[prev in list] [next in list] [prev in thread] [next in thread] 

List:       nessus-plugins-writers
Subject:    [Plugins-writers] mod for 10658: oracle_tnslsnr_version.nasl
From:       Sullo <sullo () cirt ! net>
Date:       2004-12-06 18:53:07
Message-ID: 1102359187.41b4aa9341ebc () www ! cirt ! net
[Download RAW message or body]

This message is in MIME format.


I noticed the Oracle tnslsnr script would only find a listener on 1521 or 1541,
so the attached modification (full changed nasl, and diff) checks on unknown
ports since I was missing some. However, perhaps it would be best to move that
to find_service instead?

Thanks,
Sullo


--

http://www.cirt.net/      |     http://www.osvdb.org/

["diff.txt" (text/plain)]

*** oracle_tnslsnr_version.nasl.old	Mon Dec  6 13:22:54 2004
--- oracle_tnslsnr_version.nasl	Mon Dec  6 13:59:31 2004
***************
*** 5,10 ****
--- 5,11 ----
  # James W. Abendschan <jwa@jammed.com>
  #
  # modified by Axel Nennker 20020306
+ # modified by Sullo 20041206
  #
  
  if (description)
***************
*** 27,39 ****
  
  Solution : Upgrade");
  
! 	script_summary(english: "connects to ports 1541 and/or 1521, issues a TNS VERSION command");
  
  	script_category(ACT_GATHER_INFO);
  	script_family(english: "Misc.", francais:"Divers");
  	script_copyright(english: "James W. Abendschan <jwa@jammed.com> (GPL)");
  	script_dependencie("find_service.nes");
- 	script_require_ports(1521, 1541);
  	script_cve_id("CVE-2000-0818");
  	exit(0);
  }
--- 28,39 ----
  
  Solution : Upgrade");
  
! 	script_summary(english: "connects and issues a TNS VERSION command");
  
  	script_category(ACT_GATHER_INFO);
  	script_family(english: "Misc.", francais:"Divers");
  	script_copyright(english: "James W. Abendschan <jwa@jammed.com> (GPL)");
  	script_dependencie("find_service.nes");
  	script_cve_id("CVE-2000-0818");
  	exit(0);
  }
***************
*** 98,105 ****
  		return 0;
  	}
  	if (ord(header[4]) != 2) {
- 		report = "A service other than TNS seems to be running on this port.";
- 		security_note(port:port, data:report);
  		return 0;
  	}
  	# read the rest of the accept packet
--- 98,103 ----
***************
*** 136,141 ****
--- 134,143 ----
  		# if you believe Oracle, only 7.3.4, 8.0.6, and 8.1.6 
  		# are vulnerable..
  		# TNSLSNR for Solaris: Version 8.1.6.0.0 - Production
+                 if (version == 0)
+                 {
+                  return 0;
+                 }
  		register_service(port:port, proto:"oracle_tnslsnr");
  		set_kb_item(name:string("oracle_tnslsnr/", port, "/version"),
  			    value:version);
***************
*** 163,174 ****
  	} 
  }
  
! if(get_port_state(1521))
! {
!  oracle_version(port:1521);
! }
  
- if(get_port_state(1541))
- {
-  oracle_version(port:1541);
- }
--- 165,173 ----
  	} 
  }
  
! # retrieve and test unknown services
! port=get_kb_item("Services/unknown");
! if(!port)exit(0);
! if(!get_port_state(port))exit(0);
! oracle_version(port:port);
  

["oracle_tnslsnr_version.nasl" (application/octet-stream)]

[prev in list] [next in list] [prev in thread] [next in thread]