Mandrake Linux Security Advisory : pwlib (MDKSA-2004:017)

critical Nessus Plugin ID 14117

Synopsis

The remote Mandrake Linux host is missing one or more security updates.

Description

The NISCC uncovered bugs in pwlib prior to version 1.6.0 via a test suite for the H.225 protocol. An attacker could trigger these bugs by sending carefully crafted messages to an application that uses pwlib, and the severity would vary based on the application, but likely would result in a Denial of Service (DoS).

The updated packages provide backported fixes from Craig Southeren of the OpenH323 project to protect against this issue.

Solution

Update the affected packages.

Plugin Details

Severity: Critical

ID: 14117

File Name: mandrake_MDKSA-2004-017.nasl

Version: 1.17

Type: local

Published: 7/31/2004

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:lib64pwlib1, p-cpe:/a:mandriva:linux:lib64pwlib1-devel, p-cpe:/a:mandriva:linux:libpwlib1, p-cpe:/a:mandriva:linux:libpwlib1-devel, p-cpe:/a:mandriva:linux:pwlib1, p-cpe:/a:mandriva:linux:pwlib1-devel, cpe:/o:mandrakesoft:mandrake_linux:9.1, cpe:/o:mandrakesoft:mandrake_linux:9.2

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Patch Publication Date: 3/3/2004

Reference Information

CVE: CVE-2004-0097

MDKSA: 2004:017