2.1.7

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

gkrellm

nessus

exploit available

NVD

Published: 2003-10-20

Updated: 2008-09-10

Summary

Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code.

Vulnerable Configurations

Part	Description	Count
Application	Gkrellm Gkrellm Gkrellm 2.1.7 Gkrellm Gkrellm 2.1.13	2

Exploit-Db

description	Gkrellmd 2.1 Remote Buffer Overflow Vulnerability (1). CVE-2003-0723. Dos exploit for freebsd platform
id	EDB-ID:22831
last seen	2016-02-02
modified	2003-06-24
published	2003-06-24
reporter	dodo
source	https://www.exploit-db.com/download/22831/
title	Gkrellmd 2.1 - Remote Buffer Overflow Vulnerability 1

description	Gkrellmd 2.1 Remote Buffer Overflow Vulnerability (2). CVE-2003-0723. Remote exploit for freebsd platform
id	EDB-ID:22832
last seen	2016-02-02
modified	2003-06-24
published	2003-06-24
reporter	dodo
source	https://www.exploit-db.com/download/22832/
title	Gkrellmd 2.1 - Remote Buffer Overflow Vulnerability 2

Nessus

NASL family	Mandriva Local Security Checks
NASL id	MANDRAKE_MDKSA-2003-087.NASL
description	A buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server. Updated packages are available for Mandrake Linux 9.1 which correct the problem.
last seen	2020-06-01
modified	2020-06-02
plugin id	14069
published	2004-07-31
reporter	This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/14069
title	Mandrake Linux Security Advisory : gkrellm (MDKSA-2003:087)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2003:087. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14069); script_version ("1.18"); script_cvs_date("Date: 2019/08/02 13:32:46"); script_cve_id("CVE-2003-0723"); script_xref(name:"MDKSA", value:"2003:087"); script_name(english:"Mandrake Linux Security Advisory : gkrellm (MDKSA-2003:087)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "A buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server. Updated packages are available for Mandrake Linux 9.1 which correct the problem." ); script_set_attribute( attribute:"solution", value: "Update the affected gkrellm, gkrellm-devel and / or gkrellm-server packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gkrellm"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gkrellm-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gkrellm-server"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"patch_publication_date", value:"2003/08/28"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64\|i[3-6]86\|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gkrellm-2.1.7a-2.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gkrellm-devel-2.1.7a-2.2mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gkrellm-server-2.1.7a-2.2mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

References

http://www.mandriva.com/security/advisories?name=MDKSA-2003:087