[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r3194 - in trunk/openvas-plugins: . scripts
From: scm-commit () wald ! intevation ! org
Date: 2009-04-24 18:04:11
Message-ID: 20090424180411.BE14F40844 () pyrosoma ! intevation ! org
[Download RAW message or body]
Author: mime
Date: 2009-04-24 20:04:08 +0200 (Fri, 24 Apr 2009)
New Revision: 3194
Added:
trunk/openvas-plugins/scripts/dokeos_34633.nasl
trunk/openvas-plugins/scripts/home_web_server_147.nasl
trunk/openvas-plugins/scripts/modperl_cve_2007_1349.nasl
trunk/openvas-plugins/scripts/notftp_34636.nasl
trunk/openvas-plugins/scripts/notftp_detect.nasl
trunk/openvas-plugins/scripts/phorum_34551.nasl
trunk/openvas-plugins/scripts/postgresql_34069.nasl
trunk/openvas-plugins/scripts/postgresql_cve_2009_0922.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/postgresql_detect.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-04-24 14:23:28 UTC (rev 3193)
+++ trunk/openvas-plugins/ChangeLog 2009-04-24 18:04:08 UTC (rev 3194)
@@ -1,3 +1,17 @@
+2009-04-24 Michael Meyer <mime@gmx.de>
+ * scripts/dokeos_34633.nasl,
+ scripts/notftp_detect.nasl,
+ scripts/postgresql_cve_2009_0922.nasl,
+ scripts/phorum_34551.nasl,
+ scripts/home_web_server_147.nasl,
+ scripts/modperl_cve_2007_1349.nasl,
+ scripts/postgresql_34069.nasl,
+ scripts/notftp_34636.nasl:
+ Added new plugins
+
+ * scripts/postgresql_detect.nasl:
+ Set Version + port
+
2009-04-24 Chandrashekhar B <bchandra@secpod.com>
* scripts/secpod_freetype_mult_int_overflow_vuln_lin.nasl,
scripts/secpod_php_nuke_sql_inj_vuln.nasl,
Added: trunk/openvas-plugins/scripts/dokeos_34633.nasl
===================================================================
--- trunk/openvas-plugins/scripts/dokeos_34633.nasl 2009-04-24 14:23:28 UTC (rev \
3193)
+++ trunk/openvas-plugins/scripts/dokeos_34633.nasl 2009-04-24 18:04:08 UTC (rev \
3194) @@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Dokeos 'whoisonline.php' Remote Code Execution Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100159);
+ script_bugtraq_id(34633);
+ script_version ("1.0");
+
+ script_name(english:"Dokeos 'whoisonline.php' Remote Code Execution \
Vulnerability"); + desc["english"] = "
+
+ Overview:
+ Dokeos is prone to a remote code-execution vulnerability because the
+ software fails to adequately sanitize user-supplied input.
+
+ Exploiting this issue could allow an attacker to execute arbitrary
+ code in the context of the vulnerable application.
+
+ Dokeos prior to version 1.8.5 are vulnerable.
+
+ See also:
+ http://www.securityfocus.com/bid/34633
+
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Dokeos is vulnerable to Remote Code \
Execution"); + script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("dokeos_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/dokeos")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_less_equal(version: vers, test_version: "1.8.5")) {
+ security_hole(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/dokeos_34633.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/home_web_server_147.nasl
===================================================================
--- trunk/openvas-plugins/scripts/home_web_server_147.nasl 2009-04-24 14:23:28 UTC \
(rev 3193)
+++ trunk/openvas-plugins/scripts/home_web_server_147.nasl 2009-04-24 18:04:08 UTC \
(rev 3194) @@ -0,0 +1,82 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Home Web Server Graphical User Interface Remote Denial Of Service Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100163);
+ script_bugtraq_id(34698);
+ script_version ("1.0");
+
+ script_name(english:"Home Web Server Graphical User Interface Remote Denial Of \
Service Vulnerability"); + desc["english"] = "
+
+ Overview:
+ According to its version number, the remote version of the Home Web Server is
+ prone to a denial-of-service vulnerability because it fails to adequately
+ handle malformed HTTP requests.
+
+ Attackers can exploit this issue to cause the graphical interface of
+ the server to stop responding, denying service to the administrator.
+
+ Home Web Server 1.7.1.147 is vulnerable; other versions may also be
+ affected.
