[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r3205 - in trunk/openvas-plugins: . scripts
From: scm-commit () wald ! intevation ! org
Date: 2009-04-28 5:58:50
Message-ID: 20090428055850.8D75E4086F () pyrosoma ! intevation ! org
[Download RAW message or body]
Author: chandra
Date: 2009-04-28 07:58:48 +0200 (Tue, 28 Apr 2009)
New Revision: 3205
Added:
trunk/openvas-plugins/scripts/secpod_apache_tiles_detect.nasl
trunk/openvas-plugins/scripts/secpod_apache_tiles_xss_vuln.nasl
trunk/openvas-plugins/scripts/secpod_ghostscript_detect_lin.nasl
trunk/openvas-plugins/scripts/secpod_ghostscript_detect_win.nasl
trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_lin.nasl
trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_win.nasl
trunk/openvas-plugins/scripts/secpod_mpg123_detect_lin.nasl
trunk/openvas-plugins/scripts/secpod_mpg123_player_dos_vuln_lin.nasl
trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_bof_vuln.nasl
trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_detect.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-04-27 19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/ChangeLog 2009-04-28 05:58:48 UTC (rev 3205)
@@ -1,3 +1,16 @@
+2009-04-28 Chandrashekhar B <bchandra@secpod.com>
+ * scripts/secpod_ghostscript_mult_bof_vuln_lin.nasl,
+ scripts/secpod_ghostscript_detect_lin.nasl,
+ scripts/secpod_apache_tiles_detect.nasl,
+ scripts/secpod_xilisoft_video_conv_bof_vuln.nasl,
+ scripts/secpod_xilisoft_video_conv_detect.nasl,
+ scripts/secpod_apache_tiles_xss_vuln.nasl,
+ scripts/secpod_mpg123_player_dos_vuln_lin.nasl,
+ scripts/secpod_ghostscript_mult_bof_vuln_win.nasl,
+ scripts/secpod_mpg123_detect_lin.nasl,
+ scripts/secpod_ghostscript_detect_win.nasl:
+ Added new plugins
+
2009-04-27 Christian Eric Edjenguele <christian.edjenguele@owasp.org>
* scripts/remote-Opentaps-defaultPwd.nasl,
* scripts/remote-ApacheOfbiz-defaultPwd.nasl:
Added: trunk/openvas-plugins/scripts/secpod_apache_tiles_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_apache_tiles_detect.nasl 2009-04-27 19:08:45 \
UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_apache_tiles_detect.nasl 2009-04-28 05:58:48 \
UTC (rev 3205) @@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_apache_tiles_detect.nasl 1632 2009-04-20 19:32:24Z apr $
+#
+# Apache Tiles Version Detection
+#
+# Authors:
+# Sujit Ghosal <sghosal@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900493);
+ script_version("Revision: 1.0 ");
+ script_name(english:"Apache Tiles Version Detection");
+ desc["english"] = "
+ Overview: This script detects the installed version of Apache Tiles and sets
+ the version in KB.
+
+ Risk factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Sets the KB for the version of Apache Tiles");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 80, 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+port = get_http_port(default:8080);
+if(!port){
+ port = 8080;
+}
+
+if(!get_port_state(port)){
+ exit(0);
+}
+
+foreach dir (make_list("/", "/tiles", cgi_dirs()))
+{
+ sndReq = http_get(item:string(dir, "/apidocs/index.html \r\n\r\n HTTP/1.1"), \
port:port); + rcvRes = http_send_recv(port:port, data:sndReq);
+
+ if(rcvRes == NULL){
+ exit(0);
+ }
+
+ if("packageFrame" >< rcvRes || "classFrame" >< rcvRes)
+ {
+ request = http_get(item:string(dir, "/apidocs/org/apache/tiles/Definition.html \
" + + "\r\n\r\n HTTP/1.1"), port:port);
+ response = http_send_recv(port:port, data:request);
+
+ if(response == NULL)
+ {
+ request = http_get(item:string(dir, \
"/apidocs/org/apache/tiles/definition/digester" + + \
"/DigesterDefinitionsReader.FillDefinitionRule.html" + + \
"\r\n\r\n HTTP/1.1"), port:port); + response = http_send_recv(port:port, \
data:request); + }
+
+ if(response != NULL)
+ {
+ version = eregmatch(pattern:">([0-9]\.[0-9]\.[0-9.]+)", string:response);
+ if(version[1] != NULL){
+ set_kb_item(name:"www/" + port + "/Apache/Tiles", value:version[1] + " under \
" + dir); + }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_apache_tiles_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_apache_tiles_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_apache_tiles_xss_vuln.nasl 2009-04-27 \
19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_apache_tiles_xss_vuln.nasl 2009-04-28 \
05:58:48 UTC (rev 3205) @@ -0,0 +1,96 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_apache_tiles_xss_vuln.nasl 1632 2009-04-24 21:02:12Z apr $
+#
+# Apache Tiles Multiple XSS Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900496);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1275");
+ script_bugtraq_id(34657);
+ script_name(english:"Apache Tiles Multiple XSS Vulnerability");
+ desc["english"] = "
+
+ Overview: This host has Apache Tiles installed and is prone to Cross-Site
+ Script Vulnerability
+
+ Vulnerability Insight:
+ This flaw is due to attribute values or templates are defined using some
+ JSP tags 'tiles:putAttribute', 'tiles:insertTemplate' are evaluated twice.
+
+ Impact:
+ Successful exploitation will let the attacker access the server context
+ inside the tiles web application and perform XSS attacks.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Apache Tiles version 2.1 to 2.1.1
+
+ Fix: Upgrade your Apache Tiles version to 2.1.2
+ http://tiles.apache.org/download.html
+
+ References:
+ https://issues.apache.org/struts/browse/TILES-351
+ http://svn.apache.org/viewvc/tiles/framework/trunk/src/site/apt/security/security-bulletin-1.apt?revision=741913
+
+ CVSS Score:
+ CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.0
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Apache Tiles");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("secpod_apache_tiles_detect.nasl");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+tilesPort = get_http_port(default:8080);
+if(!tilesPort){
+ exit();
+}
+
+if(!get_port_state(tilesPort)){
+ exit(0);
+}
+
+version = get_kb_item("www/" + tilesPort + "/Apache/Tiles");
+version = eregmatch(pattern:"^(.+) under (/.*)$", string:version);
+if(version[1] == NULL){
+ exit(0);
+}
+
+if(version_in_range(version:version[1], test_version:"2.1",
+ test_version2:"2.1.1")){
+ security_warning(tilesPort);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_apache_tiles_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ghostscript_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ghostscript_detect_lin.nasl 2009-04-27 \
19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_ghostscript_detect_lin.nasl 2009-04-28 \
05:58:48 UTC (rev 3205) @@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ghostscript_detect_lin.nasl 1699 2009-04-21 09:21:12Z apr $
+#
+# Ghostscript Version Detection (Linux)
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900541);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"Ghostscript Version Detection (Linux)");
+ desc["english"] = "
+
+ Overview: This script detects the installed version of Ghostscript and
+ sets the result in KB.
+
+ Risk factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Sets KB for Version of Ghostscript");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 secPod");
+ script_family(english:"Service detection");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+gsName = find_file(file_name:"gs", file_path:"/", useregex:TRUE,
+ regexpar:"$", sock:sock);
+foreach binary_gsName(gsName)
+{
+ binary_name = chomp(binary_gsName);
+ gsVer = get_bin_version(full_prog_name:binary_name, version_argv:"--version",
+ ver_pattern:"([0-9]\.[0-9.]+)", sock:sock);
+ if(gsVer[0] != NULL)
+ {
+ set_kb_item(name:"Ghostscript/Linux/Ver", value:gsVer[0]);
+ ssh_close_connection();
+ exit(0);
+ }
+}
+ssh_close_connection();
Property changes on: trunk/openvas-plugins/scripts/secpod_ghostscript_detect_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ghostscript_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ghostscript_detect_win.nasl 2009-04-27 \
19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_ghostscript_detect_win.nasl 2009-04-28 \
05:58:48 UTC (rev 3205) @@ -0,0 +1,72 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ghostscript_detect_win.nasl 1699 2009-04-21 13:47:29Z apr $
+#
+# Ghostscript Version Detection (Win)
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900539);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"Ghostscript Version Detection (Win)");
+ desc["english"] = "
+ Overview: This script detects the installed version of Ghostscript and
+ sets the reuslt in KB.
+
+ Risk Factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of Ghostscript");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\GPL Ghostscript")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ ghostName = registry_get_sz(key:key + item, item:"DisplayName");
+ if("Ghostscript" >< ghostName)
+ {
+ ghostVer = eregmatch(pattern:"Ghostscript ([0-9.]+)", string:ghostName);
+ if(ghostVer[1] != NULL){
+ set_kb_item(name:"Ghostscript/Win/Ver", value:ghostVer[1]);
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ghostscript_detect_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_lin.nasl 2009-04-27 \
19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_lin.nasl 2009-04-28 \
05:58:48 UTC (rev 3205) @@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ghostscript_mult_bof_vuln_lin.nasl 1699 2009-04-21 11:20:02Z apr $
+#
+# Ghostscript Multiple Buffer Overflow Vulnerabilities (Linux).
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900542);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0792", "CVE-2009-0196");
+ script_bugtraq_id(34445, 34184);
+ script_name(english:"Ghostscript Multiple Buffer Overflow Vulnerabilities \
(Linux)"); + desc["english"] = "
+
+ Overview: This host is installed with Ghostscript and is prone to
+ Buffer Overflow Vulnerability.
+
+ Vulnerability Insight:
+ The flaws arise due to
+ - A boundary error in the jbig2_symbol_dict.c() function in the JBIG2
+ decoding library (jbig2dec) while decoding JBIG2 symbol dictionary
+ segments.
+ - multiple integer overflows in icc.c in the ICC Format library while
+ processing malformed PDF and PostScript files with embedded images.
+
+ Impact:
+ Successful exploitation allows the attacker to execute arbitrary code in
+ the context of the affected application and to cause denial of service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Ghostscript version 8.64 and prior on Linux.
+
+ Fix: No solution or patch is available as on 27th April, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://ghostscript.com/releases/
+
+ References:
+ http://secunia.com/advisories/34292
+ http://www.vupen.com/english/advisories/2009/0983
+ http://securitytracker.com/alerts/2009/Apr/1022029.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.9
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of Ghostscript");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Buffer overflow");
+ script_dependencies("secpod_ghostscript_detect_lin.nasl");
+ script_require_keys("Ghostscript/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ghostVer = get_kb_item("Ghostscript/Linux/Ver");
+if(!ghostVer){
+ exit(0);
+}
+
+if(version_is_less_equal(version:ghostVer, test_version:"8.64")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_lin.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_win.nasl 2009-04-27 \
19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_win.nasl 2009-04-28 \
05:58:48 UTC (rev 3205) @@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ghostscript_mult_bof_vuln_win.nasl 1699 2009-04-21 14:20:02Z apr $
+#
+# Ghostscript Multiple Buffer Overflow Vulnerabilities (Win).
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900540);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0792", "CVE-2009-0196");
+ script_bugtraq_id(34445, 34184);
+ script_name(english:"Ghostscript Multiple Buffer Overflow Vulnerabilities (Win)");
+ desc["english"] = "
+
+ Overview: This host is installed with Ghostscript and is prone to
+ Buffer Overflow Vulnerability.
+
+ Vulnerability Insight:
+ These flaws arise due to,
+ - a boundary error in the jbig2_symbol_dict.c() function in the JBIG2
+ decoding library (jbig2dec) while decoding JBIG2 symbol dictionary
+ segments.
+ - multiple integer overflows in icc.c in the ICC Format library while
+ processing malformed PDF and PostScript files with embedded images.
+
+ Impact:
+ Successful exploitation allows the attacker to execute arbitrary code in
+ the context of the affected application and can cause denial of service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Ghostscript version 8.64 and prior on Windows.
+
+ Fix: No solution or patch is available as on 27th April, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.ghostscript.com/
+
+ References:
+ http://secunia.com/advisories/34292
+ http://www.vupen.com/english/advisories/2009/0983
+ http://securitytracker.com/alerts/2009/Apr/1022029.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.9
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of Ghostscript");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Buffer overflow");
+ script_dependencies("secpod_ghostscript_detect_win.nasl");
+ script_require_keys("Ghostscript/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ghostVer = get_kb_item("Ghostscript/Win/Ver");
+if(!ghostVer){
+ exit(0);
+}
+
+if(version_is_less_equal(version:ghostVer, test_version:"8.64")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_ghostscript_mult_bof_vuln_win.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_mpg123_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_mpg123_detect_lin.nasl 2009-04-27 19:08:45 \
UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_mpg123_detect_lin.nasl 2009-04-28 05:58:48 \
UTC (rev 3205) @@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_mpg123_detect_lin.nasl 1787 2009-04-20 11:30:29Z apr $
+#
+# mpg123 Player Version Detection (Linux)
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900543);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"mpg123 Player Version Detection (Linux)");
+ desc["english"] = "
+ Overview: This script detects the installed version of mpg123 Player
+ and sets the reuslt in KB.
+
+ Risk Factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of mpg123 Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+
+if(!sock){
+ exit(0);
+}
+
+paths = find_file(file_name:"mpg123",file_path:"/",
+ useregex:TRUE, regexpar:"$", sock:sock);
+foreach binName (paths)
+{
+ mpgVer = get_bin_version(full_prog_name:binName, version_argv:"--version",
+ ver_pattern:"[0-9]\.[0-9]\.[0-9]+",
+ sock:sock);
+ if(mpgVer[0] != NULL)
+ {
+ set_kb_item(name:"mpg123/Linux/Ver", value:mpgVer[0]);
+ ssh_close_connection();
+ exit(0);
+ }
+}
+ssh_close_connection();
Property changes on: trunk/openvas-plugins/scripts/secpod_mpg123_detect_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_mpg123_player_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_mpg123_player_dos_vuln_lin.nasl 2009-04-27 \
19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_mpg123_player_dos_vuln_lin.nasl 2009-04-28 \
05:58:48 UTC (rev 3205) @@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_mp123_player_dos_vuln_lin.nasl 1787 2009-04-20 11:45:02Z apr $
+#
+# mpg123 Player Denial of Service Vulnerability (Linux).
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900538);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1301");
+ script_bugtraq_id(34381);
+ script_name(english:"mpg123 Player Denial of Service Vulnerability (Linux)");
+ desc["english"] = "
+
+ Overview: This host is running mpg123 Player which is prone to denial of
+ service vulnerability.
+
+ Vulnerability Insight:
+ This flaw is due to integer signedness error in the store_id3_text function
+ in the ID3v2 code when processing ID3v2 tags with negative encoding values.
+
+ Impact: Successful exploitation will let the attacker trigger out of bounds
+ memory access and thus execute arbitrary code and possibly crash the
+ application.
+
+ Impact level: Application
+
+ Affected Software/OS:
+ mpg123 Player prior to 1.7.2 on Linux.
+
+ Fix: Update to version 1.7.2
+ http://www.mpg123.de/download.shtml
+
+ References:
+ http://secunia.com/advisories/34587
+ http://www.vupen.com/english/advisories/2009/0936
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.4
+ Risk factor: High ";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of mpg123 Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Denial of Service");
+ script_dependencies("secpod_mpg123_detect_lin.nasl");
+ script_require_keys("mpg123/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+mpgVer = get_kb_item("mpg123/Linux/Ver");
+if(mpgVer == NULL){
+ exit(0);
+}
+
+if(version_is_less(version:mpgVer, test_version:"1.7.2")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_mpg123_player_dos_vuln_lin.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_bof_vuln.nasl 2009-04-27 \
19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_bof_vuln.nasl 2009-04-28 \
05:58:48 UTC (rev 3205) @@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xilisoft_video_conv_bof_vuln.nasl 1904 2009-04-23 15:56:36Z apr $
+#
+# Xilisoft Video Converter Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900630);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1370");
+ script_bugtraq_id(34472);
+ script_name(english:"Xilisoft Video Converter Buffer Overflow Vulnerability");
+ desc["english"] = "
+
+ Overview: This host is with installed Xilisoft Video Converter and is prone
+ to Buffer Overflow Vulnerability.
+
+ Vulnerability Insight:
+ The cause is due to an error in ape_plugin.plg when parsing malicious .CUE
+ files containing overly long string.
+
+ Impact:
+ This issue can be exploited to corrupt the memory and to execute arbitrary
+ code in the context of the affected application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Xilisoft Video Converter version 3.x to 3.1.53.0704n and 5.x to 5.1.23.0402
+ on Windows.
+
+ Fix: No solution or patch is available as on 27th April, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.xilisoft.com/
+
+ References:
+ http://secunia.com/advisories/34660
+ http://www.milw0rm.com/exploits/8452
+ http://xforce.iss.net/xforce/xfdb/49807
+
+ CVSS Score:
+ VSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 8.4
+ Risk factor :Critical";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Xilisoft Video Converter");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Buffer overflow");
+ script_dependencies("secpod_xilisoft_video_conv_detect.nasl");
+ script_require_keys("Xilisoft/Video/Conv/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+xsoftVer = get_kb_item("Xilisoft/Video/Conv/Ver");
+if(!xsoftVer){
+ exit(0);
+}
+
+if(version_in_range(version:xsoftVer, test_version:"3.0", \
test_version2:"3.1.53.0704n") || + version_in_range(version:xsoftVer, \
test_version:"5.0", test_version2:"5.1.23.0402")){ + security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_detect.nasl 2009-04-27 \
19:08:45 UTC (rev 3204)
+++ trunk/openvas-plugins/scripts/secpod_xilisoft_video_conv_detect.nasl 2009-04-28 \
05:58:48 UTC (rev 3205) @@ -0,0 +1,71 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xilisoft_video_conv_detect.nasl 1904 2009-04-23 90:07:05Z apr$
+#
+# Xilisoft Video Converter Version Detection
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 secpod http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+##############################################################################
+
+if(description)
+{
+ script_id(900629);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"Xilisoft Video Converter Version Detection");
+ desc["english"] = "
+
+ Overview: The script will detects the Xilisoft Video Converter installed
+ on this host and sets the version in KB.
+
+ Risk factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Sets KB for the version of Xilisoft Video Converter");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ xilisoftName= registry_get_sz(item:"DisplayName", key:key +item);
+ xilisoftConf = registry_get_sz(item:"UninstallString", key:key + item);
+
+ if(("Video Converter" >< xilisoftName) && ("Xilisoft" >< xilisoftConf))
+ {
+ xilisoftVer = registry_get_sz(item:"DisplayVersion", key:key + item);
+ if(xilisoftVer != NULL){
+ set_kb_item(name:"Xilisoft/Video/Conv/Ver", value:xilisoftVer);
+ }
+ exit(0);
+ }
+}
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic