Vulnerabilities > CVE-2004-2392 - Unspecified vulnerability in Mandrakesoft Mandrake Linux and Mandrake Linux Corporate Server
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN mandrakesoft
nessus
Summary
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| OS | 7 |
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRAKE_MDKSA-2004-044.NASL description Steve Grubb discovered a number of problems in the libuser library that can lead to a crash in applications linked to it, or possibly write 4GB of garbage to the disk. The updated packages provide a patched libuser to correct these problems. last seen 2020-06-01 modified 2020-06-02 plugin id 14143 published 2004-07-31 reporter This script is Copyright (C) 2004-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/14143 title Mandrake Linux Security Advisory : libuser (MDKSA-2004:044) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandrake Linux Security Advisory MDKSA-2004:044. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(14143); script_version ("1.17"); script_cvs_date("Date: 2019/08/02 13:32:47"); script_cve_id("CVE-2004-2392"); script_xref(name:"MDKSA", value:"2004:044"); script_name(english:"Mandrake Linux Security Advisory : libuser (MDKSA-2004:044)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandrake Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Steve Grubb discovered a number of problems in the libuser library that can lead to a crash in applications linked to it, or possibly write 4GB of garbage to the disk. The updated packages provide a patched libuser to correct these problems." ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libuser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libuser-python"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libuser1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:libuser1-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.0"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:9.2"); script_set_attribute(attribute:"patch_publication_date", value:"2004/05/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2004/07/31"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2004-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK10.0", reference:"libuser-0.51.7-9.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"libuser-python-0.51.7-9.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"libuser1-0.51.7-9.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK10.0", reference:"libuser1-devel-0.51.7-9.1.100mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libuser-0.51-6.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libuser1-0.51-6.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.1", cpu:"i386", reference:"libuser1-devel-0.51-6.1.91mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"libuser-0.51.7-8.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"libuser-python-0.51.7-8.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"libuser1-0.51.7-8.1.92mdk", yank:"mdk")) flag++; if (rpm_check(release:"MDK9.2", reference:"libuser1-devel-0.51.7-8.1.92mdk", yank:"mdk")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2005-770.NASL description Updated libuser packages that fix various security issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications that are modeled after applications from the shadow password suite are included in the package. Several denial of service bugs were discovered in libuser. Under certain conditions it is possible for an application linked against libuser to crash or operate irregularly. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2392 to these issues. All users of libuser are advised to upgrade to these updated packages, which contain a backported fix and are not vulnerable to these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 20047 published 2005-10-19 reporter This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/20047 title RHEL 2.1 : libuser (RHSA-2005:770) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2005:770. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(20047); script_version ("1.22"); script_cvs_date("Date: 2019/10/25 13:36:11"); script_cve_id("CVE-2004-2392"); script_xref(name:"RHSA", value:"2005:770"); script_name(english:"RHEL 2.1 : libuser (RHSA-2005:770)"); script_summary(english:"Checks the rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated libuser packages that fix various security issues are now available. This update has been rated as having low security impact by the Red Hat Security Response Team. The libuser library implements a standardized interface for manipulating and administering user and group accounts. The library uses pluggable back-ends to interface to its data sources. Sample applications that are modeled after applications from the shadow password suite are included in the package. Several denial of service bugs were discovered in libuser. Under certain conditions it is possible for an application linked against libuser to crash or operate irregularly. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2004-2392 to these issues. All users of libuser are advised to upgrade to these updated packages, which contain a backported fix and are not vulnerable to these issues." ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2004-2392" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2005:770" ); script_set_attribute( attribute:"solution", value:"Update the affected libuser and / or libuser-devel packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libuser"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libuser-devel"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:2.1"); script_set_attribute(attribute:"vuln_publication_date", value:"2004/12/31"); script_set_attribute(attribute:"patch_publication_date", value:"2005/10/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2005/10/19"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^2\.1([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 2.1", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); if (cpu !~ "^i[3-6]86$") audit(AUDIT_ARCH_NOT, "i386", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2005:770"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libuser-0.32-1.el2.1")) flag++; if (rpm_check(release:"RHEL2.1", cpu:"i386", reference:"libuser-devel-0.32-1.el2.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_WARNING, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libuser / libuser-devel"); } }
Redhat
| advisories |
|
References
- http://securitytracker.com/id?1010187
- http://securitytracker.com/id?1010187
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:044
- http://www.mandriva.com/security/advisories?name=MDKSA-2004:044
- http://www.redhat.com/support/errata/RHSA-2005-770.html
- http://www.redhat.com/support/errata/RHSA-2005-770.html
- http://www.securityfocus.com/bid/10368
- http://www.securityfocus.com/bid/10368
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120168
- https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=120168
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16188
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16188