Vulnerabilities > CVE-2003-0723 - Unspecified vulnerability in Gkrellm 2.1.13/2.1.7

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
gkrellm
nessus
exploit available
NVD
Published: 2003-10-20
Updated: 2024-11-20

Summary

Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow remote attackers to execute arbitrary code.

Vulnerable Configurations

Part Description Count
Application
Gkrellm
2

Exploit-Db

  • descriptionGkrellmd 2.1 Remote Buffer Overflow Vulnerability (1). CVE-2003-0723. Dos exploit for freebsd platform
    idEDB-ID:22831
    last seen2016-02-02
    modified2003-06-24
    published2003-06-24
    reporterdodo
    sourcehttps://www.exploit-db.com/download/22831/
    titleGkrellmd 2.1 - Remote Buffer Overflow Vulnerability 1
  • descriptionGkrellmd 2.1 Remote Buffer Overflow Vulnerability (2). CVE-2003-0723. Remote exploit for freebsd platform
    idEDB-ID:22832
    last seen2016-02-02
    modified2003-06-24
    published2003-06-24
    reporterdodo
    sourcehttps://www.exploit-db.com/download/22832/
    titleGkrellmd 2.1 - Remote Buffer Overflow Vulnerability 2

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2003-087.NASL
descriptionA buffer overflow was discovered in gkrellmd, the server component of the gkrellm monitor package, in versions of gkrellm 2.1.x prior to 2.1.14. This buffer overflow occurs while reading data from connected gkrellm clients and can lead to possible arbitrary code execution as the user running the gkrellmd server. Updated packages are available for Mandrake Linux 9.1 which correct the problem.
last seen2020-06-01
modified2020-06-02
plugin id14069
published2004-07-31
reporterThis script is Copyright (C) 2004-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/14069
titleMandrake Linux Security Advisory : gkrellm (MDKSA-2003:087)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2003:087. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(14069);
  script_version ("1.18");
  script_cvs_date("Date: 2019/08/02 13:32:46");

  script_cve_id("CVE-2003-0723");
  script_xref(name:"MDKSA", value:"2003:087");

  script_name(english:"Mandrake Linux Security Advisory : gkrellm (MDKSA-2003:087)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"A buffer overflow was discovered in gkrellmd, the server component of
the gkrellm monitor package, in versions of gkrellm 2.1.x prior to
2.1.14. This buffer overflow occurs while reading data from connected
gkrellm clients and can lead to possible arbitrary code execution as
the user running the gkrellmd server.

Updated packages are available for Mandrake Linux 9.1 which correct
the problem."
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected gkrellm, gkrellm-devel and / or gkrellm-server
packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gkrellm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gkrellm-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:gkrellm-server");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1");

  script_set_attribute(attribute:"patch_publication_date", value:"2003/08/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gkrellm-2.1.7a-2.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gkrellm-devel-2.1.7a-2.2mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"gkrellm-server-2.1.7a-2.2mdk", yank:"mdk")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

References