+
+ See also:
+ http://www.securityfocus.com/bid/34698
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Home Web Server is vulnerable to DoS");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web Servers");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("misc_func.inc");
+include("http_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port)) exit(0);
+if(get_kb_item("Services/www/" + port + "/embedded" ))exit(0);
+
+banner = get_http_banner(port:port);
+if (!banner)exit(0);
+if(!egrep(pattern:"Server: .*\(HWS[0-9]+\)", string:banner) ) exit(0);
+
+version = eregmatch(pattern: "HWS([0-9]+)", string: banner);
+
+if(version[1] == "147") {
+
+ security_warning(port:port);
+ exit(0);
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/home_web_server_147.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/modperl_cve_2007_1349.nasl
===================================================================
--- trunk/openvas-plugins/scripts/modperl_cve_2007_1349.nasl 2009-04-24 14:23:28 UTC \
(rev 3193)
+++ trunk/openvas-plugins/scripts/modperl_cve_2007_1349.nasl 2009-04-24 18:04:08 UTC \
(rev 3194) @@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mod_Perl Path_Info Remote Denial Of Service Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100162);
+ script_bugtraq_id(23192);
+ script_cve_id("CVE-2007-1349");
+ script_version ("1.0");
+
+ script_name(english:"Mod_Perl Path_Info Remote Denial Of Service Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ According to its version number, the remote version of the Apache
+ mod_perl module is prone to a remote denial-of-service vulnerability.
+
+ Successful exploits may allow remote attackers to cause
+ denial-of-service conditions on the webserver running the mod_perl
+ module.
+
+ Solution:
+ Updates are available. See http://perl.apache.org/ for more
+ information.
+
+ See also:
+ http://www.securityfocus.com/bid/23192
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if mod_perl is vulnerable to DoS");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("modperl_version.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/mod_perl")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^([0-9.]+)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers)) {
+
+ if(
+ version_is_equal(version: vers, test_version: "2.0.3") ||
+ version_is_equal(version: vers, test_version: "2.0.2") ||
+ version_is_equal(version: vers, test_version: "2.0.1") ||
+ version_is_equal(version: vers, test_version: "1.29") ||
+ version_is_equal(version: vers, test_version: "1.27") ||
+ version_is_equal(version: vers, test_version: "1.99")
+ )
+ {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/modperl_cve_2007_1349.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/notftp_34636.nasl
===================================================================
--- trunk/openvas-plugins/scripts/notftp_34636.nasl 2009-04-24 14:23:28 UTC (rev \
3193)
+++ trunk/openvas-plugins/scripts/notftp_34636.nasl 2009-04-24 18:04:08 UTC (rev \
3194) @@ -0,0 +1,108 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# NotFTP 'config.php' Local File Include Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100161);
+ script_bugtraq_id(34636);
+ script_version ("1.0");
+
+ script_name(english:"NotFTP 'config.php' Local File Include Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ NotFTP is prone to a local file-include vulnerability because it
+ fails to properly sanitize user-supplied input.
+
+ An attacker can exploit this vulnerability to view and execute
+ arbitrary local files in the context of the webserver process. This
+ may aid in further attacks.
+
+ NotFTP 1.3.1 is vulnerable; other versions may also be affected.
+
+ See also:
+ http://www.securityfocus.com/bid/34636
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if NotFTP is vulnerable to Local File Include");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("notftp_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/notftp")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+dir = matches[2];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_equal(version: vers, test_version: "1.3.1")) {
+ VULN = TRUE;
+ }
+
+} else {
+# No version found, try to exploit.
+ if(!isnull(dir)) {
+ foreach file (make_list("etc/passwd", "boot.ini")) {
+ url = string(dir, \
"/config.php?newlang=kacper&languages[kacper][file]=../../../../../../../../", file); \
+ req = http_get(item:url, port:port); + buf = \
http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == \
NULL )continue; + display(buf);
+ if(egrep(pattern:"(root:.*:0:[01]:|\[boot loader\])", string: buf))
+ {
+ VULN = TRUE;
+ break;
+ }
+ }
+ }
+}
+
+if(VULN) {
+
+ security_warning(port:port);
+ exit(0);
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/notftp_34636.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/notftp_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/notftp_detect.nasl 2009-04-24 14:23:28 UTC (rev \
3193)
+++ trunk/openvas-plugins/scripts/notftp_detect.nasl 2009-04-24 18:04:08 UTC (rev \
3194) @@ -0,0 +1,129 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# NotFTP Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+ This host is running NotFTP, a Web-based HTTP-FTP gateway written
+ in PHP.
+
+ See also:
+ http://sourceforge.net/projects/notftp/
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100160);
+ script_version ("1.0");
+
+ script_name(english:"NotFTP Detection");
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of NotFTP");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+dirs = make_list("/ftp","/webftp","/notftp",cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/index.php");
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+ if( buf == NULL )continue;
+
+ if(
+ egrep(pattern: 'NotFTP</a> is <a [^>]+>OSI Certified', string: buf, icase: TRUE) \
&& + egrep(pattern: 'form action="ftp.php"', string: buf) )
+ {
+ if(strlen(dir)>0) {
+ install=dir;
+ } else {
+ install=string("/");
+ }
+
+ vers = string("unknown");
+
+ ### try to get version
+ version = eregmatch(string: buf, pattern: "NotFTP v([0-9.]+)",icase:TRUE);
+
+ if ( !isnull(version[1]) ) {
+ vers=version[1];
+ } else {
+
+ foreach file (make_list("README", "readme")) {
+ url = string(dir, "/", file);
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+ if( buf == NULL )continue;
+
+ version = eregmatch(string: buf, pattern: "NotFTP v([0-9.]+)",icase:TRUE);
+
+ if ( !isnull(version[1]) ) {
+ vers=version[1];
+ break;
+ }
+ }
+ }
+
+ set_kb_item(name: string("www/", port, "/notftp"), value: string(vers," under \
",install)); +
+ info = string("None\n\nNotFTP Version '");
+ info += string(vers);
+ info += string("' was detected on the remote host in the following \
directory(s):\n\n"); + info += string(install, "\n");
+
+ desc = ereg_replace(
+ string:desc["english"],
+ pattern:"None$",
+ replace:info
+ );
+
+ if(report_verbosity > 0) {
+ security_note(port:port,data:desc);
+ }
+ exit(0);
+
+ }
+}
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/notftp_detect.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/phorum_34551.nasl
===================================================================
--- trunk/openvas-plugins/scripts/phorum_34551.nasl 2009-04-24 14:23:28 UTC (rev \
3193)
+++ trunk/openvas-plugins/scripts/phorum_34551.nasl 2009-04-24 18:04:08 UTC (rev \
3194) @@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Phorum Multiple Cross Site Scripting Vulnerabilities
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100164);
+ script_bugtraq_id(34551);
+ script_version ("1.0");
+
+ script_name(english:"Phorum Multiple Cross Site Scripting Vulnerabilities");
+ desc["english"] = "
+
+ Overview:
+ According to its version number, the remote version of Phorum is
+ prone to multiple cross-site scripting vulnerabilities because the
+ application fails to sufficiently sanitize user-supplied input.
+
+ An attacker can exploit these issues to steal cookie-based
+ authentication credentials and launch other attacks.
+
+ Phorum 5.2.10 and 5.2-dev are vulnerable; other versions may also be
+ affected.
+
+ See also:
+ http://www.securityfocus.com/bid/34551
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Phorum is vulnerable to multiple XSS");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Web application abuses");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("phorum_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+if(!can_host_php(port:port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/phorum")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_equal(version: vers, test_version: "5.2.10") ||
+ ereg(pattern:"^5\.2-dev$", string: vers))
+ {
+ security_hole(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/phorum_34551.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/postgresql_34069.nasl
===================================================================
--- trunk/openvas-plugins/scripts/postgresql_34069.nasl 2009-04-24 14:23:28 UTC (rev \
3193)
+++ trunk/openvas-plugins/scripts/postgresql_34069.nasl 2009-04-24 18:04:08 UTC (rev \
3194) @@ -0,0 +1,75 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# PostgreSQL Low Cost Function Information Disclosure Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100158);
+ script_bugtraq_id(34069);
+ script_version ("1.0");
+
+ script_name(english:"PostgreSQL Low Cost Function Information Disclosure \
Vulnerability"); + desc["english"] = "
+
+ Overview:
+ PostgreSQL is prone to an information-disclosure vulnerability.
+
+ Local attackers can exploit this issue to obtain sensitive
+ information that may lead to further attacks.
+
+ PostgreSQL 8.3.6 is vulnerable; other versions may also be affected.
