Lucene search
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.MANDRAKE_MDKSA-2005-192.NASLHistoryJan 15, 2006 - 12:00 a.m.
Mandrake Linux Security Advisory : xli (MDKSA-2005:192)
2006-01-1500:00:00
This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.
www.tenable.com
7
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
90.9%
Ariel Berkman discovered several buffer overflows in xloadimage, which are also present in xli, a command line utility for viewing images in X11, and could be exploited via large image titles and cause the execution of arbitrary code.
The updated packages have been patched to address this issue.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Mandrake Linux Security Advisory MDKSA-2005:192.
# The text itself is copyright (C) Mandriva S.A.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(20434);
script_version("1.16");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/06");
script_cve_id("CVE-2005-3178");
script_xref(name:"MDKSA", value:"2005:192");
script_name(english:"Mandrake Linux Security Advisory : xli (MDKSA-2005:192)");
script_summary(english:"Checks rpm output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Mandrake Linux host is missing a security update."
);
script_set_attribute(
attribute:"description",
value:
"Ariel Berkman discovered several buffer overflows in xloadimage, which
are also present in xli, a command line utility for viewing images in
X11, and could be exploited via large image titles and cause the
execution of arbitrary code.
The updated packages have been patched to address this issue."
);
script_set_attribute(attribute:"solution", value:"Update the affected xli package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xli");
script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
script_set_attribute(attribute:"patch_publication_date", value:"2005/10/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2006-2021 Tenable Network Security, Inc.");
script_family(english:"Mandriva Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
exit(0);
}
include("audit.inc");
include("global_settings.inc");
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
flag = 0;
if (rpm_check(release:"MDK10.2", reference:"xli-1.17.0-8.2.102mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xli-1.17.0-8.2.20060mdk", yank:"mdk")) flag++;
if (flag)
{
if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
else security_warning(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
| Vendor | Product | Version | CPE |
|---|---|---|---|
| mandriva | linux | xli | p-cpe:/a:mandriva:linux:xli |
| mandriva | linux | 2006 | cpe:/o:mandriva:linux:2006 |
| mandrakesoft | mandrake_linux | le2005 | x-cpe:/o:mandrakesoft:mandrake_linux:le2005 |
Related
freebsd
freebsd
xloadimage -- buffer overflows in NIFF image title handling
2005-10-05 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200510-26 (xli xloadimage)
2008-09-24 00:00:00
FreeBSD Ports: xloadimage
2008-09-04 00:00:00
Debian Security Advisory DSA 858-1 (xloadimage)
2008-01-17 00:00:00
debian
debian
[SECURITY] [DSA 859-1] New xli packages fix arbitrary code execution
2005-10-10 18:13:01
[SECURITY] [DSA 858-1] New xloadimage packages fix arbitrary code execution
2005-10-10 17:52:26
[SECURITY] [DSA 858-1] New xloadimage packages fix arbitrary code execution
2005-10-10 17:52:26
nessus
nessus
GLSA-200510-26 : XLI, Xloadimage: Buffer overflow
2006-04-26 00:00:00
RHEL 2.1 / 3 / 4 : xloadimage (RHSA-2005:802)
2005-10-19 00:00:00
Debian DSA-859-1 : xli - buffer overflows
2005-10-11 00:00:00
gentoo
gentoo
XLI, Xloadimage: Buffer overflow
2005-10-30 00:00:00
ubuntucve
ubuntucve
CVE-2005-3178
2005-10-07 00:00:00
cvelist
cvelist
CVE-2005-3178
2005-10-07 04:00:00
nvd
nvd
CVE-2005-3178
2005-10-07 18:02:00
CVE-2005-3195
2005-10-14 10:02:00
centos
centos
xloadimage security update
2005-10-18 23:35:29
redhat
redhat
(RHSA-2005:802) xloadimage security update
2005-10-18 00:00:00
cve
cve
CVE-2005-3178
2005-10-07 18:02:00
CVE-2005-3195
2005-10-14 10:02:00
debiancve
debiancve
CVE-2005-3178
2005-10-07 18:02:00
osv
osv
xli - buffer overflows
2005-10-10 00:00:00
5.1 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:N/C:P/I:P/A:P
0.029 Low
EPSS
Percentile
90.9%
Related for MANDRAKE_MDKSA-2005-192.NASL