##############################################################################
#
#  Mandrake Update for binutils: MDKSA-2005:215
#
#  Copyright: OS2A and it's member companies
#
#  Date Written: 2006/01/19
#
#  $Revision: 1.1 $
#
#  $Log: os2a_binutils_mdk101_601232.nasl,v $
#  Revision 1.1  2006/01/20 16:04:09  bchandra
#  Issue #1668 To production
#
#  Revision 1.1  2006/01/20 03:33:30  hshreesha
#  issue #1668
#
#  ------------------------------------------------------------------------
#  This program was written by OS2A and/or it's member companies and is
#  licensed under the GNU GPL license. Please see below for details. This
#  header contains information regarding licensing terms under the GPL, and
#  information regarding obtaining source code from the Author. Consequently,
#  pursuant to section 3(c) of the GPL, you must accompany the information
#  found in this header with any distribution you make of this Program.
#  ------------------------------------------------------------------------
##############################################################################


if(description)
{
 script_id(601232);
 script_bugtraq_id(13697);
 script_cve_id("CVE-2005-1704");
 script_version("$Revision: 1.1 $");
 script_copyright(english:"Copyright (C) 2006 OS2A");
 script_category(ACT_GATHER_INFO);
 script_family(english:"Mandrake Local Security Checks");

 name["english"] = "Mandrake update for binutils: MDKSA-2005:215";
 script_name(english:name["english"]);

 summary["english"] = "Check for the version of the binutils packages";
 script_summary(english:summary["english"]);

 desc["english"] = "
 Overview : This remote host does not have the updates for Mandrake advisory
 MDKSA-2005:215 for binutils.

 This update fixes the following issues :
 - Integer overflow exists in various applications in binutils packages while
   handling object file that specifies a large number of section headers, can
   lead to a heap-based buffer overflow.

 Impact : 
 Successful exploitation can lead to execution of arbitrary code on the
 vulnerable system with escalated privileges, leading to disclosure and/or
 corruption of sensitive information.

 Scope of impact is limited to the system level.
 
 Solution : To upgrade automatically, use MandrakeUpdate command. 

 References :
 http://www.osvdb.org/16757
 
 CVSS Score :
 	CVSS Base Score     : 3.7 (AV:L/AC:L/Au:NR/C:P/I:P/A:N/B:I)
	CVSS Temporal Score : 2.7
 Risk factor : Medium";

 script_description(english:desc["english"]); 
 script_dependencies("ssh_get_info.nasl");
 script_require_keys("Host/Mandrake/rpm-list");
 exit(0);
}


include("rpm.inc");

if(rpm_check(reference:"binutils-2.15.90.0.3-1.2.101mdk", release:"MDK10.1",
	     yank:"mdk"))
{
	 security_warning(0);
	 exit(0);
}

if(rpm_check(reference:"libbinutils2-2.15.90.0.3-1.2.101mdk",
	     release:"MDK10.1", yank:"mdk"))
{
         security_warning(0);
         exit(0);
}

if(rpm_check(reference:"libbinutils2-devel-2.15.90.0.3-1.2.101mdk",
	     release:"MDK10.1", yank:"mdk"))
{
         security_warning(0);
         exit(0);
}

if(rpm_exists(rpm:"binutils-", release:"MDK10.1")){
	 set_kb_item(name:"MDKSA-2005:215", value:TRUE);
}