+
+ See also:
+ http://www.securityfocus.com/bid/34069
+ http://www.postgresql.org/
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if PostgreSQL is vulnerable to Information \
Disclosure"); + script_category(ACT_GATHER_INFO);
+ script_family(english:"Databases");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("postgresql_detect.nasl");
+ script_require_ports("Services/postgresql", 5432);
+ exit(0);
+}
+
+include("version_func.inc");
+include("misc_func.inc");
+
+port = get_kb_item("Services/postgresql");
+if(!port)port = 5432;
+if(!get_tcp_port_state(port))exit(0);
+
+if(!ver = get_kb_list(string("PostgreSQL/Remote/", port, "/Ver")))exit(0);
+
+if(version_in_range(version:ver, test_version:"8.3", test_version2:"8.3.6") )
+{
+ security_warning(port:port);
+ exit(0);
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/postgresql_34069.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Added: trunk/openvas-plugins/scripts/postgresql_cve_2009_0922.nasl
===================================================================
--- trunk/openvas-plugins/scripts/postgresql_cve_2009_0922.nasl 2009-04-24 14:23:28 \
UTC (rev 3193)
+++ trunk/openvas-plugins/scripts/postgresql_cve_2009_0922.nasl 2009-04-24 18:04:08 \
UTC (rev 3194) @@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# PostgreSQL Conversion Encoding Remote Denial of Service
+# Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100157);
+ script_bugtraq_id(34090);
+ script_cve_id("CVE-2009-0922");
+ script_version ("1.0");
+
+ script_name(english:"PostgreSQL Conversion Encoding Remote Denial of Service \
Vulnerability"); + desc["english"] = "
+
+ Overview:
+ PostgreSQL is prone to a remote denial-of-service vulnerability.
+
+ Exploiting this issue may allow attackers to terminate connections
+ to the PostgreSQL server, denying service to legitimate users.
+
+ Solution:
+ Updates are available. Update to newer Version.
+
+ See also:
+ http://www.securityfocus.com/bid/34090
+ http://www.postgresql.org/
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if PostgreSQL is vulnerable to DoD");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Databases");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("postgresql_detect.nasl");
+ script_require_ports("Services/postgresql", 5432);
+ exit(0);
+}
+
+include("version_func.inc");
+include("misc_func.inc");
+
+port = get_kb_item("Services/postgresql");
+if(!port)port = 5432;
+if(!get_tcp_port_state(port))exit(0);
+
+if(!ver = get_kb_list(string("PostgreSQL/Remote/", port, "/Ver")))exit(0);
+
+if(version_in_range(version:ver, test_version:"8.3", test_version2:"8.3.6") ||
+ version_in_range(version:ver, test_version:"8.2", test_version2:"8.2.6") ||
+ version_in_range(version:ver, test_version:"8.1", test_version2:"8.1.11") ||
+ version_in_range(version:ver, test_version:"8.0", test_version2:"8.0.17") ||
+ version_in_range(version:ver, test_version:"7.4", test_version2:"7.4.19") ||
+ version_in_range(version:ver, test_version:"7.3", test_version2:"7.3.21") ||
+ version_in_range(version:ver, test_version:"7.2", test_version2:"7.2.7") ||
+ version_in_range(version:ver, test_version:"7.1", test_version2:"7.1.3") ||
+ version_in_range(version:ver, test_version:"7.0", test_version2:"7.0.3") ||
+ version_in_range(version:ver, test_version:"6.5", test_version2:"6.5.3"))
+{
+ security_hole(port:port);
+ exit(0);
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/postgresql_cve_2009_0922.nasl
___________________________________________________________________
Name: svn:keywords
+ ID
Modified: trunk/openvas-plugins/scripts/postgresql_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/postgresql_detect.nasl 2009-04-24 14:23:28 UTC (rev \
3193)
+++ trunk/openvas-plugins/scripts/postgresql_detect.nasl 2009-04-24 18:04:08 UTC (rev \
3194) @@ -129,7 +129,7 @@
version = eregmatch(pattern:"server_version([0-9.]+)", string: dump);
if(!isnull(version[1])) {
vers = version[1];
- set_kb_item(name:"PostgreSQL/Remote/Ver", value: vers);
+ set_kb_item(name:"PostgreSQL/Remote/" + port + "/Ver", value: vers);
info = string("None\n\nPostgreSQL Version '");
info += vers;
info += string("' was detected on the remote host.\n\n");
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic