[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r3218 - in trunk/openvas-plugins: . scripts
From: scm-commit () wald ! intevation ! org
Date: 2009-04-30 4:40:18
Message-ID: 20090430044018.0C3FE40898 () pyrosoma ! intevation ! org
[Download RAW message or body]
Author: chandra
Date: 2009-04-30 06:40:16 +0200 (Thu, 30 Apr 2009)
New Revision: 3218
Added:
trunk/openvas-plugins/scripts/secpod_apache_detect.nasl
trunk/openvas-plugins/scripts/secpod_apache_mod_proxy_ajp_info_disc_vuln.nasl
trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_lin.nasl
trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_win.nasl
trunk/openvas-plugins/scripts/secpod_cups_detect.nasl
trunk/openvas-plugins/scripts/secpod_cups_dns_rebinding_vuln.nasl
trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_bof_vuln.nasl
trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_detect.nasl
trunk/openvas-plugins/scripts/secpod_elecard_avchd_player_bof_vuln.nasl
trunk/openvas-plugins/scripts/secpod_elecard_avchd_player_detect.nasl
trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_lin.nasl
trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_win.nasl
trunk/openvas-plugins/scripts/secpod_mini_stream_mult_prdts_bof_apr09.nasl
trunk/openvas-plugins/scripts/secpod_mini_stream_prdts_detect.nasl
trunk/openvas-plugins/scripts/secpod_ntp_bof_vuln.nasl
trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_lin.nasl
trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_win.nasl
trunk/openvas-plugins/scripts/secpod_simple_machines_forum_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_lin.nasl
trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_win.nasl
trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_lin.nasl
trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_win.nasl
trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_lin.nasl
trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_win.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_ntp_detect_lin.nasl
trunk/openvas-plugins/scripts/ntp_open.nasl
Log:
To Production (24) + 2 Modified.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-04-29 13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/ChangeLog 2009-04-30 04:40:16 UTC (rev 3218)
@@ -1,5 +1,34 @@
+2009-04-30 Chandan S <schandan@secpod.com>
+ * scripts/secpod_firefox_mult_vuln_apr09_win.nasl,
+ scripts/secpod_firefox_mult_vuln_apr09_lin.nasl,
+ scripts/secpod_thunderbird_mult_vuln_apr09_win.nasl,
+ scripts/secpod_thunderbird_mult_vuln_apr09_lin.nasl,
+ scripts/secpod_seamonkey_mult_vuln_apr09_win.nasl,
+ scripts/secpod_seamonkey_mult_vuln_apr09_lin.nasl,
+ scripts/secpod_sun_java_dir_server_detect_win.nasl,
+ scripts/secpod_sun_java_dir_server_detect_lin.nasl,
+ scripts/secpod_sun_java_dir_server_info_disc_vuln_win.nasl,
+ scripts/secpod_sun_java_dir_server_info_disc_vuln_lin.nasl,
+ scripts/secpod_ntp_bof_vuln.nasl,
+ scripts/secpod_easy_rmtomp3_conv_detect.nasl,
+ scripts/secpod_easy_rmtomp3_conv_bof_vuln.nasl,
+ scripts/secpod_clamav_dos_vuln_lin.nasl,
+ scripts/secpod_clamav_dos_vuln_win.nasl,
+ scripts/secpod_simple_machines_forum_sql_inj_vuln.nasl,
+ scripts/secpod_cups_detect.nasl,
+ scripts/secpod_cups_dns_rebinding_vuln.nasl,
+ scripts/secpod_apache_detect.nasl,
+ scripts/secpod_apache_mod_proxy_ajp_info_disc_vuln.nasl,
+ scripts/secpod_elecard_avchd_player_detect.nasl,
+ scripts/secpod_elecard_avchd_player_bof_vuln.nasl:
+ Chekedin New scripts.
+
+ * scripts/gb_ntp_detect_lin.nasl,
+ scripts/ntp_open.nasl:
+ Modified to get version through Remote and Local checks.
+
2009-04-29 Chandan S <schandan@secpod.com>
- * ssh_authorization.nasl:
+ * scripts/ssh_authorization.nasl:
ssh_func.inc include.
2009-04-28 Thomas Reinke <reinke@securityspace.com>
Modified: trunk/openvas-plugins/scripts/gb_ntp_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ntp_detect_lin.nasl 2009-04-29 13:30:21 UTC (rev \
3217)
+++ trunk/openvas-plugins/scripts/gb_ntp_detect_lin.nasl 2009-04-30 04:40:16 UTC (rev \
3218) @@ -39,42 +39,43 @@
script_summary(english:"Set KB for the version of NTP");
script_category(ACT_GATHER_INFO);
script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
- script_family(english:"General");
+ script_family(english:"Service detection");
+ script_dependencies("ntp_open.nasl");
exit(0);
}
include("version_func.inc");
-ntpPort = 123;
-if(!get_udp_port_state(ntpPort)){
- exit(0);
-}
+ntpVersion = get_kb_item("NTP/Linux/Ver");
+if(!ntpVersion)
+{
+ sock = ssh_login_or_reuse_connection();
+ if(!sock){
+ exit(0);
+ }
-sock = ssh_login_or_reuse_connection();
-if(!sock){
- exit(0);
-}
-
-binFiles = find_file(file_name:"ntpd",file_path:"/", useregex:TRUE,
+ binFiles = find_file(file_name:"ntpd",file_path:"/", useregex:TRUE,
regexpar:"$", sock:sock);
+ foreach binName (binFiles)
+ {
+ ntpVer = get_bin_version(full_prog_name:chomp(binName), sock:sock,
+ version_argv:"--version",
+ ver_pattern:"ntpd.* ([0-9]\.[0-9.]+)([a-z][0-9]+)?-?(RC[0-9])?");
+ if(ntpVer[1] != NULL)
+ {
+ if(ntpVer[2] =~ "[a-z][0-9]+" && ntpVer[3] =~ "RC"){
+ ntpVer = ntpVer[1] + "." + ntpVer[2] + "." + ntpVer[3];
+ }
+ else if(ntpVer[2] =~ "[a-z][0-9]+"){
+ ntpVer = ntpVer[1] + "." + ntpVer[2];
+ }
+ else ntpVer = ntpVer[1];
-foreach binName (binFiles)
-{
- ntpVer = get_bin_version(full_prog_name:chomp(binName), sock:sock,
- version_argv:"--version",
- ver_pattern:"ntpd.* ([0-9]\.[0-9.]+)([a-z][0-9]+)?");
- if(ntpVer[1] != NULL)
- {
- if(ntpVer[2] =~ "[a-z][0-9]+"){
- ntpVer = ntpVer[1] + "." + ntpVer[2];
+ set_kb_item(name:"NTP/Linux/Ver", value:ntpVer);
+ ssh_close_connection();
+ exit(0);
}
- else
- ntpVer = ntpVer[1];
-
- set_kb_item(name:"NTP/Linux/Ver", value:ntpVer);
- ssh_close_connection();
- exit(0);
}
+ ssh_close_connection();
}
-ssh_close_connection();
Modified: trunk/openvas-plugins/scripts/ntp_open.nasl
===================================================================
--- trunk/openvas-plugins/scripts/ntp_open.nasl 2009-04-29 13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/ntp_open.nasl 2009-04-30 04:40:16 UTC (rev 3218)
@@ -1,4 +1,6 @@
+##########################################################################
#
+#
# This script was written by David Lodge
#
# See the Nessus Scripts License for details
@@ -6,37 +8,32 @@
# Changes by rd:
# - recv() only receives the first two bytes of data (instead of 1024)
# - replaced ord(result[0]) == 0x1E by ord(result[0]) & 0x1E (binary AND)
+#########################################################################
+
if(description)
{
- script_id(10884);
- script_version("$Revision$");
- name["english"] = "NTP read variables";
- script_name(english:name["english"]);
-
- desc["english"] = "
-A NTP (Network Time Protocol) server is listening on this port.
+ script_id(10884);
+ script_version("$Revision$");
+ name["english"] = "NTP read variables";
+ script_name(english:name["english"]);
-Risk factor : Low";
+ desc["english"] = "
+ A NTP (Network Time Protocol) server is listening on this port.
- script_description(english:desc["english"]);
-
- summary["english"] = "NTP allows query of variables";
- script_summary(english:summary["english"]);
-
- script_category(ACT_GATHER_INFO);
-
- script_copyright(english:"This script is Copyright (C) 2002 David Lodge");
- family["english"] = "General";
- script_family(english:family["english"]);
+ Risk factor : Low";
- exit(0);
+ script_description(english:desc["english"]);
+
+ summary["english"] = "NTP allows query of variables";
+ script_summary(english:summary["english"]);
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"This script is Copyright (C) 2002 David Lodge");
+ family["english"] = "Service detection";
+ script_family(english:family["english"]);
+ exit(0);
}
-#
-# The script code starts here
-#
-#
function ntp_read_list()
{
@@ -60,69 +57,82 @@
function ntp_installed()
{
-data = raw_string(0xDB, 0x00, 0x04, 0xFA, 0x00, 0x01,
- 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
- 0x00, 0x00, 0xBE, 0x78, 0x2F, 0x1D, 0x19, 0xBA,
- 0x00, 0x00);
+ data = raw_string(0xDB, 0x00, 0x04, 0xFA, 0x00, 0x01,
+ 0x00, 0x00, 0x00, 0x01, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
+ 0x00, 0x00, 0xBE, 0x78, 0x2F, 0x1D, 0x19, 0xBA,
+ 0x00, 0x00);
-soc = open_sock_udp(123);
-send(socket:soc, data:data);
-r = recv(socket:soc, length:4096);
-close(soc);
+ soc = open_sock_udp(123);
+ send(socket:soc, data:data);
+ r = recv(socket:soc, length:4096);
+ close(soc);
-if(strlen(r) > 10)
- {
- return(r);
- }
-return(NULL);
+ if(strlen(r) > 10)
+ {
+ return(r);
+ }
+ return(NULL);
}
-
# find out whether we can open the port
if( !(get_udp_port_state(123)) ) exit(0);
+r = ntp_installed();
-
-r = ntp_installed();
if(r)
+{
+ set_kb_item(name:"NTP/Running", value:TRUE);
+ list = ntp_read_list();
+ if(!list)
+ security_note(port:123, protocol:"udp");
+ else
{
- set_kb_item(name:"NTP/Running", value:TRUE);
- list = ntp_read_list();
- if(!list)security_note(port:123, protocol:"udp");
- else
- {
- if ("system" >< list )
- {
- s = egrep(pattern:"system=", string:list);
- os = ereg_replace(string:s, pattern:".*system='([^']*)'.*", replace:"\1");
- set_kb_item(name:"Host/OS/ntp", value:os);
- }
- if ("processor" >< list )
- {
- s = egrep(pattern:"processor=", string:list);
- os = ereg_replace(string:s, pattern:".*processor='([^']*)'.*", replace:"\1");
- set_kb_item(name:"Host/processor/ntp", value:os);
- }
- report = "It is possible to determine a lot of information about the remote \
host
-by querying the NTP (Network Time Protocol) variables - these include
-OS descriptor, and time settings.
-It was possible to gather the following information from the remote NTP host :
+ if ("system" >< list )
+ {
+ s = egrep(pattern:"system=", string:list);
+ os = ereg_replace(string:s, pattern:".*system='([^']*)'.*", replace:"\1");
+ set_kb_item(name:"Host/OS/ntp", value:os);
+ }
-" + list + "
+ if ("processor" >< list )
+ {
+ s = egrep(pattern:"processor=", string:list);
+ os = ereg_replace(string:s, pattern:".*processor='([^']*)'.*", replace:"\1");
+ set_kb_item(name:"Host/processor/ntp", value:os);
+ }
+ if("ntpd" >< list)
+ {
+ ntpVer = eregmatch(pattern:"ntpd ([0-9.]+)([a-z][0-9])?-?(RC[0-9]+)?", \
string:list); + if(ntpVer[1] != NULL)
+ {
-Quickfix: Set NTP to restrict default access to ignore all info packets:
- restrict default ignore
+ if(ntpVer[2] =~ "[a-z][0-9]+" && ntpVer[3] =~ "RC"){
+ ntpVer = ntpVer[1] + "." + ntpVer[2] + "." + ntpVer[3];
+ }
+ else if(ntpVer[2] =~ "[a-z][0-9]+"){
+ ntpVer = ntpVer[1] + "." + ntpVer[2];
+ }
+ else ntpVer = ntpVer[1];
+ set_kb_item(name:"NTP/Linux/Ver", value:ntpVer);
+ }
+ }
-Risk factor : Low";
- security_note(port:123, protocol:"udp", data:report);
- }
- }
+ report = "It is possible to determine a lot of information about the remote \
host + by querying the NTP (Network Time Protocol) variables - these include
+ OS descriptor, and time settings.
+ It was possible to gather the following information from the remote NTP host :
+ " + list + "
-
+ Quickfix: Set NTP to restrict default access to ignore all info packets:
+ restrict default ignore
+ Risk factor : Low";
+ security_note(port:123, protocol:"udp", data:report);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_apache_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_apache_detect.nasl 2009-04-29 13:30:21 UTC \
(rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_apache_detect.nasl 2009-04-30 04:40:16 UTC \
(rev 3218) @@ -0,0 +1,65 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_apache_detect.nasl 1940 2009-04-27 12:25:24Z apr $
+#
+# Apache Web Server Version Detection
+#
+# Authors:
+# Sujit Ghosal <sghosal@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900498);
+ script_version("Revision: 1.0 ");
+ script_name(english:"Apache Web ServerVersion Detection");
+ desc["english"] = "
+ Overview : This script finds the running Apache Version and saves the
+ result in KB.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_family(english:"Service detection");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_summary(english:"Set Version of Apache Web Server in KB");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+port = get_http_port(default:80);
+if(!get_port_state(port)){
+ exit(0);
+}
+
+banner = get_http_banner(port:port);
+if("Apache" >!< banner){
+ exit(0);
+}
+
+apacheVer = eregmatch(pattern:"Server: Apache/([0-9]\.[0-9]+\.[0-9][0-9]?)",
+ string:banner);
+if(apacheVer[1] != NULL){
+ set_kb_item(name:"www/" + port + "/Apache", value:apacheVer[1]);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_apache_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_apache_mod_proxy_ajp_info_disc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_apache_mod_proxy_ajp_info_disc_vuln.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_apache_mod_proxy_ajp_info_disc_vuln.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,94 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_apache_mod_proxy_ajp_info_disc_vuln.nasl 1940 2009-04-27 13:10:29Z apr \
$ +#
+# Apache mod_proxy_ajp Information Disclosure Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900499);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1191");
+ script_bugtraq_id(34663);
+ script_name(english:"Apache mod_proxy_ajp Information Disclosure Vulnerability");
+ desc["english"] = "
+
+ Overview: This host is running Apache Web Server and is prone to
+ Information Disclosure Vulnerability.
+
+ Vulnerability Insight:
+ This flaw is caused due to an error in 'mod_proxy_ajp' when handling
+ improperly malformed POST requests.
+
+ Impact:
+ Successful exploitation will let the attacker craft a special HTTP POST
+ request and gain sensitive information about the web server.
+
+ Impact level: Application
+
+ Affected Software/OS:
+ Apache HTTP Version 2.2.11
+
+ Workaround:
+ Update mod_proxy_ajp.c through SVN Repository (Revision 767089)
+ http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff
+
+ Fix: No solution or patch is available as on 29th April, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For further updates refer, http://httpd.apache.org/download.cgi
+
+ References:
+ http://secunia.com/advisories/34827
+ http://xforce.iss.net/xforce/xfdb/50059
+ http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+ CVSS Temporal Score : 4.0
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for Apache Web Server version");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("http_version.nasl", "secpod_apache_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+httpdPort = get_http_port(default:80);
+if(!httpdPort){
+ exit(0);
+}
+
+version = get_kb_item("www/" + httpdPort + "/Apache");
+if(version != NULL){
+ if(version_is_less_equal(version:version, test_version:"2.2.11")){
+ security_warning(httpdPort);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_apache_mod_proxy_ajp_info_disc_vuln.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_lin.nasl 2009-04-29 13:30:21 \
UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_lin.nasl 2009-04-30 04:40:16 \
UTC (rev 3218) @@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_clamav_dos_vuln_lin.nasl 1931 2009-04-28 11:09:31Z apr $
+#
+# ClamAV Denial of Service Vulnerability (Linux)
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900545);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-1371", "CVE-2009-1372");
+ script_bugtraq_id(34446);
+ script_name(english:"ClamAV Denial of Service Vulnerability (Linux)");
+ desc["english"] = "
+
+ Overview: The host is installed with ClamAV and is prone to Denial of Service
+ Vulnerability.
+
+ Vulnerability Insight:
+ - Error in CLI_ISCONTAINED macro in libclamav/others.h while processing
+ malformed files packed with UPack.
+ - Buffer overflow error in cli_url_canon() function in libclamav/phishcheck.c
+ while handling specially crafted URLs.
+
+ Impact:
+ Attackers can exploit this issue by executing arbitrary code via a crafted
+ URL in the context of affected application, and can cause denial of service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ ClamAV before 0.95.1 on Linux.
+
+ Fix: Upgrade to ClamAV 0.95.1
+ http://www.clamav.net/download
+
+ References:
+ http://secunia.com/advisories/34612/
+ http://www.vupen.com/english/advisories/2009/0985
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.4
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of ClamAV");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Denial of Service");
+ script_dependencies("gb_clamav_detect_lin.nasl");
+ script_require_keys("ClamAV/Lin/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+avVer = get_kb_item("ClamAV/Lin/Ver");
+if(avVer == NULL){
+ exit(0);
+}
+
+if(version_is_less(version:avVer, test_version:"0.95.1")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_win.nasl 2009-04-29 13:30:21 \
UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_win.nasl 2009-04-30 04:40:16 \
UTC (rev 3218) @@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_clamav_dos_vuln_win.nasl 1931 2009-04-28 13:19:22Z apr $
+#
+# ClamAV Denial of Service Vulnerability (Win)
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900546);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-1371", "CVE-2009-1372");
+ script_bugtraq_id(34446);
+ script_name(english:"ClamAV Denial of Service Vulnerability (Win)");
+ desc["english"] = "
+
+ Overview: The host is installed with ClamAV and is prone to Denial of Service
+ Vulnerability.
+
+ Vulnerability Insight:
+ - Error in CLI_ISCONTAINED macro in libclamav/others.h while processing
+ malformed files packed with UPack.
+ - Buffer overflow error in cli_url_canon() function in libclamav/phishcheck.c
+ while handling specially crafted URLs.
+
+ Impact:
+ Attackers can exploit this issue by executing arbitrary code via a crafted
+ URL in the context of affected application, and can cause denial of service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ ClamAV before 0.95.1 on Windows.
+
+ Fix: Upgrade to ClamAV 0.95.1
+ http://www.clamav.net/download
+
+ References:
+ http://secunia.com/advisories/34612/
+ http://www.vupen.com/english/advisories/2009/0985
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.4
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of ClamAV");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Denial of Service");
+ script_dependencies("gb_clamav_detect_win.nasl");
+ script_require_keys("ClamAV/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+avVer = get_kb_item("ClamAV/Win/Ver");
+if(avVer == NULL){
+ exit(0);
+}
+
+if(version_is_less(version:avVer, test_version:"0.95.1")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_clamav_dos_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_cups_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_cups_detect.nasl 2009-04-29 13:30:21 UTC \
(rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_cups_detect.nasl 2009-04-30 04:40:16 UTC \
(rev 3218) @@ -0,0 +1,76 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_cups_detect.nasl 1967 2009-04-27 16:01:29Z apr $
+#
+# CUPS Version Detection
+#
+# Authors:
+# Sharath S <sharaths@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900348);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"CUPS Version Detection");
+ desc["english"] = "
+ Overview: This script detects the installed version of CUPS (Common UNIX
+ Printing System) and sets the result in KB.
+
+ Risk Factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of CUPS");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 631);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+cupsPort = get_http_port(default:631);
+if(!cupsPort){
+ cupsPort = 631;
+}
+
+if(!get_port_state(cupsPort)){
+ exit(0);
+}
+
+foreach dir (make_list("/", "/admin/", cgi_dirs()))
+{
+ sndReq = http_get(item:string(dir), port:cupsPort);
+ rcvRes = http_send_recv(port:cupsPort, data:sndReq);
+
+ if("CUPS" >< rcvRes && egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes))
+ {
+ ver = eregmatch(pattern: "<TITLE>(Home|Administration) - CUPS ([0-9.]+)"+
+ "</TITLE>", string:rcvRes);
+ if(ver[2] != NULL)
+ {
+ set_kb_item(name:"www/"+ cupsPort + "/CUPS", value:ver[2]);
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_cups_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_cups_dns_rebinding_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_cups_dns_rebinding_vuln.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_cups_dns_rebinding_vuln.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_cups_dns_rebinding_vuln.nasl 1967 2009-04-27 20:59:24Z apr $
+#
+# CUPS HTTP Host Header DNS Rebinding Attacks
+#
+# Authors:
+# Sharath S <sharaths@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900349);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0164");
+ script_bugtraq_id(34665);
+ script_name(english:"CUPS HTTP Host Header DNS Rebinding Attacks");
+ desc["english"] = "
+
+ Overview: This host is running CUPS, and is prone to DNS Rebinding Attacks.
+
+ Vulnerability Insight:
+ The flaw is cause due to insufficient validation of the HTTP Host header
+ in a client request.
+
+ Impact:
+ An attacker can use this weakness to carry out certain attacks such as
+ DNS rebinding against the vulnerable server.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ CUPS version prior to 1.3.10
+
+ Fix: Upgrade to version 1.3.10 or latest
+ http://www.cups.org/software.php
+
+ References:
+ http://www.cups.org/str.php?L3118
+ http://www.cups.org/articles.php?L582
+ http://bugs.gentoo.org/show_bug.cgi?id=263070
+ https://bugzilla.redhat.com/show_bug.cgi?id=490597
+
+ CVSS Score:
+ CVSS Base Score : 6.4 (AV:N/AC:L/Au:NR/C:N/I:P/A:P)
+ CVSS Temporal Score : 4.7
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of CUPS");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"General");
+ script_dependencies("secpod_cups_detect.nasl");
+ script_require_ports("Services/www", 631);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+cupsPort = get_http_port(default:631);
+if(!cupsPort){
+ exit(0);
+}
+
+cupsVer = get_kb_item("www/"+ cupsPort + "/CUPS");
+if(!cupsVer){
+ exit(0);
+}
+
+if(cupsVer != NULL)
+{
+ # Check for CUPS version < 1.3.10
+ if(version_is_less(version:cupsVer, test_version:"1.3.10")){
+ security_warning(cupsPort);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_cups_dns_rebinding_vuln.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_bof_vuln.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_bof_vuln.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_easy_rmtomp3_conv_bof_vuln.nasl 1825 2009-04-28 20:07:05Z apr $
+#
+# Easy RM to MP3 Converter Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+##############################################################################
+
+if(description)
+{
+ script_id(900633);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1330");
+ script_bugtraq_id(34514);
+ script_name(english:"Easy RM to MP3 Converter Buffer Overflow Vulnerability");
+ desc["english"] = "
+
+ Overview: This host is installed with Easy RM to MP3 Converter and is prone
+ to Buffer Overflow Vulnerability.
+
+ Vulnerability Insight:
+ This flaw is caused due to improper boundary checking while the user supplies
+ the input to the application by opening any crafted playlist file.
+
+ Impact:
+ Successful exploitation will let the attacker craft a malicious playlist file
+ and can cause denial of service in the context of the affected system.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Easy RM to MP3 Converter version 2.7.3.700 on Windows.
+
+ Fix: No solution or patch is available as on 29th April, 2009.Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.rm-to-mp3.net
+
+ References:
+ http://www.milw0rm.com/exploits/8427
+ http://secunia.com/advisories/34653
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 8.4
+ Risk factor : Critical";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Easy RM to MP3 Converter");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Denial of Service");
+ script_dependencies("secpod_easy_rmtomp3_conv_detect.nasl");
+ script_require_keys("EasyRmtoMp3/Conv/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+easyVer = get_kb_item("EasyRmtoMp3/Conv/Ver");
+if(easyVer != NULL)
+{
+ if(version_is_less_equal(version:easyVer, test_version:"2.7.3.700")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_detect.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_easy_rmtomp3_conv_detect.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,68 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_easy_rmtomp3_conv_detect.nasl 1825 2009-04-28 20:07:05Z apr $
+#
+# Easy RmtoMp3 Converter Version Detection
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+##############################################################################
+
+if(description)
+{
+ script_id(900632);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"Easy RmtoMp3 Converter Version Detection");
+ desc["english"] = "
+
+ Overview: The script detects the installed Easy RmtoMp3 Converter application
+ and sets the version in KB.
+
+ Risk factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Sets KB for the version of Easy RmtoMp3 Converter");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ rmtomp3Name = registry_get_sz(item:"DisplayName", key:key + item);
+ if(rmtomp3Name =~ "Easy RM to MP3 Converter")
+ {
+ rmtomp3Ver = eregmatch(pattern:" ([0-9.]+)",string:rmtomp3Name);
+ if(rmtomp3Ver[1] != NULL){
+ set_kb_item(name:"EasyRmtoMp3/Conv/Ver", value:rmtomp3Ver[1]);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_elecard_avchd_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_elecard_avchd_player_bof_vuln.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_elecard_avchd_player_bof_vuln.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_elecard_avchd_player_bof_vuln.nasl 1870 2009-04-28 15:56:36Z apr $
+#
+# Elecard AVC HD Player Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+# #
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900627);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1356");
+ script_bugtraq_id(34560);
+ script_name(english:"Elecard AVC HD Player Buffer Overflow Vulnerability");
+ desc["english"] = "
+
+ Overview: This host is installed Elecard AVC HD Player and is prone to Buffer
+ Overflow Vulnerability.
+
+ Vulnerability Insight:
+ Application fails to perform adequate boundary checks on user-supplied input
+ which results in a buffer overflow while processing playlist(.xpl) containing
+ long MP3 filenames.
+
+ Impact: Successful exploitation will allows attacker to execute arbitrary code
+ in the context of the affected application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Elecard AVC HD Player 5.5.90213 and prior on Windows.
+
+ Fix: No solution or patch is available as on 29th April, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.elecard.com/download/index.php
+
+ References:
+ http://www.milw0rm.com/exploits/8452
+ http://en.securitylab.ru/nvd/378145.php
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score: 8.4
+ Risk factor :Critical";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Elecard AVC HD Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Buffer overflow");
+ script_dependencies("secpod_elecard_avchd_player_detect.nasl");
+ script_require_keys("Elecard/AVC/HD/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+avcPlayer = get_kb_item("Elecard/AVC/HD/Ver");
+if(!avcPlayer){
+ exit(0);
+}
+
+if(version_is_less_equal(version:avcPlayer, test_version:"5.5.90213")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/secpod_elecard_avchd_player_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_elecard_avchd_player_detect.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_elecard_avchd_player_detect.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,61 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_elecard_avchd_player_detect.nasl 1870 2009-04-28 09:07:05Z apr $
+#
+# Elecard AVC HD Player Application Version Detection
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+##############################################################################
+
+if(description)
+{
+ script_id(900628);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"Elecard AVC HD Player Version Detection");
+ desc["english"] = "
+
+ Overview: The script detects the Elecard AVC HD Player installed on
+ host and sets the version in KB.
+
+ Risk factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Sets KB for the version of Elecard AVC HD Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) SecPod");
+ script_family(english:"Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+avcVer = registry_get_sz(key:"SOFTWARE\Elecard\Packages\Elecard AVC HD Player",
+ item:"Version");
+if(avcVer){
+ set_kb_item(name:"Elecard/AVC/HD/Ver", value:avcVer);
+}
Added: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_lin.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_lin.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_mult_vuln_apr09_lin.nasl 1903 2009-04-24 15:33:33Z apr $
+#
+# Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900343);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305",
+ "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309",
+ "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312");
+ script_bugtraq_id(34656);
+ script_name(english:"Mozilla Firefox Multiple Vulnerabilities Apr-09 (Linux)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Firefox browser and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ For more information about vulnerabilities on Firefox, go through the links
+ mentioned in references.
+
+ Impact:
+ Successful exploitation could result in Information Disclosure, XSS, Script
+ Injection, Memory Corruption, CSRF, Arbitrary JavaScript code execution or
+ can cause denial of service attacks.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Firefox version prior to 3.0.9 on Linux.
+
+ Fix: Upgrade to Firefox version 3.0.9
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://secunia.com/advisories/34758
+ http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("gb_firefox_detect_lin.nasl");
+ script_require_keys("Firefox/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version prior to 3.0.9
+if(version_is_less(version:ffVer, test_version:"3.0.9")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_lin.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_win.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_win.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_mult_vuln_apr09_win.nasl 1903 2009-04-24 12:54:33Z apr $
+#
+# Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900342);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305",
+ "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309",
+ "CVE-2009-1310", "CVE-2009-1311", "CVE-2009-1312");
+ script_bugtraq_id(34656);
+ script_name(english:"Mozilla Firefox Multiple Vulnerabilities Apr-09 (Win)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Firefox browser and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ For more information about vulnerabilities on Firefox, go through the links
+ mentioned in references.
+
+ Impact:
+ Successful exploitation could result in Information Disclosure, XSS, Script
+ Injection, Memory Corruption, CSRF, Arbitrary JavaScript code execution or
+ can cause denial of service attacks.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Firefox version prior to 3.0.9 on Windows.
+
+ Fix: Upgrade to Firefox version 3.0.9
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://secunia.com/advisories/34758
+ http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-20.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version prior to 3.0.9
+if(version_is_less(version:ffVer, test_version:"3.0.9")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_apr09_win.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_mini_stream_mult_prdts_bof_apr09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_mini_stream_mult_prdts_bof_apr09.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_mini_stream_mult_prdts_bof_apr09.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,149 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_mini_stream_mult_prdts_bof_apr09.nasl 1826 2009-04-21 15:15:24Z apr $
+#
+# Mini-Stream Multiple Products Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900625);
+ script_version("Revision: 1.0");
+ script_cve_id("CVE-2009-1329", "CVE-2009-1328", "CVE-2009-1327",
+ "CVE-2009-1326", "CVE-2009-1324","CVE-2009-1325");
+ script_bugtraq_id(34494);
+ script_name(english:"Mini-Stream Multiple Products Buffer Overflow \
Vulnerability"); + desc["english"] = "
+
+ Overview:
+ This host has Mini-Stream products installed and is prone to Buffer
+ Overflow Vulnerability.
+
+ Vulnerability Insight:
+ A boundary error occurs in multiple Mini-stream products due to inadequate
+ validation of user supplied data while processing playlist (.m3u) files
+ with overly long URI.
+
+ Impact:
+ Successful exploitation allows attackers to execute arbitrary code or crash
+ the system.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ Shadow Stream Recorder version 3.0.1.7 and prior on Windows
+ RM-MP3 Converter version 3.0.0.7 and prior on Windows
+ WM Downloader version 3.0.0.9 and prior on Windows
+ RM Downloader version 3.0.0.9 and prior on Windows
+ ASXtoMP3 Converter version 3.0.0.7 and prior on Windows
+ Ripper version 3.0.1.1 and prior on Windows
+
+ Fix:
+ No solution/patch is available as on 29th April, 2009. Information
+ This issue will be updated once the solution details are available.
+ For updates refer,http://www.mini-stream.com/
+
+ References:
+ http://secunia.com/advisories/34719
+ http://secunia.com/advisories/34674
+ http://www.milw0rm.com/exploits/8426
+ http://www.milw0rm.com/exploits/8407
+ http://xforce.iss.net/xforce/xfdb/49841
+ http://xforce.iss.net/xforce/xfdb/49843
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.9
+ Risk factor :High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Mini Stream Products");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Buffer overflow");
+ script_dependencies("secpod_mini_stream_prdts_detect.nasl");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+
+ssRec = get_kb_item("MiniStream/SSRecorder/Ver");
+if(ssRec)
+{
+ if(version_is_less_equal(version:ssRec, test_version:"3.0.1.7"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+rmMp = get_kb_item("MiniStream/RmToMp3/Conv/Ver");
+if(rmMp)
+{
+ if(version_is_less_equal(version:rmMp, test_version:"3.0.0.7"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+wmDown = get_kb_item("MiniStream/WMDown/Ver");
+if(wmDown)
+{
+ if(version_is_less_equal(version:wmDown, test_version:"3.0.0.9"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+rmDown = get_kb_item("MiniStream/RMDown/Ver");
+if(rmDown)
+{
+ if(version_is_less_equal(version:rmDown, test_version:"3.0.0.9"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+asxMp3 = get_kb_item("MiniStream/AsxToMp3/Conv/Ver");
+if(asxMp3)
+{
+ if(version_is_less_equal(version:asxMp3, test_version:"3.0.0.7"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+ripper = get_kb_item("MiniStream/Ripper/Ver");
+if(ripper)
+{
+ if(version_is_less_equal(version:ripper,test_version:"3.0.1.1"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_mini_stream_prdts_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_mini_stream_prdts_detect.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_mini_stream_prdts_detect.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_mini_stream_prdts_detect.nasl 1826 2009-04-21 17:02:29Z apr $
+#
+# Mini-Stream Products Version Detection
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
+
+if(description)
+{
+ script_id(900624);
+ script_version ("$Revision: 1.1 $");
+ script_name(english:"Mini-Stream Products Version Detection");
+ desc["english"] = "
+ Overview: The script will detect the Mini-Stream products installed on
+ this host and set the result in KB.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Get the version of the Mini-Stream Products");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+
+item1 = "Shadow Stream Recorder_is1\";
+ssRecName = registry_get_sz(key:key+item1, item:"DisplayName");
+ssRVer = eregmatch(pattern:"([0-9.]+)", string:ssRecName);
+
+if(ssRVer[1]!=NULL){
+# set the version of Mini-stream Shadow Stream Recorder
+ set_kb_item(name:"MiniStream/SSRecorder/Ver", value:ssRVer[1]);
+}
+
+item2 = "Mini-stream RM-MP3 Converter_is1\";
+rmTmp = registry_get_sz(key:key+item2, item:"DisplayName");
+rmTmpVer = eregmatch(pattern:"([0-9]\.[0-9]\.[0-9.]+)", string:rmTmp);
+
+if(rmTmpVer[1]!=NULL){
+#set the version of Mini-stream RM-MP3 Converter
+ set_kb_item(name:"MiniStream/RmToMp3/Conv/Ver", value:rmTmpVer[1]);
+}
+
+item3 = "WM Downloader_is1\";
+wmDown = registry_get_sz(key:key+item3, item:"DisplayName");
+wmDownVer = eregmatch(pattern:"([0-9.]+)", string:wmDown);
+
+if(wmDownVer[1]!=NULL){
+#set the version of Mini-stream WM Downloader
+ set_kb_item(name:"MiniStream/WMDown/Ver", value:wmDownVer[1]);
+}
+
+item4 = "RM Downloader_is1\";
+rmDown = registry_get_sz(key:key+item4, item:"DisplayName");
+rmDownVer = eregmatch(pattern:"([0-9.]+)", string:rmDown);
+
+if(rmDownVer[1]!=NULL){
+#set the version of Mini-stream RM Downloader
+ set_kb_item(name:"MiniStream/RMDown/Ver", value:rmDownVer[1]);
+}
+
+item5 = "ASX to MP3 Converter_is1\";
+asx2mpName= registry_get_sz(key:key+item5, item:"DisplayName");
+asx2mpVer = eregmatch(pattern:"([0-9]\.[0-9]\.[0-9.]+)", string:asx2mpName);
+
+if(asx2mpVer[1]!=NULL){
+#set the version of Mini-stream ASX to MP3 Converter
+ set_kb_item(name:"MiniStream/AsxToMp3/Conv/Ver", value:asx2mpVer[1]);
+}
+
+item6 = "Mini-stream Ripper_is1\";
+msRipper = registry_get_sz(key:key+item6, item:"DisplayName");
+msRipperVer = eregmatch(pattern:"([0-9.]+)", string:msRipper);
+
+if(msRipperVer[1]!=NULL){
+#set the version of Mini-stream Ripper
+ set_kb_item(name:"MiniStream/Ripper/Ver", value:msRipperVer[1]);
+}
Added: trunk/openvas-plugins/scripts/secpod_ntp_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ntp_bof_vuln.nasl 2009-04-29 13:30:21 UTC \
(rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_ntp_bof_vuln.nasl 2009-04-30 04:40:16 UTC \
(rev 3218) @@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ntp_bof_vuln.nasl 1701 2009-04-23 15:15:28 apr $
+#
+# NTP Stack Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900623);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0159");
+ script_bugtraq_id(34481);
+ script_name(english:"NTP Stack Buffer Overflow Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ This host has NTP installed and is prone to stack buffer overflow
+ vulnerabilities.
+
+ Vulnerability Insight:
+ The flaw is caused due to a boundary error within the cookedprint()
+ function in ntpq/ntpq.c while processing malicious response from
+ a specially crafted remote time server.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary
+ code or to cause the application to crash.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ NTP versions prior to 4.2.4p7-RC2 on Linux.
+
+ Fix:
+ Upgrade to NTP version 4.2.4p7-RC2
+ http://www.ntp.org/downloads.html
+
+ References:
+ http://secunia.com/advisories/34608
+ http://xforce.iss.net/xforce/xfdb/49838
+ http://www.vupen.com/english/advisories/2009/0999
+
+ CVSS Score:
+ CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.0
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of NTP)");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_ntp_detect_lin.nasl");
+ script_require_keys("NTP/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ntpPort = 123;
+if(!get_udp_port_state(ntpPort)){
+ exit(0);
+}
+
+ntpVer = get_kb_item("NTP/Linux/Ver");
+if(!ntpVer){
+ exit(0);
+}
+
+if(version_is_less(version:ntpVer, test_version:"4.2.4.p7.RC2")){
+ security_warning(port:ntpPort, proto:"udp");
+}
Added: trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_lin.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_lin.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_seamonkey_mult_vuln_apr09_lin.nasl 1903 2009-04-24 15:43:57Z apr $
+#
+# Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900347);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305",
+ "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309",
+ "CVE-2009-1311", "CVE-2009-1312");
+ script_bugtraq_id(34656);
+ script_name(english:"Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Linux)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Seamonkey and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ For more information about vulnerabilities on Seamonkey, go through the links
+ mentioned in references.
+
+ Impact:
+ Successful exploitation could result in Information Disclosure, XSS, Script
+ Injection, Memory Corruption, CSRF, Arbitrary JavaScript code execution or
+ can cause denial of service attacks.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Seamonkey version prior to 1.1.17 on Linux.
+
+ Fix: Upgrade to Seamonkey version 1.1.17
+ http://www.seamonkey-project.org/releases
+
+ References:
+ http://secunia.com/advisories/34835
+ http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Seamonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("gb_seamonkey_detect_lin.nasl");
+ script_require_keys("Seamonkey/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+smVer = get_kb_item("Seamonkey/Linux/Ver");
+if(!smVer){
+ exit(0);
+}
+
+# Grep for Seamonkey version prior to 1.1.17
+if(version_is_less(version:smVer, test_version:"1.1.17")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_lin.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_win.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_win.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_seamonkey_mult_vuln_apr09_win.nasl 1903 2009-04-24 15:13:57Z apr $
+#
+# Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900346);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305",
+ "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309",
+ "CVE-2009-1311", "CVE-2009-1312");
+ script_bugtraq_id(34656);
+ script_name(english:"Mozilla Seamonkey Multiple Vulnerabilities Apr-09 (Win)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Seamonkey and is prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ For more information about vulnerabilities on Seamonkey, go through the links
+ mentioned in references.
+
+ Impact:
+ Successful exploitation could result in Information Disclosure, XSS, Script
+ Injection, Memory Corruption, CSRF, Arbitrary JavaScript code execution or
+ can cause denial of service attacks.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Seamonkey version prior to 1.1.17 on Windows.
+
+ Fix: Upgrade to Seamonkey version 1.1.17
+ http://www.seamonkey-project.org/releases
+
+ References:
+ http://secunia.com/advisories/34835
+ http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-21.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-22.html
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Seamonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("gb_seamonkey_detect_win.nasl");
+ script_require_keys("Seamonkey/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+smVer = get_kb_item("Seamonkey/Win/Ver");
+if(!smVer){
+ exit(0);
+}
+
+# Grep for Seamonkey version prior to 1.1.17
+if(version_is_less(version:smVer, test_version:"1.1.17")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_seamonkey_mult_vuln_apr09_win.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_simple_machines_forum_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_simple_machines_forum_sql_inj_vuln.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_simple_machines_forum_sql_inj_vuln.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_simple_machines_forum_sql_inj_vuln.nasl 1876 2009-04-28 17:25:12Z apr \
$ +#
+# Simple Machines Forum SQL Injection Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900544);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-6741");
+ script_bugtraq_id(29734);
+ script_name(english:"Simple Machines Forum SQL Injection Vulnerability");
+ desc["english"] = "
+
+ Overview: The host is installed with Simple Machines Forum and is prone
+ to SQL Injection Vulnerability.
+
+ Vulnerability Insight:
+ Error exists while sending an specially crafted SQL statements into load.php
+ when setting the db_character_set parameter to a multibyte character which
+ causes the addslashes PHP function to generate a \(backslash) sequence that
+ does not quote the '(single quote) character, as demonstrated via a manlabels
+ action to index.php.
+
+ Impact:
+ Successful exploitation will let the attackers to execute arbitrary code,
+ and can view, add, modify or delete information in the back-end database.
+
+ Impact Level: System/Application.
+
+ Affected Software/OS:
+ Simple Machines Forum 1.1.4 and prior
+
+ Fix: No solution or patch is available as on 29th April, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.simplemachines.org/
+
+ References:
+ http://www.milw0rm.com/exploits/5826
+ http://xforce.iss.net/xforce/xfdb/43118
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 6.7
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Simple Machines Forum");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("gb_simple_machines_forum_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+httpPort = get_http_port(default:80);
+if(!httpPort){
+ exit(0);
+}
+
+if(!get_port_state(httpPort)){
+ exit(0);
+}
+
+ver = get_kb_item("www/" + httpPort + "/SMF");
+ver = eregmatch(pattern:"^(.+) under (/.*)$", string:ver);
+if(ver[1] == NULL){
+ exit(0);
+}
+
+if(version_is_less_equal(version:ver[1], test_version:"1.1.4")){
+ security_hole(httpPort);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_simple_machines_forum_sql_inj_vuln.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_lin.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_lin.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_sun_java_dir_server_detect_lin.nasl 1828 2009-04-29 18:00:29Z apr $
+#
+# Sun Java Directory Server Version Detection (Linux)
+#
+# Authors:
+# Sujit Ghosal <sghosal@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900705);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"Sun Java Directory Server Version Detection (Linux)");
+ desc["english"] = "
+
+ Overview: This script detects the version of Directory Server and sets
+ the reuslt in KB.
+
+ Risk Factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of Java Directory Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+dirPaths = find_file(file_name:"directoryserver", file_path:"/", useregex:TRUE,
+ regexpar:"$", sock:sock);
+foreach dirBin (dirPaths)
+{
+ dirVer = get_bin_version(full_prog_name:chomp(dirBin), sock:sock,
+ version_argv:"-g",
+ ver_pattern:"Default is: ([0-9]\.[0-9]+)");
+ if(dirVer[1] != NULL)
+ {
+ set_kb_item(name:"Sun/JavaDirServer/Linux/Ver", value:dirVer[1]);
+ ssh_close_connection();
+ exit(0);
+ }
+}
+ssh_close_connection();
Property changes on: \
trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_lin.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_win.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_win.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,83 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_sun_java_dir_server_detect_win.nasl 1828 2009-04-29 11:00:24Z apr $
+#
+# Sun Java Directory Server Version Detection (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900492);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"Sun Java Directory Server Version Detection (Win)");
+ desc["english"] = "
+
+ Overview: This script detects the version of Directory Server and sets
+ the reuslt in KB.
+
+ Risk Factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of Java Directory Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Directory Server\";
+if(!registry_key_exists(key:key)){
+ exit(0);
+}
+
+appregCheck = registry_get_sz(key:key, item:"DisplayName");
+if("Directory Server" >< appregCheck)
+{
+ infPath = registry_get_sz(key:key, item:"UninstallString");
+ infPath = ereg_replace(pattern:'"', string:infPath, replace:"");
+ infFile = infPath - "uninstall_dirserver.exe" + "setup\slapd\slapd.inf";
+
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:infFile);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:infFile);
+
+ infContent = read_file(share:share, file:file, offset:0, count:256);
+ if("Directory Server" >< infContent)
+ {
+ appVer = eregmatch(pattern:"System Directory Server ([0-9]\.[0-9.]+)",
+ string:infContent);
+ if(appVer[1] != NULL)
+ {
+ set_kb_item(name:"Sun/JavaDirServer/Win/Ver", value:appVer[1]);
+ }
+ }
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_detect_win.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_lin.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_lin.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_sun_java_dir_server_info_disc_vuln_lin.nasl 1828 2009-04-29 18:21:29Z \
apr $ +#
+# Sun Java Directory Server Information Disclosure Vulnerability (Linux)
+#
+# Authors:
+# Sujit Ghosal <sghosal@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900706);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1332");
+ script_bugtraq_id(34548);
+ script_name(english:"Sun Java Directory Server Information Disclosure \
Vulnerability (Linux)"); + desc["english"] = "
+
+ Overview:
+ This host is running Sun Java Directory Server and is prone to Information
+ Disclosure Vulnerability.
+
+ Vulnerability Insight:
+ This flaw is due to unspecified error which can be exploited to determine
+ the existence of a file on a system and disclose a single line of the file's
+ content.
+
+ Impact:
+ Successful exploitation will let the attacker execute arbitrary codes in the
+ context of the application and can gain sensitive information about the
+ presence of folders and files.
+
+ Impact level: Application
+
+ Affected Software/OS:
+ Sun Java System Directory Server 5.2
+ Sun Java System Directory Server Enterprise 5.0
+
+ Fix: Upgrade to Sun Java Directory Server Enterprise 6.0 or later
+ http://www.sun.com/software/products/directory_srvr_ee/get.jsp
+
+ References:
+ http://secunia.com/advisories/34751
+ http://sunsolve.sun.com/search/document.do?assetkey=1-66-255848-1
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+ CVSS Temporal Score : 3.9
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Java Directory Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("secpod_sun_java_dir_server_detect_lin.nasl");
+ script_require_keys("Sun/JavaDirServer/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+appVer = get_kb_item("Sun/JavaDirServer/Linux/Ver");
+if(!appVer){
+ exit(0);
+}
+
+# Grep for Directory Server version 5.2 or 5.0
+if(version_is_less_equal(version:appVer, test_version:"5.2")){
+ security_warning(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_lin.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_win.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_win.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_sun_java_dir_server_info_disc_vuln_win.nasl 1828 2009-04-29 13:03:29Z \
apr $ +#
+# Sun Java Directory Server Information Disclosure Vulnerability (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900497);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1332");
+ script_bugtraq_id(34548);
+ script_name(english:"Sun Java Directory Server Information Disclosure \
Vulnerability (Win)"); + desc["english"] = "
+
+ Overview:
+ This host is running Sun Java Directory Server and is prone to Information
+ Disclosure Vulnerability.
+
+ Vulnerability Insight:
+ This flaw is due to unspecified error which can be exploited to determine
+ the existence of a file on a system and disclose a single line of the file's
+ content.
+
+ Impact:
+ Successful exploitation will let the attacker execute arbitrary codes in the
+ context of the application and can gain sensitive information about the
+ presence of folders and files.
+
+ Impact level: Application
+
+ Affected Software/OS:
+ Sun Java System Directory Server 5.2
+ Sun Java System Directory Server Enterprise 5.0
+
+ Fix: Upgrade to Sun Java Directory Server Enterprise 6.0 or later
+ http://www.sun.com/software/products/directory_srvr_ee/get.jsp
+
+ References:
+ http://secunia.com/advisories/34751
+ http://sunsolve.sun.com/search/document.do?assetkey=1-66-255848-1
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N)
+ CVSS Temporal Score : 3.9
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Java Directory Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("secpod_sun_java_dir_server_detect_win.nasl");
+ script_require_keys("Sun/JavaDirServer/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+appVer = get_kb_item("Sun/JavaDirServer/Win/Ver");
+if(!appVer){
+ exit(0);
+}
+
+# Grep for Directory Server version 5.2 or 5.0
+if(version_is_less_equal(version:appVer, test_version:"5.2")){
+ security_warning(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_sun_java_dir_server_info_disc_vuln_win.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_lin.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_lin.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_thunderbird_mult_vuln_apr09_lin.nasl 1903 2009-04-24 15:36:26Z apr $
+#
+# Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900345);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305",
+ "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309");
+ script_bugtraq_id(34656);
+ script_name(english:"Mozilla Thunderbird Multiple Vulnerabilities Apr-09 \
(Linux)"); + desc["english"] = "
+
+ Overview: The host is installed with Mozilla Thunderbird and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ For more information about vulnerabilities on Thunderbird, go through the links
+ mentioned in references.
+
+ Impact:
+ Successful exploitation could result in Information Disclosure, XSS, Script
+ Injection, Memory Corruption, CSRF, Arbitrary JavaScript code execution or
+ can cause denial of service attacks.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Thunderbird version prior to 2.0.0.22 on Linux.
+
+ Fix: Upgrade to Thunderbird version 2.0.0.22
+ http://www.mozillamessaging.com/en-US/thunderbird/all.html
+
+ References:
+ http://secunia.com/advisories/34780
+ http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("gb_thunderbird_detect_lin.nasl");
+ script_require_keys("Thunderbird/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+tbVer = get_kb_item("Thunderbird/Linux/Ver");
+if(!tbVer){
+ exit(0);
+}
+
+# Grep for Thunderbird version prior to 2.0.0.22
+if(version_is_less(version:tbVer, test_version:"2.0.0.22")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_lin.nasl \
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_win.nasl 2009-04-29 \
13:30:21 UTC (rev 3217)
+++ trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_win.nasl 2009-04-30 \
04:40:16 UTC (rev 3218) @@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_thunderbird_mult_vuln_apr09_win.nasl 1903 2009-04-24 14:14:26Z apr $
+#
+# Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900344);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1302", "CVE-2009-1303", "CVE-2009-1304", "CVE-2009-1305",
+ "CVE-2009-1306", "CVE-2009-1307", "CVE-2009-1308", "CVE-2009-1309");
+ script_bugtraq_id(34656);
+ script_name(english:"Mozilla Thunderbird Multiple Vulnerabilities Apr-09 (Win)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Thunderbird and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ For more information about vulnerabilities on Thunderbird, go through the links
+ mentioned in references.
+
+ Impact:
+ Successful exploitation could result in Information Disclosure, XSS, Script
+ Injection, Memory Corruption, CSRF, Arbitrary JavaScript code execution or
+ can cause denial of service attacks.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Thunderbird version prior to 2.0.0.22 on Windows.
+
+ Fix: Upgrade to Thunderbird version 2.0.0.22
+ http://www.mozillamessaging.com/en-US/thunderbird/all.html
+
+ References:
+ http://secunia.com/advisories/34780
+ http://www.mozilla.org/security/announce/2009/mfsa2009-14.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-16.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-17.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-18.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-19.html
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"Web application abuses");
+ script_dependencies("gb_thunderbird_detect_win.nasl");
+ script_require_keys("Thunderbird/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+if(!tbVer){
+ exit(0);
+}
+
+# Grep for Thunderbird version prior to 2.0.0.22
+if(version_is_less(version:tbVer, test_version:"2.0.0.22")){
+ security_hole(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/secpod_thunderbird_mult_vuln_apr09_win.nasl \
___________________________________________________________________
Name: svn:executable
+ *
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
http://lists.wald.intevation.org/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic