc-admin", rpm:"php-apc-admin~3.1.9~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-bcmath", rpm:"php-bcmath~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-bz2", rpm:"php-bz2~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-calendar", rpm:"php-calendar~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-cgi", rpm:"php-cgi~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-cli", rpm:"php-cli~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-ctype", rpm:"php-ctype~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-curl", rpm:"php-curl~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-dba", rpm:"php-dba~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-devel", rpm:"php-devel~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-doc", rpm:"php-doc~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-dom", rpm:"php-dom~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-eaccelerator", rpm:"php-eaccelerator~0.9.6.1~1.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-eaccelerator-admin", rpm:"php-eaccelerator-admin~0.9.6.1~1.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-enchant", rpm:"php-enchant~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-exif", rpm:"php-exif~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-fileinfo", rpm:"php-fileinfo~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-filter", rpm:"php-filter~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-fpm", rpm:"php-fpm~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-ftp", rpm:"php-ftp~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-gd", rpm:"php-gd~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-gearman", rpm:"php-gearman~0.7.0~0.4mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-gettext", rpm:"php-gettext~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-gmp", rpm:"php-gmp~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-hash", rpm:"php-hash~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-iconv", rpm:"php-iconv~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-imap", rpm:"php-imap~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-intl", rpm:"php-intl~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-json", rpm:"php-json~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mailparse", rpm:"php-mailparse~2.1.5~8.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mbstring", rpm:"php-mbstring~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mcal", rpm:"php-mcal~0.6~35.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mcrypt", rpm:"php-mcrypt~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mssql", rpm:"php-mssql~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mysqli", rpm:"php-mysqli~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-openssl", rpm:"php-openssl~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-optimizer", rpm:"php-optimizer~0.1~0.alpha2.8.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pcntl", rpm:"php-pcntl~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo", rpm:"php-pdo~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_dblib", rpm:"php-pdo_dblib~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_mysql", rpm:"php-pdo_mysql~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_odbc", rpm:"php-pdo_odbc~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_pgsql", rpm:"php-pdo_pgsql~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_sqlite", rpm:"php-pdo_sqlite~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-phar", rpm:"php-phar~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pinba", rpm:"php-pinba~0.0.5~2.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-posix", rpm:"php-posix~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pspell", rpm:"php-pspell~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-readline", rpm:"php-readline~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-recode", rpm:"php-recode~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sasl", rpm:"php-sasl~0.1.0~33.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-session", rpm:"php-session~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-shmop", rpm:"php-shmop~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-snmp", rpm:"php-snmp~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-soap", rpm:"php-soap~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sockets", rpm:"php-sockets~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sphinx", rpm:"php-sphinx~1.0.4~2.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sqlite3", rpm:"php-sqlite3~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sqlite", rpm:"php-sqlite~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-ssh2", rpm:"php-ssh2~0.11.2~0.4mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-suhosin", rpm:"php-suhosin~0.9.32.1~0.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sybase_ct", rpm:"php-sybase_ct~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sysvmsg", rpm:"php-sysvmsg~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sysvsem", rpm:"php-sysvsem~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sysvshm", rpm:"php-sysvshm~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-tclink", rpm:"php-tclink~3.4.5~7.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-tidy", rpm:"php-tidy~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-timezonedb", rpm:"php-timezonedb~2011.14~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-tokenizer", rpm:"php-tokenizer~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-translit", rpm:"php-translit~0.6.1~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-vld", rpm:"php-vld~0.10.1~1.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-wddx", rpm:"php-wddx~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xattr", rpm:"php-xattr~1.1.0~13.5mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xdebug", rpm:"php-xdebug~2.1.2~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xml", rpm:"php-xml~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xmlreader", rpm:"php-xmlreader~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xmlrpc", rpm:"php-xmlrpc~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xmlwriter", rpm:"php-xmlwriter~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xsl", rpm:"php-xsl~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-zip", rpm:"php-zip~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-zlib", rpm:"php-zlib~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php", rpm:"php~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"lib64php5_common5", rpm:"lib64php5_common5~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_166.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_166.nasl 2011-11-08 14:30:19 UTC (rev 12041)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_166.nasl 2011-11-08 15:37:51 UTC (rev 12042)
@@ -0,0 +1,516 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for php MDVSA-2011:166 (php)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(831485);
+ script_version("$Revision: $");
+ script_tag(name:"last_modification", value:"$Date: $");
+ script_tag(name:"creation_date", value:"2011-11-08 19:07:08 +0530 (Tue, 08 Nov 2011)");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"risk_factor", value:"High");
+ script_xref(name: "MDVSA", value: "2011:166");
+ script_cve_id("CVE-2011-3379");
+ script_name("Mandriva Update for php MDVSA-2011:166 (php)");
+ desc = "
+
+ Vulnerability Insight:
+
+ A vulnerability has been identified and fixed in php:
+
+ The is_a function in PHP 5.3.7 and 5.3.8 triggers a call to the
+ __autoload function, which makes it easier for remote attackers to
+ execute arbitrary code by providing a crafted URL and leveraging
+ potentially unsafe behavior in certain PEAR packages and custom
+ autoloaders (CVE-2011-3379).
+
+ The php-ini-5.3.8 package was missing with the MDVSA-2011:165 advisory
+ and is now being provided, the php-timezonedb package was upgraded
+ to the latest version (2011.14) for 2011.
+
+ The updated packages have been patched to correct this issue.
+
+ Affected Software/OS:
+ php on Mandriva Linux 2010.1,
+ Mandriva Linux 2010.1/X86_64
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.mandriva.com/security-announce/2011-11/msg00004.php
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of php");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_2010.1")
+{
+
+ if(isrpmvuln(pkg:"libphp5_common5", rpm:"libphp5_common5~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-bcmath", rpm:"php-bcmath~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-bz2", rpm:"php-bz2~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-calendar", rpm:"php-calendar~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-cgi", rpm:"php-cgi~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-cli", rpm:"php-cli~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-ctype", rpm:"php-ctype~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-curl", rpm:"php-curl~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-dba", rpm:"php-dba~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-devel", rpm:"php-devel~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-doc", rpm:"php-doc~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-dom", rpm:"php-dom~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-enchant", rpm:"php-enchant~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-exif", rpm:"php-exif~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-fileinfo", rpm:"php-fileinfo~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-filter", rpm:"php-filter~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-fpm", rpm:"php-fpm~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-ftp", rpm:"php-ftp~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-gd", rpm:"php-gd~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-gettext", rpm:"php-gettext~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-gmp", rpm:"php-gmp~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-hash", rpm:"php-hash~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-iconv", rpm:"php-iconv~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-imap", rpm:"php-imap~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-ini", rpm:"php-ini~5.3.8~0.1mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-intl", rpm:"php-intl~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-json", rpm:"php-json~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mbstring", rpm:"php-mbstring~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mcrypt", rpm:"php-mcrypt~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mssql", rpm:"php-mssql~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-mysqli", rpm:"php-mysqli~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-openssl", rpm:"php-openssl~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pcntl", rpm:"php-pcntl~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo", rpm:"php-pdo~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_dblib", rpm:"php-pdo_dblib~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_mysql", rpm:"php-pdo_mysql~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_odbc", rpm:"php-pdo_odbc~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_pgsql", rpm:"php-pdo_pgsql~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pdo_sqlite", rpm:"php-pdo_sqlite~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-phar", rpm:"php-phar~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-posix", rpm:"php-posix~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-pspell", rpm:"php-pspell~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-readline", rpm:"php-readline~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-recode", rpm:"php-recode~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-session", rpm:"php-session~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-shmop", rpm:"php-shmop~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-snmp", rpm:"php-snmp~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-soap", rpm:"php-soap~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sockets", rpm:"php-sockets~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sqlite3", rpm:"php-sqlite3~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sqlite", rpm:"php-sqlite~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sybase_ct", rpm:"php-sybase_ct~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sysvmsg", rpm:"php-sysvmsg~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sysvsem", rpm:"php-sysvsem~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-sysvshm", rpm:"php-sysvshm~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-tidy", rpm:"php-tidy~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-tokenizer", rpm:"php-tokenizer~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-wddx", rpm:"php-wddx~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xml", rpm:"php-xml~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xmlreader", rpm:"php-xmlreader~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xmlrpc", rpm:"php-xmlrpc~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xmlwriter", rpm:"php-xmlwriter~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-xsl", rpm:"php-xsl~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-zip", rpm:"php-zip~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php-zlib", rpm:"php-zlib~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"php", rpm:"php~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"lib64php5_common5", rpm:"lib64php5_common5~5.3.8~0.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
Added: trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_167.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_167.nasl 2011-11-08 14:30:19 UTC (rev 12041)
+++ trunk/openvas-plugins/scripts/gb_mandriva_MDVSA_2011_167.nasl 2011-11-08 15:37:51 UTC (rev 12042)
@@ -0,0 +1,173 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+#
+# Mandriva Update for gimp MDVSA-2011:167 (gimp)
+#
+# Authors:
+# System Generated Check
+#
+# Copyright:
+# Copyright (c) 2011 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(831487);
+ script_version("$Revision: $");
+ script_tag(name:"last_modification", value:"$Date: $");
+ script_tag(name:"creation_date", value:"2011-11-08 19:08:53 +0530 (Tue, 08 Nov 2011)");
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_xref(name: "MDVSA", value: "2011:167");
+ script_cve_id("CVE-2006-1168", "CVE-2011-2895", "CVE-2011-2896");
+ script_name("Mandriva Update for gimp MDVSA-2011:167 (gimp)");
+ desc = "
+
+ Vulnerability Insight:
+
+ A vulnerability has been discovered and corrected in gimp:
+
+ The LZW decompressor in the LWZReadByte function in giftoppm.c in
+ the David Koblas GIF decoder in PBMPLUS, as used in the gif_read_lzw
+ function in filter/image-gif.c in CUPS before 1.4.7, the LZWReadByte
+ function in plug-ins/common/file-gif-load.c in GIMP 2.6.11 and earlier,
+ the LZWReadByte function in img/gifread.c in XPCE in SWI-Prolog 5.10.4
+ and earlier, and other products, does not properly handle code words
+ that are absent from the decompression table when encountered, which
+ allows remote attackers to trigger an infinite loop or a heap-based
+ buffer overflow, and possibly execute arbitrary code, via a crafted
+ compressed stream, a related issue to CVE-2006-1168 and CVE-2011-2895
+ (CVE-2011-2896).
+
+ The updated packages have been patched to correct these issues.
+
+ Affected Software/OS:
+ gimp on Mandriva Linux 2010.1,
+ Mandriva Linux 2010.1/X86_64,
+ Mandriva Enterprise Server 5,
+ Mandriva Enterprise Server 5/X86_64
+
+ Fix: Please Install the Updated Packages.
+
+ References:
+ http://lists.mandriva.com/security-announce/2011-11/msg00005.php
+
+ ";
+
+ script_description(desc);
+ script_summary("Check for the Version of gimp");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (c) 2011 Greenbone Networks GmbH");
+ script_family("Mandrake Local Security Checks");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/release");
+ exit(0);
+}
+
+
+include("pkg-lib-rpm.inc");
+include("revisions-lib.inc");
+
+release = get_kb_item("ssh/login/release");
+
+if(release == NULL){
+ exit(0);
+}
+
+if(release == "MNDK_mes5")
+{
+
+ if(isrpmvuln(pkg:"gimp", rpm:"gimp~2.4.7~1.4mdvmes5.2", rls:"MNDK_mes5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"gimp-python", rpm:"gimp-python~2.4.7~1.4mdvmes5.2", rls:"MNDK_mes5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"libgimp2.0_0", rpm:"libgimp2.0_0~2.4.7~1.4mdvmes5.2", rls:"MNDK_mes5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"libgimp2.0-devel", rpm:"libgimp2.0-devel~2.4.7~1.4mdvmes5.2", rls:"MNDK_mes5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"lib64gimp2.0_0", rpm:"lib64gimp2.0_0~2.4.7~1.4mdvmes5.2", rls:"MNDK_mes5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"lib64gimp2.0-devel", rpm:"lib64gimp2.0-devel~2.4.7~1.4mdvmes5.2", rls:"MNDK_mes5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
+
+
+if(release == "MNDK_2010.1")
+{
+
+ if(isrpmvuln(pkg:"gimp", rpm:"gimp~2.6.8~3.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"gimp-python", rpm:"gimp-python~2.6.8~3.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"libgimp2.0_0", rpm:"libgimp2.0_0~2.6.8~3.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"libgimp2.0-devel", rpm:"libgimp2.0-devel~2.6.8~3.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"lib64gimp2.0_0", rpm:"lib64gimp2.0_0~2.6.8~3.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ if(isrpmvuln(pkg:"lib64gimp2.0-devel", rpm:"lib64gimp2.0-devel~2.6.8~3.2mdv2010.2", rls:"MNDK_2010.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+
+ exit(0);
+}
More information about the Openvas-commits
mailing list