Vulnerabilities > CVE-2006-5602 - Denial-Of-Service vulnerability in Xsupplicant

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
xsupplicant
nessus

Summary

Multiple memory leaks in xsupplicant before 1.2.6, and possibly other versions, allow attackers to cause a denial of service (memory consumption) via unspecified vectors. This vulnerability is addressed in the following product release: xsupplicant, xsupplicant, 1.2.8

Nessus

NASL familyMandriva Local Security Checks
NASL idMANDRAKE_MDKSA-2006-189.NASL
descriptionYannick Van Osselaer discovered a stack overflow in Xsupplicant, which could potentially be exploited by a remote, authenticated user to gain root priviledges. Additional code cleanups to fix potential memory leaks are also included. Updated packages have been patched to correct this issue.
last seen2020-06-01
modified2020-06-02
plugin id24574
published2007-02-18
reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/24574
titleMandrake Linux Security Advisory : xsupplicant (MDKSA-2006:189)
code
#%NASL_MIN_LEVEL 80502

#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Mandrake Linux Security Advisory MDKSA-2006:189. 
# The text itself is copyright (C) Mandriva S.A.
#

include("compat.inc");

if (description)
{
  script_id(24574);
  script_version ("1.15");
  script_cvs_date("Date: 2019/08/02 13:32:48");

  script_cve_id("CVE-2006-5601", "CVE-2006-5602");
  script_xref(name:"MDKSA", value:"2006:189");

  script_name(english:"Mandrake Linux Security Advisory : xsupplicant (MDKSA-2006:189)");
  script_summary(english:"Checks rpm output for the updated packages");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Mandrake Linux host is missing one or more security
updates."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Yannick Van Osselaer discovered a stack overflow in Xsupplicant, which
could potentially be exploited by a remote, authenticated user to gain
root priviledges. Additional code cleanups to fix potential memory
leaks are also included.

Updated packages have been patched to correct this issue."
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Update the affected xsupplicant, xsupplicant-devel and / or
xsupplicant-doc packages."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xsupplicant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xsupplicant-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:xsupplicant-doc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2007");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/10/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2007/02/18");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2007-2019 Tenable Network Security, Inc.");
  script_family(english:"Mandriva Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("rpm.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

cpu = get_kb_item("Host/cpu");
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);


flag = 0;
if (rpm_check(release:"MDK2006.0", reference:"xsupplicant-1.0.1-3.1.20060mdk", yank:"mdk")) flag++;
if (rpm_check(release:"MDK2006.0", reference:"xsupplicant-doc-1.0.1-3.1.20060mdk", yank:"mdk")) flag++;

if (rpm_check(release:"MDK2007.0", reference:"xsupplicant-1.2.6-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"xsupplicant-devel-1.2.6-1.1mdv2007.0", yank:"mdv")) flag++;
if (rpm_check(release:"MDK2007.0", reference:"xsupplicant-doc-1.2.6-1.1mdv2007.0", yank:"mdv")) flag++;


if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");