[prev in list] [next in list] [prev in thread] [next in thread]
List: openvas-cvs
Subject: [Openvas-commits] r16502 - in trunk/openvas-plugins: . scripts/2013
From: scm-commit () wald ! intevation ! org
Date: 2013-05-29 14:01:59
Message-ID: 20130529140202.2E8D79A123D1 () wald ! intevation ! org
[Download RAW message or body]
Author: veerendragg
Date: 2013-05-29 16:01:59 +0200 (Wed, 29 May 2013)
New Revision: 16502
Added:
trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_macosx.nasl
trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_win.nasl
trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_lin.nasl
trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_macosx.nasl
trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_win.nasl
trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_macosx.nasl
trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_win.nasl
trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_macosx.nasl
trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_win.nasl
trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_macosx.nasl
trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_win.nasl
trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_macosx.nasl
trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_win.nasl
trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_macosx.nasl
trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_win.nasl
trunk/openvas-plugins/scripts/2013/secpod_mysqldumper_sql_inj_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new plugins.
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2013-05-29 13:47:50 UTC (rev 16501)
+++ trunk/openvas-plugins/ChangeLog 2013-05-29 14:01:59 UTC (rev 16502)
@@ -1,3 +1,23 @@
+2013-05-29 Veerendra G.G <veerendragg@secpod.com>
+
+ * scripts/2013/gb_adobe_air_mult_vuln01_may13_macosx.nasl,
+ scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_win.nasl,
+ scripts/2013/gb_adobe_air_mult_vuln01_may13_win.nasl,
+ scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_macosx.nasl,
+ scripts/2013/secpod_mysqldumper_sql_inj_vuln.nasl,
+ scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_win.nasl,
+ scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_win.nasl,
+ scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_win.nasl,
+ scripts/2013/gb_realplayer_heap_based_bof_vuln_macosx.nasl,
+ scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_macosx.nasl,
+ scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_macosx.nasl,
+ scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_macosx.nasl,
+ scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_win.nasl,
+ scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_macosx.nasl,
+ scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_lin.nasl,
+ scripts/2013/gb_realplayer_heap_based_bof_vuln_win.nasl:
+ Added new plugins.
+
2013-05-28 Veerendra G.G <veerendragg@secpod.com>
* scripts/2013/gb_jojo_cms_mult_vuln.nasl,
Added: trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_macosx.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_macosx.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)
+#
+# Authors:
+# Thanga prakash S <tprakash@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803497);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-3335", "CVE-2013-3334", "CVE-2013-3333", "CVE-2013-3332",
+ "CVE-2013-3331", "CVE-2013-3330", "CVE-2013-3329", "CVE-2013-3328",
+ "CVE-2013-3327", "CVE-2013-3326", "CVE-2013-3325", "CVE-2013-3324",
+ "CVE-2013-2728");
+ script_bugtraq_id(59901, 59900, 59899, 59898, 59897, 59896, 59895,
+ 59894, 59893, 59892, 59891, 59890, 59889);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-21 14:48:32 +0530 (Tue, 21 May \
2013)"); + script_name("Adobe Air Multiple Vulnerabilities -01 May 13 (Mac OS X)");
+ desc = "
+ Overview: This host is installed with Adobe Flash Player and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple memory corruption flaws due to improper sanitation of user
+ supplied input via a file.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary
+ code on the target system or cause a denial of service (memory corruption)
+ via unspecified vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Adobe Air before 3.7.0.1531 on Mac OS X
+
+ Fix: Update to Adobe Air version 3.7.0.1860 or later
+ For updates refer to http://get.adobe.com/air ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.osvdb.com/93334");
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53419");
+ script_xref(name : "URL" , value : \
"http://www.adobe.com/support/security/bulletins/apsb13-14.html"); + \
script_summary("Check for the vulnerable version of Adobe Air on Mac OS X"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("secpod_adobe_prdts_detect_macosx.nasl");
+ script_mandatory_keys("Adobe/Air/MacOSX/Version");
+ exit(0);
+}
+
+include("version_func.inc");
+
+## Variable Initialization
+airVer = "";
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/MacOSX/Version");
+if(airVer)
+{
+ # Grep for vulnerable version
+ if(version_is_less_equal(version:airVer, test_version:"3.7.0.1530"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_macosx.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_win.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_win.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)
+#
+# Authors:
+# Thanga prakash S <tprakash@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803496);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-3335", "CVE-2013-3334", "CVE-2013-3333", "CVE-2013-3332",
+ "CVE-2013-3331", "CVE-2013-3330", "CVE-2013-3329", "CVE-2013-3328",
+ "CVE-2013-3327", "CVE-2013-3326", "CVE-2013-3325", "CVE-2013-3324",
+ "CVE-2013-2728");
+ script_bugtraq_id(59901, 59900, 59899, 59898, 59897, 59896, 59895,
+ 59894, 59893, 59892, 59891, 59890, 59889);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-21 14:48:32 +0530 (Tue, 21 May \
2013)"); + script_name("Adobe Air Multiple Vulnerabilities -01 May 13 (Windows)");
+ desc = "
+ Overview: This host is installed with Adobe Flash Player and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple memory corruption flaws due to improper sanitation of user
+ supplied input via a file.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary
+ code on the target system or cause a denial of service (memory corruption)
+ via unspecified vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Adobe Air before 3.7.0.1531 on Windows
+
+ Fix: Update to Adobe Air version 3.7.0.1860 or later
+ For updates refer to http://get.adobe.com/air ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.osvdb.com/93334");
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53419");
+ script_xref(name : "URL" , value : \
"http://www.adobe.com/support/security/bulletins/apsb13-14.html"); + \
script_summary("Check for the vulnerable version of Adobe Air on Windows"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+ script_mandatory_keys("Adobe/Air/Win/Ver");
+ exit(0);
+}
+
+include("version_func.inc");
+
+## Variable Initialization
+airVer = "";
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Win/Ver");
+if(airVer)
+{
+ # Grep for vulnerable version
+ if(version_is_less_equal(version:airVer, test_version:"3.7.0.1530"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_adobe_air_mult_vuln01_may13_win.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_lin.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_lin.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities -01 May 13 (Linux)
+#
+# Authors:
+# Thanga Prakash S <tprakash@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803498);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-3335", "CVE-2013-3334", "CVE-2013-3333", "CVE-2013-3332",
+ "CVE-2013-3331", "CVE-2013-3330", "CVE-2013-3329", "CVE-2013-3328",
+ "CVE-2013-3327", "CVE-2013-3326", "CVE-2013-3325", "CVE-2013-3324",
+ "CVE-2013-2728");
+ script_bugtraq_id(59901, 59900, 59899, 59898, 59897, 59896, 59895,
+ 59894, 59893, 59892, 59891, 59890, 59889);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-21 13:26:52 +0530 (Tue, 21 May \
2013)"); + script_name("Adobe Flash Player Multiple Vulnerabilities -01 May 13 \
(Linux)"); + desc = "
+ Overview: This host is installed with Adobe Flash Player and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple memory corruption flaws due to improper sanitation of user
+ supplied input via a file.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary
+ code on the target system or cause a denial of service (memory corruption)
+ via unspecified vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Adobe Flash Player version before 10.3.183.76 and 11.x before 11.2.202.281
+ on Linux
+
+ Fix: Update to Adobe Flash Player version 10.3.183.86 or 11.2.202.285 or later
+ For updates refer to http://get.adobe.com/flashplayer ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.osvdb.com/93334");
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53419");
+ script_xref(name : "URL" , value : \
"http://www.adobe.com/support/security/bulletins/apsb13-14.html"); + \
script_summary("Check for the vulnerable version of Adobe Flash Player on Linux"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+ script_mandatory_keys("AdobeFlashPlayer/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+playerVer = "";
+
+## Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Linux/Ver");
+if(playerVer)
+{
+ ## Grep for vulnerable version
+ if(version_is_less(version:playerVer, test_version:"10.3.183.75") ||
+ version_in_range(version:playerVer, test_version:"11.0", \
test_version2:"11.2.202.280")) + {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_lin.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_macosx.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_macosx.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities -01 May 13 (Mac OS X)
+#
+# Authors:
+# Thanga Prakash S <tprakash@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803495);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-3335", "CVE-2013-3334", "CVE-2013-3333", "CVE-2013-3332",
+ "CVE-2013-3331", "CVE-2013-3330", "CVE-2013-3329", "CVE-2013-3328",
+ "CVE-2013-3327", "CVE-2013-3326", "CVE-2013-3325", "CVE-2013-3324",
+ "CVE-2013-2728");
+ script_bugtraq_id(59901, 59900, 59899, 59898, 59897, 59896, 59895,
+ 59894, 59893, 59892, 59891, 59890, 59889);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-21 13:55:34 +0530 (Tue, 21 May \
2013)"); + script_name("Adobe Flash Player Multiple Vulnerabilities -01 May 13 (Mac \
OS X)"); + desc = "
+ Overview: This host is installed with Adobe Flash Player and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple memory corruption flaws due to improper sanitation of user
+ supplied input via a file.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary
+ code on the target system or cause a denial of service (memory corruption)
+ via unspecified vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Adobe Flash Player version before 10.3.183.76 and 11.x before 11.7.700.170
+ on Mac OS X
+
+ Fix: Update to Adobe Flash Player version 10.3.183.86 or 11.7.700.202 or later
+ For updates refer to http://get.adobe.com/flashplayer ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.osvdb.com/93334");
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53419");
+ script_xref(name : "URL" , value : \
"http://www.adobe.com/support/security/bulletins/apsb13-14.html"); + \
script_summary("Check for the vulnerable version of Adobe Flash Player on Mac OS X"); \
+ script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2013 \
Greenbone Networks GmbH"); + script_family("General");
+ script_dependencies("secpod_adobe_prdts_detect_macosx.nasl");
+ script_mandatory_keys("Adobe/Flash/Player/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+playerVer = "";
+
+## Check for Adobe Flash Player
+playerVer = get_kb_item("Adobe/Flash/Player/MacOSX/Version");
+if(playerVer)
+{
+ ## Grep for vulnerable version
+ if(version_is_less(version:playerVer, test_version:"10.3.183.75") ||
+ version_in_range(version:playerVer, test_version:"11.0", \
test_version2:"11.7.700.169")) + {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_win.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_win.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Adobe Flash Player Multiple Vulnerabilities -01 May 13 (Windows)
+#
+# Authors:
+# Thanga Prakash S <tprakash@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803494);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-3335", "CVE-2013-3334", "CVE-2013-3333", "CVE-2013-3332",
+ "CVE-2013-3331", "CVE-2013-3330", "CVE-2013-3329", "CVE-2013-3328",
+ "CVE-2013-3327", "CVE-2013-3326", "CVE-2013-3325", "CVE-2013-3324",
+ "CVE-2013-2728");
+ script_bugtraq_id(59901, 59900, 59899, 59898, 59897, 59896, 59895,
+ 59894, 59893, 59892, 59891, 59890, 59889);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-21 13:26:52 +0530 (Tue, 21 May \
2013)"); + script_name("Adobe Flash Player Multiple Vulnerabilities -01 May 13 \
(Windows)"); + desc = "
+ Overview: This host is installed with Adobe Flash Player and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple memory corruption flaws due to improper sanitation of user
+ supplied input via a file.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary
+ code on the target system or cause a denial of service (memory corruption)
+ via unspecified vectors.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Adobe Flash Player version before 10.3.183.76 and 11.x before 11.7.700.170
+ on Windows
+
+ Fix: Update to Adobe Flash Player version 10.3.183.86 or 11.7.700.202 or later
+ For updates refer to http://get.adobe.com/flashplayer ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.osvdb.com/93334");
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53419");
+ script_xref(name : "URL" , value : \
"http://www.adobe.com/support/security/bulletins/apsb13-14.html"); + \
script_summary("Check for the vulnerable version of Adobe Flash Player on Windows"); \
+ script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2013 \
Greenbone Networks GmbH"); + script_family("General");
+ script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+ script_mandatory_keys("AdobeFlashPlayer/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+playerVer = "";
+
+## Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Win/Ver");
+if(playerVer)
+{
+ ## Grep for vulnerable version
+ if(version_is_less(version:playerVer, test_version:"10.3.183.75") ||
+ version_in_range(version:playerVer, test_version:"11.0", \
test_version2:"11.7.700.169")) + {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_adobe_flash_player_mult_vuln01_may13_win.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_macosx.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_macosx.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Firefox ESR Multiple Vulnerabilities -01 May13 (Mac OS X)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803608);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1681", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1678",
+ "CVE-2013-1677", "CVE-2013-1676", "CVE-2013-1675", "CVE-2013-1674",
+ "CVE-2013-1672", "CVE-2013-1670", "CVE-2013-0801");
+ script_bugtraq_id(59862, 59861, 59860, 59864, 59868, 59863, 59858, 59859, 59872,
+ 59865, 59855);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date");
+ script_tag(name:"creation_date", value:"2013-05-27 12:50:31 +0530 (Mon, 27 May \
2013)"); + script_name("Mozilla Firefox ESR Multiple Vulnerabilities -01 May13 (Mac \
OS X)"); + desc = "
+ Overview:
+ This host is installed with Mozilla Firefox ESR and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - Unspecified vulnerabilities in the browser engine.
+ - The Chrome Object Wrapper (COW) implementation does not prevent
+ acquisition of chrome privileges.
+ - 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale'
+ functions do not initialize data structures.
+ - Errors in 'SelectionIterator::GetNextSegment',
+ 'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph'
+ functions.
+ - Use-after-free vulnerabilities in following functions,
+ 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and
+ 'mozilla::plugins::child::_geturlnotify'.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code,
+ memory corruption, bypass certain security restrictions and compromise
+ a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Firefox ESR version before 17.x before 17.0.6 on Mac OS X
+
+ Fix: Upgrade to Mozilla Firefox ESR version 17.0.6 or later,
+ For updates refer to http://www.mozilla.com/en-US/firefox/all.html ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53410");
+ script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1028555");
+ script_xref(name : "URL" , value : \
"http://www.dhses.ny.gov/ocs/advisories/2013/2013-051.cfm"); + script_summary("Check \
for the vulnerable version of Mozilla Firefox ESR on Mac OS X"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+ script_mandatory_keys("Mozilla/Firefox-ESR/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable initialization
+ffVer = "";
+
+# Get the version from the kb
+ffVer = get_kb_item("Mozilla/Firefox-ESR/MacOSX/Version");
+
+if(ffVer && ffVer =~ "^(17.0)")
+{
+ # Check for vulnerable version
+ if(version_in_range(version:ffVer, test_version:"17.0", test_version2:"17.0.5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_win.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_win.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mozilla_firefox_esr_mult_vuln01_may13_win.nasl 29731 2013-05-27 12:30:20Z \
may$ +#
+# Mozilla Firefox ESR Multiple Vulnerabilities -01 May13 (Windows)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803607);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1681", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1678",
+ "CVE-2013-1677", "CVE-2013-1676", "CVE-2013-1675", "CVE-2013-1674",
+ "CVE-2013-1672", "CVE-2013-1670", "CVE-2013-0801");
+ script_bugtraq_id(59862, 59861, 59860, 59864, 59868, 59863, 59858, 59859, 59872,
+ 59865, 59855);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date");
+ script_tag(name:"creation_date", value:"2013-05-27 12:30:20 +0530 (Mon, 27 May \
2013)"); + script_name("Mozilla Firefox ESR Multiple Vulnerabilities -01 May13 \
(Windows)"); + desc = "
+ Overview:
+ This host is installed with Mozilla Firefox ESR and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - Unspecified vulnerabilities in the browser engine.
+ - The Chrome Object Wrapper (COW) implementation does not prevent
+ acquisition of chrome privileges.
+ - 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale'
+ functions do not initialize data structures.
+ - Errors in 'SelectionIterator::GetNextSegment',
+ 'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph'
+ functions.
+ - Use-after-free vulnerabilities in following functions,
+ 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and
+ 'mozilla::plugins::child::_geturlnotify'.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code,
+ memory corruption, bypass certain security restrictions and compromise
+ a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Firefox ESR version before 17.x before 17.0.6 on Windows
+
+ Fix: Upgrade to Mozilla Firefox ESR version 17.0.6 or later,
+ For updates refer to http://www.mozilla.com/en-US/firefox/all.html ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53410");
+ script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1028555");
+ script_xref(name : "URL" , value : \
"http://www.dhses.ny.gov/ocs/advisories/2013/2013-051.cfm"); + script_summary("Check \
for the vulnerable version of Mozilla Firefox ESR on Windows"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_mandatory_keys("Firefox-ESR/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable initialization
+ffVer = "";
+
+# Get the version from the kb
+ffVer = get_kb_item("Firefox-ESR/Win/Ver");
+
+if(ffVer && ffVer =~ "^(17.0)")
+{
+ # Check for vulnerable version
+ if(version_in_range(version:ffVer, test_version:"17.0", test_version2:"17.0.5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_esr_mult_vuln01_may13_win.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_macosx.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_macosx.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Firefox Multiple Vulnerabilities -01 May13 (Mac OS X)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803606);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1681", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1678",
+ "CVE-2013-1677", "CVE-2013-1676", "CVE-2013-1675", "CVE-2013-1674",
+ "CVE-2013-1673", "CVE-2013-1672", "CVE-2013-1671", "CVE-2013-1670",
+ "CVE-2013-1669", "CVE-2013-0801");
+ script_bugtraq_id(59862, 59861, 59860, 59864, 59868, 59863, 59858, 59859, 59873,
+ 59872, 59869, 59865, 59870, 59855);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date");
+ script_tag(name:"creation_date", value:"2013-05-27 12:23:01 +0530 (Mon, 27 May \
2013)"); + script_name("Mozilla Firefox Multiple Vulnerabilities -01 May13 (Mac OS \
X)"); + desc = "
+ Overview:
+ This host is installed with Mozilla Firefox and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - Unspecified vulnerabilities in the browser engine.
+ - The Chrome Object Wrapper (COW) implementation does not prevent
+ acquisition of chrome privileges.
+ - Does not properly implement the INPUT element.
+ - Does not properly maintain Mozilla Maintenance Service registry entries.
+ - 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale'
+ functions do not initialize data structures.
+ - Errors in 'SelectionIterator::GetNextSegment',
+ 'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph'
+ functions.
+ - Use-after-free vulnerabilities in following functions,
+ 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and
+ 'mozilla::plugins::child::_geturlnotify'.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code,
+ memory corruption, bypass certain security restrictions and compromise
+ a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Firefox version before 21.0 on Mac OS X
+
+ Fix: Upgrade to Mozilla Firefox version 21.0 or later,
+ For updates refer to http://www.mozilla.com/en-US/firefox/all.html ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : " http://secunia.com/advisories/53400");
+ script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1028555");
+ script_xref(name : "URL" , value : \
"http://www.dhses.ny.gov/ocs/advisories/2013/2013-051.cfm"); + script_summary("Check \
for the vulnerable version of Mozilla Firefox on Mac OS X"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+ script_mandatory_keys("Mozilla/Firefox/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable initialization
+ffVer = "";
+
+# Get the version from the kb
+ffVer = get_kb_item("Mozilla/Firefox/MacOSX/Version");
+
+if(ffVer)
+{
+ # Check for vulnerable version
+ if(version_is_less(version:ffVer, test_version:"21.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_macosx.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_win.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_win.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Firefox Multiple Vulnerabilities -01 May13 (Windows)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803605);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1681", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1678",
+ "CVE-2013-1677", "CVE-2013-1676", "CVE-2013-1675", "CVE-2013-1674",
+ "CVE-2013-1673", "CVE-2013-1672", "CVE-2013-1671", "CVE-2013-1670",
+ "CVE-2013-1669", "CVE-2013-0801");
+ script_bugtraq_id(59862, 59861, 59860, 59864, 59868, 59863, 59858, 59859, 59873,
+ 59872, 59869, 59865, 59870, 59855);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date");
+ script_tag(name:"creation_date", value:"2013-05-27 12:15:55 +0530 (Mon, 27 May \
2013)"); + script_name("Mozilla Firefox Multiple Vulnerabilities -01 May13 \
(Windows)"); + desc = "
+ Overview:
+ This host is installed with Mozilla Firefox and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - Unspecified vulnerabilities in the browser engine.
+ - The Chrome Object Wrapper (COW) implementation does not prevent
+ acquisition of chrome privileges.
+ - Does not properly implement the INPUT element.
+ - Does not properly maintain Mozilla Maintenance Service registry entries.
+ - 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale'
+ functions do not initialize data structures.
+ - Errors in 'SelectionIterator::GetNextSegment',
+ 'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph'
+ functions.
+ - Use-after-free vulnerabilities in following functions,
+ 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and
+ 'mozilla::plugins::child::_geturlnotify'.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code,
+ memory corruption, bypass certain security restrictions and compromise
+ a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Firefox version before 21.0 on Windows
+
+ Fix: Upgrade to Mozilla Firefox version 21.0 or later,
+ For updates refer to http://www.mozilla.com/en-US/firefox/all.html ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : " http://secunia.com/advisories/53400");
+ script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1028555");
+ script_xref(name : "URL" , value : \
"http://www.dhses.ny.gov/ocs/advisories/2013/2013-051.cfm"); + script_summary("Check \
for the vulnerable version of Mozilla Firefox on Windows"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_mandatory_keys("Firefox/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable initialization
+ffVer = "";
+
+# Get the version from the kb
+ffVer = get_kb_item("Firefox/Win/Ver");
+
+if(ffVer)
+{
+ # Check for vulnerable version
+ if(version_is_less(version:ffVer, test_version:"21.0"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_mozilla_firefox_mult_vuln01_may13_win.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_macosx.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_macosx.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 (Mac OS X)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803612);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1681", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1678",
+ "CVE-2013-1677", "CVE-2013-1676", "CVE-2013-1675", "CVE-2013-1674",
+ "CVE-2013-1672", "CVE-2013-1670", "CVE-2013-0801");
+ script_bugtraq_id(59862, 59861, 59860, 59864, 59868, 59863, 59858, 59859, 59872,
+ 59865, 59855);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date");
+ script_tag(name:"creation_date", value:"2013-05-27 13:37:02 +0530 (Mon, 27 May \
2013)"); + script_name("Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 \
(Mac OS X)"); + desc = "
+ Overview:
+ This host is installed with Mozilla Thunderbird ESR and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - Unspecified vulnerabilities in the browser engine.
+ - The Chrome Object Wrapper (COW) implementation does not prevent
+ acquisition of chrome privileges.
+ - 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale'
+ functions do not initialize data structures.
+ - Errors in 'SelectionIterator::GetNextSegment',
+ 'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph'
+ functions.
+ - Use-after-free vulnerabilities in following functions,
+ 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and
+ 'mozilla::plugins::child::_geturlnotify'.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code,
+ memory corruption, bypass certain security restrictions and compromise
+ a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Thunderbird ESR version 17.x before 17.0.6 on Mac OS X
+
+ Fix: Upgrade to Mozilla Thunderbird ESR version 17.0.6 or later,
+ For updates refer to http://www.mozilla.com/en-US/thunderbird ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1028555");
+ script_xref(name : "URL" , value : \
"http://www.dhses.ny.gov/ocs/advisories/2013/2013-051.cfm"); + script_summary("Check \
for the vulnerable version of Mozilla Thunderbird ESR on Mac OS X"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+ script_mandatory_keys("ThunderBird-ESR/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable initialization
+tbVer = "";
+
+# Get the version from the kb
+tbVer = get_kb_item("ThunderBird-ESR/MacOSX/Version");
+
+if(tbVer && tbVer =~ "^(17.0)")
+{
+ # Check for vulnerable version
+ if(version_in_range(version:tbVer, test_version:"17.0", test_version2:"17.0.5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_win.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_win.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 (Windows)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803611);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1681", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1678",
+ "CVE-2013-1677", "CVE-2013-1676", "CVE-2013-1675", "CVE-2013-1674",
+ "CVE-2013-1672", "CVE-2013-1670", "CVE-2013-0801");
+ script_bugtraq_id(59862, 59861, 59860, 59864, 59868, 59863, 59858, 59859, 59872,
+ 59865, 59855);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date");
+ script_tag(name:"creation_date", value:"2013-05-27 13:20:15 +0530 (Mon, 27 May \
2013)"); + script_name("Mozilla Thunderbird ESR Multiple Vulnerabilities -01 May13 \
(Windows)"); + desc = "
+ Overview:
+ This host is installed with Mozilla Thunderbird ESR and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - Unspecified vulnerabilities in the browser engine.
+ - The Chrome Object Wrapper (COW) implementation does not prevent
+ acquisition of chrome privileges.
+ - 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale'
+ functions do not initialize data structures.
+ - Errors in 'SelectionIterator::GetNextSegment',
+ 'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph'
+ functions.
+ - Use-after-free vulnerabilities in following functions,
+ 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and
+ 'mozilla::plugins::child::_geturlnotify'.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code,
+ memory corruption, bypass certain security restrictions and compromise
+ a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Thunderbird ESR version 17.x before 17.0.6 on Windows
+
+ Fix: Upgrade to Mozilla Thunderbird ESR version 17.0.6 or later,
+ For updates refer to http://www.mozilla.com/en-US/thunderbird ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1028555");
+ script_xref(name : "URL" , value : \
"http://www.dhses.ny.gov/ocs/advisories/2013/2013-051.cfm"); + script_summary("Check \
for the vulnerable version of Mozilla Thunderbird ESR on Windows"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_thunderbird_detect_win.nasl");
+ script_mandatory_keys("Thunderbird-ESR/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable initialization
+tbVer = "";
+
+# Get the version from the kb
+tbVer = get_kb_item("Thunderbird-ESR/Win/Ver");
+
+if(tbVer && tbVer =~ "^(17.0)")
+{
+ # Check for vulnerable version
+ if(version_in_range(version:tbVer, test_version:"17.0", test_version2:"17.0.5"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_esr_mult_vuln01_may13_win.nasl
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_macosx.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_macosx.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Thunderbird Multiple Vulnerabilities -01 May13 (Mac OS X)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803610);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1681", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1678",
+ "CVE-2013-1677", "CVE-2013-1676", "CVE-2013-1675", "CVE-2013-1674",
+ "CVE-2013-1672", "CVE-2013-1670", "CVE-2013-0801");
+ script_bugtraq_id(59862, 59861, 59860, 59864, 59868, 59863, 59858, 59859, 59872,
+ 59865, 59855);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date");
+ script_tag(name:"creation_date", value:"2013-05-27 13:11:40 +0530 (Mon, 27 May \
2013)"); + script_name("Mozilla Thunderbird Multiple Vulnerabilities -01 May13 (Mac \
OS X)"); + desc = "
+ Overview:
+ This host is installed with Mozilla Thunderbird and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - Unspecified vulnerabilities in the browser engine.
+ - The Chrome Object Wrapper (COW) implementation does not prevent
+ acquisition of chrome privileges.
+ - 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale'
+ functions do not initialize data structures.
+ - Errors in 'SelectionIterator::GetNextSegment',
+ 'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph'
+ functions.
+ - Use-after-free vulnerabilities in following functions,
+ 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and
+ 'mozilla::plugins::child::_geturlnotify'.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code,
+ memory corruption, bypass certain security restrictions and compromise
+ a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Thunderbird version before 17.0.6 on Mac OS X
+
+ Fix: Upgrade to Mozilla Thunderbird version 17.0.6 or later,
+ For updates refer to http://www.mozilla.com/en-US/thunderbird ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53443");
+ script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1028555");
+ script_xref(name : "URL" , value : \
"http://www.dhses.ny.gov/ocs/advisories/2013/2013-051.cfm"); + script_summary("Check \
for the vulnerable version of Mozilla Thunderbird on Mac OS X"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_mozilla_prdts_detect_macosx.nasl");
+ script_mandatory_keys("ThunderBird/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable initialization
+tbVer = "";
+
+# Get the version from the kb
+tbVer = get_kb_item("ThunderBird/MacOSX/Version");
+
+if(tbVer)
+{
+ # Check for vulnerable version
+ if(version_is_less(version:tbVer, test_version:"17.0.6"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_macosx.nasl
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_win.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_win.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Mozilla Thunderbird Multiple Vulnerabilities -01 May13 (Windows)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803609);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1681", "CVE-2013-1680", "CVE-2013-1679", "CVE-2013-1678",
+ "CVE-2013-1677", "CVE-2013-1676", "CVE-2013-1675", "CVE-2013-1674",
+ "CVE-2013-1672", "CVE-2013-1670", "CVE-2013-0801");
+ script_bugtraq_id(59862, 59861, 59860, 59864, 59868, 59863, 59858, 59859, 59872,
+ 59865, 59855);
+ script_tag(name:"cvss_base", value:"10.0");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date");
+ script_tag(name:"creation_date", value:"2013-05-27 13:01:55 +0530 (Mon, 27 May \
2013)"); + script_name("Mozilla Thunderbird Multiple Vulnerabilities -01 May13 \
(Windows)"); + desc = "
+ Overview:
+ This host is installed with Mozilla Thunderbird and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ - Unspecified vulnerabilities in the browser engine.
+ - The Chrome Object Wrapper (COW) implementation does not prevent
+ acquisition of chrome privileges.
+ - 'nsDOMSVGZoomEvent::mPreviousScale' and 'nsDOMSVGZoomEvent::mNewScale'
+ functions do not initialize data structures.
+ - Errors in 'SelectionIterator::GetNextSegment',
+ 'gfxSkipCharsIterator::SetOffsets' and '_cairo_xlib_surface_add_glyph'
+ functions.
+ - Use-after-free vulnerabilities in following functions,
+ 'nsContentUtils::RemoveScriptBlocker', 'nsFrameList::FirstChild', and
+ 'mozilla::plugins::child::_geturlnotify'.
+
+ Impact:
+ Successful exploitation will allow attackers to execute arbitrary code,
+ memory corruption, bypass certain security restrictions and compromise
+ a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Thunderbird version before 17.0.6 on Windows
+
+ Fix: Upgrade to Mozilla Thunderbird version 17.0.6 or later,
+ For updates refer to http://www.mozilla.com/en-US/thunderbird ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://secunia.com/advisories/53443");
+ script_xref(name : "URL" , value : "http://www.securitytracker.com/id/1028555");
+ script_xref(name : "URL" , value : \
"http://www.dhses.ny.gov/ocs/advisories/2013/2013-051.cfm"); + script_summary("Check \
for the vulnerable version of Mozilla Thunderbird on Windows"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_thunderbird_detect_win.nasl");
+ script_mandatory_keys("Thunderbird/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Variable initialization
+tbVer = "";
+
+# Get the version from the kb
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+
+if(tbVer)
+{
+ # Check for vulnerable version
+ if(version_is_less(version:tbVer, test_version:"17.0.6"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_mozilla_thunderbird_mult_vuln01_may13_win.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_macosx.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_macosx.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_macosx.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# RealNetworks RealPlayer Heap Based BoF Vulnerability (Mac OS X)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803602);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1750");
+ script_bugtraq_id(58539);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-14 18:45:01 +0530 (Tue, 14 May \
2013)"); + script_name("RealNetworks RealPlayer Heap Based BoF Vulnerability (Mac OS \
X)"); + desc = "
+ Overview: This host is installed with RealPlayer which is prone to heap
+ based buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ Flaw due to improper sanitization of user-supplied input when parsing MP4
+ files.
+
+ Impact: Successful exploitation allows remote attackers to to cause heap
+ based buffer overflow leading to arbitrary code execution or denial of
+ service condition.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ RealPlayer version 12.0.0.1701 and prior on Mac OS X
+
+ Fix: Upgrade to RealPlayer version 12.0.1.1738 or later,
+ For updates refer to http://www.real.com/player ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.osvdb.org/91438");
+ script_xref(name : "URL" , value : "http://www.scip.ch/en/?vuldb.8026");
+ script_xref(name : "URL" , value : "http://cxsecurity.com/cveshow/CVE-2013-1750");
+ script_xref(name : "URL" , value : \
"http://service.real.com/realplayer/security/03152013_player/en"); + \
script_summary("Check for the vulnerable version of RealPlayer on Mac OS X"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("secpod_realplayer_detect_macosx.nasl");
+ script_mandatory_keys("RealPlayer/MacOSX/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+rpVer = "";
+
+## Get RealPlayer version from KB
+rpVer = get_kb_item("RealPlayer/MacOSX/Version");
+if(!rpVer){
+ exit(0);
+}
+
+## Check for Realplayer version <= 12.0.0.1701
+if(version_is_less_equal(version:rpVer, test_version:"12.0.0.1701"))
+{
+ security_hole(0);
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_macosx.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_win.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_win.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# RealNetworks RealPlayer Heap Based BoF Vulnerability (Win)
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(803601);
+ script_version("$Revision$");
+ script_cve_id("CVE-2013-1750");
+ script_bugtraq_id(58539);
+ script_tag(name:"cvss_base", value:"9.3");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
+ script_tag(name:"risk_factor", value:"Critical");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-14 18:27:30 +0530 (Tue, 14 May \
2013)"); + script_name("RealNetworks RealPlayer Heap Based BoF Vulnerability \
(Win)"); + desc = "
+ Overview: This host is installed with RealPlayer which is prone to heap
+ based buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ Flaw due to improper sanitization of user-supplied input when parsing MP4
+ files.
+
+ Impact: Successful exploitation allows remote attackers to to cause heap
+ based buffer overflow leading to arbitrary code execution or denial of
+ service condition.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ RealPlayer version 16.0.0.0 and prior
+
+ Fix: Upgrade to RealPlayer version 16.0.1.18 or later,
+ For updates refer to http://www.real.com/player ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.osvdb.org/91438");
+ script_xref(name : "URL" , value : "http://www.scip.ch/en/?vuldb.8026");
+ script_xref(name : "URL" , value : "http://cxsecurity.com/cveshow/CVE-2013-1750");
+ script_xref(name : "URL" , value : \
"http://service.real.com/realplayer/security/03152013_player/en"); + \
script_summary("Check for the vulnerable version of RealPlayer on Windows"); + \
script_category(ACT_GATHER_INFO); + script_copyright("Copyright (c) 2013 Greenbone \
Networks GmbH"); + script_family("General");
+ script_dependencies("gb_realplayer_detect_win.nasl");
+ script_mandatory_keys("RealPlayer/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+## Variable Initialization
+rpVer = "";
+
+## Get RealPlayer version from KB
+rpVer = get_kb_item("RealPlayer/Win/Ver");
+if(!rpVer){
+ exit(0);
+}
+
+## Check for Realplayer version <= 16.0.0.0
+if(version_is_less_equal(version:rpVer, test_version:"16.0.0.0"))
+{
+ security_hole(0);
+ exit(0);
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/gb_realplayer_heap_based_bof_vuln_win.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
Added: trunk/openvas-plugins/scripts/2013/secpod_mysqldumper_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/2013/secpod_mysqldumper_sql_inj_vuln.nasl \
(rev 0)
+++ trunk/openvas-plugins/scripts/2013/secpod_mysqldumper_sql_inj_vuln.nasl 2013-05-29 \
14:01:59 UTC (rev 16502) @@ -0,0 +1,117 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# MySQLDumper SQL Injection Vulnerability
+#
+# Authors:
+# Arun Kallavi <karun@secpod.com>
+#
+# Copyright:
+# Copyright (c) 2013 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(903211);
+ script_version("$Revision$");
+ script_tag(name:"cvss_base", value:"7.5");
+ script_tag(name:"cvss_base_vector", value:"AV:N/AC:H/Au:N/C:P/I:P/A:P");
+ script_tag(name:"risk_factor", value:"High");
+ script_tag(name:"last_modification", value:"$Date$");
+ script_tag(name:"creation_date", value:"2013-05-29 12:55:13 +0530 (Wed, 29 May \
2013)"); + script_name("MySQLDumper SQL Injection Vulnerability");
+ desc = "
+ Overview:
+ This host is running MySQLDumper and is prone to SQL injection vulnerability.
+
+ Vulnerability Insight:
+ The flaw is due to improper validation of input passed via the 'db' parameter
+ in sql.php script.
+
+ Impact:
+ Successful exploitation will allow remote attackers to execute arbitrary SQL
+ statements on the vulnerable system, which may leads to access or modify data
+ in the underlying database.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ MySQLDumper version 1.24.4
+
+ Fix: No solution or patch is available as of 29th May, 2013. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer to http://www.mysqldumper.net ";
+
+ script_description(desc);
+ script_xref(name : "URL" , value : "http://www.1337day.com/exploit/17551");
+ script_xref(name : "URL" , value : "http://fuzzexp.org/exp/exploits.php?id=95");
+ script_summary("Check if MySQLDumper is vulnerable to SQL Injection");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (c) 2013 SecPod");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+## Variable Initialization
+port = 0;
+dir = "";
+url = "";
+
+## Get HTTP Port
+port = get_http_port(default:80);
+if(!port){
+ port = 80;
+}
+
+## Check Port State
+if(!get_port_state(port)){
+ exit(0);
+}
+
+## Check Host Supports PHP
+if(!can_host_php(port:port)){
+ exit(0);
+}
+
+## Iterate over possible paths
+foreach dir (make_list("", "/msd", "/mysqldumper", cgi_dirs()))
+{
+ url = dir + "/index.php";
+
+ ## Confirm the application
+ if(http_vuln_check(port:port, url:url, check_header:TRUE,
+ pattern:">MySQLDumper<", extra_check:"MySQL_Dumper_menu"))
+ {
+ ## Construct attack request
+ url = dir + "/sql.php?db=-'%20union%20select%201,2,"+
+ "'OpenVAS-SQL-Injection-Test'%20from%20tblusers%20where%20'1";
+
+ ## Try attack and check the response to confirm vulnerability
+ if(http_vuln_check(port:port, url:url, check_header:TRUE,
+ pattern:"openvas-sql-injection-test",
+ extra_check: make_list("Database","Table View")))
+ {
+ security_hole(port);
+ exit(0);
+ }
+ }
+}
Property changes on: \
trunk/openvas-plugins/scripts/2013/secpod_mysqldumper_sql_inj_vuln.nasl \
___________________________________________________________________
Added: svn:keywords
+ Author Revision Date Id
_______________________________________________
Openvas-commits mailing list
Openvas-commits@wald.intevation.org
https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-commits
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic