From scm-commit at wald.intevation.org Mon Dec 1 12:28:40 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Dec 2008 12:28:40 +0100 (CET) Subject: [Openvas-commits] r1877 - in trunk/openvas-client: . nessus Message-ID: <20081201112840.25D704074C@pyrosoma.intevation.org> Author: joeyschulze Date: 2008-12-01 12:28:39 +0100 (Mon, 01 Dec 2008) New Revision: 1877 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/html_graph_output.c trunk/openvas-client/nessus/html_output.c trunk/openvas-client/nessus/pdf_output.c Log: Consistent text phrases in reports http://lists.wald.intevation.org/pipermail/openvas-devel/2008-November/001099.html Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-11-28 21:29:00 UTC (rev 1876) +++ trunk/openvas-client/ChangeLog 2008-12-01 11:28:39 UTC (rev 1877) @@ -1,3 +1,14 @@ +2008-12-01 Joey Schulze + + * nessus/html_output.c (arglist_to_html): Consistent text phrases + in reports + + * nessus/pdf_output.c (arglist_to_plainhtml): Consistent text phrases + in reports + + * nessus/text_output.c (arglist_to_text): Consistent text phrases + in reports + 2008-11-28 Felix Wolfsteller Removed code duplicates (html_graph_output / html_output). Modified: trunk/openvas-client/nessus/html_graph_output.c =================================================================== --- trunk/openvas-client/nessus/html_graph_output.c 2008-11-28 21:29:00 UTC (rev 1876) +++ trunk/openvas-client/nessus/html_graph_output.c 2008-12-01 11:28:39 UTC (rev 1877) @@ -549,10 +549,10 @@ fprintf(file, "
  • %s\n", name, open->name); if(arg_get_value(open->value, "REPORT")){ - fprintf(file, " (Security hole found)\n"); + fprintf(file, " (Security hole(s) found)\n"); } - else if (arg_get_value(open->value, "INFO")) fprintf(file, " (Security warnings found)\n"); - else fprintf(file, " (Security notes found)\n"); + else if (arg_get_value(open->value, "INFO")) fprintf(file, " (Security warning(s) found)\n"); + else fprintf(file, " (Security note(s) found)\n"); } else fprintf(file, "
  • %s\n", open->name); Modified: trunk/openvas-client/nessus/html_output.c =================================================================== --- trunk/openvas-client/nessus/html_output.c 2008-11-28 21:29:00 UTC (rev 1876) +++ trunk/openvas-client/nessus/html_output.c 2008-12-01 11:28:39 UTC (rev 1877) @@ -380,9 +380,9 @@ fprintf(file, " \n\t%s\n", hostname); fprintf(file, "\t%s\n", name, open->name); - if(arg_get_value(open->value, "REPORT")) fprintf(file, "\tSecurity hole found\n"); + if(arg_get_value(open->value, "REPORT")) fprintf(file, "\tSecurity hole(s) found\n"); else if(arg_get_value(open->value, "INFO")) fprintf(file, "\tSecurity warning(s) found\n"); - else fprintf(file, "\tSecurity notes found\n"); + else fprintf(file, "\tSecurity note(s) found\n"); } else { Modified: trunk/openvas-client/nessus/pdf_output.c =================================================================== --- trunk/openvas-client/nessus/pdf_output.c 2008-11-28 21:29:00 UTC (rev 1876) +++ trunk/openvas-client/nessus/pdf_output.c 2008-12-01 11:28:39 UTC (rev 1877) @@ -414,7 +414,7 @@ name, open->name); if(arg_get_value(open->value, "REPORT")) { fprintf(file, "\t\t"); - PRINT(file, _("Security hole found")); + PRINT(file, _("Security hole(s) found")); fprintf(file, "\n"); } else if(arg_get_value(open->value, "INFO")) { @@ -424,7 +424,7 @@ } else { fprintf(file, "\t\t"); - PRINT(file, _("Security notes found")); + PRINT(file, _("Security note(s) found")); fprintf(file, "\n"); fprintf(file, "\t"); } From scm-commit at wald.intevation.org Mon Dec 1 12:58:32 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Dec 2008 12:58:32 +0100 (CET) Subject: [Openvas-commits] r1878 - in trunk/openvas-client: . nessus Message-ID: <20081201115832.1A6F84076C@pyrosoma.intevation.org> Author: joeyschulze Date: 2008-12-01 12:58:31 +0100 (Mon, 01 Dec 2008) New Revision: 1878 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/parser.c Log: Add new function parse_expand_type to expand the message type into human readable string and use it where appropriate Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-01 11:28:39 UTC (rev 1877) +++ trunk/openvas-client/ChangeLog 2008-12-01 11:58:31 UTC (rev 1878) @@ -1,5 +1,9 @@ -2008-12-01 Joey Schulze +2008-12-01 Joey Schulze + * nessus/parser.c (parse_expand_type, parse_host_add_data): Add + new function to expand the message type into human readable string + and use it + * nessus/html_output.c (arglist_to_html): Consistent text phrases in reports Modified: trunk/openvas-client/nessus/parser.c =================================================================== --- trunk/openvas-client/nessus/parser.c 2008-12-01 11:28:39 UTC (rev 1877) +++ trunk/openvas-client/nessus/parser.c 2008-12-01 11:58:31 UTC (rev 1878) @@ -156,6 +156,39 @@ } /* + * parse_expand_type + * + * This functions expands the numerical type into a human readable string + * type --> char * + */ +char * +parse_expand_type(type) + int type; +{ + switch(type) + { + case MSG_HOLE : + return "Security Hole"; + break; + case MSG_INFO : + return "Security Warning"; + break; + case MSG_NOTE : + return "Security Note"; + break; + case MSG_LOG : + return "Log Message"; + break; + case MSG_DEBUG : + return "Debug Message"; + break; + default : + fprintf(stderr, "received unknown message type (%d)\n", type); + return NULL; + } +} + +/* * parse_server_error * * Feed errors from the Nessus Server @@ -522,28 +555,6 @@ char * script_id; char * old; - switch(type) - { - case MSG_HOLE : - msgt = "Security Hole"; - break; - case MSG_INFO : - msgt = "Security Warning"; - break; - case MSG_NOTE : - msgt = "Security Note"; - break; - case MSG_LOG : - msgt = "Log Message"; - break; - case MSG_DEBUG : - msgt = "Debug Message"; - break; - default : - fprintf(stderr, "received unknown message type (%d)\n", type); - return; - } - hostname = parse_separator(servmsg); if(!hostname){ return; @@ -570,6 +581,9 @@ return; } + if ((msgt = parse_expand_type(type)) == NULL) + return; + old = data; data = rmslashes(old); efree(&old); From scm-commit at wald.intevation.org Mon Dec 1 13:51:10 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Dec 2008 13:51:10 +0100 (CET) Subject: [Openvas-commits] r1879 - in trunk/openvas-client: . nessus Message-ID: <20081201125110.3876A40796@pyrosoma.intevation.org> Author: felix Date: 2008-12-01 13:51:09 +0100 (Mon, 01 Dec 2008) New Revision: 1879 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/pdf_output.c Log: * nessus/pdf_output.c : Typo in output fixed, brackets added. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-01 11:58:31 UTC (rev 1878) +++ trunk/openvas-client/ChangeLog 2008-12-01 12:51:09 UTC (rev 1879) @@ -1,3 +1,7 @@ +2008-12-01 Felix Wolfsteller + + * nessus/pdf_output.c : Typo in output fixed, brackets added. + 2008-12-01 Joey Schulze * nessus/parser.c (parse_expand_type, parse_host_add_data): Add Modified: trunk/openvas-client/nessus/pdf_output.c =================================================================== --- trunk/openvas-client/nessus/pdf_output.c 2008-12-01 11:58:31 UTC (rev 1878) +++ trunk/openvas-client/nessus/pdf_output.c 2008-12-01 12:51:09 UTC (rev 1879) @@ -709,7 +709,7 @@ if(context->signer_fp_certificates == NULL || nvt->sign_key_ids == NULL || strcmp(nvt->sign_key_ids, "") == 0) { - print_plugin_table_row(file, _("Signed by"), _("not siged")); + print_plugin_table_row(file, _("Signed by"), _("not signed")); } else { @@ -728,9 +728,9 @@ { char* trust = (cert->trusted == TRUE) ? _("trusted") : _("not trusted"); - int len_text = strlen(cert->ownername) + strlen(trust) + 2; + int len_text = strlen(cert->ownername) + strlen(trust) + 4; char* text = emalloc( (len_text) * sizeof(char) ); - snprintf(text, (len_text), "%s %s", cert->ownername, trust); + snprintf(text, (len_text), "%s (%s)", cert->ownername, trust); // Print ownername and trustlevel in good (trusted, green) or bad color fprintf(file, "
  • %s
    • ", (cert->trusted == TRUE) ? "#006600" : "#660000", text); From scm-commit at wald.intevation.org Mon Dec 1 14:00:01 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Dec 2008 14:00:01 +0100 (CET) Subject: [Openvas-commits] r1880 - in trunk/openvas-client: . nessus Message-ID: <20081201130001.2C62740796@pyrosoma.intevation.org> Author: felix Date: 2008-12-01 14:00:00 +0100 (Mon, 01 Dec 2008) New Revision: 1880 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/comm.c trunk/openvas-client/nessus/plugin_infos.c trunk/openvas-client/nessus/report.c Log: Fixing certificate issues and certificate listing in pdf reports. * nessus/plugin_info.c (plugin_info_window_setup) : use of g_strsplit instead of strtok, included test for connection to distinguish the case of unknown certificates vs client not connected. * nessus/report.c (report_save) : Load certificate store to have it at hand immideately in report context. * nessus/comm.c (parse_certificate) : clean up, crop fingerprints to keyids to ensure same inforamation in certificates and signatures. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-01 12:51:09 UTC (rev 1879) +++ trunk/openvas-client/ChangeLog 2008-12-01 13:00:00 UTC (rev 1880) @@ -1,5 +1,19 @@ 2008-12-01 Felix Wolfsteller + Fixing certificate issues and certificate listing in pdf reports. + + * nessus/plugin_info.c (plugin_info_window_setup) : use of g_strsplit + instead of strtok, included test for connection to distinguish the case + of unknown certificates vs client not connected. + + * nessus/report.c (report_save) : Load certificate store to have it at + hand immideately in report context. + + * nessus/comm.c (parse_certificate) : clean up, crop fingerprints to + keyids to ensure same inforamation in certificates and signatures. + +2008-12-01 Felix Wolfsteller + * nessus/pdf_output.c : Typo in output fixed, brackets added. 2008-12-01 Joey Schulze Modified: trunk/openvas-client/nessus/comm.c =================================================================== --- trunk/openvas-client/nessus/comm.c 2008-12-01 12:51:09 UTC (rev 1879) +++ trunk/openvas-client/nessus/comm.c 2008-12-01 13:00:00 UTC (rev 1880) @@ -1580,37 +1580,46 @@ */ int comm_parse_certificate(char* buffer, struct context* context) { + char* sep; + char* name; + char* trust_level; + char* nbytes; + char* pubkey; + char* fpr; + char* keyidptr; + if( strcmp(buffer, "<|> SERVER\n") == 0 ) return 1; // Initialize the hashtable if not yet done. if(context->signer_fp_certificates == NULL) - context->signer_fp_certificates = g_hash_table_new(g_str_hash, g_str_equal); + context->signer_fp_certificates = g_hash_table_new_full(g_str_hash, + g_str_equal, NULL, (GDestroyNotify) openvas_certificate_free); - char* sep = strstr(buffer, "<|>"); + sep = strstr(buffer, "<|>"); if (sep == NULL) return -1; - + // Read in tokens - char* fpr = strtok(buffer," <|>"); - char* name = strtok(NULL,"<|>"); - char* trust_level = strtok(NULL," <|>"); + fpr = strtok(buffer, " <|>"); + name = strtok(NULL, "<|>"); + trust_level = strtok(NULL, " <|>"); gboolean trusted = ( strcmp(trust_level, "trusted") == 0 )? TRUE : FALSE; - char* nbytes = strtok(NULL,"<|>"); + nbytes = strtok(NULL, "<|>"); long pkey_length = atol(nbytes); + if(pkey_length < 1) return -1; - char* pubkey = strtok(NULL,"<|>"); + pubkey = strtok(NULL,"<|>"); - // Not enough tokens + // Not enough tokens or incomplete public key if(fpr == NULL || name == NULL || trust_level == NULL || pkey_length < 1 - || pubkey == NULL) - return -1; + || pubkey == NULL + || strlen(pubkey)-2 != pkey_length ) + { + return -1; + } - // Key incomplete - if( strlen(pubkey)-2 != pkey_length ) - return -1; - // Replace semicolons by newlines char* pos = pubkey; while (pos[0] != '\0') @@ -1618,11 +1627,19 @@ if (pos[0] == ';') pos[0] = '\n'; pos++; } + + + // Crop fingerprint to key-id (since gpgme does not guarantee fingerprints as + // a result of later signature verification, which is found in the nvts) + if(strlen(fpr) > 16) + keyidptr = fpr + strlen(fpr) - 16; + else + keyidptr = fpr; // Create and index certificate - openvas_certificate* cert = openvas_certificate_new( estrdup(fpr), estrdup(name), trusted, estrdup(pubkey)); - g_hash_table_insert(context->signer_fp_certificates, cert->fpr , cert ); - + openvas_certificate* cert = openvas_certificate_new( estrdup(keyidptr), estrdup(name), trusted, estrdup(pubkey)); + g_hash_table_insert(context->signer_fp_certificates, cert->fpr, cert ); + return 0; } Modified: trunk/openvas-client/nessus/plugin_infos.c =================================================================== --- trunk/openvas-client/nessus/plugin_infos.c 2008-12-01 12:51:09 UTC (rev 1879) +++ trunk/openvas-client/nessus/plugin_infos.c 2008-12-01 13:00:00 UTC (rev 1880) @@ -480,29 +480,30 @@ GSList* certificates = NULL; if(Context->signer_fp_certificates != NULL && txt != NULL) { - char fprcopy[strlen(txt)]; - strcpy(fprcopy, txt); - char* fpr = strtok(fprcopy, ","); - // If there is just one item - if(fpr == NULL) - fpr = fprcopy; - + gchar** fprs = g_strsplit_set(txt, ",", -1); + int idx = 0; + // Look up fingerprint, add certificate to list - while (fpr != NULL) + while (fprs[idx] != NULL) { - openvas_certificate* cert = g_hash_table_lookup(Context->signer_fp_certificates, fpr); + openvas_certificate* cert = g_hash_table_lookup(Context->signer_fp_certificates, fprs[idx]); if(cert != NULL) certificates = g_slist_prepend(certificates, cert); - fpr = strtok(NULL, ","); + idx ++; } + g_strfreev(fprs); } - if(Context->signer_fp_certificates == NULL) + if(Context->socket <= 0) { snprintf(buf, sizeof(buf), _("Signature information available on server connection.")); } - else if(g_slist_length(certificates) == 0) + else if(g_slist_length(certificates) == 0 && txt != NULL && strcmp(txt,"") != 0) { + snprintf(buf, sizeof(buf), _("Signatures:\n\tUnknown signature(s).")); + } + else if(txt == NULL || strcmp(txt,"") == 0) + { snprintf(buf, sizeof(buf), _("Signatures:\n\tNVT is not signed.")); } else Modified: trunk/openvas-client/nessus/report.c =================================================================== --- trunk/openvas-client/nessus/report.c 2008-12-01 12:51:09 UTC (rev 1879) +++ trunk/openvas-client/nessus/report.c 2008-12-01 13:00:00 UTC (rev 1880) @@ -197,11 +197,18 @@ /* Save the certificate information (as of now) to report_dir/certificate file */ - if ( openvas_certificate_file_write(context, report_get_certificates_filename(report_context)) == FALSE) + char* certfile = report_get_certificates_filename(report_context); + if ( openvas_certificate_file_write(context, certfile) == FALSE) { show_error(_("report_save() couldn't save the certificate information")); + if(certfile) + efree(&certfile); return; } + // Immidiately load, to make information available in report context + report_context->signer_fp_certificates = openvas_certificate_file_read(certfile); + efree(&certfile); + prefs_context_update(report_context); } From scm-commit at wald.intevation.org Mon Dec 1 15:31:20 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 1 Dec 2008 15:31:20 +0100 (CET) Subject: [Openvas-commits] r1881 - in trunk/openvas-plugins: . scripts Message-ID: <20081201143120.DFE7F4076E@pyrosoma.intevation.org> Author: chandra Date: 2008-12-01 15:31:19 +0100 (Mon, 01 Dec 2008) New Revision: 1881 Added: trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl trunk/openvas-plugins/scripts/gb_admidio_remote_dir_trvsl_vuln.nasl trunk/openvas-plugins/scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl trunk/openvas-plugins/scripts/gb_sphider_query_param_xss_vuln.nasl trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_win.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-01 13:00:00 UTC (rev 1880) +++ trunk/openvas-plugins/ChangeLog 2008-12-01 14:31:19 UTC (rev 1881) @@ -1,3 +1,12 @@ +2008-12-01 Chandrashekhar B + * scripts/gb_aceftp_remote_dir_traversal_vuln.nasl, + scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl, + scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl, + scripts/gb_streamripper_mult_bof_vuln_nov08_win.nasl, + scripts/gb_sphider_query_param_xss_vuln.nasl, + scripts/gb_admidio_remote_dir_trvsl_vuln.nasl: + Added new plugins + 2008-11-28 Joey Schulze * packaging/debian/rules, packaging/debian/control, Added: trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl 2008-12-01 13:00:00 UTC (rev 1880) +++ trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl 2008-12-01 14:31:19 UTC (rev 1881) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_aceftp_remote_dir_traversal_vuln.nasl 509 2008-12-01 13:15:24Z oct $ +# +# AceFTP LIST Command Directory Traversal Vulnerability +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800307); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5175"); + script_bugtraq_id(29989); + script_name(english:"AceFTP LIST Command Directory Traversal Vulnerability"); + desc["english"] = " + + Overview: The host is installed with AceFTP and is prone to Directory + Traversal Vulnerability. + + Vulnerability Insight: + The flaw is caused due to input validation errors when processing FTP + responses to a LIST command. These can be exploited by attackers when + downloading the directories containing files with directory traversal + specifiers in the filename. + + Impact: + Successful exploitation allows attackers to execute arbitrary code by + tricking a user into downloading a directory containing files with + specially crafted filenames from a malicious FTP server. + + Impact Level: Application + + Affected Software/OS: + Visicom Media?s AceFTP Freeware/Pro Version 3.80.3 and prior on W + Windows + + Fix: No solution/patch is available as on 1st December, 2008. Information + regarding this issue will updated once the solution details are available. + For updates refer, http://software.visicommedia.com/en/products/ + + References: + http://vuln.sg/aceftp3803-en.html + http://secunia.com/advisories/30792 + http://www.frsirt.com/english/advisories/2008/1954 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 8.4 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of AceFTP"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; + +keys = registry_enum_keys(key:key); +foreach item (keys) +{ + aceName = registry_get_sz(item:"DisplayName", key:key + item); + + if("AceFTP 3 Freeware" >< aceName || "AceFTP 3 Pro" >< aceName) + { + aceVer = registry_get_sz(item:"DisplayVersion", key:key + item); + if(!aceVer){ + exit(0); + } + + if(version_is_less_equal(version:aceVer, test_version:"3.80.3")){ + security_hole(0); + exit(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_aceftp_remote_dir_traversal_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_admidio_remote_dir_trvsl_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_admidio_remote_dir_trvsl_vuln.nasl 2008-12-01 13:00:00 UTC (rev 1880) +++ trunk/openvas-plugins/scripts/gb_admidio_remote_dir_trvsl_vuln.nasl 2008-12-01 14:31:19 UTC (rev 1881) @@ -0,0 +1,107 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_admidio_remote_dir_trvsl_vuln.nasl 532 2008-12-01 11:37:24Z nov $ +# +# Admidio get_file.php Remote File Disclosure Vulnerability +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800309); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5209"); + script_bugtraq_id(29127); + script_name(english:"Admidio get_file.php Remote File Disclosure Vulnerability"); + desc["english"] = " + + Overview: This host is running Admidio and is prone to Directory Traversal + Vulnerability. + + Vulnerability Insight: + The flaw is caused due to file parameter in modules/download/get_file.php + which is not properly sanitized before returning to the user. + + Impact: + Successful exploitation could allow attacker to view local files in the + context of the webserver process. + + Impact Level: Application + + Affected Software/OS: + Admidio Version 1.4.8 and prior. + + Fix: Upgrade to Version 1.4.9 or later + http://www.admidio.org/index.php?page=download + + References: + http://www.milw0rm.com/exploits/5575 + http://www.admidio.org/forum/viewtopic.php?t=1180 + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 3.9 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Admidio"); + script_category(ACT_MIXED_ATTACK); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"CGI abuses"); + script_dependencies("http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +foreach path (make_list("/admidio", cgi_dirs())) +{ + sndReq = http_get(item:string(path, "/adm_program/index.php"), port:port); + rcvRes = http_keepalive_send_recv(port:port, data:sndReq, bodyonly:1); + if(rcvRes == NULL){ + exit(0); + } + + if("Admidio Team" >< rcvRes) + { + # Get a config.php using Directory Traversal + dirTra = "/adm_program/modules/download/get_file.php?folder=&file=" + + "../../adm_config/config.php&default_folder="; + sndReq = http_get(item:string(path, dirTra), port:port); + rcvRes = http_keepalive_send_recv(port:port, data:sndReq, bodyonly:1); + if(rcvRes == NULL){ + exit(0); + } + + if('Module-Owner' >< rcvRes && '$g_forum_pw' >< rcvRes){ + security_warning(port); + exit(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_admidio_remote_dir_trvsl_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl 2008-12-01 13:00:00 UTC (rev 1880) +++ trunk/openvas-plugins/scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl 2008-12-01 14:31:19 UTC (rev 1881) @@ -0,0 +1,122 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_clanlite_sql_inj_n_xss_vuln.nasl 529 2008-11-27 15:11:27Z nov $ +# +# ClanLite SQL Injection and Cross-Site Scripting Vulnerabilities +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800145); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5214", "CVE-2008-5215"); + script_bugtraq_id(29156); + script_name(english:"ClanLite SQL Injection and Cross-Site Scripting Vulnerabilities"); + desc["english"] = " + + Overview: The host is running ClanLite, and is prone to SQL Injection and + Cross-Site Scripting Vulnerabilities. + + Vulnerability Insight: + The flaws are caused due to error in service/calendrier.php and + service/profil.php whcih are not properly sanitized before being used. + + Impact: + Successful attack could lead to execution of arbitrary scripting code or + SQL commands in the context of an affected application, which allows an + attacker to steal cookie-based authentication credentials or access and + modify data. + + Impact Level: Application + + Affected Software/OS: + ClanLite Version 2.2006.05.20 and prior. + + Fix: No solution/patch is available as on 27th November, 2008. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.clanlite.org/ + + References: + http://www.milw0rm.com/exploits/5595 + http://xforce.iss.net/xforce/xfdb/42331 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of ClanLite"); + script_category(ACT_MIXED_ATTACK); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"CGI abuses : XSS"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +foreach dir (make_list("/clanlite", cgi_dirs())) +{ + sndReq = http_get(item:string(dir + "/service/index_pri.php"), port:port); + rcvRes = http_keepalive_send_recv(port:port,data:sndReq,bodyonly:1); + if(rcvRes == NULL){ + exit(0); + } + + if("ClanLite" >< rcvRes) + { + if(safe_checks()) + { + clVer = eregmatch(pattern:"ClanLite<.+ V([0-9.]+)", string:rcvRes); + if(clVer[1] != NULL) + { + # Check for ClanLite Version <= 2.2006.05.20 + if(version_is_less_equal(version:clVer[1], test_version:"2.2006.05.20")){ + security_hole(0); + } + } + exit(0); + } + + url = string(dir + "/service/calendrier.php?mois=6&annee='>" + + "<script>alert(document.cookie)</script>"); + sndReq = http_get(item:url, port:port); + rcvRes = http_keepalive_send_recv(port:port,data:sndReq,bodyonly:1); + if(rcvRes == NULL){ + exit(0); + } + + if("<script>alert(document.cookie)</script>" >< rcvRes){ + security_hole(port); + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_sphider_query_param_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sphider_query_param_xss_vuln.nasl 2008-12-01 13:00:00 UTC (rev 1880) +++ trunk/openvas-plugins/scripts/gb_sphider_query_param_xss_vuln.nasl 2008-12-01 14:31:19 UTC (rev 1881) @@ -0,0 +1,105 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_sphider_query_param_xss_vuln.nasl 530 2008-11-25 18:04:24Z nov $ +# +# Sphider query Parameter Cross-Site Scripting Vulnerability +# +# Authors: +# Sharath S <sharaths at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800308); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5211"); + script_bugtraq_id(29074); + script_name(english:"Sphider query Parameter Cross-Site Scripting Vulnerability"); + desc["english"] = " + + Overview: This host is running Sphider and is prone to cross-site scripting + vulnerability. + + Vulnerability Insight: + The flaw is caused due to input passed into the query parameter in search.php + when suggestion feature is enabled is not properly sanitized before being + returned to a user. + + Impact: + Successful attack could lead to execution of arbitrary HTML or scripting code + in the security context of an affected web page, which allows an attacker to + steal cookie-based authentication credentials or access and modify data. + + Affected Software/OS: + Sphider Version 1.3.4 and prior on all running platform. + + Fix: No solution/patch is available as on 28th November, 2008. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.sphider.eu/ + + References: + http://xforce.iss.net/xforce/xfdb/42240 + http://users.own-hero.net/~decoder/advisories/sphider134-xss.txt + + CVSS Score: + CVSS Base Score : 2.6 (AV:N/AC:H/Au:NR/C:N/I:P/A:N) + CVSS Temporal Score : 2.3 + Risk factor: Low"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Sphider"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"CGI abuses : XSS"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +foreach path (make_list("/sphider", cgi_dirs())) +{ + sndReq = http_get(item:string(path, "/changelog"), port:port); + rcvRes = http_keepalive_send_recv(port:port, data:sndReq, bodyonly:1); + if(rcvRes == NULL){ + exit(0); + } + + if(egrep(pattern:"Sphider .* search engine in PHP", string:rcvRes)) + { + sphiderVer = eregmatch(pattern:"Sphider ([0-9.]+)", string:rcvRes); + if(sphiderVer[1] != NULL) + { + # Grep for Sphider Version <= 1.3.4 + if(version_is_less_equal(version:sphiderVer[1], test_version:"1.3.4")){ + security_warning(port); + exit(0); + } + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_sphider_query_param_xss_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl 2008-12-01 13:00:00 UTC (rev 1880) +++ trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl 2008-12-01 14:31:19 UTC (rev 1881) @@ -0,0 +1,99 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_streamripper_mult_bof_vuln_nov08_lin.nasl 539 2008-11-26 14:22:01Z nov $ +# +# Streamripper Multiple Buffer Overflow Vulnerabilities (Linux) +# +# Authors: +# Veerendra GG <veerendragg at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800147); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-4829"); + script_bugtraq_id(32356); + script_name(english:"Streamripper Multiple Buffer Overflow Vulnerabilities (Linux)"); + desc["english"] = " + + Overview: The host is installed with Streamripper, which is prone to Multiple + Buffer Overflow Vulnerabilities. + + Vulnerability Insight: + The flaws are caused due to boundary error within, + - http_parse_sc_header() function in lib/http.c, when parsing an overly long + HTTP header starting with Zwitterion v. + - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a + specially crafted pls playlist containing an overly long entry or m3u + playlist containing an overly long File entry. + + Impact: + Successful attack could lead to execution of arbitrary code by tricking a + user into connecting to a malicious server or can even cause denial of + service condition. + + Impact Level: Application + + Affected Software/OS: + Streamripper Version 1.63.5 and earlier on Linux. + + Fix: Upgrade to Version 1.64.0, + http://streamripper.sourceforge.net/ + + References: + http://secunia.com/advisories/32562 + http://www.frsirt.com/english/advisories/2008/3207 + + CVSS Score: + CVSS Base Score : 8.3 (AV:N/AC:M/Au:NR/C:P/I:P/A:C) + CVSS Temporal Score : 6.1 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Streamripper"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + exit(0); +} + + +include("version_func.inc"); + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +binPaths = find_bin(prog_name:"streamripper", sock:sock); +foreach srBin (binPaths) +{ + srVer = get_bin_version(full_prog_name:chomp(srBin), version_argv:"-v", + ver_pattern:"Streamripper ([0-9.]+)", sock:sock); + if(srVer[1] != NULL ) + { + if(version_is_less(version:srVer[1], test_version:"1.64.0")){ + security_warning(0); + } + ssh_close_connection(); + exit(0); + } +} +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_win.nasl 2008-12-01 13:00:00 UTC (rev 1880) +++ trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_win.nasl 2008-12-01 14:31:19 UTC (rev 1881) @@ -0,0 +1,106 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_streamripper_mult_bof_vuln_nov08_win.nasl 539 2008-11-26 15:35:25Z nov $ +# +# Streamripper Multiple Buffer Overflow Vulnerabilities (Win) +# +# Authors: +# Veerendra GG <veerendragg at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800146); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-4829"); + script_bugtraq_id(32356); + script_name(english:"Streamripper Multiple Buffer Overflow Vulnerabilities (Win)"); + desc["english"] = " + + Overview: The host is installed with Streamripper, which is prone to Multiple + Buffer Overflow Vulnerabilities. + + Vulnerability Insight: + The flaws are caused due to boundary error within, + - http_parse_sc_header() function in lib/http.c, when parsing an overly long + HTTP header starting with Zwitterion v. + - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a + specially crafted pls playlist containing an overly long entry or m3u + playlist containing an overly long File entry. + + Impact: + Successful attack could lead to execution of arbitrary code by tricking a + user into connecting to a malicious server or can even cause denial of + service condition. + + Impact Level: Application + + Affected Software/OS: + Streamripper Version 1.63.5 and earlier on Windows. + + Fix: Upgrade to Version 1.64.0, + http://streamripper.sourceforge.net/ + + References: + http://secunia.com/advisories/32562 + http://www.frsirt.com/english/advisories/2008/3207 + + CVSS Score: + CVSS Base Score : 8.3 (AV:N/AC:M/Au:NR/C:P/I:P/A:C) + CVSS Temporal Score : 6.1 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Streamripper"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +srPath = registry_get_sz(item:"UninstallString", key:"SOFTWARE\Microsoft" + + "\Windows\CurrentVersion\Uninstall\Streamripper"); +if(!srPath){ + exit(0); +} + +srFile = srPath - "Uninstall.exe" + "CHANGES"; +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:srFile); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:srFile); + +srVer = read_file(share:share, file:file, offset:0, count:256); +srVer = eregmatch(pattern:"New for ([0-9.]+)", string:srVer); + +if(srVer[1] != NULL ) +{ + if(version_is_less(version:srVer[1], test_version:"1.64.0")){ + security_warning(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_streamripper_mult_bof_vuln_nov08_win.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Tue Dec 2 01:14:26 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 01:14:26 +0100 (CET) Subject: [Openvas-commits] r1882 - in trunk/openvas-client: . nessus Message-ID: <20081202001426.A1A1540769@pyrosoma.intevation.org> Author: timb Date: 2008-12-02 01:14:25 +0100 (Tue, 02 Dec 2008) New Revision: 1882 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/backend.c Log: Fixed some memory leaks as reported by cppcheck Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-01 14:31:19 UTC (rev 1881) +++ trunk/openvas-client/ChangeLog 2008-12-02 00:14:25 UTC (rev 1882) @@ -1,3 +1,7 @@ +2008-12-02 Tim Brown <timb at nth-dimension.org.uk> + + * nessus/backed.c: Fixed some memory leaks as reported by cppcheck. + 2008-12-01 Felix Wolfsteller <felix.wolfsteller at intevation.de> Fixing certificate issues and certificate listing in pdf reports. Modified: trunk/openvas-client/nessus/backend.c =================================================================== --- trunk/openvas-client/nessus/backend.c 2008-12-01 14:31:19 UTC (rev 1881) +++ trunk/openvas-client/nessus/backend.c 2008-12-02 00:14:25 UTC (rev 1882) @@ -416,10 +416,13 @@ t+=sizeof(char); t2 = strchr(t, '|'); - if(!t2)continue; + if(!t2) { + efree(id); + continue; + } t2[0]=0; - if(!strcmp(t, "Security Note")) + if(!strcmp(t, "Security Note")) buffer = estrdup("NOTE"); else if(!strcmp(t, "Security Warning")) buffer = estrdup("INFO"); @@ -431,11 +434,11 @@ buffer = estrdup("DEBUG"); else buffer = NULL; - if ( buffer == NULL ) - { - fprintf(stderr, "Error - line %d is malformed\n", line); - continue; - } + if (buffer == NULL) { + fprintf(stderr, "Error - line %d is malformed\n", line); + efree(id); + continue; + } content = arg_get_value(port, buffer); From scm-commit at wald.intevation.org Tue Dec 2 09:39:28 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 09:39:28 +0100 (CET) Subject: [Openvas-commits] r1883 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20081202083928.B4BED40748@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-02 09:39:27 +0100 (Tue, 02 Dec 2008) New Revision: 1883 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_help.h Log: * nessus/prefs_dialog/prefs_help.h: Removed obsolete define for tooltip. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-02 00:14:25 UTC (rev 1882) +++ trunk/openvas-client/ChangeLog 2008-12-02 08:39:27 UTC (rev 1883) @@ -1,3 +1,7 @@ +2008-12-02 Michael Wiegand <michael.wiegand at intevation.de> + + * nessus/prefs_dialog/prefs_help.h: Removed obsolete define for tooltip. + 2008-12-02 Tim Brown <timb at nth-dimension.org.uk> * nessus/backed.c: Fixed some memory leaks as reported by cppcheck. Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_help.h =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_help.h 2008-12-02 00:14:25 UTC (rev 1882) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_help.h 2008-12-02 08:39:27 UTC (rev 1883) @@ -73,14 +73,6 @@ lookup on the IP addresses before it tests them. This may \ slow down the whole test.") -#define HLP_SCAN_OPT_FIREWALL \ -_("Are the target hosts protected by a firewall ? If so \ -and if we are outside the firewall, it is a good idea to \ -turn this option ON, so that \ -OpenVAS Server will perform some additional tests to check \ -that the remote firewall is well \ -configured (this option is still experimental).") - #define HLP_SCAN_OPT_OPTIMIZE \ _("Security tests may ask the OpenVAS Server to be \ launched if and only if some information gathered by other \ From scm-commit at wald.intevation.org Tue Dec 2 09:44:58 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 09:44:58 +0100 (CET) Subject: [Openvas-commits] r1884 - in trunk/openvas-client: . po Message-ID: <20081202084458.AE12740740@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-02 09:44:58 +0100 (Tue, 02 Dec 2008) New Revision: 1884 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/po/de.po Log: * po/de.po: Updated German translation. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-02 08:39:27 UTC (rev 1883) +++ trunk/openvas-client/ChangeLog 2008-12-02 08:44:58 UTC (rev 1884) @@ -1,5 +1,9 @@ 2008-12-02 Michael Wiegand <michael.wiegand at intevation.de> + * po/de.po: Updated German translation. + +2008-12-02 Michael Wiegand <michael.wiegand at intevation.de> + * nessus/prefs_dialog/prefs_help.h: Removed obsolete define for tooltip. 2008-12-02 Tim Brown <timb at nth-dimension.org.uk> Modified: trunk/openvas-client/po/de.po =================================================================== --- trunk/openvas-client/po/de.po 2008-12-02 08:39:27 UTC (rev 1883) +++ trunk/openvas-client/po/de.po 2008-12-02 08:44:58 UTC (rev 1884) @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: OpenVAS-Client 1.0\n" "Report-Msgid-Bugs-To: openvas-devel at wald.intevation.org\n" -"POT-Creation-Date: 2008-10-27 14:00+0100\n" +"POT-Creation-Date: 2008-12-02 09:28+0100\n" "PO-Revision-Date: 2004-08-17 01:05+0200\n" "Last-Translator: Michael Wiegand <michael.wiegand at intevation.de>\n" "Language-Team: OpenVAS Developers <openvas-devel at wald.intevation.org>\n" @@ -16,6 +16,25 @@ "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" +#: src/openvas-lib/openvas_certificate_file.c:101 +#, c-format +msgid "Error adding comment to key file: %s" +msgstr "Fehler beim Hinzuf?gen des Kommetars zur Schl?ssel-Datei: %s" + +#: src/openvas-lib/openvas_certificate_file.c:118 +msgid "Error accessing certificate file for report." +msgstr "Fehler beim Zugriff auf die Zertifikatsdatei f?r den Bericht." + +#: src/openvas-lib/openvas_certificate_file.c:126 +#, c-format +msgid "Error exporting key file: %s" +msgstr "Fehler beim Exportieren der Schl?ssel-Datei: %s" + +#: src/openvas-lib/openvas_certificate_file.c:165 +#, c-format +msgid "Error loading certificate store %s: %s" +msgstr "Fehler beim Laden des Zertifkatsspeichers %s: %s" + #: src/gui/about_dlg.c:113 msgid "About OpenVAS-Client" msgstr "?ber OpenVAS-Client" @@ -101,147 +120,176 @@ #: src/gui/slad_install.c:63 msgid "Could not check SLAD installer." -msgstr "Konnte SLAD installer nicht pr?fen." +msgstr "Konnte SLADinstaller nicht pr?fen." #: src/gui/slad_install.c:78 msgid "Could not execute SLAD installer." -msgstr "Konnte SLAD installer nicht ausf?hren." +msgstr "Konnte SLADinstaller nicht ausf?hren." #: src/gui/slad_install.c:87 msgid "" "fork error. could not start SLAD install. This is a serious operating system " "error. Maybe a reboot will fix this." msgstr "" -"fork Fehler. Konnte SLAD installer nicht ausf?hren. Dies ist ein ernster " -"Betriebssystems-Fehler. Vielleicht l?st ein Neustart des Systems das Problem." +"Fehler beim Ausf?hren von 'fork'. Konnte SLADinstaller nicht ausf?hren. Dies " +"ist ein ernster Betriebssystems-Fehler. Vielleicht l?st ein Neustart des " +"Systems das Problem." -#: nessus/comm.c:90 +#: nessus/comm.c:91 #, c-format msgid "Receiving plugins: %d" msgstr "Empfange Plugins: %d" -#: nessus/comm.c:95 +#: nessus/comm.c:96 #, c-format msgid "Receiving dependencies: %d" msgstr "Empfange Abh?ngigkeiten: %d" -#: nessus/comm.c:395 +#: nessus/comm.c:437 #, c-format msgid "Error : we received a preference (%s) for the plugin %s\n" -msgstr "Fehler : eine Voreinstellung (%s) f?r Plugin %s empfangen\n" +msgstr "Fehler: Eine Voreinstellung (%s) f?r Plugin %s wurde empfangen\n" -#: nessus/comm.c:398 +#: nessus/comm.c:440 #, c-format msgid "but apparently the server has not loaded it\n" -msgstr "aber offensichtlich hat der Server es nicht geladen\n" +msgstr "aber anscheinend hat der Server es nicht geladen\n" -#: nessus/comm.c:762 +#: nessus/comm.c:812 #, c-format msgid "Can't open %s: %s" msgstr "Kann %s nicht ?ffnen: %s" -#: nessus/comm.c:786 +#: nessus/comm.c:836 #, c-format msgid "Error reading from %s: %s" msgstr "Fehler beim Lesen von %s: %s" -#: nessus/comm.c:906 nessus/comm.c:1280 +#: nessus/comm.c:956 nessus/comm.c:1330 msgid "The daemon shut down the communication" msgstr "Der Daemon hat die Kommunikation abgebrochen" -#: nessus/comm.c:933 +#: nessus/comm.c:983 msgid "Error processing plugin information from the server" -msgstr "Fehler bei der Bearbeitung der Plugin-Information vom Server" +msgstr "Fehler bei der Verbeitung der Plugin-Information vom Server" -#: nessus/comm.c:939 +#: nessus/comm.c:989 msgid "Invalid SEND_PLUGINS_MD5 response from server" -msgstr "Nichtvalide SEND_PLUGINS_MD5 Antwort vom Server" +msgstr "Ung?ltige SEND_PLUGINS_MD5 Antwort vom Server" -#: nessus/comm.c:1106 +#: nessus/comm.c:1156 msgid "Invalid PLUGIN_INFO response from server" -msgstr "Nichtvalide PLUGIN_INFO Antwort vom Server" +msgstr "Ung?ltige PLUGIN_INFO Antwort vom Server" -#: nessus/comm.c:1120 nessus/comm.c:1324 +#: nessus/comm.c:1170 nessus/comm.c:1374 msgid "Found and enabled one new plugin." msgstr "Es wurde ein neues Plugin gefunden und automatisch aktiviert." -#: nessus/comm.c:1122 nessus/comm.c:1326 +#: nessus/comm.c:1172 nessus/comm.c:1376 msgid "Found and disabled one new plugin." msgstr "Es wurde ein neues Plugin gefunden und automatisch deaktiviert." -#: nessus/comm.c:1127 nessus/comm.c:1331 +#: nessus/comm.c:1177 nessus/comm.c:1381 #, c-format msgid "Found and enabled %d new plugins." msgstr "Es wurden %d neue Plugins gefunden und automatisch aktiviert." -#: nessus/comm.c:1129 nessus/comm.c:1333 +#: nessus/comm.c:1179 nessus/comm.c:1383 #, c-format msgid "Found and disabled %d new plugins." msgstr "Es wurden %d neue Plugins gefunden und automatisch deaktiviert." -#: nessus/comm.c:1227 +#: nessus/comm.c:1277 msgid "Invalid PLUGINS_MD5 information sent from server" -msgstr "Nichtvalide PLUGIN_MD5 Information vom Server" +msgstr "Ung?ltige PLUGIN_MD5 Information vom Server" -#: nessus/comm.c:1260 +#: nessus/comm.c:1310 msgid "Error while updating the cached plugin information" msgstr "" -"Fehler bei der Aktualisierung der zwischengespeicherten Plugin Informationen" +"Fehler bei der Aktualisierung der zwischengespeicherten Plugin-Informationen" -#: nessus/comm.c:1539 -#, fuzzy, c-format +#: nessus/comm.c:1674 +#, c-format +msgid "Could not parse certificate: %s" +msgstr "Konnte Zertifkat nicht verarbeiten: %s" + +#: nessus/comm.c:1681 +#, c-format msgid "Invalid response from server to certificate request: %s" -msgstr "Ung?ltiges Server Zertifikat" +msgstr "Ung?ltige Serverantwort auf Zertifikatsanfrage: %s" -#: nessus/context.c:230 +#: nessus/context.c:232 msgid "context_remove_child detected existing children." -msgstr "context_remove_child hat noch existierende Kinder entdeckt." +msgstr "context_remove_child hat noch existierende Kindprozesse entdeckt." -#: nessus/context.c:370 nessus/prefs_dialog/prefs_scope_tree.c:273 +#: nessus/context.c:385 nessus/prefs_dialog/prefs_scope_tree.c:273 msgid "context_rename() called with illegal type" msgstr "context_rename() mit illegalem Typ aufgerufen" -#: nessus/context.c:387 nessus/context.c:418 +#: nessus/context.c:402 nessus/context.c:433 #, c-format msgid "Directory %s couldn't be renamed to %s: %s." -msgstr "Verzeichnis %s konnte nicht umbenannt werden in %s: %s." +msgstr "Verzeichnis %s konnte nicht in %s umbenannt werden: %s." -#: nessus/context.c:435 +#: nessus/context.c:450 #, c-format msgid "Can't move \"%s\" to \"%s\"." -msgstr "Kann \"%s\" nicht nach \"%s\" bewegen." +msgstr "Kann \"%s\" nicht nach \"%s\" verschieben." -#: nessus/context.c:458 nessus/context.c:497 +#: nessus/context.c:473 nessus/context.c:512 nessus/html_graph_output.c:1116 #, c-format msgid "Directory %s couldn't be created: %s." msgstr "Verzeichnis %s konnte nicht erzeugt werden: %s." -#: nessus/context.c:483 nessus/prefs_dialog/prefs_scan_assistant.c:263 +#: nessus/context.c:498 nessus/prefs_dialog/prefs_scan_assistant.c:263 msgid "unnamed task" msgstr "unbenannte Aufgabe" -#: nessus/context.c:486 nessus/prefs_dialog/prefs_scan_assistant.c:280 +#: nessus/context.c:501 nessus/prefs_dialog/prefs_scan_assistant.c:280 msgid "unnamed scope" msgstr "unbenannter Bereich" -#: nessus/context.c:489 +#: nessus/context.c:504 msgid "context_new(): No name provided for context" msgstr "context_new(): Kein Name f?r Kontext angegeben" -#: nessus/context.c:534 +#: nessus/context.c:552 #, c-format msgid "File %s couldn't be deleted: %s." msgstr "Datei %s konnte nicht gel?scht werden: %s." -#: nessus/context.c:540 +#: nessus/context.c:558 #, c-format msgid "Directory %s couldn't be deleted: %s." msgstr "Verzeichnis %s konnte nicht gel?scht werden: %s." -#: nessus/context.c:561 +#: nessus/context.c:581 msgid "context_delete() deleted the current context." msgstr "context_delete() hat den aktuellen Kontext gel?scht." +#: nessus/backend.c:82 +msgid "No free tempfile!" +msgstr "Keine freie tempor?re Datei!" + +#: nessus/backend.c:106 +#, c-format +msgid "Can't create file %s: %s" +msgstr "Kann %s nicht erstellen: %s" + +#: nessus/backend.c:116 +#, c-format +msgid "Can't open file %s: %s" +msgstr "Kann %s nicht ?ffnen: %s" + +#: nessus/backend.c:622 +msgid "Unknown report type - please set an extension to the filename" +msgstr "Unbekanntes Berichtsformat - bitte geben Sie eine Dateierweiterung an" + +#: nessus/backend.c:631 +msgid "This file format can not be read back by the OpenVAS-Client" +msgstr "" +"Dieses Dateiformat kann nicht erneut in den OpenVAS-Client geladen werden" + #: nessus/filter.c:67 nessus/filter.c:80 msgid "Filter plugins..." msgstr "Filter Plugins..." @@ -260,11 +308,11 @@ msgid "Name" msgstr "Name" -#: nessus/filter.c:116 nessus/pdf_output.c:951 +#: nessus/filter.c:116 nessus/pdf_output.c:790 msgid "Description" msgstr "Beschreibung" -#: nessus/filter.c:122 nessus/pdf_output.c:804 nessus/pdf_output.c:940 +#: nessus/filter.c:122 nessus/pdf_output.c:580 nessus/pdf_output.c:778 msgid "Summary" msgstr "Zusammenfassung" @@ -276,15 +324,15 @@ msgid "ID number" msgstr "ID Nummer" -#: nessus/filter.c:140 nessus/pdf_output.c:941 +#: nessus/filter.c:140 nessus/pdf_output.c:779 msgid "Category" msgstr "Kategorie" -#: nessus/filter.c:146 nessus/pdf_output.c:944 +#: nessus/filter.c:146 nessus/pdf_output.c:782 msgid "CVE" msgstr "CVE" -#: nessus/filter.c:152 nessus/pdf_output.c:945 +#: nessus/filter.c:152 nessus/pdf_output.c:783 msgid "BID" msgstr "BID" @@ -295,12 +343,22 @@ #: nessus/filter.c:238 #, c-format msgid "Enter a new filter : " -msgstr "Neuen Filter angeben : " +msgstr "Neuen Filter angeben: " #: nessus/filter.c:259 msgid "Invalid regular expression" msgstr "Regul?rer Ausdruck ung?ltig" +#: nessus/parser.c:221 +msgid "Invalid port range" +msgstr "Ung?ltiger Port-Bereich" + +#: nessus/parser.c:223 +msgid "These hosts could not be tested because you are not allowed to do so:" +msgstr "" +"Diese Zielrechner konnten nicht getestet werde, da Sie nicht die dazu " +"notwendigen Rechte haben." + #: nessus/monitor_dialog.c:84 #, c-format msgid "is_server_present: fd(%d) out of range\n" @@ -343,7 +401,7 @@ #: nessus/monitor_dialog.c:393 nessus/monitor_dialog.c:414 #, c-format msgid "Error ! Null hostname in the list\n" -msgstr "Fehler ! 'Null' Host-Name in der Liste\n" +msgstr "Fehler! Leerer Host-Name in der Liste\n" #: nessus/monitor_dialog.c:591 msgid "Portscan:" @@ -353,33 +411,33 @@ msgid "Checks:" msgstr "Pr?fungen:" -#: nessus/nessus.c:366 +#: nessus/nessus.c:374 msgid "Host not found!" msgstr "Host nicht gefunden!" -#: nessus/nessus.c:369 +#: nessus/nessus.c:377 #, c-format msgid "Could not open a connection to %s\n" -msgstr "Kann keine Verbindung aufbauen mit %s\n" +msgstr "Kann keine Verbindung mit %s aufbauen\n" -#: nessus/nessus.c:395 +#: nessus/nessus.c:403 msgid "" "Could not initialize the OpenSSL library !\n" "Please launch openvasclient-mkrand(1) first !" msgstr "" -"Kann die OpenSSL Bibliothek nicht initialisieren !\n" +"Kann die OpenSSL-Bibliothek nicht initialisieren!\n" "Bitte starten Sie zun?chst openvasclient-mkrand(1) !" -#: nessus/nessus.c:411 +#: nessus/nessus.c:419 #, c-format msgid "" "Unknown SSL version \"%s\"\n" "Using default: %s" msgstr "" "Unbekannte SSL Version \"%s\"\n" -"Benutze Voreinstallung: %s" +"Benutze Voreinstellung: %s" -#: nessus/nessus.c:494 +#: nessus/nessus.c:502 #, c-format msgid "paranoia_level=%d but \"trusted_ca\" not set" msgstr "paranoia_level=%d aber \"trusted_ca\" nicht gesetzt" @@ -387,104 +445,113 @@ #: nessus/nessus.c:509 #, c-format msgid "" +"paranoia_level=%d but \"trusted_ca\" file not found:\n" +"%s" +msgstr "" +"paranoia_level=%d, aber \"trusted_ca\"-Datei nicht gefunden:\n" +"%s" + +#: nessus/nessus.c:524 +#, c-format +msgid "" "Error while setting the trusted CA: %s\n" "SSL connections are likely to fail." msgstr "" -"Fehler beim setzen der zu trauenden CA: %s\n" +"Fehler beim Setzen der vertrauensw?rdigen CA: %s\n" "SSL-Verbindungen werden wahrscheinlich fehlschlagen." -#: nessus/nessus.c:554 +#: nessus/nessus.c:569 msgid "SSL error: cannot get server certificate" -msgstr "SSL Fehler: bekomme kein Server Zertifikat" +msgstr "SSL Fehler: Kein Serverzertifikat erhalten" -#: nessus/nessus.c:566 +#: nessus/nessus.c:581 msgid "Invalid server certificate" -msgstr "Ung?ltiges Server Zertifikat" +msgstr "Ung?ltiges Serverzertifikat" -#: nessus/nessus.c:570 +#: nessus/nessus.c:585 msgid "Could not save server certificate" -msgstr "Kann Server Zertifikat nicht speichern" +msgstr "Kann Serverzertifikat nicht speichern" -#: nessus/nessus.c:581 +#: nessus/nessus.c:596 msgid "Could not register the connection" msgstr "Kann die Verbindung nicht registrieren" -#: nessus/nessus.c:594 +#: nessus/nessus.c:609 msgid "" "Unable to establish a connection to the remote host using the specified " "protocol version!" msgstr "" "Konnte mit der gew?hlten Protokollversion keine Verbindung zum Host aufbauen!" -#: nessus/nessus.c:603 +#: nessus/nessus.c:618 msgid "Login failed" -msgstr "Einloggen fehlgeschlagen" +msgstr "Anmeldung fehlgeschlagen" -#: nessus/nessus.c:663 +#: nessus/nessus.c:680 msgid "Display version information" msgstr "Versionsinformationen anzeigen" -#: nessus/nessus.c:665 +#: nessus/nessus.c:682 msgid "No pixmaps" msgstr "Keine Pixmaps verwenden" -#: nessus/nessus.c:667 +#: nessus/nessus.c:684 msgid "Batch-mode scan" msgstr "Scan im Batch-Modus" -#: nessus/nessus.c:667 +#: nessus/nessus.c:684 msgid "<host> <port> <user> <pass> <targets-file> <result-file>" msgstr "<host> <port> <user> <pass> <targets-file> <result-file>" -#: nessus/nessus.c:669 +#: nessus/nessus.c:686 msgid "Configuration file" msgstr "Konfigurationsdatei" -#: nessus/nessus.c:669 +#: nessus/nessus.c:686 msgid "<.rcfile>" msgstr "<.rcfile>" -#: nessus/nessus.c:671 nessus/nessus.c:673 +#: nessus/nessus.c:688 nessus/nessus.c:690 msgid "Output format" msgstr "Ausgabeformat" -#: nessus/nessus.c:671 +#: nessus/nessus.c:688 msgid "[nbe|html|html_graph|text|xml|tex]" msgstr "[nbe|html|html_graph|text|xml|tex]" -#: nessus/nessus.c:673 +#: nessus/nessus.c:690 msgid "[nbe|html|text|xml|tex]" msgstr "[nbe|html|text|xml|tex]" -#: nessus/nessus.c:675 +#: nessus/nessus.c:692 msgid "Display status messages in batch mode" msgstr "Statusmeldungen im Batch-Modus anzeigen" -#: nessus/nessus.c:676 +#: nessus/nessus.c:693 msgid "Obtain list of plugins installed on the server" msgstr "Liste der auf dem Server installierten Plugins ausgeben" -#: nessus/nessus.c:677 +#: nessus/nessus.c:694 msgid "Obtain list of server and plugin preferences" msgstr "Liste der Plugin- und Servereinstellungen ausgeben" -#: nessus/nessus.c:678 +#: nessus/nessus.c:695 msgid "Input file (report conversion)" -msgstr "Quelldatei (Reportkonvertierung)" +msgstr "Quelldatei (Berichtskonvertierung)" -#: nessus/nessus.c:678 +#: nessus/nessus.c:695 msgid "<in.nbe>" msgstr "<in.nbe>" -#: nessus/nessus.c:679 +#: nessus/nessus.c:696 msgid "Output file (report conversion)" -msgstr "Zieldatei (Reportkonvertierung)" +msgstr "Zieldatei (Berichtskonvertierung)" -#: nessus/nessus.c:679 +#: nessus/nessus.c:696 msgid "<out.[html|xml|nbe]>" msgstr "<out.[html|xml|nbe]>" -#: nessus/nessus.c:680 +#: nessus/nessus.c:697 msgid "" "Override SSL \"paranoia\" question preventing OpenVAS-Client from checking " "certificates" @@ -492,139 +559,139 @@ "SSL \"paranoia\" Frage ?bergehen und Pr?fung des Zertifikats durch OpenVAS-" "Client abschalten" -#: nessus/nessus.c:681 +#: nessus/nessus.c:698 msgid "Issue SQL output for -p and -P (experimental)" -msgstr "Ergebnisse der Optionen -p und -P aus SQL ausgeben (experimental)" +msgstr "Ergebnisse der Optionen -p und -P aus SQL ausgeben (experimentell)" -#: nessus/nessus.c:682 +#: nessus/nessus.c:699 msgid "List sessions" msgstr "Sitzungen auflisten" -#: nessus/nessus.c:682 +#: nessus/nessus.c:699 msgid "<host> <port> <user> <pass>" msgstr "<host> <port> <user> <pass>" -#: nessus/nessus.c:683 +#: nessus/nessus.c:700 msgid "Restore session" msgstr "Sitzung wiederherstellen" -#: nessus/nessus.c:683 +#: nessus/nessus.c:700 msgid "<sessionid> <host> <port> <user> <pass> <result-file>" msgstr "<sessionid> <host> <port> <user> <pass> <result-file>" -#: nessus/nessus.c:688 +#: nessus/nessus.c:705 msgid "- client for the OpenVAS security scanner" msgstr "- Client f?r den OpenVAS Sicherheits-Scanner" -#: nessus/nessus.c:717 +#: nessus/nessus.c:734 #, c-format msgid "" "OpenVAS-Client (%s) %s for %s\n" "\n" msgstr "" -"OpenVAS-ClientOpenVAS-Client (%s) %s f?r %s\n" +"OpenVAS-Client (%s) %s f?r %s\n" "\n" -#: nessus/nessus.c:718 +#: nessus/nessus.c:735 #, c-format msgid "" "NessusClient origin: (C) 1998 - 2003 Renaud Deraison <deraison at nessus.org>\n" msgstr "" -"Urspr?nglich NessusClient: (C) 1998 - 2003 Renaud Deraison <deraison at nessus." -"org>\n" +"Urspr?nglicher NessusClient: (C) 1998 - 2003 Renaud Deraison " +"<deraison at nessus.org>\n" -#: nessus/nessus.c:719 +#: nessus/nessus.c:736 #, c-format msgid "New code since OpenVAS-Client: (C) 2007, 2008 Intevation GmbH\n" msgstr "Neuer Quelltext seit OpenVAS-Client: (C) 2007, 2008 Intevation GmbH\n" -#: nessus/nessus.c:743 +#: nessus/nessus.c:760 #, c-format msgid "The session ID is required to restore a session.\n" msgstr "" "F?r das Wiederherstellen einer Sitzung wird eine Sitzungs-ID ben?tigt.\n" -#: nessus/nessus.c:744 nessus/nessus.c:762 nessus/nessus.c:815 -#: nessus/nessus.c:899 nessus/nessus.c:925 +#: nessus/nessus.c:761 nessus/nessus.c:779 nessus/nessus.c:832 +#: nessus/nessus.c:916 nessus/nessus.c:942 #, c-format msgid "Please use %s --help for more information.\n" msgstr "Unter %s --help erhalten Sie weitere Informationen.\n" -#: nessus/nessus.c:761 +#: nessus/nessus.c:778 #, c-format msgid "" "You need to specify an input file as well as an output file for report " "conversion.\n" msgstr "" -"F?r die Konvertierung eines Reports muss sowohl eine Quelldatei als auch " +"F?r die Konvertierung eines Berichts muss sowohl eine Quelldatei als auch " "eine Zieldatei angegeben werden.\n" -#: nessus/nessus.c:798 +#: nessus/nessus.c:815 #, c-format msgid "Unsupported report type '%s'\n" -msgstr "Nicht unterst?tzter Reporttyp '%s'\n" +msgstr "Nicht unterst?tztes Berichtsformat '%s'\n" -#: nessus/nessus.c:806 +#: nessus/nessus.c:823 #, c-format msgid "Could not import '%s' - is it a .nbe file?\n" -msgstr "Kann '%s' nicht importieren - ist es eine .nbe Datei ?\n" +msgstr "Kann '%s' nicht importieren - ist es eine .nbe Datei?\n" -#: nessus/nessus.c:814 +#: nessus/nessus.c:831 #, c-format msgid "The option -make_config_file can only be used in batch mode.\n" msgstr "" "Die Option -make_config_file kann nur im Batch-Modus angewandt werden\n" -#: nessus/nessus.c:825 +#: nessus/nessus.c:842 #, c-format msgid "list-sessions requires %s\n" msgstr "list-sessions erfordert %s\n" -#: nessus/nessus.c:831 +#: nessus/nessus.c:848 #, c-format msgid "restore-session requires -q %s result\n" msgstr "restore-session erfordert -q %s result\n" -#: nessus/nessus.c:837 +#: nessus/nessus.c:854 #, c-format msgid "--restore-session and --list-sessions are mutually exclusive\n" msgstr "" "--restore-session und --list-sessions schliessen sich gegenseitig aus\n" -#: nessus/nessus.c:875 +#: nessus/nessus.c:892 #, c-format msgid "Verbose mode can only be used in batch mode\n" msgstr "Wortreicher Modus kann nur f?r Batch-Modus angewandt werden\n" -#: nessus/nessus.c:898 nessus/nessus.c:924 +#: nessus/nessus.c:915 nessus/nessus.c:941 #, c-format msgid "Batch mode requires login information.\n" msgstr "Der Batch-Modus ben?tigt Anmeldeinformationen.\n" -#: nessus/nessus.c:909 +#: nessus/nessus.c:926 msgid "list-sessions only requires " msgstr "list-sessions erfordert lediglich " -#: nessus/nessus.c:918 +#: nessus/nessus.c:935 msgid "restore-session only requires " msgstr "restore-session erfordert lediglich " -#: nessus/nessus.c:949 nessus/nessus.c:964 +#: nessus/nessus.c:966 nessus/nessus.c:981 #, c-format msgid "Could not connect to openvasd\n" msgstr "Kann keine Verbindung zu openvasd aufbauen\n" -#: nessus/nessus.c:991 nessus/nessus.c:998 +#: nessus/nessus.c:1008 nessus/nessus.c:1015 #, c-format msgid "Missing parameter\n" msgstr "Fehlender Parameter\n" -#: nessus/nessus.c:1026 +#: nessus/nessus.c:1043 #, c-format msgid "A new openvasrc file has been saved\n" msgstr "Eine neue openvasrc Datei wurde gespeichert\n" -#: nessus/nessus.c:1069 +#: nessus/nessus.c:1086 #, c-format msgid "" "\n" @@ -634,99 +701,90 @@ " the --help option and in the OpenVAS documentation.\n" msgstr "" "\n" -" Diese Version des OpenVAS-Clients wurde ohne GUI Unterst?tzung\n" +" Diese Version des OpenVAS-Clients wurde ohne GUI-Unterst?tzung\n" " erstellt und kann nur im Batch-Modus ausgef?hrt werden.\n" " Informationen zur Ausf?hrung von OpenVAS-Client im Batch-Modus erhalten " "Sie\n" " mit der Option --help und in der OpenVAS-Dokumentation.\n" -#: nessus/pdf_output.c:381 +#: nessus/pdf_output.c:174 msgid "Could not fork (out of memory?)" -msgstr "Kann nict verzweichen (kein Speicher mehr?)" +msgstr "" +"Kann 'fork' nicht durchf?hren (Eventuell ist nicht gen?gend Speicher " +"verf?gbar?)" -#: nessus/pdf_output.c:504 +#: nessus/pdf_output.c:306 msgid "" "PDF report export failed!\n" "Maybe HTMLDoc (required for PDF export) is not installed or in search path." msgstr "" -"PDF Report Export fehlgeschlagen!\n" -"Eventuell ist HTMLDoc (notwendig f?r PDF Export) nicht installiert oder " +"Exportieren des PDF-Berichts fehlgeschlagen!\n" +"Eventuell ist HTMLDoc (notwendig f?r PDF-Export) nicht installiert oder " "nicht im Suchpfad." -#: nessus/pdf_output.c:506 +#: nessus/pdf_output.c:308 #, c-format msgid "PDF report export failed! (htmldoc exit code: %d)" -msgstr "PDF Report Export fehlgeschlagen! (htmldoc exit code: %d)" +msgstr "" +"Exportieren des PDF-Berichts fehlgeschlagen! (htmldoc R?ckgabewert: %d)" -#: nessus/pdf_output.c:537 +#: nessus/pdf_output.c:346 msgid "Could not create this file !" -msgstr "Kann Datei nicht erstellen !" +msgstr "Kann diese Datei nicht erstellen!" -#: nessus/pdf_output.c:551 +#: nessus/pdf_output.c:360 msgid "Reports per Host" -msgstr "Reports pro Host" +msgstr "Berichte pro Host" -#: nessus/pdf_output.c:571 +#: nessus/pdf_output.c:379 #, c-format msgid "Scan of this host started at: %s<br>\n" msgstr "Scan f?r diesen Host startete: %s<br>\n" -#: nessus/pdf_output.c:573 +#: nessus/pdf_output.c:381 #, c-format msgid "Scan of this host finished at: %s<br>\n" msgstr "Scan f?r diesen Host endete: %s<br>\n" -#: nessus/pdf_output.c:583 +#: nessus/pdf_output.c:391 msgid "Service (Port)" msgstr "Dienst (Port)" -#: nessus/pdf_output.c:586 +#: nessus/pdf_output.c:394 msgid "Issue regarding port" msgstr "Problem f?r Port" -#: nessus/pdf_output.c:610 -msgid "Security hole found" -msgstr "Sicherheitsloch gefunden" +#: nessus/pdf_output.c:417 nessus/pdf_output.c:624 +msgid "Security hole(s) found" +msgstr "Sicherheitsloch/-l?cher gefunden" -#: nessus/pdf_output.c:615 nessus/pdf_output.c:853 +#: nessus/pdf_output.c:422 nessus/pdf_output.c:629 msgid "Security warning(s) found" msgstr "Sicherheitswarnung(en) gefunden" -#: nessus/pdf_output.c:620 -msgid "Security notes found" -msgstr "Sicherheitshinweise gefunden" +#: nessus/pdf_output.c:427 nessus/pdf_output.c:634 +msgid "Security note(s) found" +msgstr "Sicherheitshinweis(e) gefunden" -#: nessus/pdf_output.c:629 nessus/pdf_output.c:638 +#: nessus/pdf_output.c:436 nessus/pdf_output.c:445 msgid "No Information" msgstr "Keine Informationen" -#: nessus/pdf_output.c:647 +#: nessus/pdf_output.c:454 msgid "[ return to summary ]" msgstr "[ zur?ck zur Zusammenfassung ]" -#: nessus/pdf_output.c:651 +#: nessus/pdf_output.c:458 #, c-format msgid "Security Issues and Fixes - Host %s" msgstr "Sicherheitsprobleme und -Behebungen - Host %s" -#: nessus/pdf_output.c:687 -msgid "Vulnerability" -msgstr "Angreifbarkeit" - -#: nessus/pdf_output.c:712 nessus/prefs_dialog/prefs_plugins_tree.c:448 -msgid "Warning" -msgstr "Warnung" - -#: nessus/pdf_output.c:739 -msgid "Informational" -msgstr "Zur Information" - -#: nessus/pdf_output.c:753 +#: nessus/pdf_output.c:528 #, c-format msgid "[ return to %s ]" msgstr "[ zur?ck zu %s ]" -#: nessus/pdf_output.c:771 +#: nessus/pdf_output.c:546 msgid "" "This file was generated by <a href=\"http://www.openvas.org\">OpenVAS</a>, " "the free security scanner." @@ -734,166 +792,243 @@ "Diese Datei wurde erstellt durch <a href=\"http://www.openvas.org\">OpenVAS</" "a>, dem Freien Sicherheits-Scanner." -#: nessus/pdf_output.c:793 +#: nessus/pdf_output.c:569 msgid "OpenVAS Scan Report" -msgstr "OpenVAS Scan Report" +msgstr "OpenVAS Scan-Bericht" -#: nessus/pdf_output.c:808 +#: nessus/pdf_output.c:584 msgid "" "This report gives details on hosts that were tested and issues that were " -"found." +"found. " msgstr "" -"Dieser Report beschreibt Details zu den Hosts die getestet wurden sowie die " -"Probleme die dabei gefunden wurden." +"Dieser Berichts beschreibt Details zu den Zielrechnern, die getestet wurden " +"sowie die Probleme, die dabei gefunden wurden." -#: nessus/pdf_output.c:809 +#: nessus/pdf_output.c:585 msgid "" "Please follow the recommended steps and procedures to eradicate these " "threats.\n" msgstr "" -"Bitte befolgen Sie die empfohlenen Schritten und Prozeduren um diese " -"Gefahren zu eliminieren.\n" +"Bitte befolgen Sie die empfohlenen Schritte und Prozeduren um diese " +"Gef?hrdungen zu eliminieren.\n" -#: nessus/pdf_output.c:813 +#: nessus/pdf_output.c:589 #, c-format msgid "Scan started at: %s<br>\n" msgstr "Scan startete: %s<br>\n" -#: nessus/pdf_output.c:814 +#: nessus/pdf_output.c:590 #, c-format msgid "Scan finished at: %s<br>\n" msgstr "Scan endete: %s<br>\n" -#: nessus/pdf_output.c:820 +#: nessus/pdf_output.c:596 msgid "Host" msgstr "Host" -#: nessus/pdf_output.c:823 +#: nessus/pdf_output.c:599 msgid "Possible Issues" msgstr "M?gliche Probleme" -#: nessus/pdf_output.c:826 +#: nessus/pdf_output.c:602 msgid "Holes" -msgstr "L?cher" +msgstr "Sicherheitsl?cher" -#: nessus/pdf_output.c:829 +#: nessus/pdf_output.c:605 msgid "Warnings" msgstr "Warnungen" -#: nessus/pdf_output.c:832 +#: nessus/pdf_output.c:608 msgid "Notes" msgstr "Hinweise" -#: nessus/pdf_output.c:848 -msgid "Security hole(s) found" -msgstr "Sicherheitsl?cher gefunden" - -#: nessus/pdf_output.c:858 -msgid "Security note(s) found" -msgstr "Sicherheishinweis(e) gefunden" - -#: nessus/pdf_output.c:863 +#: nessus/pdf_output.c:639 msgid "No noticeable information found" msgstr "Keine erw?hnenswerte Informationen gefunden" -#: nessus/pdf_output.c:881 +#: nessus/pdf_output.c:657 msgid "Total" -msgstr "Insgesamt" +msgstr "Gesamt" -#: nessus/pdf_output.c:942 +#: nessus/pdf_output.c:712 nessus/pdf_output.c:721 +msgid "Signed by" +msgstr "Signiert von" + +#: nessus/pdf_output.c:712 +msgid "not signed" +msgstr "nicht signiert" + +#: nessus/pdf_output.c:729 +msgid "trusted" +msgstr "vertrauensw?rdig" + +#: nessus/pdf_output.c:730 +msgid "not trusted" +msgstr "nicht vertrauensw?rdig" + +#: nessus/pdf_output.c:743 +msgid "unknown signature" +msgstr "unbekannte Signatur" + +#: nessus/pdf_output.c:780 msgid "Family" msgstr "Familie" -#: nessus/pdf_output.c:943 +#: nessus/pdf_output.c:781 msgid "Version" msgstr "Version" -#: nessus/pdf_output.c:946 +#: nessus/pdf_output.c:784 msgid "XRefs" msgstr "Querverweise" -#: nessus/pdf_output.c:961 +#: nessus/pdf_output.c:800 msgid "Parameters" msgstr "Paramter" -#: nessus/pdf_output.c:984 +#: nessus/pdf_output.c:830 msgid "Appendix: NVT Information" msgstr "Anhang: NVT Informationen" -#: nessus/plugin_infos.c:56 +#: nessus/plugin_infos.c:58 #, c-format msgid "Dependencies of Plugin '%s'" -msgstr "Abh?ngigkeiten des PlugIns '%s'" +msgstr "Abh?ngigkeiten des Plugins '%s'" -#: nessus/plugin_infos.c:87 +#: nessus/plugin_infos.c:89 msgid "No dependencies found." msgstr "Keine Abh?ngigkeiten gefunden." -#: nessus/plugin_infos.c:112 +#: nessus/plugin_infos.c:114 msgid "), currently " msgstr "), derzeit " -#: nessus/plugin_infos.c:114 +#: nessus/plugin_infos.c:116 msgid "enabled" msgstr "eingeschaltet" -#: nessus/plugin_infos.c:116 +#: nessus/plugin_infos.c:118 msgid "disabled" msgstr "ausgeschaltet" -#: nessus/plugin_infos.c:174 nessus/plugin_infos.c:410 +#: nessus/plugin_infos.c:176 nessus/plugin_infos.c:565 msgid "Set plugin timeout..." -msgstr "Setze PlugIn Timeout..." +msgstr "Setze Plugin Timeout..." -#: nessus/plugin_infos.c:191 +#: nessus/plugin_infos.c:193 msgid "Set plugin timeout:" -msgstr "Setze PlugIn Timeout:" +msgstr "Setze Plugin Timeout:" -#: nessus/plugin_infos.c:277 +#: nessus/plugin_infos.c:265 #, c-format +msgid "Can not find certificate for: %s." +msgstr "Kann Zertifikat f?r %s nicht finden." + +#: nessus/plugin_infos.c:269 +#, c-format +msgid "OpenVAS Certificate View: %s" +msgstr "OpenVAS Zertifikatsansicht: %s" + +#: nessus/plugin_infos.c:283 +#, c-format +msgid "Owner Name: %s" +msgstr "Name des Besitzers: %s" + +#: nessus/plugin_infos.c:288 +#, c-format +msgid "Fingeprint: %s" +msgstr "Fingerabdruck: %s" + +#: nessus/plugin_infos.c:339 +#, c-format msgid "Error ! Plugin selected not found ?!\n" -msgstr "Fehler! Selektiertes PlugIn nicht gefunden ?!\n" +msgstr "Fehler! Ausgew?hltes Plugin nicht gefunden?!\n" -#: nessus/plugin_infos.c:312 +#: nessus/plugin_infos.c:374 #, c-format msgid "Family: %s" msgstr "Familie: %s" -#: nessus/plugin_infos.c:319 +#: nessus/plugin_infos.c:381 #, c-format msgid "Category: %s" msgstr "Kategorie: %s" -#: nessus/plugin_infos.c:326 +#: nessus/plugin_infos.c:388 #, c-format msgid "OpenVAS NVT OID: %s" msgstr "OpenVAS NVT OID: %s" -#: nessus/plugin_infos.c:336 +#: nessus/plugin_infos.c:398 #, c-format msgid "CVE: %s" msgstr "CVE: %s" -#: nessus/plugin_infos.c:347 +#: nessus/plugin_infos.c:409 #, c-format msgid "Bugtraq ID: %s" msgstr "Bugtraq ID: %s" -#: nessus/plugin_infos.c:358 +#: nessus/plugin_infos.c:420 #, c-format msgid "Other references: %s" msgstr "Andere Referenzen: %s" -#: nessus/plugin_infos.c:369 +#: nessus/plugin_infos.c:431 #, c-format msgid "Plugin Version: %s" msgstr "Plugin-Version: %s" -#: nessus/plugin_infos.c:382 +#: nessus/plugin_infos.c:444 msgid "Plugin description:" msgstr "Beschreibung des Plugins:" -#: nessus/plugin_infos.c:417 +#: nessus/plugin_infos.c:499 +#, c-format +msgid "Signature information available on server connection." +msgstr "Signaturinformation bei bestehender Serververbindung verf?gbar." + +#: nessus/plugin_infos.c:503 +#, c-format +msgid "" +"Signatures:\n" +"\tUnknown signature(s)." +msgstr "" +"Signaturen:\n" +"\tUnbekannte Signatur(en)." + +#: nessus/plugin_infos.c:507 +#, c-format +msgid "" +"Signatures:\n" +"\tNVT is not signed." +msgstr "" +"Signaturen:\n" +"\tNVT ist nicht signiert." + +#: nessus/plugin_infos.c:516 +#, c-format +msgid "Signatures:" +msgstr "Signaturen:" + +#: nessus/plugin_infos.c:519 +#, c-format +msgid "Signatures (NOT verified):" +msgstr "Signaturen (NICHT ?berpr?ft)" + +#: nessus/plugin_infos.c:536 +msgid "<span color=\"green\">trusted</span>" +msgstr "<span color=\"green\">vertrauensw?rdig</span>" + +#: nessus/plugin_infos.c:537 +msgid "<span color=\"red\">untrusted</span>" +msgstr "<span color=\"red\">nicht vertrauensw?rdig</span>" + +#: nessus/plugin_infos.c:545 +msgid "View" +msgstr "Ansicht" + +#: nessus/plugin_infos.c:572 msgid "Show dependencies" msgstr "Zeige Abh?ngigkeiten" @@ -908,22 +1043,22 @@ "# OpenVAS-Client Preferences File\n" "\n" msgstr "" -"# OpenVAS-Client Voreinstellungen Datei\n" +"# OpenVAS-Client Voreinstellungsdatei\n" "\n" #: nessus/preferences.c:203 #, c-format msgid "The OpenVAS-Client doesn't have the right to read %s\n" -msgstr "OpenVAS-Client hat kein Recht %s zu lesen\n" +msgstr "OpenVAS-Client hat nicht die erforderlichen Rechte, um %s zu lesen\n" #: nessus/preferences.c:217 msgid "Couldn't find prefs file... Creating a new one..." -msgstr "Kann keine Voreinstellungen Datei finden ... Erzeuge neue..." +msgstr "Kann keine Voreinstellungsdatei finden... Erzeuge neue Datei..." #: nessus/preferences.c:221 nessus/preferences.c:228 #, c-format msgid "Error creating %s: %s" -msgstr "Fehler bei Erstellung %s: %s" +msgstr "Fehler beim Erstellen von %s: %s" #: nessus/preferences.c:236 #, c-format @@ -933,7 +1068,7 @@ #: nessus/preferences.c:255 #, c-format msgid "Parse error in %s: %s" -msgstr "Parser-Fehler in %s : %s" +msgstr "Fehler bei der Verarbeitung in %s : %s" #: nessus/preferences.c:269 #, c-format @@ -943,22 +1078,22 @@ #: nessus/preferences.c:507 #, c-format msgid "%s could not be opened write only" -msgstr "%s kann nicht als nur-schreiben ge?ffnet werden" +msgstr "%s kann nicht nur-schreibend ge?ffnet werden" #: nessus/preferences.c:511 #, c-format msgid "# This file was automagically created by OpenVAS-Client\n" msgstr "# Diese Datei wurd automagisch durch OpenVAS-Client erzeugt\n" -#: nessus/preferences.c:628 +#: nessus/preferences.c:630 msgid "Global Settings" msgstr "Globale Einstellungen" -#: nessus/preferences.c:744 nessus/preferences.c:765 +#: nessus/preferences.c:746 nessus/preferences.c:767 msgid "prefs_set_value() called with illegal type" msgstr "prefs_set_value() mit illegalem Typ aufgerufen" -#: nessus/read_target_file.c:41 nessus/report.c:204 +#: nessus/read_target_file.c:41 nessus/report.c:245 msgid "Load file" msgstr "Lade Datei" @@ -985,45 +1120,121 @@ msgid "file mapping failed: %s\n" msgstr "Dateimapping fehlgeschlagen: %s\n" -#: nessus/report.c:117 +#: nessus/html_graph_output.c:1123 +#, c-format +msgid "Can't change to directory %s: %s." +msgstr "Kann nicht in Verzeichnis %s wechseln: %s" + +#: nessus/html_graph_output.c:1130 +#, c-format +msgid "Can't write index: %s" +msgstr "Kann Index nicht schreiben: %s" + +#: nessus/xml_output_ng.c:713 +#, c-format +msgid "Can't open %s for writing: %s." +msgstr "Kann %s nicht zum Schreiben ?ffnen: %s" + +#: nessus/report.c:143 msgid "report_save() called with illegal type" -msgstr "report_save() mit illegalem Typ aufgerufen" +msgstr "report_save() wurde mit illegalem Typ aufgerufen" -#: nessus/report.c:136 +#: nessus/report.c:162 msgid "report_save() couldn't create context" msgstr "report_save() konnte Kontext nicht erzeugen" -#: nessus/report.c:142 +#: nessus/report.c:168 msgid "report_save() couldn't find a report filename" -msgstr "report_save() konnte keinen Dateienamen f?r Report finden" +msgstr "report_save() konnte keinen Dateienamen f?r den Bericht finden" -#: nessus/report.c:150 +#: nessus/report.c:176 msgid "report_save() couldn't save the report" -msgstr "report_save() konnte den Report nicht speichern" +msgstr "report_save() konnte den Bericht nicht speichern" -#: nessus/report.c:162 +#: nessus/report.c:188 msgid "report_save() couldn't save the plugin information" -msgstr "report_save() konnte die Plugin Informationen nicht speichern" +msgstr "report_save() konnte die Plugin-Informationen nicht speichern" +#: nessus/report.c:203 +msgid "report_save() couldn't save the certificate information" +msgstr "report_save() konnte die Zertifikatsinformationen nicht speichern" + +#: nessus/report_save.c:178 +msgid "Export Report" +msgstr "Bericht exportieren" + +#: nessus/report_save.c:194 +msgid "Export Options" +msgstr "Optionen exportieren" + +#: nessus/report_save.c:203 +msgid "Report file format : " +msgstr "Format der Berichtsdatei" + +#: nessus/report_save.c:239 +msgid "ASCII text" +msgstr "ASCII-Text" + +#: nessus/report_save.c:245 +msgid "HTML with Pies and Graphs" +msgstr "HTML mit Diagrammen" + +#: nessus/report_save.c:283 +#, c-format +msgid "PDF file %s not found." +msgstr "PDF-Datei %s nicht gefunden." + +#: nessus/report_save.c:289 +#, c-format +msgid "" +"You haven't configured a PDF viewer.\n" +"The report was saved as %s so you can manually open it." +msgstr "" +"Sie haben keinen PDF-Betrachter konfiguriert.\n" +"Der Bericht wurde unter %s gespeichert." + +#: nessus/report_save.c:300 +#, c-format +msgid "Can't launch PDF viewer: %s" +msgstr "Kann PDF-Betrachter nicht starten: %s" + +#: nessus/report_save.c:334 +#, c-format +msgid "" +"Can't open PDF file: %s:\n" +"%s" +msgstr "" +"Kann PDF-Datei nicht ?ffnen: %s:\n" +"%s" + +#: nessus/sighand.c:53 +msgid "Connection closed by the server (SIGPIPE caught)" +msgstr "Verbindung wurde vom Server geschlossen (Signal SIGPIPE erhalten)" + +#: nessus/sighand.c:59 +msgid "Connection timed out" +msgstr "Zeit?berschreitung bei Verbindung" + #: nessus/sslui.c:85 msgid "SSL Setup" msgstr "SSL Einrichtung" #: nessus/sslui.c:128 msgid "Display and remember the server certificate, do not care about the CA" -msgstr "Zeige und speichere das Server Zertifikat, nicht um die CA k?mmern" +msgstr "Serverzertifikat anzeigen und speichern, CA nicht beachten" #: nessus/sslui.c:138 msgid "" "Trust the server certificate if and only if it is valid and certified by the " "CA" msgstr "" -"Vertraue dem Server Zertifikat ausschliesslich falls es ein anhand der CA " -"gepr?ftes g?ltiges Zertfikat ist" +"Dem Serverzertifikat nur dann vertrauen, wenn es g?ltig ist und von der CA " +"zertifiziert wurde" #: nessus/sslui.c:146 msgid "Verify that the server certificate is valid *and* remember it" -msgstr "Pr?fe, dass das Server Zertifikat g?ltig ist *und* speichere es" +msgstr "" +"Die G?ltigkeit des Serverzertifikates ?berpr?fen und das Zertifikat speichern" #: nessus/sslui.c:157 msgid "OK" @@ -1035,14 +1246,14 @@ "many servers from your client, choose 2. Otherwise, choose 1, or 3,\n" "if you are paranoid.\n" msgstr "" -"Bitte W?hlen Sie Ihren Grad an SSL Paranoia (Hinweis: falls Sie viele " -"Server\n" -"?ber Ihren Klienten managen wollen, w?hlen Sie 2. Ansonsten 1, oder 3 falls\n" +"Bitte w?hlen Sie den Grad an SSL-Paranoia (Hinweis: falls Sie viele Server\n" +"?ber Ihren Cient verwalten wollen, sollten Sie 2 w?hlen. Ansonsten 1, oder 3 " +"falls\n" "Sie paranoid sind.\n" #: nessus/sslui.c:280 msgid "This certificate has never been shown before. Here it is:" -msgstr "Dieses Zertifikat wurde nie zuvor angezeigt. Hier ist es:" +msgstr "Dieses Zertifikat wurde noch nie angezeigt. Hier ist es:" #: nessus/sslui.c:310 msgid "Do you accept this certificate?" @@ -1056,13 +1267,13 @@ msgid "No" msgstr "Nein" -#: nessus/sslui.c:374 +#: nessus/sslui.c:377 #, c-format msgid "This certificate has never been seen before and can't be shown\n" msgstr "" "Dieses Zertifikat wurde noch nie betrachtet und kann nicht angezeigt werden\n" -#: nessus/sslui.c:394 +#: nessus/sslui.c:397 #, c-format msgid "Do you accept it? (y/n) " msgstr "Akzeptieren Sie es? (y/n)" @@ -1089,7 +1300,7 @@ #: nessus/prefs_dialog/prefs_context.c:291 #: nessus/prefs_dialog/prefs_dialog.c:777 msgid "not connected" -msgstr "ohne Verbindung" +msgstr "nicht verbunden" #: nessus/prefs_dialog/prefs_context.c:341 #, c-format @@ -1104,7 +1315,7 @@ #: nessus/prefs_dialog/prefs_context.c:354 #, c-format msgid "Report for scope: %s (Task: %s)" -msgstr "Report f?r Bereich: %s (Aufgabe: %s)" +msgstr "Bericht f?r Bereich: %s (Aufgabe: %s)" #: nessus/prefs_dialog/prefs_context.c:359 msgid "prefs_context_update called with illegal context." @@ -1144,7 +1355,7 @@ #: nessus/prefs_dialog/prefs_dialog.c:404 msgid "_Scan Assistant" -msgstr "_Scan Assistent" +msgstr "_Scan-Assistent" #: nessus/prefs_dialog/prefs_dialog.c:412 msgid "Save _Global Settings" @@ -1160,7 +1371,7 @@ #: nessus/prefs_dialog/prefs_dialog.c:433 msgid "_Message log" -msgstr "_Nachrichten-Log" +msgstr "_Nachrichtenprotokoll" #: nessus/prefs_dialog/prefs_dialog.c:439 msgid "_Task" @@ -1187,7 +1398,7 @@ #: nessus/prefs_dialog/prefs_dialog.c:507 msgid "_Report" -msgstr "_Report" +msgstr "Be_richt" #: nessus/prefs_dialog/prefs_dialog.c:522 msgid "_Import" @@ -1207,13 +1418,13 @@ #: nessus/prefs_dialog/prefs_dialog.c:545 msgid "_About" -msgstr "_?ber" +msgstr "?b_er" #: nessus/prefs_dialog/prefs_dialog.c:581 #: nessus/prefs_dialog/prefs_dialog.c:583 #: nessus/prefs_dialog/prefs_scan_assistant.c:238 msgid "Scan Assistant" -msgstr "Scan Assistent" +msgstr "Scan-Assistent" #: nessus/prefs_dialog/prefs_dialog.c:590 #: nessus/prefs_dialog/prefs_dialog.c:592 @@ -1259,7 +1470,7 @@ #: nessus/prefs_dialog/prefs_dialog.c:718 msgid "Message log" -msgstr "Nachrichten-Log" +msgstr "Nachrichtenprotokoll" #: nessus/prefs_dialog/prefs_dialog.c:739 msgid "" @@ -1280,16 +1491,17 @@ "You must enter the name of the primary target\n" "to attack in the 'target' section" msgstr "" -"Sie m?ssen den Namen des prim?ren Angriff-Ziels\n" +"Sie m?ssen den Namen des Angriff-Ziels\n" "im Abschnitt 'Ziel' angeben" #: nessus/prefs_dialog/prefs_dialog_auth.c:66 msgid "You must enter a valid hostname or IP" -msgstr "Sie m?ssen einen validen Benutzernamen oder eine valide IP angeben" +msgstr "" +"Sie m?ssen einen g?ltigen Rechnernamen oder eine g?ltige IP-Adresse angeben" #: nessus/prefs_dialog/prefs_dialog_auth.c:80 msgid "The port number is out of range" -msgstr "Die Port-Nummer liegt ausserhalb des Bereichs" +msgstr "Die Portnummer liegt ausserhalb des zul?ssigen Bereichs" #: nessus/prefs_dialog/prefs_dialog_auth.c:100 msgid "Select File" @@ -1307,11 +1519,11 @@ #: nessus/prefs_dialog/prefs_dialog_auth.c:132 msgid "You must enter a valid username" -msgstr "Sie m?ssen einen validen Benutzernamen angeben" +msgstr "Sie m?ssen einen g?ltigen Benutzernamen angeben" #: nessus/prefs_dialog/prefs_dialog_auth.c:149 msgid "You must enter a valid password" -msgstr "Sie m?ssen ein valides Paswort angeben" +msgstr "Sie m?ssen ein g?ltiges Paswort angeben" #: nessus/prefs_dialog/prefs_dialog_auth.c:167 msgid "You must enter a filename for Trusted CA" @@ -1319,11 +1531,11 @@ #: nessus/prefs_dialog/prefs_dialog_auth.c:182 msgid "You must enter a filename for the SSL Certificate" -msgstr "Sie m?ssen einen Dateinamen f?r das SSL Zertifikat eingeben" +msgstr "Sie m?ssen einen Dateinamen f?r das SSL-Zertifikat eingeben" #: nessus/prefs_dialog/prefs_dialog_auth.c:197 msgid "You must enter a filename for the SSL Key" -msgstr "Sie m?ssen einen Dateinamen f?r den SSL Schl?ssel eingeben" +msgstr "Sie m?ssen einen Dateinamen f?r den SSL-Schl?ssel eingeben" #: nessus/prefs_dialog/prefs_dialog_auth.c:222 msgid "Connecting ..." @@ -1332,7 +1544,7 @@ #: nessus/prefs_dialog/prefs_dialog_auth.c:236 #, c-format msgid "Connecting to OpenVAS server \"%s\" ..." -msgstr "Verbinden mit OpenVAS Server \"%s\" ..." +msgstr "Verbinden mit OpenVAS-Server \"%s\" ..." # #: nessus/prefs_dialog/prefs_dialog_auth.c:243 @@ -1345,11 +1557,11 @@ #: nessus/prefs_dialog/prefs_dialog_auth.c:370 msgid "Connect to OpenVAS Server" -msgstr "Verbinden mit OpenVAS Server" +msgstr "Verbinden mit OpenVAS-Server" #: nessus/prefs_dialog/prefs_dialog_auth.c:384 msgid "OpenVAS Server" -msgstr "OpenVAS Server" +msgstr "OpenVAS-Server" #: nessus/prefs_dialog/prefs_dialog_auth.c:402 msgid "Hostname:" @@ -1401,11 +1613,11 @@ #: nessus/prefs_dialog/prefs_dialog_misc.c:73 msgid "Remember the set of plugins" -msgstr "Merke den Satz Plugins" +msgstr "Speichere die Pluginauswahl" #: nessus/prefs_dialog/prefs_dialog_plugins_prefs.c:88 msgid "Advanced Plugins preferences" -msgstr "Tiefergehende Plugins Voreinstellungen" +msgstr "Erweiterte Plugin-Voreinstellungen" #: nessus/prefs_dialog/prefs_dialog_plugins_prefs.c:95 #: nessus/prefs_dialog/prefs_options.c:101 @@ -1439,16 +1651,16 @@ #: nessus/prefs_dialog/prefs_dialog_prefs.c:108 #: nessus/prefs_dialog/prefs_report.c:499 msgid "Host/Port/Severity" -msgstr "Host/Port/Schweregrad" +msgstr "Rechner/Port/Schweregrad" #: nessus/prefs_dialog/prefs_dialog_prefs.c:110 #: nessus/prefs_dialog/prefs_report.c:501 msgid "Port/Host/Severity" -msgstr "Port/Host/Schweregrad" +msgstr "Port/Rechner/Schweregrad" #: nessus/prefs_dialog/prefs_dialog_prefs.c:116 msgid "Connection to OpenVAS Server" -msgstr "Verbindung mit OpenVAS Server" +msgstr "Verbindung mit OpenVAS-Server" #: nessus/prefs_dialog/prefs_dialog_prefs.c:128 msgid "Automatically connect" @@ -1464,27 +1676,27 @@ #: nessus/prefs_dialog/prefs_dialog_prefs.c:147 msgid "Plugin Cache" -msgstr "Plugin Zwischenspeicher" +msgstr "Plugin-Zwischenspeicher" #: nessus/prefs_dialog/prefs_dialog_prefs.c:159 msgid "Cache plugin information when connecting" -msgstr "Plugin Informationen bei Verbindungsaufbau zwischenspeichern" +msgstr "Plugin-Informationen bei Verbindungsaufbau zwischenspeichern" #: nessus/prefs_dialog/prefs_dialog_prefs.c:166 msgid "Use plugin cache with reports" -msgstr "Verwende Plugin Zwischenspeicher f?r Reports" +msgstr "Verwende Plugin-Zwischenspeicher f?r Berichte" #: nessus/prefs_dialog/prefs_dialog_prefs.c:174 msgid "Load plugin cache for scopes immediately" -msgstr "Lade umgehend Plugin Zwischenspeicher f?r Bereiche" +msgstr "Lade Plugin-Zwischenspeicher f?r Bereiche sofort" #: nessus/prefs_dialog/prefs_dialog_prefs.c:197 msgid "Include plugin details in PDF" -msgstr "F?ge Plugin Details in PDF-Bericht ein" +msgstr "F?ge Plugin-Details in PDF-Bericht ein" #: nessus/prefs_dialog/prefs_dialog_prefs.c:205 msgid "Show script origin in report window" -msgstr "Zeige Skript-Herkunft im Report Fenster" +msgstr "Zeige Skript-Herkunft im Berichtsfenster" #: nessus/prefs_dialog/prefs_dialog_prefs.c:219 msgid "External Links in HTML/PDF" @@ -1510,7 +1722,7 @@ #: nessus/prefs_dialog/prefs_dialog_scan_opt.c:157 msgid "Determine if hosts are alive before testing them" -msgstr "Pr?fe ob Hosts leben bevor sie getestet werden" +msgstr "Pr?fe, ob Zielrechner erreichbar sind, bevor sie getestet werden" #: nessus/prefs_dialog/prefs_dialog_scan_opt.c:170 msgid "Port range:" @@ -1522,11 +1734,11 @@ #: nessus/prefs_dialog/prefs_dialog_scan_opt.c:190 msgid "Hosts to test concurrently:" -msgstr "Anzahl gleichzeitiger Ziel-Hosts:" +msgstr "Gleichzeitig ?berpr?fte Zielrechner:" #: nessus/prefs_dialog/prefs_dialog_scan_opt.c:201 msgid "Checks to perform concurrently:" -msgstr "Anzahl gleichzeitige Tests:" +msgstr "Gleichzeitig durchgef?hrte Tests:" #: nessus/prefs_dialog/prefs_dialog_scan_opt.c:213 msgid "Path to the CGIs:" @@ -1546,11 +1758,11 @@ #: nessus/prefs_dialog/prefs_dialog_scan_opt.c:240 msgid "Designate hosts by their MAC address" -msgstr "Bestimme Hosts anhand der MAC Adresse" +msgstr "Bestimme Zielrechner anhand der MAC Adresse" #: nessus/prefs_dialog/prefs_dialog_scan_opt.c:245 msgid "Port scanner:" -msgstr "Port Scanner:" +msgstr "Port-Scanner:" #: nessus/prefs_dialog/prefs_dialog_scan_opt.c:266 #: nessus/prefs_dialog/prefs_plugins_tree.c:457 @@ -1564,15 +1776,15 @@ #: nessus/prefs_dialog/prefs_dialog_user.c:60 msgid "Serverside user rules (priority over clientside user rules)" msgstr "" -"Server-seitige Benutzerregeln (Priorit?t ?ber klient-seitige Benutzerregeln)" +"Serverseitige Benutzerregeln (Priorit?t ?ber clientseitige Benutzerregeln)" #: nessus/prefs_dialog/prefs_dialog_user.c:63 msgid "Clientside user rules" -msgstr "Klient-seitige Benutzerregeln" +msgstr "Clientseitige Benutzerregeln" #: nessus/prefs_dialog/prefs_dialog_user.c:213 msgid "The target for this rule must be a valid IP or Subnet.\n" -msgstr "Das Ziel f?r diese Regel muss eine valide IP oder Subnetz sein.\n" +msgstr "Das Ziel f?r diese Regel muss eine g?ltige IP oder Subnetz sein.\n" #: nessus/prefs_dialog/prefs_dialog_user.c:286 msgid "User Access Rules" @@ -1603,57 +1815,58 @@ "Enter the server name, where the OpenVAS Server resides on. This may be a " "domain name or an IP address." msgstr "" -"Geben Sie den Rechner-Namen an auf dem der OpenVAS Server l?uft. Dieser kann " +"Geben Sie den Rechnernamen an, auf dem der OpenVAS Server l?uft. Dieser kann " "als Dom?nen-Name oder als IP-Adresse angegeben werden." #: nessus/prefs_dialog/prefs_help.h:39 msgid "" -"Enter the port number where you will be serviced by the OpenVAS Server. With " -"older server systems, this is the port 3001, but the official port is 1241." +"Enter the port number where you will be serviced by the OpenVAS Server. " +"Usual is 1241." msgstr "" -"Geben Sie die Nummer des Ports an, auf dem der OpenVAS Server auf Anfragen " -"wartet. Bei ?lteren Servern ist dies Port 3001, aber der offizielle Port ist " -"1241." +"Geben Sie die Nummer des Ports an, auf dem der OpenVAS-Server auf Anfragen " +"wartet. Im Allgemeinen ist dies der Port 1241." -#: nessus/prefs_dialog/prefs_help.h:44 +#: nessus/prefs_dialog/prefs_help.h:43 msgid "Set to default OpenVAS port 1241." -msgstr "Setze standard OpenVAS Port 1241." +msgstr "Setze auf Standard OpenVAS Port (1241)." -#: nessus/prefs_dialog/prefs_help.h:47 +#: nessus/prefs_dialog/prefs_help.h:46 msgid "" "Enter the user name where you are registerd with on the OpenVAS Server. If " "you log in for the first time, you will be asked for a password. Maybe you " "need to ask your OpenVAS Server administrator to create a login for you." msgstr "" -"Geben Sie den Benutzernamen an unter dem Sie beim OpenVAS Server registriert " -"sind. Falls Sie sich das erste mal einloggen werden Sie nach einem Passwort " -"gefragt. Eventuell m?ssen Sie sich an den Admonistrator des Nessus Server " -"wenden, damit er Ihnen einen Zugang einrichtet." +"Geben Sie den Benutzernamen an, unter dem Sie beim OpenVAS Server " +"registriert sind. Falls Sie sich das erste mal anmelden, werden Sie nach " +"einem Passwort gefragt. Eventuell m?ssen Sie sich an den Administrator des " +"Nessus Server wenden, damit er Ihnen einen Zugang einrichtet." -#: nessus/prefs_dialog/prefs_help.h:53 +#: nessus/prefs_dialog/prefs_help.h:52 msgid "" "Maximal of number of hosts that the OpenVAS Server will test at the same " "time. Be aware that the OpenVAS Server will spawn max_hosts x max_checks " "processes!" msgstr "" -"Maximale Anzahl Hosts die OpenVAS Server gleichzeitig testet. Beachten Sie, " -"dass der Server Max-Hosts x Max-Tests Prozesse starten wird!" +"Maximale Anzahl der Zielrechner, die OpenVAS-Server gleichzeitig testet. " +"Beachten Sie, dass der Server Max-Zielrechner x Max-Tests Prozesse starten " +"wird!" -#: nessus/prefs_dialog/prefs_help.h:58 +#: nessus/prefs_dialog/prefs_help.h:57 msgid "" "Maximal number of security checks that will be launched at the same time " "against each host. Be aware that the OpenVAS Server will spawn max_hosts x " "max_checks processes!" msgstr "" -"Maximale Anzahl Tests die gleichzeitig gegen jedes einzelne Ziel durchgef?rt " -"werden soll. Beachten Sie, dass der OpenVAS Server Max-Hosts x Max-Tests " -"Prozesse starten wird!" +"Maximale Anzahl der Tests, die gleichzeitig gegen jedes einzelne Ziel " +"durchgef?rt werden soll. Beachten Sie, dass der OpenVAS-Server Max-" +"Zielrechner x Max-Tests Prozesse starten wird!" -#: nessus/prefs_dialog/prefs_help.h:63 +#: nessus/prefs_dialog/prefs_help.h:62 msgid "Name of the remote file that several plugins will attempt to read." -msgstr "Name der Server-Datei welche verschiedene Plugins zu lesen versuchen." +msgstr "" +"Name der Server-Datei, die verschiedene Plugins zu lesen versuchen sollen." -#: nessus/prefs_dialog/prefs_help.h:67 +#: nessus/prefs_dialog/prefs_help.h:66 msgid "" "If this option is checked, then OpenVAS Server will send some TCP packets to " "the target host to determine if the target host is alive. This method does " @@ -1661,11 +1874,11 @@ "ICMP echo requests." msgstr "" "Ist diese Option eingeschaltet, so wird OpenVAS Server einige TCP-Pakete an " -"den Ziel-Rechner schicken um festzustellen ob dieser ?berhaupt erreichbar " +"den Ziel-Rechner schicken, um festzustellen, ob dieser ?berhaupt erreichbar " "ist. Diese Methode verwendet nicht ICMP, da immer weniger System auf ICMP " "Anfragen reagieren und somit als Pr?fung unzuverl?ssig ist." -#: nessus/prefs_dialog/prefs_help.h:73 +#: nessus/prefs_dialog/prefs_help.h:72 msgid "" "If this option is set, OpenVAS Server will do a reverse lookup on the IP " "addresses before it tests them. This may slow down the whole test." @@ -1675,34 +1888,22 @@ "durchgef?hrt werden. Dies kann die Durchf?hrung der Tests insgesamt " "verlangsamen." -#: nessus/prefs_dialog/prefs_help.h:78 +#: nessus/prefs_dialog/prefs_help.h:77 msgid "" -"Are the target hosts protected by a firewall ? If so and if we are outside " -"the firewall, it is a good idea to turn this option ON, so that OpenVAS " -"Server will perform some additional tests to check that the remote firewall " -"is well configured (this option is still experimental)." -msgstr "" -"Sind die Ziel-Rechner durch eine Firewall gesch?tzt? Falls ja und sind wir " -"ausserhalb der Firewall, dann ist es sinnvoll diese Option einzuschalten. " -"Dann wird OpenVAS Server einige zus?tzliche Tests durchf?hren um zu pr?fen " -"ob die Firewall gut konfiguriert ist (diese Option ist experimentell)." - -#: nessus/prefs_dialog/prefs_help.h:86 -msgid "" "Security tests may ask the OpenVAS Server to be launched if and only if some " "information gathered by other test exist in the knowledge base, or if and " "only if a given port is open. This option speeds up the test, but may make " "OpenVAS Server miss some vulnerability. If you are paranoid, disable this " "option" msgstr "" -"Sicherheits-Tests bitten unter Umst?nden den OpenVAS Server darum, nur dann " -"gestartet zu werden, wenn bestimmte Informationen die durch andere Plugins " -"gesammelt wurden sich in der Wissen-Basis befinden oder falls und aucha nur " -"dann wenn ein angegebener Port offen ist. Diese Option kann die Tests " +"Sicherheits-Tests bitten unter Umst?nden den OpenVAS-Server darum, nur dann " +"gestartet zu werden, wenn sich bestimmte Informationen, die durch andere " +"Plugins gesammelt wurden, in der Wissenbasis befinden oder falls und nur " +"dann, wenn ein angegebener Port offen ist. Diese Option kann die Tests " "beschleunigen, kann aber dazu f?hren, dass OpenVAS Server einige L?cken " "?bersieht. Wer paranoid ist, schaltet diese Option aus." -#: nessus/prefs_dialog/prefs_help.h:94 +#: nessus/prefs_dialog/prefs_help.h:85 msgid "" "Some security checks may harm the target server, by disabling the remote " "service temporarily or until a reboot. If you enable this option, OpenVAS " @@ -1712,16 +1913,16 @@ "you disable this option. From a sysadmin point of view, we recommend you " "enable it." msgstr "" -"Einige Sicherheits-Tests k?nnen dem Ziel-Rechner Schaden zuf?gen indem " +"Einige Sicherheitstests k?nnen dem Zielrechner Schaden zuf?gen, indem " "Dienste zeitweise oder bis zu einem Neustart dort nicht mehr zur Verf?gung " -"stehen. Wird diese Option eingeschaltet, so wird OpenVAS Server sich auf " -"gesendete Banner verlassen und keine echten Tests durchf?hren. Die " +"stehen. Wird diese Option eingeschaltet, so wird OpenVAS-Server sich auf " +"gesendete Banner verlassen und keine wirklichen Tests durchf?hren. Die " "Ergebnisse sind dann entsprechend weniger zuverl?ssig, aber wenigstens wird " "dadurch kein m?glicher Ausfall f?r Benutzer entstehen. Aus der Sicht von " "Sicherheitsaspekten ist es angeraten, diese Option auszuschalten. Aus der " "Sicht eines Administrators sollte sie angeschaltet bleiben." -#: nessus/prefs_dialog/prefs_help.h:105 +#: nessus/prefs_dialog/prefs_help.h:96 msgid "" "If you enable this option, the hosts on the local network will be designated " "by their ethernet MAC address instead of their IP address. This is " @@ -1729,24 +1930,24 @@ "disable this option." msgstr "" "Wird diese Option eingeschaltet, so werden die Ziele im lokalen Netzwerk " -"anhand ihrer Ethernet MAC Adresse anstatt der IP-Adresse bestimmt. Dies ist " -"inbesondere dann sinnvoll wenn OpenVAS in einem DHCP-Neztwerk verwendet " -"wird. Sind Sie sich unsicher, dann schalten Sie die Option ab." +"anhand ihrer Ethernet MAC-Adresse anstatt der IP-Adresse bestimmt. Dies ist " +"inbesondere dann sinnvoll, wenn OpenVAS in einem DHCP-Neztwerk verwendet " +"wird. Falls Sie nicht sicher sind, dann schalten Sie diese Option ab." -#: nessus/prefs_dialog/prefs_help.h:111 +#: nessus/prefs_dialog/prefs_help.h:102 msgid "" "Ports that will be scanned by OpenVAS Server. You can enter single ports, " "such as \"1-8000\"; or more complex sets, such as \"21,23,25,1024-2048,6000" "\". Put \"-1\" for no portscan, or put \"default\" to scan the default ports " "in the OpenVAS services file." msgstr "" -"Ports die durch OpenVAS Server gescanned werden sollen. Es k?nnen entweder " -"ein Port-Bereich angegeben werden, wie z.B. \"1-8000\", oder auch komplexe " -"Mengen wie \"21,23,25,1024-2048,6000\". \"-1\" bedeutet kein Port-Scan " -"durchzuf?hren und \"default\" bedeutet die voreingestellten Ports, welche in " -"der OpenVAS Dienste Datei angegeben werden, zu scannen." +"Ports, die durch OpenVAS Server gescannt werden sollen. Sie k?nnen entweder " +"ein Port-Bereich angegeben, wie z.B. \"1-8000\", oder auch komplexe Mengen " +"wie \"21,23,25,1024-2048,6000\". \"-1\" bedeutet, keinen Port-Scan " +"durchzuf?hren und \"default\" bedeutet, die voreingestellten Ports, welche " +"in der Datei 'openvas-services' angegeben sind, zu scannen." -#: nessus/prefs_dialog/prefs_help.h:118 +#: nessus/prefs_dialog/prefs_help.h:109 msgid "" "To save scanning time, you may ask OpenVAS Server to declare TCP ports it " "did not scan as closed. This will result in an incomplete audit but it will " @@ -1754,76 +1955,76 @@ "ports you did not specify. If this option is disabled, then OpenVAS Server " "will consider ports whose state it does not know as open." msgstr "" -"Um Zeit beim Scannen einzusparen kann man OpenVAS Server anweisen TCP Ports " -"welche nicht gescanned wurden als geschlossen zu betrachten. Dies f?hrt " -"nat?rlich zu einem unvollst?ndigen Auditing, aber es erspart Zeit und sorgt " -"daf?r, dass keine Pakete an Ports gesendet werden die nicht von Ihnen " -"explizit benannt wurden. Wird diese Option ausgeschaltet, betrachtet OpenVAS " -"Server die Ports mit unbestimmten Zustand als offen." +"Um Zeit beim Scannen einzusparen, kann man OpenVAS-Server anweisen, TCP-" +"Ports, die nicht gescannt wurden, als geschlossen zu betrachten. Dies f?hrt " +"zu einem unvollst?ndigen Ergebniss, aber es spart Zeit und sorgt daf?r, dass " +"keine Pakete an Ports gesendet werden die nicht von Ihnen explizit benannt " +"wurden. Wird diese Option ausgeschaltet, betrachtet OpenVAS Server die Ports " +"mit unbestimmten Zustand als offen." -#: nessus/prefs_dialog/prefs_help.h:126 +#: nessus/prefs_dialog/prefs_help.h:117 msgid "" "OpenVAS Server will perform an AXFR request (that is, a zone transfer) to " "the target name server and will attempt to obtain the list of the hosts of " "the target domain. Then, it will test each host." msgstr "" -"OpenVAS Server wird AXFR Anfragen (Zonen-Transfer) an den Name-Server des " +"OpenVAS-Server wird AXFR-Anfragen (Zonen-Transfer) an den Name-Server des " "Ziels richten und so eine Liste der Hosts der Ziel-Dom?ne ermitteln. Dann " "wird jeder einzelne Host getestet." -#: nessus/prefs_dialog/prefs_help.h:132 +#: nessus/prefs_dialog/prefs_help.h:123 msgid "" "OpenVAS Server will determine which hosts can mount the filesystems exported " "by the target server, and will test them. Beware : this test is recursive." msgstr "" -"OpenVAS Server ermittelt welche Rechner die Dateisysteme mounten k?nnen die " -"das Zielsystem exportiert. Dieser Rechner werden dann ebenfalls getestet. " -"Achtung: Dies funktioniert rekursiv." +"OpenVAS-Server ermittelt, welche Rechner die Dateisysteme mounten k?nnen, " +"die das Zielsystem exportiert. Dieser Rechner werden dann ebenfalls " +"getestet. Achtung: Dies funktioniert rekursiv." -#: nessus/prefs_dialog/prefs_help.h:137 +#: nessus/prefs_dialog/prefs_help.h:128 msgid "" "OpenVAS Server will test the whole subnet of the target host. If you select " "this option, you should allow OpenVAS Server to ping the hosts before " "scanning them in the 'Scan options' section." msgstr "" -"OpenVAS Server testet das gesamt Sub-Netz des Ziel-Rechners. Ist diese " -"Option eingeschaltet, so sollte auch die Option zur Pr?fung ob die Systeme " -"erreichbar sind eingeschaltet werden (siehe Scan-Optionen)." +"OpenVAS-Server testet das gesamt Subnetz des Zielrechners. Ist diese Option " +"eingeschaltet, so sollte auch die Option zur Pr?fung der Erreichbarkeit der " +"Systeme eingeschaltet werden (siehe Scan-Optionen)." -#: nessus/prefs_dialog/prefs_help.h:142 +#: nessus/prefs_dialog/prefs_help.h:133 msgid "" "The first host(s) that will be attacked by OpenVAS Server. The options below " "allow you to extend the test to a larger set of computer. You may define " "several primary targets by separating them with a comma (,). ie : \"host1," "host2\"." msgstr "" -"Die ersten Hosts die durch den OpenVAS Server attackiert werden. Die anderen " -"Optionen erlauben es, den Kreis der zu testenden Systeme zu erweitern. Es " -"k?nnen diverse Prim?r-Ziele angegeben werden indem sie mit Komma (,) " -"separiert werden, z.B.: \"host1,host2\"." +"Die ersten Zielrechner, die durch den OpenVAS Server attackiert werden. Die " +"anderen Optionen erlauben es, den Kreis der zu testenden Systeme zu " +"erweitern. Es k?nnen diverse Prim?rziele angegeben werden indem sie mit " +"Komma (,) separiert werden, z.B.: \"host1,host2\"." -#: nessus/prefs_dialog/prefs_help.h:148 +#: nessus/prefs_dialog/prefs_help.h:139 msgid "" "A textfile can be specified that contains the list of targets. This textfile " "may contain comma-separated lists of host and also may contain many of such " "lines." msgstr "" -"Es kann eine Textdatei angegeben werden welche eine Liste der Ziele enth?lt. " +"Es kann eine Textdatei angegeben werden, die eine Liste von Zielen enth?lt. " "Diese Textdatei kann eine oder mehrere Zeilen mit Komma-separierten Listen " -"von Hosts enthalten." +"von Zielrechnern enthalten." -#: nessus/prefs_dialog/prefs_help.h:153 +#: nessus/prefs_dialog/prefs_help.h:144 msgid "" "It is possible to check for the presence of CGIs in multiple paths like /cgi-" "bin, /cgis, /home-cgis, and so on. In that case, put all your paths here " "separated by colons. For instance: '/cgi-bin:/cgi-aws:/~deraison/cgi'." msgstr "" -"Es ist m?glich das Vorhandensein von CGIs in verschiedenen Pfaden zu pr?fen " -"wie z.B. /cgi-bin, /cgis, /home-cgis. Daf?r sind alle Pfade durch " +"Es ist m?glich, das Vorhandensein von CGIs in verschiedenen Pfaden zu " +"pr?fen, wie z.B. /cgi-bin, /cgis, /home-cgis. Daf?r sind alle Pfade durch " "Doppelpunkte getrennt anzugeben, beispielsweise: '/cgi-bin:/cgi-aws:/" "~deraison/cgi'." -#: nessus/prefs_dialog/prefs_help.h:159 +#: nessus/prefs_dialog/prefs_help.h:150 msgid "" "The warning sign means that this plugin may harm the target host by " "disabling the attacked service or by crashing the host. You should be " @@ -1831,48 +2032,49 @@ "restart some services manually." msgstr "" "Das Warnungs-Symbol bedeutet, dass dieses Plugin Dienste auf dem Zielsystem " -"abschalten oder das gesamte System abschalten k?nnte. Sie sollten sehr " -"vorsichtig sein, wenn Sie diese Option einschalten, da es n?tig werden " -"k?nnte einige Zielsystem manuell neu zu starten." +"das gesamte System zum Absturz bringen kann. Sie sollten sehr vorsichtig " +"sein, wenn Sie diese Option einschalten, da es n?tig werden k?nnte, einige " +"Zielsystem manuell neu zu starten." -#: nessus/prefs_dialog/prefs_help.h:167 +#: nessus/prefs_dialog/prefs_help.h:158 msgid "" "If you turn on this option, all the information collected about the target " "hosts will be saved on the side of OpenVAS Server for further re-use. See " -"http://www.nessus.org/doc/kb_saving.html for details." +"http://www.openvas.org/compendium/scan-options-knowledge-base.html for " +"details." msgstr "" "Wird diese Option aktiviert, so werden s?mtliche Informationen die ?ber ein " "Zielsystem ermittelt wurden beim OpenVAS Server f?r sp?tere Wiederverwendung " -"gespeichert. Weitere Details auch unter http://www.nessus.org/doc/kb_saving." -"html." +"gespeichert. Weitere Informationen zu dieser Option erhalten Sie unter " +"http://www.openvas.org/compendium/scan-options-knowledge-base.html ." -#: nessus/prefs_dialog/prefs_help.h:173 +#: nessus/prefs_dialog/prefs_help.h:164 msgid "" "If you select this option, all the hosts selected in the 'Target' section of " "the OpenVAS-Client will be tested." msgstr "" -"Wird diese Option eingeschaltet, so werden s?mtliche Hosts die im Abschnitt " -"'Ziele' ausgew?hlt wurden getestet." +"Wird diese Option eingeschaltet, so werden s?mtliche Zielrechner, die im " +"Abschnitt 'Ziele' ausgew?hlt wurden, getestet." -#: nessus/prefs_dialog/prefs_help.h:177 +#: nessus/prefs_dialog/prefs_help.h:168 msgid "" "If you select this option, only the hosts to which a recent knowledge base " "is attached will be tested." msgstr "" -"Wird diese Option eingeschaltet, so werden nur solche Ziele getestet f?r die " -"eine aktuelle Wissens-Basis vorliegt." +"Wird diese Option eingeschaltet, so werden nur solche Ziele getestet, f?r " +"die eine aktuelle Wissensbasis vorliegt." -#: nessus/prefs_dialog/prefs_help.h:181 +#: nessus/prefs_dialog/prefs_help.h:172 msgid "" "If you select this option, only the hosts which have no (or an outdated) " "knowledge base attached will be tested. Use this option to populate your " "knowledge bases." msgstr "" -"Wird diese Option eingeschaltet, nur solche Ziele werden getestet, f?r die " -"keine oder ein veraltete Wissens-Basis vorliegt. Verwenden Sie dies Option " -"wenn Sie die Wissen-Basis anreichern wollen." +"Wird diese Option eingeschaltet, werden nur solche Ziele getestet, f?r die " +"keine oder eine veraltete Wissensbasis vorliegt. Verwenden Sie dies Option, " +"wenn Sie die Wissensbasis anreichern wollen." -#: nessus/prefs_dialog/prefs_help.h:186 +#: nessus/prefs_dialog/prefs_help.h:177 msgid "" "If you select this option, the knowledge bases of the target hosts will be " "restored in memory if they are recent enough. You can use this option with " @@ -1880,89 +2082,90 @@ "scanned in the past, or to prevent the security checks that were performed " "in the past to be performed again." msgstr "" -"Wird diese Option aktiviert, so wird die Wissens-Basis zu den Ziel-Systemen " -"im Speicher wiederhergestellt falls ausreichend aktuell. Sie k?nnen diese " -"diese Option mit den folgenden kombinieren um zu verhindern, dass OpenVAS " -"Server Ziele pr?ft, die bereits vor kurzem gepr?ft wurden." +"Wird diese Option aktiviert, so wird die Wissensbasis zu den Zielsystemen im " +"Speicher wiederhergestellt, falls sie ausreichend aktuell ist. Sie k?nnen " +"diese diese Option mit den folgenden kombinieren, um zu verhindern, dass " +"OpenVAS-Server Ziele pr?ft, die bereits vor kurzem gepr?ft wurden." -#: nessus/prefs_dialog/prefs_help.h:193 +#: nessus/prefs_dialog/prefs_help.h:184 msgid "" "If you select this option, the port scanners that were launched in the past " "against the targetted hosts will not be launched again and the data of the " "knowledge base will be used as the result of the portscan." msgstr "" -"Wird diese Option aktiviert, so werden die Port-Scanner welche bereits gegen " -"Zielsysteme durchgef?hrt wurden nicht erneut gegen diese Ziel durchgef?hrt. " -"Stattdessen werden die dann in der Wissen-Basis vorliegenden Ergebnisse " -"verwendet." +"Wird diese Option aktiviert, so werden die Port-Scanner, welche bereits " +"gegen Zielsysteme durchgef?hrt wurden, nicht erneut gegen diese Ziele " +"durchgef?hrt. Stattdessen werden die dann in der Wissensbasis vorliegenden " +"Ergebnisse verwendet." -#: nessus/prefs_dialog/prefs_help.h:199 +#: nessus/prefs_dialog/prefs_help.h:190 msgid "" "If you select this option, all the plugins that performs information " "gathering and which have already been launched against the target hosts will " "not be launched again." msgstr "" -"Wird diese Option aktiviert, so werden die Plugin die Informationen " -"zusammensuchen und dies bereits einmal f?r ein Ziel gemacht haben, nicht " -"erneut f?r dieses Ziel durchgef?hrt." +"Wird diese Option aktiviert, so werden die Plugins, die Informationen " +"zusammensuchen und die bereits einmal f?r dieses Ziel ausgef?hrt wurden, " +"nicht erneut f?r dieses Ziel ausgef?hrt." -#: nessus/prefs_dialog/prefs_help.h:204 +#: nessus/prefs_dialog/prefs_help.h:195 msgid "" "If you select this option, all the plugins that performs attacks and which " "have already been launched against the target hosts will not be launched " "again." msgstr "" -"Wird diese Option aktiviert, so werden die Plugins die Angriffe durchf?hren " -"und dies bereits einmal gegen ein Ziel gemacht haben, nicht erneut gegen " -"dieses Ziel durchgef?hrt." +"Wird diese Option aktiviert, so werden die Plugins, die Angriffe durchf?hren " +"und die bereits einmal f?r dieses Ziel ausgef?hrt wurden, nicht erneut gegen " +"dieses Ziel ausgef?hrt." -#: nessus/prefs_dialog/prefs_help.h:209 +#: nessus/prefs_dialog/prefs_help.h:200 msgid "" "If you select this option, all the plugins that may harm the target hosts " "and which have already been launched will not be launched again." msgstr "" -"Ist diese Option aktiviert, so werden solche Plugins die das Zielsystem " -"bech?digen k?nnten nicht noch einmal gestartet wenn sie bereits einmal " +"Ist diese Option aktiviert, so werden solche Plugins, die das Zielsystem " +"besch?digen k?nnten, nicht noch einmal gestartet, wenn sie bereits zuvor " "gestartet wurden." -#: nessus/prefs_dialog/prefs_help.h:214 +#: nessus/prefs_dialog/prefs_help.h:205 msgid "This value defines the maximum age (in seconds) of a knowledge base." msgstr "" -"Dieser Wert bestimmt das maximale Alter (in Sekunden) der Wissens-Basis." +"Dieser Wert bestimmt das maximale Alter (in Sekunden) der Wissensbasis." -#: nessus/prefs_dialog/prefs_help.h:218 +#: nessus/prefs_dialog/prefs_help.h:209 msgid "" "If this option is set, the client will only report what has changed between " "the new scan and the last one." msgstr "" -"Ist diese Option aktiviert, so wird Nessus Client nur ?ber die ?nderungen " +"Ist diese Option aktiviert, so wird der Client nur ?ber die ?nderungen " "gegen?ber dem letzten Scan berichten." -#: nessus/prefs_dialog/prefs_help.h:224 +#: nessus/prefs_dialog/prefs_help.h:215 msgid "" "If you enable this option, then OpenVAS Server will enable the plugins that " "are depended on by the set of plugins you selected." msgstr "" -"Wird diese Option aktiviert, dann wird OpenVAS Server alle Plugins " -"einschalten die abh?ngig sind von den bereits selektierten." +"Wird diese Option aktiviert, dann wird OpenVAS-Server alle Plugins " +"einschalten, die von den bereits selektierten ben?tigt werden." -#: nessus/prefs_dialog/prefs_help.h:228 +#: nessus/prefs_dialog/prefs_help.h:219 msgid "" "If you enable this option, then openvasd will not report data coming from " "the plugins that you did not specifically enable." msgstr "" -"Wird diese Option aktiviert, dann wird OpenVAS Server keinen Bericht f?r " -"solche Plugins senden, die nicht explizit eingeschaltet waren." +"Wird diese Option aktiviert, dann wird OpenVAS-Server keinen Bericht f?r " +"solche Plugins senden, die nicht explizit eingeschaltet wurden." -#: nessus/prefs_dialog/prefs_help.h:232 +#: nessus/prefs_dialog/prefs_help.h:223 msgid "" "If you enable this option, then new plugins (that you have not seen before " "in this scope) are automatically enabled. In any case, a message will be " "displayed when new plugins have been found, showing your choice." -msgstr "Wird diese Option aktiviert, dann werden neue Plugins automatisch " -"aktiviert. Werden neue Plugins beim Verbindungsaufbau gefunden, wird in jedem " -"Fall eine Nachricht angezeigt, die auch dar?ber informiert, ob die neuen " -"Plugins aktiviert wurden oder nicht." +msgstr "" +"Wird diese Option aktiviert, dann werden neue Plugins automatisch aktiviert. " +"Werden neue Plugins beim Verbindungsaufbau gefunden, wird in jedem Fall eine " +"Nachricht angezeigt, die auch dar?ber informiert, ob die neuen Plugins " +"aktiviert wurden oder nicht." #: nessus/prefs_dialog/prefs_kb.c:37 msgid "Enable KB saving" @@ -1970,44 +2173,49 @@ #: nessus/prefs_dialog/prefs_kb.c:38 msgid "Test all hosts" -msgstr "Alle Hosts testen" +msgstr "Alle Zielrechner testen" #: nessus/prefs_dialog/prefs_kb.c:39 msgid "Only test hosts that have been tested in the past" -msgstr "Nur die Hosts testen welche bisher getestet wurden" +msgstr "Nur die Zielrechner testen, die bereits getestet wurden" #: nessus/prefs_dialog/prefs_kb.c:40 msgid "Only test hosts that have never been tested in the past" -msgstr "Nur die Hosts testen, die bisher nicht getestet wurden" +msgstr "Nur die Zielrechner testen, die noch nicht getestet wurden" #: nessus/prefs_dialog/prefs_kb.c:42 msgid "Reuse the knowledge bases about the hosts for the test" -msgstr "Verwende die Wissensbasis f?r die Hosts beim Test" +msgstr "Verwende die vorhandene Wissensbasis zu den Zielrechnern beim Test" #: nessus/prefs_dialog/prefs_kb.c:44 msgid "Do not execute scanners that have already been executed" -msgstr "Keine Scanner starten die schon einmal gestartet wurden" +msgstr "Keine Scanner starten, die schon einmal gestartet wurden" #: nessus/prefs_dialog/prefs_kb.c:45 msgid "Do not execute info gathering plugins that have already been executed" -msgstr "Keine Info-Sammler Plugins starten die schon einmal gestartet wurden" +msgstr "" +"Keine Informations-Sammler Plugins starten, die schon einmal gestartet wurden" #: nessus/prefs_dialog/prefs_kb.c:46 msgid "Do not execute attack plugins that have already been executed" -msgstr "Keine Angriff Plugins starten die schon einmal gestartet wurden" +msgstr "Keine Angriffs-Plugins starten, die schon einmal gestartet wurden" #: nessus/prefs_dialog/prefs_kb.c:47 msgid "Do not execute DoS plugins that have already been executed" -msgstr "Keine DoS Plugins starte die schon einmal gestartet wurden" +msgstr "Keine DoS Plugins starten, die schon einmal gestartet wurden" #: nessus/prefs_dialog/prefs_kb.c:285 msgid "OpenVAS Knowledge Base" -msgstr "OpenVAS Wissensbasis" +msgstr "OpenVAS-Wissensbasis" #: nessus/prefs_dialog/prefs_kb.c:374 msgid "Max age of a saved KB (in secs) : " -msgstr "Max. Alter (in Sek.):" +msgstr "Max. Alter einer gespeicherten WB (in Sek.):" +#: nessus/prefs_dialog/prefs_plugins_tree.c:448 +msgid "Warning" +msgstr "Warnung" + #: nessus/prefs_dialog/prefs_report.c:141 #, c-format msgid "Scan took place from %s to %s" @@ -2025,7 +2233,7 @@ #: nessus/prefs_dialog/prefs_report.c:147 msgid "Time of scan not available." -msgstr "Zeit an dem der Scan stattfand ist nicht verf?gbar." +msgstr "Zeit des Scans nicht verf?gbar." #: nessus/prefs_dialog/prefs_report.c:371 #, c-format @@ -2050,14 +2258,15 @@ " - Hosts of project ABC\n" "You should also enter a comment further explaining the task." msgstr "" -"Aufgaben beschreiben was man sich allgmein vorgenommen hat. Die unterst?tzt " -"die Gruppierung\n" -"seiner Verpflichtungen nach Thema, H?ufigkeit, Ort oder ?hnliches.\n" -"M?gliche Bezeichnungen f?r Aufgaben sind:\n" +"Aufgaben beschreibe bestimmten T?tigkeitsbereiche. Sie k?nnen " +"wiederkehrende\n" +"T?tigkeit auf diese Weise nach Thema, H?ufigkeit, Ort oder ?hnlichem " +"gruppieren\n" +"Beispiele f?r Aufgaben sind:\n" " - W?chentliche Pr?fungen\n" " - Kunde XYZ\n" " - Rechner des Projektes ABC\n" -"Sie sollten auch immer einen Kommentar angeben, der die Aufgabe n?her " +"Sie k?nnen zus?tzlich einen Kommentar angeben, der die Aufgabe n?her " "beschreibt." #: nessus/prefs_dialog/prefs_scan_assistant.c:263 @@ -2084,12 +2293,12 @@ "You should also enter a comment further explaining the scope." msgstr "" "Bereiche unterteilen eine Aufgabe. Jeder Bereich steht f?r die Verbindung\n" -"zu einem OpenVAS Server und einer Liste von zu pr?fenden Hosts.\n" -"M?gliche Bezeichnungen f?r Bereiche sind:\n" +"zu einem OpenVAS-Server und einer Liste von zu pr?fenden Hosts.\n" +"Beispiele f?r Bereiche sind:\n" " - Internet-Server (z.B. unter Aufgabe \"W?chtenliche Pr?fungen\")\n" -" - Applikations-Server (z.B. unter Aufabe \"Customer XYZ\")\n" -" - Arbeitsplatzrechner (z.B. unter Aufgabe \"Hosts des Projektes ABC\")\n" -"Sie sollten auch immer einen Kommentar angeben, der den Bereich n?her " +" - Applikations-Server (z.B. unter Aufabe \"Kunde XYZ\")\n" +" - Arbeitsplatzrechner (z.B. unter Aufgabe \"Rechner des Projektes ABC\")\n" +"Sie k?nnen zus?tzlich einen Kommentar angeben, der den Bereich n?her " "beschreibt." #: nessus/prefs_dialog/prefs_scan_assistant.c:280 @@ -2110,14 +2319,14 @@ " - IP network (e.g. 192.168.0.0/24 or 192.168.0.0/255.255.255.0)\n" "You can enter several targets by separating them with a comma." msgstr "" -"Ziele sind die Hosts und Netzwerke die f?r dieses Bereich gepr?ft werden " +"Ziele sind die Rechner und Netzwerke, die f?r dieses Bereich gepr?ft werden " "sollen.\n" "Sie auf folgende Weise angegeben werden:\n" " - Einfacher Hostname (f?r Hosts innerhalb Ihres LAN)\n" " - Voll qualifizierte Hostname (z.B. www.example.com)\n" " - IP Adresse (z.B. 192.168.0.1)\n" " - IP Netzwerk (z.B. 192.168.0.0/24 oder 192.168.0.0/255.255.255.0)\n" -"Sie k?nnen mehrere Ziele angeben in dem Sie sie durch Kommas trennen." +"Sie k?nnen mehrere Ziele angeben, indem Sie sie durch Kommas trennen." #: nessus/prefs_dialog/prefs_scan_assistant.c:297 msgid "Please enter the targets to scan:" @@ -2131,15 +2340,14 @@ "Consider getting a written permission before scanning important\n" "servers which are in production." msgstr "" -"Warnung: Bitte seien Sie sicher, dass sie diese Hosts ?berhaupt Pr?fen " +"Warnung: Bitte stellen Sie sicher, dass sie diese Rechner wirklich pr?fen " "d?rfen!\n" -"Gef?hrliche Pr?fungen sind voreingestellt ausgeschaltet, aber einige " -"Computer und\n" -"insbesondere Druck-Server sind so fehlerhaft, dass sie dabei abst?rzen " +"Gef?hrliche Pr?fungen sind standardm??ig ausgeschaltet, aber einige Rechner " +"und\n" +"insbesondere Druckserver sind so fehlerhaft, dass sie dabei abst?rzen " "k?nnten.\n" -"Am besten holen Sie sich eine schriftliche Best?tigung ein bevor Sie " -"wichtige\n" -"Server pr?fen die im Produktionbetrieb sind." +"Am besten holen Sie eine schriftliche Best?tigung ein, bevor Sie f?r den\n" +"Produktionbetrieb wichtige Server scannen." #: nessus/prefs_dialog/prefs_scan_assistant.c:309 msgid "Step 4: Execute" @@ -2166,26 +2374,24 @@ msgstr "" "Sie sind nun bereit einen Scan zu starten.\n" "\n" -"Wenn Sie auf \"Ausf?hren\" klicken, wirde der Verbindungs-Dialog " -"auftauchen.\n" -"Sie m?ssen hier einen Nessus Server angeben welche die Ziele erreichen " -"kann,\n" +"Wenn Sie auf \"Ausf?hren\" klicken, wird der Verbindungs-Dialog auftauchen.\n" +"Sie m?ssen hier einen Nessus Server angeben, der die Ziele erreichen kann,\n" "die Sie in den vorherigen Schriten angegeben haben.\n" "\n" "Achtung: Sie m?ssen einen Login auf diesem Server besitzen. Kontaktieren Sie " "Ihren\n" -"Systemadministrator falls Sie noch keinen Login dort haben.\n" +"Systemadministrator, falls Sie noch keinen Login dort haben.\n" "\n" -"Der Scan-Fortschritt wird in einem Dialog angezeigt in dem Sie den " +"Der Scan-Fortschritt wird in einem Dialog angezeigt, in dem Sie den " "aktuellen\n" "Status sehen und jederzeit den Scan f?r Teilziele oder den gesamten Test " "stoppen k?nnen.\n" "\n" "Um diesen Scan zu wiederholen, w?hlen Sie diesen gerade erstellten Bereich " "aus,\n" -"und bet?tigen Sie \"Ausf?hren\" in der Werkzeugleiste oder im Men? \"Bereich" +"und w?hlen Sie \"Ausf?hren\" in der Werkzeugleiste oder im Men? \"Bereich" "\".\n" -"Jeder Scan erzeugt einen weiteren Report unterhalb dieses Bereiches." +"Jeder Scan erzeugt einen weiteren Bericht unterhalb dieses Bereiches." #: nessus/prefs_dialog/prefs_scope_tree.c:178 msgid "scopetree_rename() called with illegal type" @@ -2250,7 +2456,7 @@ #: nessus/prefs_dialog/prefs_scope_tree.c:539 msgid "Save scope configuration" -msgstr "Speichere Bereich Konfiguration" +msgstr "Speichere Bereichskonfiguration" #: nessus/prefs_dialog/prefs_scope_tree.c:708 msgid "on_scope_edited(): menuitem has no label." @@ -2362,8 +2568,32 @@ #: nessus/prefs_dialog/prefs_target.c:84 msgid "Perform a DNS zone transfer" -msgstr "F?hre einen DNS Zonentransfer durch" +msgstr "F?hre einen DNS-Zonentransfer durch" +#~ msgid "Security hole found" +#~ msgstr "Sicherheitsloch gefunden" + +#~ msgid "Security notes found" +#~ msgstr "Sicherheitshinweise gefunden" + +#~ msgid "" +#~ "Are the target hosts protected by a firewall ? If so and if we are " +#~ "outside the firewall, it is a good idea to turn this option ON, so that " +#~ "OpenVAS Server will perform some additional tests to check that the " +#~ "remote firewall is well configured (this option is still experimental)." +#~ msgstr "" +#~ "Sind die Ziel-Rechner durch eine Firewall gesch?tzt? Falls ja und sind " +#~ "wir ausserhalb der Firewall, dann ist es sinnvoll diese Option " +#~ "einzuschalten. Dann wird OpenVAS Server einige zus?tzliche Tests " +#~ "durchf?hren um zu pr?fen ob die Firewall gut konfiguriert ist (diese " +#~ "Option ist experimentell)." + +#~ msgid "Vulnerability" +#~ msgstr "Angreifbarkeit" + +#~ msgid "Informational" +#~ msgstr "Zur Information" + #~ msgid "plugin" #~ msgstr "Plugin" From scm-commit at wald.intevation.org Tue Dec 2 10:14:15 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 10:14:15 +0100 (CET) Subject: [Openvas-commits] r1885 - trunk/doc/website Message-ID: <20081202091415.8675440744@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-02 10:14:15 +0100 (Tue, 02 Dec 2008) New Revision: 1885 Modified: trunk/doc/website/openvas-cr-19.htm4 Log: Fixed typo in HTML. Modified: trunk/doc/website/openvas-cr-19.htm4 =================================================================== --- trunk/doc/website/openvas-cr-19.htm4 2008-12-02 08:44:58 UTC (rev 1884) +++ trunk/doc/website/openvas-cr-19.htm4 2008-12-02 09:14:15 UTC (rev 1885) @@ -45,7 +45,7 @@ <p> <ul> - <li><a hrf="http://lists.wald.intevation.org/pipermail/openvas-devel/2008-November/001070.html">Discussion on mailinglist.</a></li> + <li><a href="http://lists.wald.intevation.org/pipermail/openvas-devel/2008-November/001070.html">Discussion on mailinglist.</a></li> <li><a href="http://www.gnu.org/prep/standards/standards.html#Formatting"> The GNU Coding Standards, Formatting section</a></li> <li><a href="http://www.openvas.org/compendium/source-code-style-guide.html"> From scm-commit at wald.intevation.org Tue Dec 2 10:16:04 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 10:16:04 +0100 (CET) Subject: [Openvas-commits] r1886 - in trunk/openvas-client: . po Message-ID: <20081202091604.9A10440744@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-02 10:16:04 +0100 (Tue, 02 Dec 2008) New Revision: 1886 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/po/de.po Log: * po/de.po: Fixed typo in German translation. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-02 09:14:15 UTC (rev 1885) +++ trunk/openvas-client/ChangeLog 2008-12-02 09:16:04 UTC (rev 1886) @@ -1,5 +1,9 @@ 2008-12-02 Michael Wiegand <michael.wiegand at intevation.de> + * po/de.po: Fixed typo in German translation. + +2008-12-02 Michael Wiegand <michael.wiegand at intevation.de> + * po/de.po: Updated German translation. 2008-12-02 Michael Wiegand <michael.wiegand at intevation.de> Modified: trunk/openvas-client/po/de.po =================================================================== --- trunk/openvas-client/po/de.po 2008-12-02 09:14:15 UTC (rev 1885) +++ trunk/openvas-client/po/de.po 2008-12-02 09:16:04 UTC (rev 1886) @@ -19,7 +19,7 @@ #: src/openvas-lib/openvas_certificate_file.c:101 #, c-format msgid "Error adding comment to key file: %s" -msgstr "Fehler beim Hinzuf?gen des Kommetars zur Schl?ssel-Datei: %s" +msgstr "Fehler beim Hinzuf?gen des Kommentars zur Schl?ssel-Datei: %s" #: src/openvas-lib/openvas_certificate_file.c:118 msgid "Error accessing certificate file for report." From scm-commit at wald.intevation.org Tue Dec 2 11:03:36 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 11:03:36 +0100 (CET) Subject: [Openvas-commits] r1887 - in trunk/openvas-client: . nessus Message-ID: <20081202100336.8FE9840741@pyrosoma.intevation.org> Author: felix Date: 2008-12-02 11:03:36 +0100 (Tue, 02 Dec 2008) New Revision: 1887 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/comm.c trunk/openvas-client/nessus/pdf_output.c Log: Fixed certificate issues with multiple signatures. * nessus/comm.c (parse_certificate) : reverted, yesterdays fix not necessary because it seemingly happens with untrusted certificates only. * nessus/pdf_output.c : consistent vertical alignment for appendix plugin table. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-02 09:16:04 UTC (rev 1886) +++ trunk/openvas-client/ChangeLog 2008-12-02 10:03:36 UTC (rev 1887) @@ -1,3 +1,13 @@ +2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + Fixed certificate issues with multiple signatures. + + * nessus/comm.c (parse_certificate) : reverted, yesterdays fix not + necessary because it seemingly happens with untrusted certificates only. + + * nessus/pdf_output.c : consistent vertical alignment for appendix + plugin table. + 2008-12-02 Michael Wiegand <michael.wiegand at intevation.de> * po/de.po: Fixed typo in German translation. Modified: trunk/openvas-client/nessus/comm.c =================================================================== --- trunk/openvas-client/nessus/comm.c 2008-12-02 09:16:04 UTC (rev 1886) +++ trunk/openvas-client/nessus/comm.c 2008-12-02 10:03:36 UTC (rev 1887) @@ -1586,7 +1586,6 @@ char* nbytes; char* pubkey; char* fpr; - char* keyidptr; if( strcmp(buffer, "<|> SERVER\n") == 0 ) return 1; @@ -1627,17 +1626,9 @@ if (pos[0] == ';') pos[0] = '\n'; pos++; } - - - // Crop fingerprint to key-id (since gpgme does not guarantee fingerprints as - // a result of later signature verification, which is found in the nvts) - if(strlen(fpr) > 16) - keyidptr = fpr + strlen(fpr) - 16; - else - keyidptr = fpr; // Create and index certificate - openvas_certificate* cert = openvas_certificate_new( estrdup(keyidptr), estrdup(name), trusted, estrdup(pubkey)); + openvas_certificate* cert = openvas_certificate_new( estrdup(fpr), estrdup(name), trusted, estrdup(pubkey)); g_hash_table_insert(context->signer_fp_certificates, cert->fpr, cert ); return 0; Modified: trunk/openvas-client/nessus/pdf_output.c =================================================================== --- trunk/openvas-client/nessus/pdf_output.c 2008-12-02 09:16:04 UTC (rev 1886) +++ trunk/openvas-client/nessus/pdf_output.c 2008-12-02 10:03:36 UTC (rev 1887) @@ -717,7 +717,7 @@ the contexts hashtable. extract and look up */ fprs = g_strsplit_set(nvt->sign_key_ids, ",", -1); // Start table row - fprintf(file, "\t<tr><td align=\"right\"><b>%s</b></td>" + fprintf(file, "\t<tr><td align=\"right\" valign=\"top\"><b>%s</b></td>" "<td align=\"left\">", _("Signed by")); while (fprs[idx] != NULL) From scm-commit at wald.intevation.org Tue Dec 2 11:04:14 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 11:04:14 +0100 (CET) Subject: [Openvas-commits] r1888 - in trunk/openvas-client: . nessus Message-ID: <20081202100414.AB46C4074F@pyrosoma.intevation.org> Author: felix Date: 2008-12-02 11:04:12 +0100 (Tue, 02 Dec 2008) New Revision: 1888 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/sslui.c Log: SSL Certificate view modernization. * nessus/sslui.c (sslui_showcert) : Replaced deprecated text widget and table by gtk_text_view and gtk_scrolled_window to remove GTK critical warnings on console. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-02 10:03:36 UTC (rev 1887) +++ trunk/openvas-client/ChangeLog 2008-12-02 10:04:12 UTC (rev 1888) @@ -1,5 +1,13 @@ 2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> + SSL Certificate view modernization. + + * nessus/sslui.c (sslui_showcert) : Replaced deprecated text widget and + table by gtk_text_view and gtk_scrolled_window to remove GTK critical + warnings on console. + +2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Fixed certificate issues with multiple signatures. * nessus/comm.c (parse_certificate) : reverted, yesterdays fix not Modified: trunk/openvas-client/nessus/sslui.c =================================================================== --- trunk/openvas-client/nessus/sslui.c 2008-12-02 10:03:36 UTC (rev 1887) +++ trunk/openvas-client/nessus/sslui.c 2008-12-02 10:04:12 UTC (rev 1888) @@ -63,6 +63,7 @@ list = list->next; } } + static void build_dialog(ctrls, prompt) struct arglist * ctrls; @@ -257,16 +258,23 @@ - +/** + * Displays certificate and asks whether to trust it or not. + * (Callbacks showcert_accept_cb and showcert_refuse_cb which ultimately call + * showcert_cb). + * @param cert The certificate text. + * @return Arglist with WINDOW and RESULT entry (RESULT is 1 if the certificate + * was accepted). + */ static struct arglist * -sslui_showcert(cert) - char * cert; +sslui_showcert(char* cert) { struct arglist * ctrls = emalloc(sizeof(*ctrls)); GtkWidget * w; GtkWidget * vbox, *hbox; - GtkWidget * label, *text, *table, *vsb, *sep,*button; - GtkAdjustment * vadj; + GtkWidget * label, *text, *sep, *button; + GtkWidget* scrollwin; + w = gtk_window_new(GTK_WINDOW_TOPLEVEL); gtk_window_set_default_size(GTK_WINDOW(w), 640, 480); gtk_window_set_position(GTK_WINDOW(w), GTK_WIN_POS_CENTER); @@ -282,27 +290,28 @@ gtk_box_pack_start(GTK_BOX(vbox), label, FALSE, FALSE, 5); gtk_widget_show(label); - vadj = GTK_ADJUSTMENT (gtk_adjustment_new (0.0, 0.0, 0.0, 0.0, 0.0, 0.0)); - vsb = gtk_vscrollbar_new(vadj); - table = gtk_table_new(1,2,FALSE); - gtk_box_pack_start(GTK_BOX(vbox), table, TRUE, TRUE, 0); - gtk_widget_show(table); + /* Initialize scroll area */ + scrollwin = gtk_scrolled_window_new(NULL, NULL); + gtk_scrolled_window_set_policy( GTK_SCROLLED_WINDOW (scrollwin), + GTK_POLICY_AUTOMATIC, + GTK_POLICY_AUTOMATIC); + gtk_box_pack_start(GTK_BOX(vbox), scrollwin, TRUE, TRUE, 0); - text = gtk_text_new(NULL, vadj); - gtk_table_attach(GTK_TABLE(table), vsb, 1, 2, 0, 1, 0, - GTK_EXPAND | GTK_SHRINK | GTK_FILL, 0, 0); - gtk_table_attach(GTK_TABLE(table), text, 0,1,0,1, - GTK_EXPAND | GTK_SHRINK | GTK_FILL, - GTK_EXPAND | GTK_SHRINK | GTK_FILL, 0, 0); - - gtk_container_border_width(GTK_CONTAINER(table), 2); - gtk_widget_show(vsb); - gtk_widget_realize(text); - gtk_text_set_editable(GTK_TEXT(text), FALSE); - gtk_text_set_word_wrap(GTK_TEXT(text), TRUE); - gtk_text_insert(GTK_TEXT(text), NULL, NULL, NULL, cert, -1); + /* Initialize text view */ + text = gtk_text_view_new(); + gtk_text_view_set_editable(GTK_TEXT_VIEW(text), FALSE); + + /* Add certificate text to text view */ + GtkTextBuffer* textbuffer; + textbuffer = gtk_text_view_get_buffer(GTK_TEXT_VIEW(text)); + gtk_text_buffer_set_text(textbuffer, cert, -1); + + /* Add and show scroll area and text view */ + gtk_container_add(GTK_CONTAINER(scrollwin), text); gtk_widget_show(text); + gtk_widget_show(scrollwin); + /* Seperator, buttons and callbacks */ sep = gtk_hseparator_new(); gtk_box_pack_start(GTK_BOX(vbox), sep, FALSE, FALSE, 0); gtk_widget_show(sep); @@ -310,9 +319,7 @@ label = gtk_label_new(_("Do you accept this certificate?")); gtk_box_pack_start(GTK_BOX(vbox), label, FALSE, FALSE, 0); gtk_widget_show(label); - - hbox = gtk_hbox_new(FALSE, 5); gtk_box_pack_start(GTK_BOX(vbox), hbox, FALSE, FALSE, 0); gtk_widget_show(hbox); From scm-commit at wald.intevation.org Tue Dec 2 11:52:57 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 11:52:57 +0100 (CET) Subject: [Openvas-commits] r1889 - in trunk/openvas-plugins: . scripts Message-ID: <20081202105257.ACD264073A@pyrosoma.intevation.org> Author: chandra Date: 2008-12-02 11:52:55 +0100 (Tue, 02 Dec 2008) New Revision: 1889 Added: trunk/openvas-plugins/scripts/secpod_bitdefender_pdf_parsing_dos_vuln_900180.nasl trunk/openvas-plugins/scripts/secpod_cutenews_detect_win_900128.nasl trunk/openvas-plugins/scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl trunk/openvas-plugins/scripts/secpod_flexcell_activex_file_overwrire_vuln_900406.nasl trunk/openvas-plugins/scripts/secpod_free_directory_script_file_inclusion_vuln_900181.nasl trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_xss_vuln_900403.nasl trunk/openvas-plugins/scripts/secpod_hp_smh_unspecified_sec_bypass_vuln_900167.nasl trunk/openvas-plugins/scripts/secpod_mdaemon_script_insertion_vuln_900405.nasl trunk/openvas-plugins/scripts/secpod_ms_rtcp_remote_dos_vuln_900404.nasl trunk/openvas-plugins/scripts/secpod_ms_sql_server_2000_activex_bof_vuln_900125.nasl trunk/openvas-plugins/scripts/secpod_ms_win_local_dos_vuln_900178.nasl trunk/openvas-plugins/scripts/secpod_openfire_secbypass_900401.nasl trunk/openvas-plugins/scripts/secpod_openssh_information_disclosure_vuln_900179.nasl trunk/openvas-plugins/scripts/secpod_pi3web_isapi_request_dos_vuln_900402.nasl trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/ChangeLog 2008-12-02 10:52:55 UTC (rev 1889) @@ -1,3 +1,22 @@ +2008-12-02 Chandrashekhar B <bchandra at secpod.com> + * scripts/secpod_bitdefender_pdf_parsing_dos_vuln_900180.nasl, + scripts/secpod_hp_smh_unspecified_sec_bypass_vuln_900167.nasl, + scripts/secpod_pi3web_isapi_request_dos_vuln_900402.nasl, + scripts/secpod_ms_rtcp_remote_dos_vuln_900404.nasl, + scripts/secpod_openfire_secbypass_900401.nasl, + scripts/secpod_ms_sql_server_2000_activex_bof_vuln_900125.nasl, + scripts/secpod_free_directory_script_file_inclusion_vuln_900181.nasl, + scripts/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl, + scripts/secpod_flexcell_activex_file_overwrire_vuln_900406.nasl, + scripts/secpod_cutenews_detect_win_900128.nasl, + scripts/secpod_openssh_information_disclosure_vuln_900179.nasl, + scripts/secpod_hp_openview_nnm_xss_vuln_900403.nasl, + scripts/secpod_mdaemon_script_insertion_vuln_900405.nasl, + scripts/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl, + scripts/secpod_ms_win_local_dos_vuln_900178.nasl, + scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl: + Added new plugins + 2008-12-01 Chandrashekhar B <bchandra at secod.com> * scripts/gb_aceftp_remote_dir_traversal_vuln.nasl, scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl, Added: trunk/openvas-plugins/scripts/secpod_bitdefender_pdf_parsing_dos_vuln_900180.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_bitdefender_pdf_parsing_dos_vuln_900180.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_bitdefender_pdf_parsing_dos_vuln_900180.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,87 @@ +############################################################################## +# +# BitDefender 'pdf.xmd' Module PDF Parsing Remote DoS Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/24 +# +# Revision: 1.0 +# +# Log: ssharath +# Issue #0520 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + +if(description) +{ + script_id(900180); + script_bugtraq_id(32396); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0 "); + script_category(ACT_GATHER_INFO); + script_family(english:"Denial of Service"); + script_name(english:"BitDefender 'pdf.xmd' Module PDF Parsing Remote DoS Vulnerability"); + script_summary(english:"Check for vulnerable version of BitDefender"); + desc["english"] = " + Overview: This host is installed with BitDefender Internet Security and AntiVirus + and is prone to denial of service vulnerability. + + The flaw is caused due to boundary error in 'pdf.xmd' module when parsing of + data encoded using 'FlateDecode' and 'ASCIIHexDecode' filters. This can be + exploited to cause a memory corruption during execution of 'bdc.exe'. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes in the + context of the application and can deny the service to the legitimate user. + + Impact Level: Application + + Affected Software/OS: + BitDefender Internet Security and Antivirus version 10 and prior on Windows + + Fix: Update to higher version + http://www.bitdefender.com/site/Downloads/ + + References: + http://milw0rm.com/exploits/7178 + http://secunia.com/advisories/32789 + + CVSS Score: + CVSS Base Score : 9.0 (AV:N/AC:L/Au:NR/C:P/I:P/A:C) + CVSS Temporal Score : 8.1 + Risk factor : Critical"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +bitDef = "SOFTWARE\BitDefender\About\"; +bitName = registry_get_sz(key:bitDef, item:"ProductName"); +if(("BitDefender Internet Security" >< bitName) || + ("BitDefender Antivirus" >< bitName)) +{ + bitVer = registry_get_sz(key:bitDef, item:"ProductVersion"); + # Check the versions 10 and prior + if(egrep(pattern:"10(\..*)", string:bitVer)){ + security_hole(0); + } +} Added: trunk/openvas-plugins/scripts/secpod_cutenews_detect_win_900128.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_cutenews_detect_win_900128.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_cutenews_detect_win_900128.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,72 @@ +############################################################################## +# +# CuteNews Version Detection for Windows +# +# Copyright: SecPod +# +# Date Written: 2008/09/17 +# +# Revision: 1.1 +# +# Log: ssharath +# Issue #0242 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + +if(description) +{ + script_id(900128); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.1 "); + script_category(ACT_GATHER_INFO); + script_family(english:"General"); + script_name(english:"CuteNews Version Detection for Windows"); + script_summary(english:"Set File Version of CuteNews in KB"); + desc["english"] = " + Overview : This script find the CuteNews installed version of Windows and + saves the version in KB. + + Risk factor : Informational"; + + script_description(english:desc["english"]); + script_dependencies("http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + + include("http_func.inc"); + include("http_keepalive.inc"); + + port = get_http_port(default:80); + if(!port){ + exit(0); + } + + foreach dir (make_list("/cutenews", cgi_dirs())) + { + sndReq = http_get(item:string(dir, "/index.php"), port:port); + rcvRes = http_keepalive_send_recv(port:port, data:sndReq); + if(rcvRes == NULL){ + exit(0); + } + + if(egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes)) + { + cutenewsVer = egrep(pattern:"CuteNews v[0-9.]+", string:rcvRes); + cutenewsVer = eregmatch(pattern:"v[0-9.]+", string:cutenewsVer); + if(cutenewsVer != NULL){ + set_kb_item(name:"www/"+ port + "/CuteNews", + value:cutenewsVer[0] + " under " + dir); + } + } + } Added: trunk/openvas-plugins/scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,113 @@ +############################################################################## +# +# Visagesoft eXPert PDF Viewer ActiveX Control File Overwrite Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/06 +# +# Revision: 1.0 +# +# Log: ssharath +# Issue #0447 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + +if(description) +{ + script_id(900174); + script_bugtraq_id(31984); + script_cve_id("CVE-2008-4919"); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0 "); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"Visagesoft eXPert PDF Viewer ActiveX Control File Overwrite Vulnerability"); + script_summary(english:"Check for vulnerable version of eXPert PDF Viewer ActiveX"); + desc["english"] = " + + Overview: The host is installed with eXPert PDF Viewer ActiveX and is prone + to ActiveX Control based file overwrite vulnerability. + + Vulnerability Insight: + The flaw is caused due to insecure method, 'savePageAsBitmap()' in VSPDFViewerX.ocx + ActiveX Control. This can be exploited to corrupt arbitrary files on the local + system via arguments passed to the affected method. + + Impact: + Successful exploitation will allow to overwrite arbitrary files. + + Impact Level: Application + + Affected Software/OS: + Visagesoft eXPert PDF Viewer ActiveX Control versions 3.0.990.0 and prior + + Fix: Set the kill-bit for the CLSID {BDF3E9D2-5F7A-4F4A-A914-7498C862EA6A}. + No solution/patch is available as on 06rd November, 2008. + + References: + http://milw0rm.com/exploits/6875 + http://secunia.com/advisories/32426 + + CVSS Score: + CVSS Base Score : 9.4 (AV:N/AC:L/Au:NR/C:N/I:C/A:C) + CVSS Temporal Score : 8.5 + Risk factor : Critical"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +enumKeys = registry_enum_keys(key); +close(soc); + +if(!enumKeys){ + exit(0); +} + +foreach entry (enumKeys) +{ + if("eXPert PDF ViewerX" >< + registry_get_sz(key: key + entry, item:"DisplayName")) + { + # Grep for version 3.0.990.0 and prior + if(egrep(pattern:"^([0-2](\..*)?|3\.(0(\.[0-8]?[0-9]?[0-9](\..*)?|\.9" + + "[0-8][0-9](\..*)?|\.990(\.0)?)?))$", + string:registry_get_sz(key: key + entry, item:"DisplayVersion"))) + { + # Check for Kill-Bit set for ActiveX control + clsid = "{BDF3E9D2-5F7A-4F4A-A914-7498C862EA6A}"; + regKey = "SOFTWARE\Classes\CLSID\" + clsid; + if(registry_key_exists(key:regKey)) + { + activeKey = "SOFTWARE\Microsoft\Internet Explorer\" + + "ActiveX Compatibility\" + clsid; + killBit = registry_get_dword(key:activeKey, item:"Compatibility Flags"); + if(killBit && (int(killBit) == 1024)){ + exit(0); + } + security_warning(0); + } + } + exit(0); + } +} Added: trunk/openvas-plugins/scripts/secpod_flexcell_activex_file_overwrire_vuln_900406.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_flexcell_activex_file_overwrire_vuln_900406.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_flexcell_activex_file_overwrire_vuln_900406.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,90 @@ +############################################################################## +# +# FlexCell Grid Control ActiveX Arbitrary File Overwrite Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/26 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0533 +# -------------------------------------------------------------------------- +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900406); + script_bugtraq_id(32443); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"FlexCell Grid Control ActiveX Arbitrary File Overwrite Vulnerability"); + script_summary(english:"Check for vulnerable version of FlexCell"); + desc["english"] = " + Overview: This host is installed with FlexCell Grid Control ActiveX and is + prone to arbitrary File Overwrite vulnerability. + + Vulnerability Insight: + The vulnerability is caused due to an error in the 'httpDownloadFile' method + in the 'FlexCell.ocx' component file. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes. + + Impact Level: System/Application + + Affected Software/OS: + FlexCell Grid Control ActiveX 5.7.1 and prior on all Windows Platform. + + Workaround: + Set the killbit for the affected ActiveX control. + http://support.microsoft.com/kb/240797 + + References: + http://www.grid2000.com + http://secunia.com/advisories/32829 + + CVSS Score: + CVSS Base Score : 8.8 (AV:N/AC:M/Au:NR/C:C/I:C/A:N) + CVSS Temporal Score : 7.1 + Risk factor: High"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +entries = registry_enum_keys(key:key); +foreach item (entries) +{ + flexcellName = registry_get_sz(key:key + item, item:"DisplayName"); + if("FlexCell Grid Control" >< flexcellName) + { + # Grep or versions 5.7.1 and prior. + if(egrep(pattern:"^([0-4]\..*|5\.[0-6](\..*)?|5\.7(\.[01])?)$", + string:registry_get_sz(key:key + item, item:"DisplayVersion"))){ + security_warning(0); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_free_directory_script_file_inclusion_vuln_900181.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_free_directory_script_file_inclusion_vuln_900181.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_free_directory_script_file_inclusion_vuln_900181.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,97 @@ +############################################################################## +# +# Free Directory Script 'API_HOME_DIR' File Inclusion Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/24 +# +# Revision: 1.0 +# +# Log: ssharath +# Issue #0512 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + +if(description) +{ + script_id(900181); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0 "); + script_category(ACT_GATHER_INFO); + script_family(english:"CGI abuses : XSS"); + script_name(english:"Free Directory Script 'API_HOME_DIR' File Inclusion Vulnerability"); + script_summary(english:"Check for the vulnerable version of Free Directory Script"); + desc["english"] = " + Overview : This host is installed with Free Directory Script and is prone to + File Inclusion Vulnerability. + + Vulnerability Insight: + The Error occurs when passing an input parameter into the 'API_HOME_DIR' in + 'init.php' file which is not properly verified before being used to include + files. This can be exploited to include arbitrary files from local or + external resources. + + Impact: + Successful exploitation will let the attacker add, modify or delete files + from the server and can let the attacker install trojans or backdoors. + + Impact Level: Application + + Affected Software/OS: + Free Directory Script version 1.1.1 and prior. + + Workaround: Edit the source code to ensure that input is properly verified. + + Fix: No patch is available as on 24th November, 2008. + + References: + http://milw0rm.com/exploits/7155 + http://secunia.com/advisories/32745 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 9.0 + Risk factor: Critical"; + + script_description(english:desc["english"]); + script_dependencies("http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +foreach path (make_list("/FreeDirectory", cgi_dirs())) +{ + sndReq = http_get(item:string(path, "/index.php"), port:port); + rcvRes = http_send_recv(port:port, data:sndReq); + if(rcvRes == NULL){ + exit(0); + } + + if(egrep(pattern:"Free Directory Script", string:rcvRes) && + egrep(pattern:"^HTTP/.* 200 OK", string:rcvRes)) + { + pattern = "FDS Version (0(\..*)|1\.(0(\..*)?|1(\.[01])?))($|[^.0-9])"; + if(egrep(pattern:pattern, string:rcvRes)){ + security_warning(port); + exit(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_free_directory_script_file_inclusion_vuln_900181.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_xss_vuln_900403.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_xss_vuln_900403.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_xss_vuln_900403.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,92 @@ +############################################################################## +# +# HP OpenView Network Node Manager XSS Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/24 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #513 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + + +if(description) +{ + script_id(900403); + script_bugtraq_id(26838,27237); + script_cve_id("CVE-2007-5000","CVE-2007-6388"); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0 "); + script_category(ACT_GATHER_INFO); + script_family(english:"CGI abuses : XSS"); + script_name(english:"HP OpenView Network Node Manager XSS Vulnerability"); + script_summary(english:"Check for version of HP OpenView Network Node Manager"); + desc["english"] = " + Overview: + This host is running HP OpenView Network Node Manager, which is prone to + Cross Site Scripting vulnerability. + + Vulnerability Insight: + The flaws are caused due to errors in HP OpenView NNM 'Network Node Manager' + program. + + Impact: + Successful exploitation will let the attacker to execute arbitrary codes. + + Impact Level: Application + + Affected Software/OS: + HP OpenView Network Node Manager versions 7.01, 7.51 and 7.53 on HP-UX, Linux, + and Solaris. + + Fix : Apply patches or upgrade to the latest version. + http://welcome.hp.com/country/us/en/support.html + + ****** + NOTE: Windows platform is not affected. + ****** + + References: + http://secunia.com/Advisories/32800 + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-5000 + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N) + CVSS Temporal Score : 3.2 + Risk factor: Medium"; + + script_description(english:desc["english"]); + exit(0); +} + + +include("http_func.inc"); + +port = 7510; +if(get_port_state(port)) +{ + request = http_get(item:"/topology/home", port:port); + response = http_send_recv(port:port, data:request); + + if("hp OpenView Network Node Manager" >< response && + egrep(pattern:"Copyright \(c\).* Hewlett-Packard", string:response) && + ereg(pattern:"^HTTP/.* 200 OK", string:response)) + { + if(egrep(pattern:"NNM Release B\.07\.(01|51|53)", string:response)){ + security_warning(port); + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_xss_vuln_900403.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_hp_smh_unspecified_sec_bypass_vuln_900167.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_hp_smh_unspecified_sec_bypass_vuln_900167.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_hp_smh_unspecified_sec_bypass_vuln_900167.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,91 @@ +############################################################################## +# +# HP SMH Unspecified Security Bypass Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/14 +# +# Revision: 1.0 +# +# Log: ssharath +# Issue #0476 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + +if(description) +{ + script_id(900167); + script_bugtraq_id(32088); + script_cve_id("CVE-2008-4413"); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0 "); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"HP SMH Unspecified Security Bypass Vulnerability"); + script_summary(english:"Check for vulnerable version of HP SMH"); + desc["english"] = " + Overview: The host is running System Management Homepage and is prone to + local security bypass vulnerability. + + The flaw is caused by an unspecified error, which can be exploited by + local users to perform certain actions with escalated privileges. + + Impact: + Attackers can leverage this issue to gain local unauthorized access. + + Impact Level: Application + + Affected Software/OS: + HP SMH version 2.2.6 and prior on HP-UX B.11.11 and B.11.23 + HP SMH version 2.2.6 and 2.2.8 and prior on HP-UX B.11.23 and B.11.31 + + Fix: Update to HP SMH version 2.2.9.1 or subsequent + http://software.hp.com + + ***** + NOTE: Ignore this warning, if OS is other than HP-UX B.11.11 and B.11.23, + HP-UX B.11.23 and B.11.31. + ***** + + References: + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4413 + http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01586921 + + CVSS Score: + CVSS Base Score : 6.2 (AV:L/AC:L/Au:SI/C:C/I:C/A:N) + CVSS Temporal Score : 4.6 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_dependencie("http_version.nasl"); + exit(0); +} + + +include("http_func.inc"); + +smhPort = 2301; +if(get_port_state(smhPort)) +{ + smhReq = http_get(item:"/", port:smhPort); + smhRes = http_send_recv(port:smhPort, data:smhReq); + if(egrep(pattern:"CompaqHTTPServer/9\.9 HP System Management Homepage", + string:smhRes) && egrep(pattern:"^HTTP/.* 302 Found", string:smhRes)) + { + # Grep the versions < 2.2.9.1 + pattern = "/[01](\..*)|2.([01](\..*)?|2(\.[0-8](\..*)?|\.9\.0)?)($|[^.0-9])"; + if(egrep(pattern:pattern, string:smhRes)){ + security_warning(0); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_mdaemon_script_insertion_vuln_900405.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_mdaemon_script_insertion_vuln_900405.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_mdaemon_script_insertion_vuln_900405.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,89 @@ +############################################################################## +# +# MDaemon Server WordClient Script Insertion Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/24 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0504 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900405); + script_bugtraq_id(32355); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"CGI abuses : XSS"); + script_name(english:"MDaemon Server WordClient Script Insertion Vulnerability"); + script_summary(english:"Check for vulnerable version of MDaemon"); + desc["english"] = " + Overview: + This host is installed with MDaemon and is prone to script insertion + vulnerability. + + Vulnerability Insight: + This vulnerability is caused due to input validation error in 'HTML tags' in + emails are not properly filtered before displaying. This can be exploited when + the malicious email is viewed. + + Impact: + Attacker can execute malicious arbitrary codes in the email body. + + Impact Level: Application. + + Affected Software/OS: + MDaemon Server version prior to 10.0.2. + + Fix: + Upgrade to the latest version 10.0.2. + http://www.altn.com/Downloads/FreeEvaluation + + References: + http://secunia.com/advisories/32142 + http://files.altn.com/MDaemon/Release/RelNotes_en.txt + + CVSS Score: + CVSS Base Score : 6.4 (AV:N/AC:L/Au:NR/C:P/I:P/A:N) + CVSS Temporal Score : 4.7 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_dependencies("find_service.nes"); + script_require_ports("Services/smtp", 25); + exit(0); +} + + +include("smtp_func.inc"); + +port = get_kb_item("Services/smtp"); +if(!port){ + port = 25; +} + +if(get_port_state(port)) +{ + response = get_smtp_banner(port); + if("MDaemon" >< response) + { + #Grep for WorldClient version 10.0.1 or prior + if(egrep(pattern:"MDaemon .* [0-9]\..*|10\.0\.[01]" , string:response)){ + security_warning(port); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_ms_rtcp_remote_dos_vuln_900404.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms_rtcp_remote_dos_vuln_900404.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_ms_rtcp_remote_dos_vuln_900404.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,88 @@ +############################################################################## +# +# Microsoft Windows RTCP Unspecified Remote DoS Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/26 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0500 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900404); + script_bugtraq_id(32341); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Denial of Service"); + script_name(english:"Microsoft Windows RTCP Unspecified Remote DoS Vulnerability"); + script_summary(english:"Check for vulnerable version of Live Messenger"); + desc["english"] = " + Overview: This host is installed with Microsoft Live Messenger and is prone to + remote Denial of Service vulnerability. + + Vulnerability Insight: + The vulnerability is caused due to error in the 'RTCP' or + 'Real-time Transport Control Protocol' receiver report packet handling. + + Impact: + Successful exploitation will crash the application. + + Impact Level: Application + + Affected Software/OS: + Microsoft Windows Live Messenger version 8.5.1302.1018 and prior. + + Fix: No solution/patch is available as on 26th November, 2008. + + References: + http://www.voipshield.com/research-details.php?id=132 + + CVSS Score: + CVSS Base Score : 7.1 (AV:N/AC:M/Au:NR/C:N/I:N/A:C) + CVSS Temporal Score : 6.1 + Risk factor: High"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +entries = registry_enum_keys(key:key); +foreach item (entries) +{ + if("Windows Live Messenger" >< registry_get_sz(key:key + item, item:"DisplayName")) + { + # Grep or versions Windows Live Messenger version 8.5.1302.1018 and prior. + if((egrep(pattern:"^([0-7]\..*|8\.[0-4](\..*)?|8\.5(\.([0-9]?[0-9]?[0-9]" + + "|1[0-2]?[0-9]?[0-9]?|130[01])(\..*)?|\.1302)?(\.[0-9]" + + "?[0-9]?[0-9]|\.100[0-9]|\.101[0-8])?)?$", + string:registry_get_sz(key:key + item, item:"DisplayVersion")))){ + security_warning(0); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_ms_sql_server_2000_activex_bof_vuln_900125.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms_sql_server_2000_activex_bof_vuln_900125.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_ms_sql_server_2000_activex_bof_vuln_900125.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,95 @@ +############################################################################## +# +# Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/09/15 +# +# Revision: 1.1 +# +# Log : ssharath +# Issue #0195 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + + +if(description) +{ + script_id(900125); + script_bugtraq_id(31129); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.1 "); + script_category(ACT_GATHER_INFO); + script_family(english:"Denial of Service"); + script_name(english:"Microsoft SQL Server 2000 sqlvdir.dll ActiveX Buffer Overflow Vulnerability"); + script_summary(english:"Check for vulnerable version of Microsoft SQL Server 2000"); + desc["english"] = " + Overview : The host is running Microsoft SQL Server, which is prone to + buffer-overflow vulnerability. + + Vulnerability Insight : + Applications sqlvdir.dll ActiveX control is prone to a buffer-overflow + vulnerability because it fails to bounds-check user-supplied data + before copying it into an insufficiently sized buffer. The issue occurs + when excessive amounts of data to the Control() method is passed. + + Impact : Successful exploitation allows remote attackers to execute + arbitrary code and failed attepts causes denial-of-service conditions. + + Impact Level : Application + + Affected Software/OS : + Microsoft SQL Server 2000 SP4 and prior on Windows (all) + + Fix : No solution/patch is available as on 15th September, 2008. + Information regarding this issue will be updated once the solution details + are available. For updates check, + http://www.microsoft.com/sqlserver + + References : + http://support.microsoft.com/kb/240797 + http://www.securityfocus.com/archive/1/496232 + http://www.juniper.net/security/auto/vulnerabilities/vuln31129.html + + CVSS Score : + CVSS Base Score : 8.3 (AV:N/AC:M/Au:NR/C:P/I:P/A:C) + CVSS Temporal Score : 7.5 + Risk factor : High"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + + include("smb_nt.inc"); + + msSqlPort = 1433; + + if(!get_port_state(msSqlPort)){ + exit(0); + } + + if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); + } + + msSqlVer = registry_get_sz( key:"SOFTWARE\Microsoft\Windows\CurrentVersion" + + "\Uninstall\Microsoft SQL Server 2000", + item:"DisplayVersion"); + + if(egrep(pattern:"^([0-7]\..*|8\.(0?0(\.([0-9]?[0-9]|1[0-8][0-9]|19[0-4]))?" + + "))$", string:msSqlVer)){ + security_hole(0); + } Added: trunk/openvas-plugins/scripts/secpod_ms_win_local_dos_vuln_900178.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms_win_local_dos_vuln_900178.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_ms_win_local_dos_vuln_900178.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,75 @@ +############################################################################## +# +# Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/17 +# +# Revision: 1.0 +# +# Log: ssharath +# Issue #0477 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + +if(description) +{ + script_id(900178); + script_bugtraq_id(32206); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0 "); + script_category(ACT_GATHER_INFO); + script_family(english:"Denial of Service"); + script_name(english:"Microsoft Windows 'UnhookWindowsHookEx' Local DoS Vulnerability"); + script_summary(english:"Check for vulnerable version of Windows Server 2003"); + desc["english"] = " + Overview: This Microsoft Windows host is prone to denial of service + vulnerability. + + The flaw is caused due to error in 'UnhookWindowsHookEx' function. This can + be exploited to cause system hang. + + Impact: + Attackers may exploit this issue to deny service to legitimate users. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows Server 2003 Service Pack 2 and prior. + + Fix: No solution/patch is available as on 17th November, 2008. + + References: + http://killprog.com/whk.zip + http://www.securityfocus.com/archive/1/498165 + + CVSS Score: + CVSS Base Score : 5.9 (AV:L/AC:M/Au:NR/C:P/I:P/A:C) + CVSS Temporal Score : 5.3 + Risk factor : High"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2003:3) <= 0){ + exit(0); +} +security_warning(0); Added: trunk/openvas-plugins/scripts/secpod_openfire_secbypass_900401.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_openfire_secbypass_900401.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_openfire_secbypass_900401.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,89 @@ +############################################################################## +# +# Openfire 'AuthCheck' Filter Security Bypass Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/09/11 +# +# Revision: 1.1 +# +# Log: sghosal +# Issue #0466 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900401); + script_bugtraq_id(32189); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0 "); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"Openfire 'AuthCheck Filter' Security Bypass Vulnerability"); + script_summary(english:"Check for vulnerable version of Openfire"); + desc["english"] = " + Overview: + The host is running Openfire and is prone to security bypass vulnerability. + + Vulnerability Insight: + This vulnerability is caused due to error in the 'AuthCheck' filter while + imposing access restrictions via a specially crafted URL using 'setup/setup-' + and followed by the directory traveral sequences. These can be exploited to + cause underlying database, access or modify data. + + Impact: + Successful exploitation will cause execution of arbitrary code. + + Impact Level: Network + + Affected Software/OS: + Ignite Realtime Openfire version prior to 3.6.1. + + Fix: Upgrade to 3.6.1 + http://www.igniterealtime.org/downloads/index.jsp + + References: + http://secunia.com/advisories/32478/ + http://www.igniterealtime.org/downloads/index.jsp + http://www.andreas-kurtz.de/advisories/AKADV2008-001-v1.0.txt + + CVSS Score: + CVSS Base Score : 7.9 (AV:N/AC:M/Au:SI/C:C/I:C/A:N) + CVSS Temporal Score : 6.2 + Risk factor: High"; + + script_description(english:desc["english"]); + script_dependencies("http_version.nasl"); + exit(0); +} + + +include("http_func.inc"); + +port = 9090; + +if(get_port_state(port)) +{ + request = http_get(item:"/login.jsp", port:port); + response = http_send_recv(port:port, data:request); + if(response == NULL){ + exit(0); + } + if("Openfire Admin Console" >< response) + { + pattern = "Version: ([0-2]\..*|3\.[0-5](\..*)?|3\.6(\.0)?)($|[^.0-9])"; + if(egrep(pattern:pattern, string:response)){ + security_warning(port); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_openssh_information_disclosure_vuln_900179.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_openssh_information_disclosure_vuln_900179.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_openssh_information_disclosure_vuln_900179.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,97 @@ +############################################################################## +# +# OpenSSH CBC Mode Information Disclosure Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/11/18 +# +# Revision: 1.0 +# +# Log: ssharath +# Issue #0497 +# ------------------------------------------------------------------------ +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +# ------------------------------------------------------------------------ +############################################################################## + +if(description) +{ + script_id(900179); + script_bugtraq_id(32319); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0 "); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"OpenSSH CBC Mode Information Disclosure Vulnerability"); + script_summary(english:"Check for vulnerable version of OpenSSH"); + desc["english"] = " + + Overview: The host is installed with OpenSSH and is prone to information + disclosure vulnerability. + + Vulnerability Insight: + The flaw is caused due to the improper handling of errors within an SSH session + encrypted with a block cipher algorithm in the Cipher-Block Chaining 'CBC' mode. + + Impact: + Successful exploits will allow attackers to obtain four bytes of plaintext from + an encrypted session. + + Impact Level: Application + + Affected Software/OS: + - SSH Communications Security Tectia Client and Server version 6.0.4 and prior + - SSH Communications Security Tectia ConnectSecure version 6.0.4 and prior + - OpenSSH OpenSSH version 4.7p1 and prior + + Fix: Upgrade to higher version + http://www.openssh.com/portable.html + + References: + http://secunia.com/advisories/32760/ + http://www.cpni.gov.uk/Docs/Vulnerability_Advisory_SSH.txt + + CVSS Score: + CVSS Base Score : 4.0 (AV:N/AC:L/Au:SI/C:P/I:None/I:N/A:N) + CVSS Temporal Score : 3.0 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_dependencies("secpod_ssh_sys_info.nasl","ssh_detect.nasl"); + script_require_keys("ssh/login/uname"); + script_require_ports("Services/ssh", 22); + exit(0); +} + + +include("ssh_func.inc"); + +port = get_kb_item("Services/ssh"); +if(!port){ + exit(0); +} +if("Linux" >!< get_kb_item("ssh/login/uname")){ + exit(0); +} + +foreach item (get_kb_list("ssh/*/rpms")) +{ + openItem = egrep(pattern:"^openssh~([.0-9a-z]+)~.*$", string:item); + if("openssh" >< openItem) + { + # Grep for versions 4.7p1 and prior + if(ereg(pattern:"OpenSSH_([0-3](\..*)?|4\.[0-7](p[0-2])?)($|[^.0-9])", + string:get_kb_item("SSH/banner/" + port))){ + security_warning(port); + exit(0); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_pi3web_isapi_request_dos_vuln_900402.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_pi3web_isapi_request_dos_vuln_900402.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_pi3web_isapi_request_dos_vuln_900402.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,102 @@ +############################################################################## +# +# Pi3Web ISAPI Requests Handling DoS Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/19/11 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0485 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900402); + script_bugtraq_id(32287); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Denial of Service"); + script_name(english:"Pi3Web ISAPI Requests Handling DoS Vulnerability"); + script_summary(english:"Check for vulnerable version of Pi3Web"); + desc["english"] = " + Overview: + Pi3Web is prone to ISAPI Requests Handling DoS vulnerability. + + Vulnerability Insight: + This vulnerability is caused due to insufficient checks on incoming HTTP + requests in the 'ISAPI' directory. This can be exploited via 'install.daf', + 'readme.daf', or 'users.txt' files in the affected directory. + + Impact: + Successful exploitation will crash Pi3Web Server. + + Impact Level: Application/Network + + Affected Software/OS: + Pi3Wed.org Pi3Web version 2.0.13 and prior on all running platforms. + + Workaround: + - Disable ISAPI mapping in server configuration in Server Admin-> Mapping Tab. + - Delete the users.txt, install.daf and readme.daf in ISAPI folder. + + References: + http://milw0rm.com/exploits/7109/ + http://secunia.com/advisories/32696/ + http://pi3web.sourceforge.net/pi3web/files/ + http://www.securityfocus.com/bid/32287/info/ + + CVSS Score: + CVSS Base Score : 8.8 (AV:N/AC:M/Au:NR/C:N/I:C/A:C) + CVSS Temporal Score : 7.5 + Risk factor: High"; + + script_description(english:desc["english"]); + script_dependencies("http_version.nasl"); + exit(0); +} + + +include("http_func.inc"); + +port = get_http_port(default:80); +if(!port){ + port = 8080; +} + +if(get_port_state(port)) +{ + request = http_get(item:"/", port:port); + response = http_send_recv(port:port, data:request); + if(response == NULL){ + exit(0); + } + if("Pi3Web" >< response) + { + if(safe_checks()) + { + pattern = "Pi3Web/(^[01](\..*)|2\.0(\.[0-3])?)"; + if(egrep(pattern:pattern, string:response)){ + security_warning(port); + exit(0); + } + } + req = http_get(item:"/isapi/users.txt", port:port); + resp = http_send_recv(port:port, data:req); + if("500 Internal Error" >< resp){ + security_warning(port); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,89 @@ +############################################################################## +# +# Vim Shell Command Injection Vulnerability (Linux) +# +# Copyright: SecPod +# +# Date Written: 2008/12/02 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0546 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900412); + script_bugtraq_id(32462); + script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076"); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"Vim Shell Command Injection Vulnerability (Linux)"); + script_summary(english:"Check for vulnerable version of Vim"); + desc["english"] = " + Overview: This host is installed with Vim and is prone to Command Injection + Vulnerability. + + Vulnerability Insight: + This error is caused due to the 'filetype.vim', 'tar.vim', 'zip.vim', 'xpm.vim', + 'xpm2.vim', 'gzip.vim', and 'netrw.vim' scripts whcih are insufficiently + filtering special characters. + + Impact: + Successful exploitation will let the attacker execute arbitrary shell commands + to compromise the system. + + Impact Level: Application + + Affected Software/OS: + Vim version prior to 7.2 on Linux. + + Fix: Upgrade to version 7.2 + http://www.vim.org/download.php + + References: + http://secunia.com/advisories/30731/ + http://www.rdancer.org/vulnerablevim-shellescape.html + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(english:desc["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/uname"); + exit(0); +} + + +include("ssh_func.inc"); + +if("Linux" >!< get_kb_item("ssh/login/uname")){ + exit(0); +} + +sock = ssh_login_or_reuse_connection(); +if(sock) +{ + vimVer = ssh_cmd(socket:sock, cmd:"vim --version", timeout:120); + ssh_close_connection(); + if("VIM" >< vimVer){ + pattern = "Vi IMproved ([0-6](\..*)?|7\.[01](\..*)?)"; + if(egrep(pattern:pattern, string:vimVer)){ + security_warning(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl 2008-12-02 10:04:12 UTC (rev 1888) +++ trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl 2008-12-02 10:52:55 UTC (rev 1889) @@ -0,0 +1,90 @@ +############################################################################## +# +# Vim Shell Command Injection Vulnerability (Win) +# +# Copyright: SecPod +# +# Date Written: 2008/12/01 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0546 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900411); + script_bugtraq_id(32462); + script_cve_id("CVE-2008-2712", "CVE-2008-3074", "CVE-2008-3075", "CVE-2008-3076"); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"Vim Shell Command Injection Vulnerability (Win)"); + script_summary(english:"Check for vulnerable version of Vim"); + desc["english"] = " + Overview: This host is installed with Vim and is prone to Command Injection + Vulnerability. + + Vulnerability Insight: + This error is caused due to the 'filetype.vim', 'tar.vim', 'zip.vim', 'xpm.vim', + 'xpm2.vim', 'gzip.vim', and 'netrw.vim' scripts which are insufficiently + filtering escape characters. + + Impact: + Successful exploitation will let the attacker execute arbitrary shell commands + to compromise the system. + + Impact Level: Application + + Affected Software/OS: + Vim version prior to 7.2 on Windows. + + Fix: Upgrade to version 7.2 + http://www.vim.org/download.php + + References: + http://secunia.com/advisories/30731/ + http://www.rdancer.org/vulnerablevim-shellescape.html + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +entries = registry_enum_keys(key:key); +foreach item (entries) +{ + ver = registry_get_sz(key:key + item, item:"DisplayName"); + if("Vim" >< ver) + { + #Grep or versions Vim version prior to 7.2 + if(egrep(pattern:"Vim ([0-6](\..*)?|7\.[01](\..*)?)", string:ver)){ + security_warning(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Tue Dec 2 11:56:18 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 11:56:18 +0100 (CET) Subject: [Openvas-commits] r1890 - in trunk/openvas-server: . openvasd Message-ID: <20081202105618.D784A406F4@pyrosoma.intevation.org> Author: felix Date: 2008-12-02 11:56:17 +0100 (Tue, 02 Dec 2008) New Revision: 1890 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/openvasd/comm.c Log: * openvasd/comm.c : Comments added. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2008-12-02 10:52:55 UTC (rev 1889) +++ trunk/openvas-server/ChangeLog 2008-12-02 10:56:17 UTC (rev 1890) @@ -1,3 +1,7 @@ +2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + * openvasd/comm.c : Comments added. + 2008-11-28 Joey Schulze <joey at infodrom.org> * packaging/debian/openvasd.conf: Disable signature check Modified: trunk/openvas-server/openvasd/comm.c =================================================================== --- trunk/openvas-server/openvasd/comm.c 2008-12-02 10:52:55 UTC (rev 1889) +++ trunk/openvas-server/openvasd/comm.c 2008-12-02 10:56:17 UTC (rev 1890) @@ -52,8 +52,7 @@ #endif -/* - * comm_init() : +/** * Initializes the communication between the * server (us) and the client. */ @@ -86,7 +85,7 @@ } -/* +/** * This function must be called at the end * of a session. */ @@ -103,7 +102,7 @@ } -/* +/** * Sends a plugin info. */ void @@ -194,6 +193,7 @@ { char * xref = plug_get_xref(args); + printf("BUGME: xref = %s (%d)\n", xref, strlen(xref)); if(xref == NULL)xref = "NOXREF"; strcat(str, " <|> "); strcat(str, xref); @@ -213,7 +213,12 @@ if(desc != NULL)efree(&desc); } - +/** + * Sends the plugin info for a single plugin. + * @param globals The global arglist holding all plugins. + * @param oid OID of the plugin to send. + * @see send_plug_info + */ void plugin_send_infos(globals, oid) struct arglist * globals; @@ -240,10 +245,12 @@ -/* +/** * Sends the list of plugins that the server - * could load to the client, using the - * NTP format + * could load to the client, using the + * OTP format (calls send_plug_info for each). + * @param globals The global arglist. + * @see send_plug_info */ void comm_send_pluginlist(globals) @@ -261,7 +268,7 @@ auth_printf(globals, "<|> SERVER\n"); } -/* +/** * Sends the rules of the user */ void @@ -343,7 +350,7 @@ } -/* +/** * This function waits for the attack order * of the client * Meanwhile, it processes all the messages the client could @@ -374,6 +381,11 @@ /*-------------------------------------------------------------------------------*/ +/** + * Q-Sort comparison function. + * @param a An arglist** to compare against b. + * @param b An arglist** to compare against a. + */ static int qsort_cmp( const void * a, const void * b ) { struct arglist ** plugin_a = (struct arglist**) a; @@ -382,6 +394,11 @@ return(strcmp(plug_get_oid((*plugin_a)->value), plug_get_oid((*plugin_b)->value))); } +/** + * Retrieves a plugin defined by its OID from a range within a sorted plugin + * array. + * Recursively defined, uses divide and conquer approach. + */ static struct arglist * _get_plug_by_oid(struct arglist ** array, char * oid, int start, int end, int rend ) { int mid; @@ -409,7 +426,9 @@ return array[mid]; } - +/** + * Retrieves a plugin defined by its OID from a plugin arrray. + */ static struct arglist * get_plug_by_oid(struct arglist ** array, char * oid, int num_plugins ) { return _get_plug_by_oid(array, oid, 0, num_plugins, num_plugins); @@ -418,7 +437,7 @@ /*-------------------------------------------------------------------------------*/ -/* +/** * Enable the plugins which have been selected by the user, or all if * list == NULL or list == "-1;"; * @param globals The Global context to retrieve plugins from. @@ -481,6 +500,9 @@ efree(&array); } +/** + * Send the OTP PLUGINS_MD5 command + */ void comm_send_md5_plugins(globals) struct arglist * globals; From scm-commit at wald.intevation.org Tue Dec 2 12:50:56 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 12:50:56 +0100 (CET) Subject: [Openvas-commits] r1891 - in trunk/openvas-server: . openvasd Message-ID: <20081202115056.270224073E@pyrosoma.intevation.org> Author: felix Date: 2008-12-02 12:50:55 +0100 (Tue, 02 Dec 2008) New Revision: 1891 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/openvasd/comm.c Log: * openvasd/comm.c : Repaired sending NOXREF, NOCVE, NOBID, NOSIGNKEY if none found (instead of empty string). Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2008-12-02 10:56:17 UTC (rev 1890) +++ trunk/openvas-server/ChangeLog 2008-12-02 11:50:55 UTC (rev 1891) @@ -1,5 +1,10 @@ 2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * openvasd/comm.c : Repaired sending NOXREF, NOCVE, NOBID, NOSIGNKEY if + none found (instead of empty string). + +2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * openvasd/comm.c : Comments added. 2008-11-28 Joey Schulze <joey at infodrom.org> Modified: trunk/openvas-server/openvasd/comm.c =================================================================== --- trunk/openvas-server/openvasd/comm.c 2008-12-02 10:56:17 UTC (rev 1890) +++ trunk/openvas-server/openvasd/comm.c 2008-12-02 11:50:55 UTC (rev 1891) @@ -179,31 +179,31 @@ { char * id = plug_get_cve_id(args); - if(id == NULL)id = "NOCVE"; + if(id == NULL || strcmp(id, "") == 0 ) id = "NOCVE"; strcat(str, " <|> "); strcat(str, id); } { char * bid = plug_get_bugtraq_id(args); - if(bid == NULL)bid = "NOBID"; + if(bid == NULL || strcmp(bid, "") == 0) bid = "NOBID"; strcat(str, " <|> "); strcat(str, bid); } { char * xref = plug_get_xref(args); - printf("BUGME: xref = %s (%d)\n", xref, strlen(xref)); - if(xref == NULL)xref = "NOXREF"; + if(xref == NULL || strcmp(xref, "") == 0) xref = "NOXREF"; strcat(str, " <|> "); strcat(str, xref); } { - char * sign_keys = plug_get_sign_key_ids(args); - strcat(str, " <|> "); - if(sign_keys != NULL) - strcat(str, sign_keys); + char * sign_keys = plug_get_sign_key_ids(args); + if(sign_keys == NULL || strcmp(sign_keys, "") == 0) + sign_keys = "NOSIGNKEYS"; + strcat(str, " <|> "); + strcat(str, sign_keys); } auth_printf(globals, "%s\n", str); From scm-commit at wald.intevation.org Tue Dec 2 15:50:45 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 2 Dec 2008 15:50:45 +0100 (CET) Subject: [Openvas-commits] r1892 - trunk/doc/website Message-ID: <20081202145045.0BCA94073E@pyrosoma.intevation.org> Author: chandra Date: 2008-12-02 15:50:45 +0100 (Tue, 02 Dec 2008) New Revision: 1892 Added: trunk/doc/website/openvas-cr-23.htm4 Log: Added CR for script families Added: trunk/doc/website/openvas-cr-23.htm4 =================================================================== --- trunk/doc/website/openvas-cr-23.htm4 2008-12-02 11:50:55 UTC (rev 1891) +++ trunk/doc/website/openvas-cr-23.htm4 2008-12-02 14:50:45 UTC (rev 1892) @@ -0,0 +1,245 @@ +m4_dnl -*-html-*- +m4_include(`template.m4') + +m4_dnl OpenVAS +m4_dnl $Id$ +m4_dnl Description: OpenVAS Change Request #23 +m4_dnl +m4_dnl Authors: +m4_dnl Chandrashekhar B <bchandra at secpod.com> +m4_dnl +m4_dnl Copyright: +m4_dnl Copyright (C) 2008 SecPod +m4_dnl +m4_dnl This program is free software; you can redistribute it and/or modify +m4_dnl it under the terms of the GNU General Public License version 2, +m4_dnl as published by the Free Software Foundation. +m4_dnl +m4_dnl This program is distributed in the hope that it will be useful, +m4_dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +m4_dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +m4_dnl GNU General Public License for more details. +m4_dnl +m4_dnl You should have received a copy of the GNU General Public License +m4_dnl along with this program; if not, write to the Free Software +m4_dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + + +PAGE_START +<h2>OpenVAS Change Request #23: OpenVAS-libnasl: Standardize Script Families for NVT</h2> + +<p> +Status: In discusssion. +</p> + +<h3>Purpose</h3> + +<p> +To establish standard script families (script_family) usage for the OpenVAS NVT's. +</p> + +<h3>References</h3> + +<p> +</p> + +<h3>Rationale</h3> + +<p> +Script family helps to categorize the NVT's according to the nature of +vulnerability the NVT is describing. Also in certain cases, NVT's +are grouped based on the Operating System and the type of check it +is performing. +</p> + +<p> +As of now, there is no set standard in place for NVT developers to decide upon +families for the NVT's. There is no pre-decided set of family names documented +for each different type of vulnerability. Also there's no restriction on the +string format. This leads to adhoc categorization of NVT's +</p> + +<p> +This change request proposes to document the family names for each type of +vulnerability so that NVT developers can easily map the NVT's to an element +in a pre-defined set as in the following, + +<pre> +Families = [ + 'Backdoors', + 'Brute force attacks', + 'CGI abuses', + 'CGI abuses : XSS', + 'CISCO', + 'Default Unix Accounts', + 'Denial of Service', + ] +</pre> + +<h3>Effects</h3> + +<p> +This would allow NVT developers to refer to the defined set of families and +add new family as and when required. +</p> + +<p> +</p> + +<p> +</p> + +<h3>Design and Implementation</h3> + +<h4>Currently used families</h4> + +<pre> +Families = [ + 'Backdoors', + 'Brute force attacks', + 'CGI abuses', + 'CGI abuses : XSS', + 'CISCO', + 'Default Unix Accounts', + 'Denial of Service', + 'Finger abuses', + 'Firewalls', + 'FTP', + 'Gain a shell remotely', + 'Gain root remotely', + 'General', + 'Netware', + 'Peer-To-Peer File Sharing', + 'Port scanners', + 'Remote file access', + 'RPC', + 'Service detection', + 'Settings', + 'SMTP problems', + 'SNMP', + 'Useless services', + 'Windows : Microsoft Bulletins', + 'Windows', + 'AIX Local Security Checks', + 'Debian Local Security Checks', + 'FreeBSD Local Security Checks', + 'Gentoo Local Security Checks', + 'MacOS X Local Security Checks', + 'Red Hat Local Security Checks', + 'Solaris Local Security Checks', + 'SuSE Local Security Checks' + 'Misc.', + 'Web Servers, + 'Local test', + 'Credentials', + 'Windows SMB' + ] +</pre> + +<h4>Changes</h4> + +<ul> + +<li> +<p> +The following families are being used by some NVT's, which have to be moved to +a suitable family. +</p> +<pre> +['Local test', + 'Credentials', + 'Local test SuSE/FC/Gent./Ubuntu', + 'Windows SMB' +] +</pre> +</li> + +<li> +<p> +The use of 'CGI abuses' and 'CGI abuses : XSS' is not clearly understood and +they are being used interchangebly. The keyword 'CGI abuses' doesn't categorize +all the web application related security vulnerabilities. +</p> +<p> +A broader category like 'Web application abuses' would cover XSS, CSRF, SQL +Injection, File Inclusion, Directory traversal, Cookie poisoning and Input +Validation vulnerabilities. +</p> +</li> + +<li> +<p> +The family 'Misc.' has to be removed and the respective NVT's have to be moved +to an appopriate family that helps categorize the vulnerability. 'Misc.' is too +broad a category and misleading. The category 'General' can be used for such +purposes where NVT cannot be grouped to an existing family. +</p> +</li> + +<li> +<p> +Additions required, +<pre> +1. Buffer overflow +2. Privilege escalation +3. Malware: to describe virus/worms/trojans +</pre> +</p> +</li> + +</ul> + +<h4> +The New List of Families +</h4> +<pre> +Families = [ + 'Backdoors', + 'Brute force attacks', + 'Web application abuses', + 'CISCO', + 'Default Unix Accounts', + 'Denial of Service', + 'Finger abuses', + 'Firewalls', + 'FTP', + 'Gain a shell remotely', + 'Gain root remotely', + 'General', + 'Netware', + 'Peer-To-Peer File Sharing', + 'Port scanners', + 'Remote file access', + 'RPC', + 'Service detection', + 'Settings', + 'SMTP problems', + 'SNMP', + 'Useless services', + 'Windows : Microsoft Bulletins', + 'Windows', + 'AIX Local Security Checks', + 'Debian Local Security Checks', + 'FreeBSD Local Security Checks', + 'Gentoo Local Security Checks', + 'MacOS X Local Security Checks', + 'Red Hat Local Security Checks', + 'Solaris Local Security Checks', + 'SuSE Local Security Checks' + 'Web Servers, + 'Buffer overflow' + 'Privilege escalation' + 'Malware' + ] +</pre> + +<p> +Any addition to the above list will have to go through Change Request process. +</p> + +<h3>History</h3> + +<ul> +<li> 2008-11-28 Chandrashekhar B <bchandra at secpod.com>:<br> + Initial text.</li> +</ul> From scm-commit at wald.intevation.org Wed Dec 3 09:34:29 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 09:34:29 +0100 (CET) Subject: [Openvas-commits] r1893 - in trunk/openvas-client: . nessus Message-ID: <20081203083429.8491440738@pyrosoma.intevation.org> Author: felix Date: 2008-12-03 09:34:13 +0100 (Wed, 03 Dec 2008) New Revision: 1893 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/pdf_output.c trunk/openvas-client/nessus/plugin_infos.c Log: * nessus/plugin_infos.c : respect the symbolic values NOXREF, NOCVE, NOBID and NOSIGNKEY. * nessus/pdf_output.c : Do not print appendix table rows if NOCVE, NOBID NOXREF, improved text for signature summary. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-02 14:50:45 UTC (rev 1892) +++ trunk/openvas-client/ChangeLog 2008-12-03 08:34:13 UTC (rev 1893) @@ -1,5 +1,13 @@ 2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * nessus/plugin_infos.c : respect the symbolic values NOXREF, NOCVE, + NOBID and NOSIGNKEY. + + * nessus/pdf_output.c : Do not print appendix table rows if NOCVE, NOBID + NOXREF, improved text for signature summary. + +2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> + SSL Certificate view modernization. * nessus/sslui.c (sslui_showcert) : Replaced deprecated text widget and Modified: trunk/openvas-client/nessus/pdf_output.c =================================================================== --- trunk/openvas-client/nessus/pdf_output.c 2008-12-02 14:50:45 UTC (rev 1892) +++ trunk/openvas-client/nessus/pdf_output.c 2008-12-03 08:34:13 UTC (rev 1893) @@ -706,11 +706,17 @@ int idx = 0; gchar** fprs; - if(context->signer_fp_certificates == NULL || nvt->sign_key_ids == NULL - || strcmp(nvt->sign_key_ids, "") == 0) + if( nvt->sign_key_ids == NULL + || strcmp(nvt->sign_key_ids, "") == 0 + || strcmp(nvt->sign_key_ids, "NOSIGNKEYS") == 0) { print_plugin_table_row(file, _("Signed by"), _("not signed")); } + else if (context->signer_fp_certificates == NULL) + { + print_plugin_table_row(file, _("Signed by"), + _("unknown signature(s)")); + } else { /* fprs contains (comma separated) fingerprint(s) that are keys in @@ -779,9 +785,12 @@ print_plugin_table_row(file, _("Category"), plugin->category); print_plugin_table_row(file, _("Family"), plugin->family); print_plugin_table_row(file, _("Version"), plugin->version); - print_plugin_table_row(file, _("CVE"), plugin->cve); - print_plugin_table_row(file, _("BID"), plugin->bid); - print_plugin_table_row(file, _("XRefs"), plugin->xrefs); + if(plugin->cve != NULL && strcmp(plugin->cve, "NOCVE") != 0) + print_plugin_table_row(file, _("CVE"), plugin->cve); + if(plugin->bid != NULL && strcmp(plugin->bid, "NOBID") != 0) + print_plugin_table_row(file, _("BID"), plugin->bid); + if(plugin->xrefs != NULL && strcmp(plugin->xrefs, "NOXREF") != 0) + print_plugin_table_row(file, _("XRefs"), plugin->xrefs); print_plugin_information_signatures(file, plugin, context); fprintf(file, "</table>"); Modified: trunk/openvas-client/nessus/plugin_infos.c =================================================================== --- trunk/openvas-client/nessus/plugin_infos.c 2008-12-02 14:50:45 UTC (rev 1892) +++ trunk/openvas-client/nessus/plugin_infos.c 2008-12-03 08:34:13 UTC (rev 1893) @@ -393,7 +393,7 @@ /* The CVE ID (in case the plugin provides one) */ txt = plugin->cve; - if( txt != NULL && txt[0] != '\0' ) + if( txt != NULL && txt[0] != '\0' && strcmp(txt, "NOCVE") != 0 ) { snprintf(buf, sizeof(buf), _("CVE: %s"), txt); label = gtk_label_new(buf); @@ -404,7 +404,7 @@ /* The Bugtraq ID (in case the plugin provides one) */ txt = plugin->bid; - if( txt != NULL && txt[0] != '\0' ) + if( txt != NULL && txt[0] != '\0' && strcmp(txt, "NOBID") != 0 ) { snprintf(buf, sizeof(buf), _("Bugtraq ID: %s"), txt); label = gtk_label_new(buf); @@ -415,7 +415,7 @@ /* The other cross references (in case the plugin provides one) */ txt = plugin->xrefs; - if( txt != NULL && txt[0] != '\0' ) + if( txt != NULL && txt[0] != '\0' && strcmp(txt, "NOXREF") != 0 ) { snprintf(buf, sizeof(buf), _("Other references: %s"), txt); label = gtk_label_new(buf); @@ -475,6 +475,8 @@ /* Server trust level information */ txt = plugin->sign_key_ids; + if(txt && strcmp(txt, "NOSIGNKEYS") == 0) + txt = NULL; // Build up certificate list GSList* certificates = NULL; @@ -502,7 +504,7 @@ { snprintf(buf, sizeof(buf), _("Signatures:\n\tUnknown signature(s).")); } - else if(txt == NULL || strcmp(txt,"") == 0) + else if(txt == NULL || strcmp(txt, "") == 0) { snprintf(buf, sizeof(buf), _("Signatures:\n\tNVT is not signed.")); } From scm-commit at wald.intevation.org Wed Dec 3 09:44:18 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 09:44:18 +0100 (CET) Subject: [Openvas-commits] r1894 - trunk/openvas-compendium Message-ID: <20081203084418.296C440736@pyrosoma.intevation.org> Author: felix Date: 2008-12-03 09:44:16 +0100 (Wed, 03 Dec 2008) New Revision: 1894 Modified: trunk/openvas-compendium/ChangeLog trunk/openvas-compendium/openvas-compendium.de.tex trunk/openvas-compendium/openvas-compendium.tex Log: * nessus/plugin_infos.c : respect the symbolic values NOXREF, NOCVE, NOBID and NOSIGNKEY. * nessus/pdf_output.c : Do not print appendix table rows if NOCVE, NOBID NOXREF, improved text for signature summary. Modified: trunk/openvas-compendium/ChangeLog =================================================================== --- trunk/openvas-compendium/ChangeLog 2008-12-03 08:34:13 UTC (rev 1893) +++ trunk/openvas-compendium/ChangeLog 2008-12-03 08:44:16 UTC (rev 1894) @@ -1,3 +1,9 @@ +2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + * openvas-compendium.de.tex, openvas-compendium.tex : Included + documentation of symbolic values that is sent in case of non-existance + of certain plugin informations (NOCVE, NOBID ...) in OTP section. + 2008-11-28 Michael Wiegand <michael.wiegand at intevation.de> Post release version bump. Modified: trunk/openvas-compendium/openvas-compendium.de.tex =================================================================== --- trunk/openvas-compendium/openvas-compendium.de.tex 2008-12-03 08:34:13 UTC (rev 1893) +++ trunk/openvas-compendium/openvas-compendium.de.tex 2008-12-03 08:44:16 UTC (rev 1894) @@ -5111,6 +5111,11 @@ Das letzte Feld (fprs) ist eine Komma- separierte Liste von Fingerabdrücken der Signaturen, falls vorhanden. +Anstelle der cve_id, bugtraq_id, xrefs und fprs werden symbolische Werte +(NOCVE, NOBID, NOXREFS, NOSIGNKEYS) geschickt, falls keine cve_id, bugtraq_id +usw. gefunden werden kann. + + Falls kein NVT mit der OID=oid gefunden werde sollte, wird der Server nicht antworten. @@ -5143,6 +5148,10 @@ Das letzte Feld (fprs) ist eine Komma- separierte Liste von Fingerabdrücken der Signaturen, falls vorhanden. +Anstelle der cve_id, bugtraq_id, xrefs und fprs werden symbolische Werte +(NOCVE, NOBID, NOXREFS, NOSIGNKEYS) geschickt, falls keine cve_id, bugtraq_id +usw. gefunden werden kann. + \xname{otp-port} \subsection{PORT} Modified: trunk/openvas-compendium/openvas-compendium.tex =================================================================== --- trunk/openvas-compendium/openvas-compendium.tex 2008-12-03 08:34:13 UTC (rev 1893) +++ trunk/openvas-compendium/openvas-compendium.tex 2008-12-03 08:44:16 UTC (rev 1894) @@ -4845,6 +4845,9 @@ In case no plugin with OID=oid is found, the server will not answer at all. +For cve_id, bugtraq_id, xrefs and fprs symbolic values (NOCVE, NOBID, NOXREFS, +NOSIGNKEYS) are sent, if no cve_id, bugtrac_id etc. is known. + \xname{otp-plugin_list} \subsection{PLUGIN\_LIST} @@ -4872,6 +4875,8 @@ In this case, fprs is a comma-separated list of fingerprints of signatures, if any. +For cve_id, bugtraq_id, xrefs and fprs symbolic values (NOCVE, NOBID, NOXREFS, +NOSIGNKEYS) are sent, if no cve_id, bugtrac_id etc. is known. \xname{otp-port} \subsection{PORT} From scm-commit at wald.intevation.org Wed Dec 3 10:05:13 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 10:05:13 +0100 (CET) Subject: [Openvas-commits] r1895 - trunk/openvas-compendium Message-ID: <20081203090513.8DB3E40739@pyrosoma.intevation.org> Author: felix Date: 2008-12-03 10:05:11 +0100 (Wed, 03 Dec 2008) New Revision: 1895 Modified: trunk/openvas-compendium/ChangeLog trunk/openvas-compendium/openvas-compendium.de.tex trunk/openvas-compendium/openvas-compendium.tex Log: * openvas-compendium.de.tex, openvas-compendium.tex : escapes added. Modified: trunk/openvas-compendium/ChangeLog =================================================================== --- trunk/openvas-compendium/ChangeLog 2008-12-03 08:44:16 UTC (rev 1894) +++ trunk/openvas-compendium/ChangeLog 2008-12-03 09:05:11 UTC (rev 1895) @@ -1,5 +1,9 @@ 2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * openvas-compendium.de.tex, openvas-compendium.tex : escapes added. + +2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * openvas-compendium.de.tex, openvas-compendium.tex : Included documentation of symbolic values that is sent in case of non-existance of certain plugin informations (NOCVE, NOBID ...) in OTP section. Modified: trunk/openvas-compendium/openvas-compendium.de.tex =================================================================== --- trunk/openvas-compendium/openvas-compendium.de.tex 2008-12-03 08:44:16 UTC (rev 1894) +++ trunk/openvas-compendium/openvas-compendium.de.tex 2008-12-03 09:05:11 UTC (rev 1895) @@ -5111,8 +5111,8 @@ Das letzte Feld (fprs) ist eine Komma- separierte Liste von Fingerabdrücken der Signaturen, falls vorhanden. -Anstelle der cve_id, bugtraq_id, xrefs und fprs werden symbolische Werte -(NOCVE, NOBID, NOXREFS, NOSIGNKEYS) geschickt, falls keine cve_id, bugtraq_id +Anstelle der cve\_id, bugtraq\_id, xrefs und fprs werden symbolische Werte +(NOCVE, NOBID, NOXREFS, NOSIGNKEYS) geschickt, falls keine cve\_id, bugtraq\_id usw. gefunden werden kann. @@ -5148,8 +5148,8 @@ Das letzte Feld (fprs) ist eine Komma- separierte Liste von Fingerabdrücken der Signaturen, falls vorhanden. -Anstelle der cve_id, bugtraq_id, xrefs und fprs werden symbolische Werte -(NOCVE, NOBID, NOXREFS, NOSIGNKEYS) geschickt, falls keine cve_id, bugtraq_id +Anstelle der cve\_id, bugtraq\_id, xrefs und fprs werden symbolische Werte +(NOCVE, NOBID, NOXREFS, NOSIGNKEYS) geschickt, falls keine cve\_id, bugtraq\_id usw. gefunden werden kann. \xname{otp-port} Modified: trunk/openvas-compendium/openvas-compendium.tex =================================================================== --- trunk/openvas-compendium/openvas-compendium.tex 2008-12-03 08:44:16 UTC (rev 1894) +++ trunk/openvas-compendium/openvas-compendium.tex 2008-12-03 09:05:11 UTC (rev 1895) @@ -4845,8 +4845,8 @@ In case no plugin with OID=oid is found, the server will not answer at all. -For cve_id, bugtraq_id, xrefs and fprs symbolic values (NOCVE, NOBID, NOXREFS, -NOSIGNKEYS) are sent, if no cve_id, bugtrac_id etc. is known. +For cve\_id, bugtraq\_id, xrefs and fprs symbolic values (NOCVE, NOBID, NOXREFS, +NOSIGNKEYS) are sent, if no cve\_id, bugtrac\_id etc. is known. \xname{otp-plugin_list} \subsection{PLUGIN\_LIST} @@ -4875,8 +4875,8 @@ In this case, fprs is a comma-separated list of fingerprints of signatures, if any. -For cve_id, bugtraq_id, xrefs and fprs symbolic values (NOCVE, NOBID, NOXREFS, -NOSIGNKEYS) are sent, if no cve_id, bugtrac_id etc. is known. +For cve\_id, bugtraq\_id, xrefs and fprs symbolic values (NOCVE, NOBID, NOXREFS, +NOSIGNKEYS) are sent, if no cve\_id, bugtrac\_id etc. is known. \xname{otp-port} \subsection{PORT} From scm-commit at wald.intevation.org Wed Dec 3 10:20:13 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 10:20:13 +0100 (CET) Subject: [Openvas-commits] r1896 - trunk/doc/website Message-ID: <20081203092013.457D44072A@pyrosoma.intevation.org> Author: felix Date: 2008-12-03 10:20:13 +0100 (Wed, 03 Dec 2008) New Revision: 1896 Modified: trunk/doc/website/openvas-cr-16.htm4 Log: Updated CR#16 status (done, released). Modified: trunk/doc/website/openvas-cr-16.htm4 =================================================================== --- trunk/doc/website/openvas-cr-16.htm4 2008-12-03 09:05:11 UTC (rev 1895) +++ trunk/doc/website/openvas-cr-16.htm4 2008-12-03 09:20:13 UTC (rev 1896) @@ -28,7 +28,7 @@ PAGE_START <h2>OpenVAS Change Request #16: OpenVAS-Client: Do not automatically enable new NVTs</h2> -Status: In progress, Voted +4. +Status: Voted +4. Implemented with SVN 1639. Released with openvas-client 2.0-beta2. <h3>Purpose</h3> @@ -102,6 +102,8 @@ <h3>History</h3> <ul> +<li> 2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de>:<br> + Updated status, implemented and released.</li> <li> 2008-10-14 Michael Wiegand <michael.wiegand at intevation.de>:<br> Updated status.</li> <li> 2008-10-13 Michael Wiegand <michael.wiegand at intevation.de>:<br> From scm-commit at wald.intevation.org Wed Dec 3 11:50:18 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 11:50:18 +0100 (CET) Subject: [Openvas-commits] r1897 - trunk/doc/website Message-ID: <20081203105018.CBDAB4073F@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-03 11:50:18 +0100 (Wed, 03 Dec 2008) New Revision: 1897 Modified: trunk/doc/website/openvas-cr-22.htm4 trunk/doc/website/openvas-crs.htm4 Log: Updated status for CR #22. Modified: trunk/doc/website/openvas-cr-22.htm4 =================================================================== --- trunk/doc/website/openvas-cr-22.htm4 2008-12-03 09:20:13 UTC (rev 1896) +++ trunk/doc/website/openvas-cr-22.htm4 2008-12-03 10:50:18 UTC (rev 1897) @@ -29,7 +29,7 @@ <h2>OpenVAS Change Request #22: OpenVAS-libnasl: Introduce new script_tag Command</h2> <p> -Status: In discusssion. +Status: Voted +3. In progress. </p> <h3>Purpose</h3> @@ -115,6 +115,8 @@ <h3>History</h3> <ul> +<li> 2008-12-03 Michael Wiegand <michael.wiegand at intevation.de>:<br> + Updated status.</li> <li> 2008-11-28 Michael Wiegand <michael.wiegand at intevation.de>:<br> Initial text.</li> </ul> Modified: trunk/doc/website/openvas-crs.htm4 =================================================================== --- trunk/doc/website/openvas-crs.htm4 2008-12-03 09:20:13 UTC (rev 1896) +++ trunk/doc/website/openvas-crs.htm4 2008-12-03 10:50:18 UTC (rev 1897) @@ -65,7 +65,7 @@ <li> <a href="openvas-cr-19.html">OpenVAS Change Request #19: Agree on a style guideline and on a format for the documentation</a> (in discussion) <li> <a href="openvas-cr-20.html">OpenVAS Change Request #20: OpenVAS: Improve SSH Credentials Management</a> (in discussion) <li> <a href="openvas-cr-21.html">OpenVAS Change Request #21: OpenVAS-Client: Improve Vulnerability Summary Listing</a> (in discussion) -<li> <a href="openvas-cr-22.html">OpenVAS Change Request #22: OpenVAS-libnasl: Introduce new script_tag Command</a> (in discussion) +<li> <a href="openvas-cr-22.html">OpenVAS Change Request #22: OpenVAS-libnasl: Introduce new script_tag Command</a> (in progress) </ul> <h3>How to write a change request</h3> From scm-commit at wald.intevation.org Wed Dec 3 12:16:55 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 12:16:55 +0100 (CET) Subject: [Openvas-commits] r1898 - trunk/openvas-client Message-ID: <20081203111655.5260A40742@pyrosoma.intevation.org> Author: felix Date: 2008-12-03 12:16:54 +0100 (Wed, 03 Dec 2008) New Revision: 1898 Modified: trunk/openvas-client/ChangeLog Log: * ChangeLog : Added function names in ChangeLog entries. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-03 10:50:18 UTC (rev 1897) +++ trunk/openvas-client/ChangeLog 2008-12-03 11:16:54 UTC (rev 1898) @@ -1,10 +1,15 @@ +2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + * ChangeLog : Added function names in ChangeLog entries. + 2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> - * nessus/plugin_infos.c : respect the symbolic values NOXREF, NOCVE, - NOBID and NOSIGNKEY. + * nessus/plugin_infos.c (plugin_info_window_setup): respect the symbolic + values NOXREF, NOCVE, NOBID and NOSIGNKEY. - * nessus/pdf_output.c : Do not print appendix table rows if NOCVE, NOBID - NOXREF, improved text for signature summary. + * nessus/pdf_output.c (print_plugin_information): Do not print appendix + table rows if NOCVE, NOBID or NOXREF, improved text for signature + summary. 2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> @@ -21,8 +26,8 @@ * nessus/comm.c (parse_certificate) : reverted, yesterdays fix not necessary because it seemingly happens with untrusted certificates only. - * nessus/pdf_output.c : consistent vertical alignment for appendix - plugin table. + * nessus/pdf_output.c (print_plugin_information_signatures) : consistent + vertical alignment for appendix plugin table. 2008-12-02 Michael Wiegand <michael.wiegand at intevation.de> From scm-commit at wald.intevation.org Wed Dec 3 12:45:44 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 12:45:44 +0100 (CET) Subject: [Openvas-commits] r1899 - in trunk/openvas-client: . nessus Message-ID: <20081203114544.0E99E4074C@pyrosoma.intevation.org> Author: felix Date: 2008-12-03 12:45:43 +0100 (Wed, 03 Dec 2008) New Revision: 1899 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/plugin_cache.c Log: * nessus/plugin_cache.c : Comments changed to doxygen "javadoc" style, return values documented. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-03 11:16:54 UTC (rev 1898) +++ trunk/openvas-client/ChangeLog 2008-12-03 11:45:43 UTC (rev 1899) @@ -1,5 +1,10 @@ 2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * nessus/plugin_cache.c : Comments changed to doxygen "javadoc" style, + return values documented. + +2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * ChangeLog : Added function names in ChangeLog entries. 2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> Modified: trunk/openvas-client/nessus/plugin_cache.c =================================================================== --- trunk/openvas-client/nessus/plugin_cache.c 2008-12-03 11:16:54 UTC (rev 1898) +++ trunk/openvas-client/nessus/plugin_cache.c 2008-12-03 11:45:43 UTC (rev 1899) @@ -26,7 +26,9 @@ * do so, delete this exception statement from your version. */ -/* Cache for the plugin information read from the server +/** + * \file + * Cache for the plugin information read from the server * * File format * ----------- @@ -108,7 +110,8 @@ #define DEP_KEYWORD "dependency" #define END_KEYWORD "end" -/* Determine the cache file to use for the context. +/** + * Determine the cache file to use for the context. * * The cache file will be in the same directory as the nessusrc file of * the context. The return value has to be free'd with efree. @@ -135,13 +138,14 @@ } -/* Write a string to the cache file +/** + * Write a string to the cache file * * The parameter FILE is the stream to be used to write to the cache * file. S is the NUL-terminated string to be written. The bytes of S * are percent escaped (see file format description above). * - * The return value is 0 on success and != 0 otherwise. + * @return Returns 0 on success and != 0 otherwise. */ static int write_string(FILE *file, const char *s) @@ -159,7 +163,8 @@ return ferror(file) ? -1 : 0; } -/* Write a record to the cache file +/** + * Write a record to the cache file * * The parameter FILE is be the stream to be used to write to the cache * file. FORMAT is a string containing one character for each of the @@ -176,7 +181,7 @@ * The values are written in percent-escaped form, separated by vertical * bars, followed by a newline to end the line/record. * - * The return value is 0 on success and != 0 otherwise. + * @return Returns 0 on success and != 0 otherwise. */ /* TODO: check for write errors */ static int @@ -224,13 +229,14 @@ } -/* Write a plugin to the cache file +/** + * Write a plugin to the cache file * * The parameter PLUGIN is the plugin to write and FILE is be the stream * to be used to write to the cache file. The plugin is written as a * single record as described in the file format description. * - * The return value is 0 on success and != 0 otherwise. + * @return Returns 0 on success and != 0 otherwise. */ static int write_plugin(struct nessus_plugin *plugin, FILE *file) @@ -245,13 +251,14 @@ } -/* Write a dependency to the cache file +/** + * Write a dependency to the cache file * * The parameter DEP is the dependency to write and FILE is be the stream * to be used to write to the cache file. The dependency is written as a * single record as described in the file format description. * - * The return value is 0 on success and != 0 otherwise. + * @return Returns 0 on success and != 0 otherwise. */ static int write_dep(struct arglist *dep, FILE *file) @@ -266,13 +273,14 @@ } -/* Write all plugins in the linked list PLUGINS +/** + * Write all plugins in the linked list PLUGINS * * The parameter PLUGINS is the first plugin in the list of plugins to * write and FILE is be the stream to be used to write to the cache * file. Each plugin is written with write_plugin. * - * The return value is 0 on success and != 0 otherwise. + * @return Returns 0 on success and != 0 otherwise. */ static int write_plugin_list(struct nessus_plugin *plugins, FILE *file) @@ -287,13 +295,14 @@ return 0; } -/* Write all dependencies in the linked list DEPS +/** + * Write all dependencies in the linked list DEPS * * The parameter DEPS is the first dependency in the list of dependencies to * write and FILE is be the stream to be used to write to the cache * file. Each dependency is written with write_dep. * - * The return value is 0 on success and != 0 otherwise. + * @return Returns 0 on success and != 0 otherwise. */ static int write_deps_list(struct arglist *deps, FILE *file) @@ -308,7 +317,8 @@ return 0; } -/* Write the plugins in CONTEXT to a cache +/** + * Write the plugins in CONTEXT to a cache * * The parameter CONTEXT is the context whose plugins are to be written. * The filename for the cache is determined with @@ -318,10 +328,9 @@ * empty string for situations where the checking it will not be needed * such as when storing the plugins for a report. * - * The return value is 0 on success and != 0 otherwise. - * * If an error occurs when writing the file, the file is removed to * avoid incorrect caches lying around. + * @return Returns 0 on success and != 0 otherwise. */ int plugin_cache_write(struct context * context, const char * server_md5sum) @@ -358,14 +367,17 @@ } -/* Read one line from FILE +/** + * Read one line from FILE * * The return value is a NUL-terminated string including the trailing * newline of the line if any. The return value is allocated with * emalloc and has to be freed by the caller with efree. - * - * If an error occurrs this function returns NULL. When the end of the - * file is reached the function returns an empty string. + * When the end of the file is reached the function returns an empty string. + * + * @return NULL if an error occured, empty string when end of file is reached + * or the (nul-terminated) line of a file, including trailing newline if + * any. */ static char * read_line(FILE *file) @@ -413,7 +425,8 @@ } -/* Split LINE at the vertical bars +/** + * Split LINE at the vertical bars * * The NUL-terminated string LINE is split into fields at the vertical * bar characters ('|') by replacing the vertical bars with NUL @@ -427,6 +440,8 @@ * The return value is the number of fields found in the line. This * number may be larger than NITEMS in which case the fields beyond the * first NITEMS fields won't be accesssible to the caller. + * + * @return Number of fields found in the line. */ static int split_line(char * line, char **items, int nitems) @@ -469,10 +484,11 @@ : ('a' <= (c) && c <= 'f') ? (c) - 'a' + 10\ : -1) -/* percent-unquote the NUL-terminated string S. +/** + * percent-unquote the NUL-terminated string S. * * Unquoting is done in place. - * The return value is 0 on success and != 0 otherwise. + * @return Returns 0 on success and != 0 otherwise. */ static int unquote(char * s) @@ -505,7 +521,8 @@ } -/* Read a line from the cache file and decode it +/** + * Read a line from the cache file and decode it * * The parameter FILE is the stread to the read the cache line from. * The parameters ITEMS and NITEMS are passed through to split_line and @@ -526,6 +543,8 @@ * When an error occurs, the return value is -1. The ITEMS array may * have been modified already in that case, but the memory the items now * point to is invalid. + * + * @return Actual number of fields in a line, 0 on end of file, -1 on error. */ static int read_cache_line(FILE * file, char **items, int nitems) @@ -564,7 +583,8 @@ } -/* Read the file header +/** + * Read the file header * * The file header is the first line of the file with the md5sum for the * md5sum originally reported by the server. @@ -574,6 +594,8 @@ * * The md5sum will be stored in a string newly allocated with emalloc in * *server_md5sum. + * + * @return Returns 0 on success, < 0 on error. */ static int check_header(FILE * file, char ** server_md5sum) @@ -622,7 +644,8 @@ return result; } -/* Read the plugin cache and optionally check the md5sum for the cache +/** + * Read the plugin cache and optionally check the md5sum for the cache * * CONTEXT is the context into which the cache should be read. * SERVER_MD5SUM should be the string with the hex-encoded md5sum @@ -638,6 +661,9 @@ * If an error occurs the function returns a value < 0. Otherwise if * the cache was current it returns 0 and a value > 0 if the cache was * outdated. + * + * @return If the cache is current, returns 0. On outdated caches >0, on errors + * <0. */ int plugin_cache_read(struct context * context) From scm-commit at wald.intevation.org Wed Dec 3 13:27:47 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 13:27:47 +0100 (CET) Subject: [Openvas-commits] r1900 - in trunk/openvas-libraries: . libopenvas Message-ID: <20081203122747.842944073C@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-03 13:27:46 +0100 (Wed, 03 Dec 2008) New Revision: 1900 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/libopenvas/plugutils.c trunk/openvas-libraries/libopenvas/plugutils.h trunk/openvas-libraries/libopenvas/store.c trunk/openvas-libraries/libopenvas/store_internal.h Log: Implementing CR #22 (New script_tag Command, http://www.openvas.org/openvas-cr-22.html). * libopenvas/plugutils.c: Added plug_set_tag, plug_get_tag and _plug_get_tag functions. * libopenvas/store_internal.h: Added tag field to struct, incremented magic number, updated function declarations. * libopenvas/plugutils.h: Updated function declarations. * libopenvas/store.c: Added store_fetch_tag function. (store_plugin) Added support for script_tag. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2008-12-03 11:45:43 UTC (rev 1899) +++ trunk/openvas-libraries/ChangeLog 2008-12-03 12:27:46 UTC (rev 1900) @@ -1,3 +1,19 @@ +2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> + + Implementing CR #22 (New script_tag Command, + http://www.openvas.org/openvas-cr-22.html). + + * libopenvas/plugutils.c: Added plug_set_tag, plug_get_tag and + _plug_get_tag functions. + + * libopenvas/store_internal.h: Added tag field to struct, incremented + magic number, updated function declarations. + + * libopenvas/plugutils.h: Updated function declarations. + + * libopenvas/store.c: Added store_fetch_tag function. (store_plugin) + Added support for script_tag. + 2008-11-18 Tim Brown <timb at nth-dimension.org.uk> * packaging/debian/changelog: Updated. Modified: trunk/openvas-libraries/libopenvas/plugutils.c =================================================================== --- trunk/openvas-libraries/libopenvas/plugutils.c 2008-12-03 11:45:43 UTC (rev 1899) +++ trunk/openvas-libraries/libopenvas/plugutils.c 2008-12-03 12:27:46 UTC (rev 1900) @@ -390,6 +390,43 @@ return store_fetch_xref(desc); } +void plug_set_tag(desc, name, value) + struct arglist * desc; + char * name, * value; +{ + char * old = arg_get_value(desc, "TAGS"); + if(old != NULL) + { + old = erealloc(old, strlen(old) + strlen(name) + strlen(value) + 3); + strcat(old, "|"); + strcat(old, name); /* RATS: ignore */ + strcat(old, "="); + strcat(old, value); /* RATS: ignore */ + arg_set_value(desc, "TAGS", strlen(old), old); + } + else + { + char * str; + + str = emalloc(strlen(name) + strlen(value) + 2); + strcat(str, name); /* RATS: ignore */ + strcat(str, "="); + strcat(str, value); /* RATS: ignore */ + arg_add_value(desc, "TAGS", ARG_STRING, strlen(str), str); + } +} + +char * _plug_get_tag(desc) + struct arglist * desc; +{ + return arg_get_value(desc, "TAGS"); +} + +char * plug_get_tag(struct arglist * desc) +{ + return store_fetch_tag(desc); +} + /* Set string that lists signature keys for a plugin or add it, when not empty. * Key-ids are stored as comma- seperated list ('ABCDEFGH,ABCDEFG1'). */ Modified: trunk/openvas-libraries/libopenvas/plugutils.h =================================================================== --- trunk/openvas-libraries/libopenvas/plugutils.h 2008-12-03 11:45:43 UTC (rev 1899) +++ trunk/openvas-libraries/libopenvas/plugutils.h 2008-12-03 12:27:46 UTC (rev 1900) @@ -87,6 +87,9 @@ void plug_set_xref(struct arglist *, char *, char *); char * plug_get_xref(struct arglist *); +void plug_set_tag(struct arglist *, char *, char *); +char * plug_get_tag(struct arglist *); + void plug_set_sign_key_ids(struct arglist*, char*); char* plug_get_sign_key_ids(struct arglist*); Modified: trunk/openvas-libraries/libopenvas/store.c =================================================================== --- trunk/openvas-libraries/libopenvas/store.c 2008-12-03 11:45:43 UTC (rev 1899) +++ trunk/openvas-libraries/libopenvas/store.c 2008-12-03 12:27:46 UTC (rev 1900) @@ -525,6 +525,10 @@ #endif e = safe_copy(str, plug.xref, sizeof(plug.xref), path, "xref id"); if(e < 0)return NULL; + + str = _plug_get_tag(plugin); + e = safe_copy(str, plug.tag, sizeof(plug.tag), path, "tag"); + if(e < 0)return NULL; arglist = _plug_get_deps(plugin); str = arglist2str(arglist); @@ -747,6 +751,15 @@ return p.xref; } +char * store_fetch_tag(struct arglist * desc) +{ + char * fname = _plug_get_fname(desc); + static struct plugin p; + + store_get_plugin(&p, fname); + return p.tag; +} + struct arglist * store_fetch_dependencies(struct arglist * desc) { char * fname = _plug_get_fname(desc); @@ -826,6 +839,7 @@ printf("cve_id : %s\n", plugin.cve_id); printf("bid : %s\n", plugin.bid); printf("xrefs : %s\n", plugin.xrefs); + printf("tags : %s\n", plugin.tags); printf("dependencies: %s\n", plugin.dependencies); printf("required_keys : %s\n", plugin.required_keys); printf("excluded_key : %s\n", plugin.excluded_keys); Modified: trunk/openvas-libraries/libopenvas/store_internal.h =================================================================== --- trunk/openvas-libraries/libopenvas/store_internal.h 2008-12-03 11:45:43 UTC (rev 1899) +++ trunk/openvas-libraries/libopenvas/store_internal.h 2008-12-03 12:27:46 UTC (rev 1900) @@ -4,7 +4,7 @@ #define MAX_PREFS 32 -#define MAGIC 0x48 /* defines the revision of the plugin struct +#define MAGIC 0x49 /* defines the revision of the plugin struct Basically it is just used to invalidate old desc-files if the number does not match. */ @@ -33,6 +33,8 @@ char bid [500]; char xref [1024]; + + char tag [4096]; char dependencies [512]; char required_keys [128]; @@ -64,6 +66,7 @@ char * store_fetch_cve_id(struct arglist * desc); char * store_fetch_bugtraq_id(struct arglist * desc); char * store_fetch_xref(struct arglist * desc); +char * store_fetch_tag(struct arglist * desc); struct arglist * store_fetch_dependencies(struct arglist * desc); struct arglist * store_fetch_required_keys(struct arglist * desc); struct arglist * store_fetch_excluded_keys(struct arglist * desc); From scm-commit at wald.intevation.org Wed Dec 3 13:29:02 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 13:29:02 +0100 (CET) Subject: [Openvas-commits] r1901 - in trunk/openvas-libnasl: . include nasl Message-ID: <20081203122902.AE78A4073C@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-03 13:29:02 +0100 (Wed, 03 Dec 2008) New Revision: 1901 Modified: trunk/openvas-libnasl/ChangeLog trunk/openvas-libnasl/include/nasl.h trunk/openvas-libnasl/nasl/nasl_init.c trunk/openvas-libnasl/nasl/nasl_nessusd_glue.c trunk/openvas-libnasl/nasl/nasl_nessusd_glue.h Log: Implementing CR #22 (New script_tag Command, http://www.openvas.org/openvas-cr-22.html). * include/nasl.h: Increased OPENVAS_NASL_LEVEL to 2310. * nasl/nasl_nessusd_glue.c: Added new script_tag function. * nasl/nasl_nessusd_glue.h: Added function declaration. * nasl/nasl_init.c: Make new function available to parser. Modified: trunk/openvas-libnasl/ChangeLog =================================================================== --- trunk/openvas-libnasl/ChangeLog 2008-12-03 12:27:46 UTC (rev 1900) +++ trunk/openvas-libnasl/ChangeLog 2008-12-03 12:29:02 UTC (rev 1901) @@ -1,3 +1,16 @@ +2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> + + Implementing CR #22 (New script_tag Command, + http://www.openvas.org/openvas-cr-22.html). + + * include/nasl.h: Increased OPENVAS_NASL_LEVEL to 2310. + + * nasl/nasl_nessusd_glue.c: Added new script_tag function. + + * nasl/nasl_nessusd_glue.h: Added function declaration. + + * nasl/nasl_init.c: Make new function available to parser. + 2008-11-19 Tim Brown <timb at nth-dimension.org.uk> * packaging/debian/changelog: Updated. Modified: trunk/openvas-libnasl/include/nasl.h =================================================================== --- trunk/openvas-libnasl/include/nasl.h 2008-12-03 12:27:46 UTC (rev 1900) +++ trunk/openvas-libnasl/include/nasl.h 2008-12-03 12:29:02 UTC (rev 1901) @@ -70,9 +70,12 @@ * * Level 2300 * New functions: log_message(), debug_message() + * + * Level 2310 + * New functions: script_tag() */ #define NASL_LEVEL 2205 -#define OPENVAS_NASL_LEVEL 2300 +#define OPENVAS_NASL_LEVEL 2310 /* Signature information extraction and verification (not nasl- specific anymore, thus likely to be moved to openvas-libraries): */ Modified: trunk/openvas-libnasl/nasl/nasl_init.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_init.c 2008-12-03 12:27:46 UTC (rev 1900) +++ trunk/openvas-libnasl/nasl/nasl_init.c 2008-12-03 12:29:02 UTC (rev 1901) @@ -84,6 +84,7 @@ { "script_cve_id", script_cve_id, 999, { NULL } }, { "script_bugtraq_id", script_bugtraq_id, 999, { NULL } }, { "script_xref", script_xref, 0, {"name", "value", NULL} }, + { "script_tag", script_tag, 0, {"name", "value", NULL} }, { "get_preference", nasl_get_preference, 1, { NULL } }, { "safe_checks", safe_checks, 0, { NULL } }, { "replace_kb_item", replace_kb_item, 0, {"name", "value", NULL } }, Modified: trunk/openvas-libnasl/nasl/nasl_nessusd_glue.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_nessusd_glue.c 2008-12-03 12:27:46 UTC (rev 1900) +++ trunk/openvas-libnasl/nasl/nasl_nessusd_glue.c 2008-12-03 12:29:02 UTC (rev 1901) @@ -158,7 +158,26 @@ return FAKE_CELL; } +tree_cell* script_tag(lex_ctxt* lexic) +{ + struct arglist * script_infos = lexic->script_infos; + char * name = get_str_var_by_name(lexic, "name"); + char * value = get_str_var_by_name(lexic, "value"); + + + if( value == NULL || name == NULL ) + { + fprintf(stderr, "script_tag() syntax error - should be script_tag(name:<name>, value:<value>)\n"); + return FAKE_CELL; + } + + plug_set_tag(script_infos, name, value); + + return FAKE_CELL; +} + + /* UNUSED */ tree_cell* script_see_also(lex_ctxt* lexic) { Modified: trunk/openvas-libnasl/nasl/nasl_nessusd_glue.h =================================================================== --- trunk/openvas-libnasl/nasl/nasl_nessusd_glue.h 2008-12-03 12:27:46 UTC (rev 1900) +++ trunk/openvas-libnasl/nasl/nasl_nessusd_glue.h 2008-12-03 12:29:02 UTC (rev 1901) @@ -35,6 +35,7 @@ tree_cell* script_cve_id(lex_ctxt* ); tree_cell* script_bugtraq_id(lex_ctxt* ); tree_cell* script_xref(lex_ctxt *); +tree_cell* script_tag(lex_ctxt *); tree_cell* script_see_also(lex_ctxt* ); tree_cell * script_name(lex_ctxt * ); tree_cell * script_version(lex_ctxt * ); From scm-commit at wald.intevation.org Wed Dec 3 13:30:03 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 13:30:03 +0100 (CET) Subject: [Openvas-commits] r1902 - in trunk/openvas-server: . openvasd Message-ID: <20081203123003.B06954073C@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-03 13:30:03 +0100 (Wed, 03 Dec 2008) New Revision: 1902 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/openvasd/comm.c Log: Implementing CR #22 (New script_tag Command, http://www.openvas.org/openvas-cr-22.html). * openvasd/comm.c (send_plug_info): Added support for sending NVT tags to client. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2008-12-03 12:29:02 UTC (rev 1901) +++ trunk/openvas-server/ChangeLog 2008-12-03 12:30:03 UTC (rev 1902) @@ -1,3 +1,11 @@ +2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> + + Implementing CR #22 (New script_tag Command, + http://www.openvas.org/openvas-cr-22.html). + + * openvasd/comm.c (send_plug_info): Added support for sending NVT tags + to client. + 2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> * openvasd/comm.c : Repaired sending NOXREF, NOCVE, NOBID, NOSIGNKEY if Modified: trunk/openvas-server/openvasd/comm.c =================================================================== --- trunk/openvas-server/openvasd/comm.c 2008-12-03 12:29:02 UTC (rev 1901) +++ trunk/openvas-server/openvasd/comm.c 2008-12-03 12:30:03 UTC (rev 1902) @@ -206,6 +206,14 @@ strcat(str, sign_keys); } + { + char * tag = plug_get_tag(args); + if(tag == NULL || strcmp(tag, "") == 0) + tag = "NOTAG"; + strcat(str, " <|> "); + strcat(str, tag); + } + auth_printf(globals, "%s\n", str); efree(&str); } From scm-commit at wald.intevation.org Wed Dec 3 13:34:56 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 13:34:56 +0100 (CET) Subject: [Openvas-commits] r1903 - in trunk/openvas-client: . nessus Message-ID: <20081203123456.109ED40745@pyrosoma.intevation.org> Author: felix Date: 2008-12-03 13:34:55 +0100 (Wed, 03 Dec 2008) New Revision: 1903 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/comm.c trunk/openvas-client/nessus/nessus_plugin.c trunk/openvas-client/nessus/nessus_plugin.h trunk/openvas-client/nessus/plugin_cache.c trunk/openvas-client/nessus/plugin_infos.c Log: Implementation of script tags according to CR #22 (http://www.openvas.org/openvas-cr-22.html). * nessus/plugin_infos.c (plugin_info_window_setup) : Display script tags. * nessus/plugin_cache.c : Increased max items per line, file format nr. * nessus/plugin_cache.c (write_plugin, plugin_cache_read) : Write and read script tag to/from cache. * nessus/nessus_plugin.h : Define char* script_tag in struct, adjust proto for nessus_plugin_new. * nessus/nessus_plugin.c (nessus_plugin_new, nessus_plugin_duplicate) : Set script_tag in plugin. * nessus/comm.c (parse_plugin) : Parse the new script_tag field, set script_tag in plugin struct. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-03 12:30:03 UTC (rev 1902) +++ trunk/openvas-client/ChangeLog 2008-12-03 12:34:55 UTC (rev 1903) @@ -1,5 +1,27 @@ 2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Implementation of script tags according to CR #22 + (http://www.openvas.org/openvas-cr-22.html). + + * nessus/plugin_infos.c (plugin_info_window_setup) : Display script + tags. + + * nessus/plugin_cache.c : Increased max items per line, file format nr. + + * nessus/plugin_cache.c (write_plugin, plugin_cache_read) : Write and + read script tag to/from cache. + + * nessus/nessus_plugin.h : Define char* script_tag in struct, adjust + proto for nessus_plugin_new. + + * nessus/nessus_plugin.c (nessus_plugin_new, nessus_plugin_duplicate) : + Set script_tag in plugin. + + * nessus/comm.c (parse_plugin) : Parse the new script_tag field, set + script_tag in plugin struct. + +2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * nessus/plugin_cache.c : Comments changed to doxygen "javadoc" style, return values documented. Modified: trunk/openvas-client/nessus/comm.c =================================================================== --- trunk/openvas-client/nessus/comm.c 2008-12-03 12:30:03 UTC (rev 1902) +++ trunk/openvas-client/nessus/comm.c 2008-12-03 12:34:55 UTC (rev 1903) @@ -150,6 +150,7 @@ char * bid = NULL; char * xref = NULL; char * sign_key_ids; + char * script_tags; gboolean failed = FALSE; char * space = strstr(buf, " "); @@ -252,11 +253,20 @@ if(!str) failed = TRUE; else sign_key_ids = str; } + + if(failed == FALSE) + { + offset += strlen(str) + 5; + str = parse_separator(buf + offset); + if(!str) failed = TRUE; + else script_tags = str; + } if(failed == FALSE) { return nessus_plugin_new(oid, name, category, copyright, description, - summary, family, version, cve, bid, xref, sign_key_ids); + summary, family, version, cve, bid, xref, + sign_key_ids, script_tags); } // else: parsing failed Modified: trunk/openvas-client/nessus/nessus_plugin.c =================================================================== --- trunk/openvas-client/nessus/nessus_plugin.c 2008-12-03 12:30:03 UTC (rev 1902) +++ trunk/openvas-client/nessus/nessus_plugin.c 2008-12-03 12:34:55 UTC (rev 1903) @@ -37,7 +37,8 @@ char * cve, char * bid, char * xrefs, - char * sign_key_ids + char * sign_key_ids, + char * script_tags ) { struct nessus_plugin * np = malloc(sizeof(*np)); @@ -59,6 +60,7 @@ np->cve = cache_inc(cve); np->bid = cache_inc(bid); np->xrefs = cache_inc(xrefs); + np->script_tags = cache_inc(script_tags); np->sign_key_ids = cache_inc(sign_key_ids); np->next = NULL; return np; @@ -114,7 +116,8 @@ struct nessus_plugin * copy = nessus_plugin_new(plugin->oid, plugin->name, plugin->category, plugin->copyright, nessus_plugin_get_description(plugin), plugin->summary, plugin->family, - plugin->version, plugin->cve, plugin->bid, plugin->xrefs, plugin->sign_key_ids); + plugin->version, plugin->cve, plugin->bid, plugin->xrefs, + plugin->sign_key_ids, plugin->script_tags); copy->enabled = plugin->enabled; nessus_plugin_set_md5sum(copy, plugin->md5sum); if (plugin->plugin_prefs != NULL) Modified: trunk/openvas-client/nessus/nessus_plugin.h =================================================================== --- trunk/openvas-client/nessus/nessus_plugin.h 2008-12-03 12:30:03 UTC (rev 1902) +++ trunk/openvas-client/nessus/nessus_plugin.h 2008-12-03 12:34:55 UTC (rev 1903) @@ -17,6 +17,7 @@ char * cve; char * bid; char * xrefs; + char * script_tags; char * sign_key_ids; struct arglist * plugin_prefs; @@ -28,7 +29,7 @@ -struct nessus_plugin * nessus_plugin_new(char * id, char * name, char * category, char * copyright, char * description, char * summary, char * family, char * version, char * cve, char * bid, char * xrefs, char* sign_key_ids); +struct nessus_plugin * nessus_plugin_new(char * id, char * name, char * category, char * copyright, char * description, char * summary, char * family, char * version, char * cve, char * bid, char * xrefs, char* sign_key_ids, char* script_tags); struct nessus_plugin * nessus_plugin_get_by_name( struct nessus_plugin * plugins, char * name); struct nessus_plugin * nessus_plugin_get_by_oid( struct nessus_plugin * plugins, const char * id); Modified: trunk/openvas-client/nessus/plugin_cache.c =================================================================== --- trunk/openvas-client/nessus/plugin_cache.c 2008-12-03 12:30:03 UTC (rev 1902) +++ trunk/openvas-client/nessus/plugin_cache.c 2008-12-03 12:34:55 UTC (rev 1903) @@ -103,9 +103,9 @@ /* file format constants */ #define MAX_HEADER_ITEMS 3 -#define MAX_LINE_ITEMS 14 +#define MAX_LINE_ITEMS 15 #define HEADER_MAGIC "OpenVASNVTDescCache" -#define FILE_FORMAT_VERSION 1 +#define FILE_FORMAT_VERSION 2 #define NVT_KEYWORD "nvt" #define DEP_KEYWORD "dependency" #define END_KEYWORD "end" @@ -244,10 +244,11 @@ char * md5sum = plugin->md5sum; if (md5sum == NULL) md5sum = ""; - return write_record(file, "ksssssssssssss", NVT_KEYWORD, + return write_record(file, "kssssssssssssss", NVT_KEYWORD, plugin->oid, md5sum, plugin->name, plugin->category, plugin->copyright, nessus_plugin_get_description(plugin), plugin->summary, plugin->family, - plugin->version, plugin->cve, plugin->bid, plugin->xrefs, plugin->sign_key_ids); + plugin->version, plugin->cve, plugin->bid, plugin->xrefs, + plugin->sign_key_ids, plugin->script_tags); } @@ -731,13 +732,14 @@ break; } /* If the line has 14 items and first one is the nvt- keyword, parse a nvt*/ - if (nitems == 14 && strcmp(items[0], NVT_KEYWORD) == 0) + if (nitems == 15 && strcmp(items[0], NVT_KEYWORD) == 0) { struct nessus_plugin *plugin = nessus_plugin_new(items[1] /*oid*/, items[3] /*name*/, items[4] /*category*/, items[5] /*copyright*/, items[6] /*description*/, items[7] /*summary*/, items[8] /*family*/, items[9] /*version*/, items[10] /*cve*/, - items[11] /*bid*/, items[12] /*xref*/, items[13] /*sign_key_ids*/); + items[11] /*bid*/, items[12] /*xref*/, items[13] /*sign_key_ids*/, + items[14] /* script_tags*/ ); /* add the md5sum */ nessus_plugin_set_md5sum(plugin, items[2]); Modified: trunk/openvas-client/nessus/plugin_infos.c =================================================================== --- trunk/openvas-client/nessus/plugin_infos.c 2008-12-03 12:30:03 UTC (rev 1902) +++ trunk/openvas-client/nessus/plugin_infos.c 2008-12-03 12:34:55 UTC (rev 1903) @@ -434,7 +434,18 @@ gtk_misc_set_alignment((GtkMisc *)label, 0, 1); gtk_widget_show(label); } - + + /* Script Tags */ + txt = plugin->script_tags; + if(txt != NULL && txt[0] != '\0' && strcmp(txt, "NOTAG") != 0) + { + snprintf(buf, sizeof(buf), _("Script tags: %s"), txt); + label = gtk_label_new(buf); + gtk_box_pack_start(GTK_BOX(vbox), label, FALSE,FALSE,0); + gtk_misc_set_alignment((GtkMisc *)label, 0, 1); + gtk_widget_show(label); + } + /* A separator */ separator = gtk_hseparator_new(); gtk_box_pack_start(GTK_BOX(vbox), separator, FALSE, FALSE,0); From scm-commit at wald.intevation.org Wed Dec 3 13:39:20 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 13:39:20 +0100 (CET) Subject: [Openvas-commits] r1904 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20081203123920.BD54440742@pyrosoma.intevation.org> Author: felix Date: 2008-12-03 13:39:20 +0100 (Wed, 03 Dec 2008) New Revision: 1904 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c Log: * /nessus/prefs_dialog/prefs_dialog_plugin_prefs.c : Comments added/ javadoc'ed. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-03 12:34:55 UTC (rev 1903) +++ trunk/openvas-client/ChangeLog 2008-12-03 12:39:20 UTC (rev 1904) @@ -1,5 +1,10 @@ 2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * /nessus/prefs_dialog/prefs_dialog_plugin_prefs.c : Comments added/ + javadoc'ed. + +2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Implementation of script tags according to CR #22 (http://www.openvas.org/openvas-cr-22.html). Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-03 12:34:55 UTC (rev 1903) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-03 12:39:20 UTC (rev 1904) @@ -77,7 +77,6 @@ } } - struct arglist * prefs_dialog_plugins_prefs() { @@ -120,6 +119,7 @@ "FRAME_CREDENTIALS")), readonly); } + void prefs_dialog_plugins_prefs_fill(context, ctrls, plugins) struct context *context; @@ -174,7 +174,7 @@ } } -/* +/** * Clean up the plugin preferences and plugin * preferences widgets */ @@ -207,7 +207,7 @@ } } -/* +/** * Redraw the plugins preferences */ void @@ -321,7 +321,13 @@ return vbox; } - +/** + * Close the file dialog filew. + * Callback for select_file. + * @param filew GtkWidget to hide and destroy. + * @param nul Ignored. + * @return Always 0. + */ static int file_dialog_hide(GtkWidget * filew, GtkWidget * nul) { @@ -330,7 +336,13 @@ return 0; } - +/** + * Callback for click on OK button in file selection dialog. + * @see select_file + * @param nul Ignored (callback). + * @param filew Gtk File Selection widget. + * @return Always 0. + */ static int file_selected(GtkWidget * nul, GtkWidget * filew) { @@ -344,6 +356,15 @@ gtk_entry_set_text(GTK_ENTRY(entry), fname); return 0; } + +/** + * Displays file selection dialog. + * Callback for OK button is file_selected. + * @see file_selected + * @param b Ignored. + * @param ctrl Arglist on which to operate (in callback). + * @return Always 0. + */ static int select_file(GtkWidget * b, struct arglist *ctrls) { From scm-commit at wald.intevation.org Wed Dec 3 15:02:51 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 15:02:51 +0100 (CET) Subject: [Openvas-commits] r1905 - trunk/openvas-plugins/scripts Message-ID: <20081203140251.5410E4073C@pyrosoma.intevation.org> Author: chandra Date: 2008-12-03 15:02:49 +0100 (Wed, 03 Dec 2008) New Revision: 1905 Added: trunk/openvas-plugins/scripts/gb_zim_server_mult_vuln_800201.nasl Log: Released Added: trunk/openvas-plugins/scripts/gb_zim_server_mult_vuln_800201.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_zim_server_mult_vuln_800201.nasl 2008-12-03 12:39:20 UTC (rev 1904) +++ trunk/openvas-plugins/scripts/gb_zim_server_mult_vuln_800201.nasl 2008-12-03 14:02:49 UTC (rev 1905) @@ -0,0 +1,105 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_zim_server_mult_vuln_800201.nasl 549 2008-12-01 17:00:05Z dec $ +# +# ZIM Server Multiple Vulnerabilities +# +# Authors: +# Sujit Ghosal <sghosal at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800201); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5279", "CVE-2008-5280"); + script_bugtraq_id(27940); + script_name(english:"ZIM Server Multiple Vulnerabilities"); + desc["english"] = " + + Overview: The host is installed with ZIM Server and is prone to multiple + vulnerabilities. + + Vulnerability Insight: + The issues are due to, + - boundary errors in the server while handling overly long crafted packets + sent to default prot 7700. + - a null pointer de-reference within the server will crash the service via + a specially crafted packet sent to default port 7700. + + Impact: + Successful exploitation could result in remote arbitrary code execution and + cause denial of service. + + Impact Level: System + + Affected Software/OS: + Zilab Software Zilab Chat and Instant Messaging Server 2.1 and prior. + + Fix: + No solution or patch is available as on 2nd December, 2008. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.zilab.com/zim.shtml. + + References: + http://aluigi.altervista.org/adv/zilabzcsx-adv.txt + http://en.securitylab.ru/nvd/363848.php + http://secunia.com/advisories/29062 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 9.0 + Risk factor: Critical"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of ZIM IM Server"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Denial of Service"); + script_dependencies("secpod_reg_enum.nasl"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +entries = registry_enum_keys(key:key); +foreach item (entries) +{ + ver = registry_get_sz(key:key + item, item:"DisplayName"); + if("Zim" >< ver) + { + zimVer = eregmatch(pattern:"Zim v([0-9.]+)", string:ver); + if(zimVer[1] != NULL) + { + # Grep for version <= 2.1 + if(version_is_less_equal(version:zimVer[1], test_version:"2.1")){ + security_hole(0); + } + } + exit(0); + } +} From scm-commit at wald.intevation.org Wed Dec 3 15:04:13 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 15:04:13 +0100 (CET) Subject: [Openvas-commits] r1906 - trunk/openvas-plugins Message-ID: <20081203140413.C8A784073C@pyrosoma.intevation.org> Author: chandra Date: 2008-12-03 15:04:10 +0100 (Wed, 03 Dec 2008) New Revision: 1906 Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-03 14:02:49 UTC (rev 1905) +++ trunk/openvas-plugins/ChangeLog 2008-12-03 14:04:10 UTC (rev 1906) @@ -1,3 +1,7 @@ +2008-12-03 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_zim_server_mult_vuln_800201.nasl: + Added new plugin + 2008-12-02 Chandrashekhar B <bchandra at secpod.com> * scripts/secpod_bitdefender_pdf_parsing_dos_vuln_900180.nasl, scripts/secpod_hp_smh_unspecified_sec_bypass_vuln_900167.nasl, From scm-commit at wald.intevation.org Wed Dec 3 15:33:34 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 15:33:34 +0100 (CET) Subject: [Openvas-commits] r1907 - in trunk/openvas-plugins: . packaging/debian packaging/debian/patches Message-ID: <20081203143334.8F7604074C@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-03 15:33:34 +0100 (Wed, 03 Dec 2008) New Revision: 1907 Removed: trunk/openvas-plugins/packaging/debian/patches/04_free_plugins.dpatch Modified: trunk/openvas-plugins/CHANGES trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/VERSION trunk/openvas-plugins/packaging/debian/changelog trunk/openvas-plugins/packaging/debian/patches/00list Log: Preparing the openvas-plugins 1.0.5 release. * VERSION: Set to 1.0.5. * CHANGES: Updated. * ChangeLog: Tidied. * packaging/debian/patches/04_free_plugins.dpatch: Removed obsolete patch file. * packaging/debian/patches/00list: Updated. * packaging/debian/changelog: Updated. Modified: trunk/openvas-plugins/CHANGES =================================================================== --- trunk/openvas-plugins/CHANGES 2008-12-03 14:04:10 UTC (rev 1906) +++ trunk/openvas-plugins/CHANGES 2008-12-03 14:33:34 UTC (rev 1907) @@ -1,3 +1,38 @@ +openvas-plugins 1.0.5 (2008-12-03) + +This release is a maintenance release with an updated NVT collection. + +As with all openvas-plugins releases, it is recommended that you execute the +openvas-nvt-sync tool provided by the openvas-server component after installing +this release to ensure that your OpenVAS installation has access to the latest +NVTs. + +Main changes from 1.0.4 are: + +* A large number of new NVTs has been added. +* A large number of new NVTs has been updated. +* Several NVTs written in C have been updated to improve their 64-bit + cleanliness and to build more reliable. This introduces a new dependency on + glib to openvas-plugins. +* Improved host OS detection when gathering package information from a remote + host. +* Various bugfixes. +* Code cleanup. +* Updated packaging for Debian. + +This release contains contributions by: + +Tim Brown +Hanno Boeck +Chandrashekhar B +Stjepan Gros +Vlatko Kosturjak +Thomas Reinke +Joey Schulze +Jan-Oliver Wagner +Michael Wiegand + + openvas-plugins 1.0.4 (2008-10-27) This release is a maintenance release with an updated NVT collection. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-03 14:04:10 UTC (rev 1906) +++ trunk/openvas-plugins/ChangeLog 2008-12-03 14:33:34 UTC (rev 1907) @@ -1,34 +1,54 @@ -2008-12-03 Chandrashekhar B <bchandra at secpod.com> +2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> + + Preparing the openvas-plugins 1.0.5 release. + + * VERSION: Set to 1.0.5. + + * CHANGES: Updated. + + * ChangeLog: Tidied. + + * packaging/debian/patches/04_free_plugins.dpatch: Removed obsolete + patch file. + + * packaging/debian/patches/00list: Updated. + + * packaging/debian/changelog: Updated. + +2008-12-03 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_zim_server_mult_vuln_800201.nasl: - Added new plugin + Added new plugin -2008-12-02 Chandrashekhar B <bchandra at secpod.com> +2008-12-02 Chandrashekhar B <bchandra at secpod.com> + * scripts/secpod_bitdefender_pdf_parsing_dos_vuln_900180.nasl, - scripts/secpod_hp_smh_unspecified_sec_bypass_vuln_900167.nasl, - scripts/secpod_pi3web_isapi_request_dos_vuln_900402.nasl, - scripts/secpod_ms_rtcp_remote_dos_vuln_900404.nasl, - scripts/secpod_openfire_secbypass_900401.nasl, - scripts/secpod_ms_sql_server_2000_activex_bof_vuln_900125.nasl, - scripts/secpod_free_directory_script_file_inclusion_vuln_900181.nasl, - scripts/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl, - scripts/secpod_flexcell_activex_file_overwrire_vuln_900406.nasl, - scripts/secpod_cutenews_detect_win_900128.nasl, - scripts/secpod_openssh_information_disclosure_vuln_900179.nasl, - scripts/secpod_hp_openview_nnm_xss_vuln_900403.nasl, - scripts/secpod_mdaemon_script_insertion_vuln_900405.nasl, - scripts/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl, - scripts/secpod_ms_win_local_dos_vuln_900178.nasl, - scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl: - Added new plugins + scripts/secpod_hp_smh_unspecified_sec_bypass_vuln_900167.nasl, + scripts/secpod_pi3web_isapi_request_dos_vuln_900402.nasl, + scripts/secpod_ms_rtcp_remote_dos_vuln_900404.nasl, + scripts/secpod_openfire_secbypass_900401.nasl, + scripts/secpod_ms_sql_server_2000_activex_bof_vuln_900125.nasl, + scripts/secpod_free_directory_script_file_inclusion_vuln_900181.nasl, + scripts/secpod_vim_shell_cmd_injection_vuln_lin_900412.nasl, + scripts/secpod_flexcell_activex_file_overwrire_vuln_900406.nasl, + scripts/secpod_cutenews_detect_win_900128.nasl, + scripts/secpod_openssh_information_disclosure_vuln_900179.nasl, + scripts/secpod_hp_openview_nnm_xss_vuln_900403.nasl, + scripts/secpod_mdaemon_script_insertion_vuln_900405.nasl, + scripts/secpod_vim_shell_cmd_injection_vuln_win_900411.nasl, + scripts/secpod_ms_win_local_dos_vuln_900178.nasl, + scripts/secpod_expert_pdf_viewer_activex_file_overwrite_vuln_900174.nasl: + Added new plugins -2008-12-01 Chandrashekhar B <bchandra at secod.com> +2008-12-01 Chandrashekhar B <bchandra at secod.com> + * scripts/gb_aceftp_remote_dir_traversal_vuln.nasl, - scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl, - scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl, - scripts/gb_streamripper_mult_bof_vuln_nov08_win.nasl, - scripts/gb_sphider_query_param_xss_vuln.nasl, - scripts/gb_admidio_remote_dir_trvsl_vuln.nasl: - Added new plugins + scripts/gb_clanlite_sql_inj_n_xss_vuln.nasl, + scripts/gb_streamripper_mult_bof_vuln_nov08_lin.nasl, + scripts/gb_streamripper_mult_bof_vuln_nov08_win.nasl, + scripts/gb_sphider_query_param_xss_vuln.nasl, + scripts/gb_admidio_remote_dir_trvsl_vuln.nasl: + Added new plugins 2008-11-28 Joey Schulze <joey at infodrom.org> @@ -45,14 +65,15 @@ scripts/cherokee_0_4_7.nasl, scripts/ciscoworks_detect.nasl, scripts/ftp_writeable_directories.nasl: Clarify license to GPLv2 -2008-11-27 Chandrashekhar B <bchandra at secpod.com> +2008-11-27 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_novell_iprint_actvx_ctrl_vuln.nasl, - scripts/gb_seportal_sql_inj_vuln.nasl, - scripts/gb_nagios_csrf_n_auth_bypass_vuln.nasl, - scripts/gb_ms_win_media_services_actvx_bof_vuln.nasl, - scripts/gb_adobe_fms_video_stream_sec_vuln.nasl, - scripts/gb_ruby_rails_http_header_inj_vuln_lin.nasl: - Added new plugins + scripts/gb_seportal_sql_inj_vuln.nasl, + scripts/gb_nagios_csrf_n_auth_bypass_vuln.nasl, + scripts/gb_ms_win_media_services_actvx_bof_vuln.nasl, + scripts/gb_adobe_fms_video_stream_sec_vuln.nasl, + scripts/gb_ruby_rails_http_header_inj_vuln_lin.nasl: + Added new plugins 2008-11-26 Jan-Oliver Wagner <jan-oliver.wagner at intevation.de> @@ -73,66 +94,72 @@ (fwd_data): Removed this function as was defined for code path Not NEW_KB_MGMT. -2008-11-26 Chandrashekhar B <bchandra at secpod.com> +2008-11-26 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_clamav_remote_dos_vuln.nasl, - scripts/gb_wincomlpd_total_mult_vuln.nasl, - scripts/gb_cups_guest_acc_dos_vuln.nasl, - scripts/gb_eticket_pri_para_mult_sql_inj_vuln.nasl: - Added new plugins + scripts/gb_wincomlpd_total_mult_vuln.nasl, + scripts/gb_cups_guest_acc_dos_vuln.nasl, + scripts/gb_eticket_pri_para_mult_sql_inj_vuln.nasl: + Added new plugins -2008-11-25 Thomas Reinke <reinke at securityspace.com> - * Reduced deb_1669_1.nasl description string to +2008-11-25 Thomas Reinke <reinke at securityspace.com> + + * deb_1669_1.nasl: Reduced description string to allow it to load. -2008-11-24 Thomas Reinke <reinke at securityspace.com> +2008-11-24 Thomas Reinke <reinke at securityspace.com> + * deb_1666_1.nasl deb_1667_1.nasl deb_1668_1.nasl deb_1669_1.nasl - freebsd_dovecot1.nasl freebsd_enscript-a40.nasl - freebsd_imlib21.nasl freebsd_libxml21.nasl freebsd_mantis2.nasl - freebsd_openfire0.nasl freebsd_streamripper.nasl - freebsd_syslog-ng2.nasl freebsdsa_arc4random.nasl - New scripts. + freebsd_dovecot1.nasl freebsd_enscript-a40.nasl + freebsd_imlib21.nasl freebsd_libxml21.nasl freebsd_mantis2.nasl + freebsd_openfire0.nasl freebsd_streamripper.nasl + freebsd_syslog-ng2.nasl freebsdsa_arc4random.nasl: + New scripts. -2008-11-24 Thomas Reinke <reinke at securityspace.com> - * scripts/secpod_ms_win_media_player_detect_900173.nasl - Fix missing include file +2008-11-24 Thomas Reinke <reinke at securityspace.com> -2008-11-21 Chandrashekhar B <bchandra at secpod.com> + * scripts/secpod_ms_win_media_player_detect_900173.nasl: + Fix missing include file + +2008-11-21 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_wordpress_request_array_csrf_vuln.nasl, - scripts/gb_seamonkey_mult_vuln_nov08_win.nasl, - scripts/gb_klite_mega_codec_dos_vuln.nasl, - scripts/gb_opera_file_heap_bof_vuln_win.nasl, - scripts/gb_firefox_mult_vuln_nov08_lin.nasl, - scripts/gb_novell_edir_mult_vuln_nov08_lin.nasl, - scripts/gb_novell_edir_ncp_mem_crptn_vuln_lin.nasl, - scripts/gb_firefox_mult_vuln_nov08_win.nasl, - scripts/gb_novell_edir_mult_vuln_nov08_win.nasl, - scripts/gb_novell_edir_ncp_mem_crptn_vuln_win.nasl, - scripts/gb_adobe_air_js_code_exec_vuln.nasl, - scripts/gb_myserver_remote_dos_vuln.nasl, - scripts/gb_thunderbird_mult_vuln_nov08_lin.nasl, - scripts/gb_seamonkey_mult_vuln_nov08_lin.nasl, - scripts/gb_sami_ftp_serv_mult_cmd_dos_vuln.nasl, - scripts/gb_zope_python_scripts_dos_vuln_lin.nasl, - scripts/gb_thunderbird_mult_vuln_nov08_win.nasl: - Added new plugins + scripts/gb_seamonkey_mult_vuln_nov08_win.nasl, + scripts/gb_klite_mega_codec_dos_vuln.nasl, + scripts/gb_opera_file_heap_bof_vuln_win.nasl, + scripts/gb_firefox_mult_vuln_nov08_lin.nasl, + scripts/gb_novell_edir_mult_vuln_nov08_lin.nasl, + scripts/gb_novell_edir_ncp_mem_crptn_vuln_lin.nasl, + scripts/gb_firefox_mult_vuln_nov08_win.nasl, + scripts/gb_novell_edir_mult_vuln_nov08_win.nasl, + scripts/gb_novell_edir_ncp_mem_crptn_vuln_win.nasl, + scripts/gb_adobe_air_js_code_exec_vuln.nasl, + scripts/gb_myserver_remote_dos_vuln.nasl, + scripts/gb_thunderbird_mult_vuln_nov08_lin.nasl, + scripts/gb_seamonkey_mult_vuln_nov08_lin.nasl, + scripts/gb_sami_ftp_serv_mult_cmd_dos_vuln.nasl, + scripts/gb_zope_python_scripts_dos_vuln_lin.nasl, + scripts/gb_thunderbird_mult_vuln_nov08_win.nasl: + Added new plugins * scripts/gb_adobe_flash_player_mult_vuln_nov08_win.nasl, - scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl: - Updated to include new CVE + scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl: + Updated to include new CVE -2008-11-20 Thomas Reinke <reinke at securityspace.com> +2008-11-20 Thomas Reinke <reinke at securityspace.com> + * Updated *ms08*.nasl tests to be in the - "Windows : Microsoft Bulletins" script family + "Windows : Microsoft Bulletins" script family -2008-11-19 Thomas Reinke <reinke at securityspace.com> +2008-11-19 Thomas Reinke <reinke at securityspace.com> + * deb_1662_1.nasl deb_1663_1.nasl deb_1664_1.nasl deb_1665_1.nasl - freebsd_clamav16.nasl freebsd_emacs.nasl freebsd_faad2.nasl - freebsd_firefox35.nasl freebsd_gnutls3.nasl freebsd_net-snmp2.nasl - freebsd_opera14.nasl freebsd_phpMyAdmin17.nasl freebsd_qemu3.nasl - freebsd_trac4.nasl freebsd_vlc0.nasl glsa_200811_01.nasl - glsa_200811_02.nasl glsa_200811_03.nasl glsa_200811_04.nasl - glsa_200811_05.nasl - New scripts + freebsd_clamav16.nasl freebsd_emacs.nasl freebsd_faad2.nasl + freebsd_firefox35.nasl freebsd_gnutls3.nasl freebsd_net-snmp2.nasl + freebsd_opera14.nasl freebsd_phpMyAdmin17.nasl freebsd_qemu3.nasl + freebsd_trac4.nasl freebsd_vlc0.nasl glsa_200811_01.nasl + glsa_200811_02.nasl glsa_200811_03.nasl glsa_200811_04.nasl + glsa_200811_05.nasl: New scripts 2008-11-18 Michael Wiegand <michael.wiegand at intevation.de> @@ -142,11 +169,11 @@ * configure: Regenerated. -2008-11-17 Thomas Reinke <reinke at securityspace.com> - * reverted SuSE detection in gather-package-list.nasl to something - verbose but working - * added detection for openSUSE release 10.3 and 11.0 +2008-11-17 Thomas Reinke <reinke at securityspace.com> + * scripts/gather-package-list.nasl: Reverted SuSE detection in to something + verbose but working, added detection for openSUSE release 10.3 and 11.0 + 2008-11-17 Michael Wiegand <michael.wiegand at intevation.de> * scripts/gather-package-list.nasl: Temporarily commented out broken @@ -159,8 +186,7 @@ 2008-11-14 Vlatko Kosturjak <kost at linux.hr> - * extra/openvas_disp_script_id.pl, - extra/openvas_find_dup_nasl.pl + * extra/openvas_disp_script_id.pl, extra/openvas_find_dup_nasl.pl: Add of new scripts which can help in scripting and testing of duplicate script_ids in nasl scripts @@ -170,25 +196,26 @@ be compatible with autoconf 2.60 (see http://www.gnu.org/software/libtool/manual/autoconf/Changed-Directory-Variables.html). -2008-11-14 Chandrashekhar B <bchandra at secpod.com> +2008-11-14 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_vlc_media_player_mult_bof_vuln_nov08_win.nasl, - scripts/gb_vlc_media_player_mult_bof_vuln_nov08_lin.nasl, - scripts/gb_ultravnc_cpp_file_mult_bof_vuln.nasl, - scripts/gb_phpx_sql_inj_vuln_nov08.nasl, - scripts/gb_python_intgr_overflow_vuln_win.nasl: - Added new plugins + scripts/gb_vlc_media_player_mult_bof_vuln_nov08_lin.nasl, + scripts/gb_ultravnc_cpp_file_mult_bof_vuln.nasl, + scripts/gb_phpx_sql_inj_vuln_nov08.nasl, + scripts/gb_python_intgr_overflow_vuln_win.nasl: + Added new plugins * scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl, - scripts/gb_adobe_flash_player_sec_bypass_vuln_win.nasl: - Input validation + scripts/gb_adobe_flash_player_sec_bypass_vuln_win.nasl: + Input validation -2008-11-12 Chandrashekhar B <bchandra at secpod.com> - * scripts/secpod_ms08-069_900058.nasl, - scripts/secpod_ms08-068_900057.nasl, - scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl, - scripts/gb_adobe_flash_player_mult_vuln_nov08_win.nasl: - Added new plugins +2008-11-12 Chandrashekhar B <bchandra at secpod.com> + * scripts/secpod_ms08-069_900058.nasl, scripts/secpod_ms08-068_900057.nasl, + scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl, + scripts/gb_adobe_flash_player_mult_vuln_nov08_win.nasl: + Added new plugins + 2008-11-12 Michael Wiegand <michael.wiegand at intevation.de> Applying patch provided by Stjepan Gros to improve 64-bit cleanliness. @@ -215,21 +242,23 @@ * configure: Regenerated. -2008-11-11 Chandrashekhar B <bchandra at secpod.com> +2008-11-11 Chandrashekhar B <bchandra at secpod.com> + * scripts/secpod_chilkat_crypt_activex_cntl_vuln_900171.nasl, - scripts/secpod_ms_win_media_player_detect_900173.nasl, - scripts/secpod_ms_win_media_player_dos_vuln_900172.nasl: - Added new plugins + scripts/secpod_ms_win_media_player_detect_900173.nasl, + scripts/secpod_ms_win_media_player_dos_vuln_900172.nasl: + Added new plugins -2008-11-11 Chandrashekhar B <bchandra at secpod.com> +2008-11-11 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_aflog_cookie_auth_bypass_vuln.nasl, - scripts/gb_e107_alternate_profiles_remote_sql_inj_vuln.nasl, - scripts/gb_e107_easyshop_remote_sql_inj_vuln.nasl, - scripts/gb_python_imageop_bof_vuln_win.nasl, - scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_lin.nasl, - scripts/gb_twiki_tmp_file_handling_vuln.nasl, - scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_win.nasl: - Added new plugins + scripts/gb_e107_alternate_profiles_remote_sql_inj_vuln.nasl, + scripts/gb_e107_easyshop_remote_sql_inj_vuln.nasl, + scripts/gb_python_imageop_bof_vuln_win.nasl, + scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_lin.nasl, + scripts/gb_twiki_tmp_file_handling_vuln.nasl, + scripts/gb_openoffice_senddoc_tmp_file_creation_vuln_win.nasl: + Added new plugins 2008-11-07 Jan-Oliver Wagner <jan-oliver.wagner at intevation.de> @@ -269,10 +298,10 @@ Added new plugins. 2008-11-04 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_drupal_mult_vuln_oct08.nasl: Added new plugin. ->>>>>>> .r1767 2008-10-31 Thomas Reinke <reinke at securityspace.com> * deb_1646_2.nasl deb_1649_1.nasl deb_1650_1.nasl deb_1651_1.nasl @@ -283,7 +312,7 @@ freebsd_libspf2.nasl freebsd_libxine10.nasl freebsd_libxml20.nasl freebsd_linux-flashplugin4.nasl freebsd_openx.nasl freebsd_opera12.nasl freebsd_opera13.nasl freebsd_wordpress8.nasl - glsa_200810_02.nasl glsa_200810_03.nasl + glsa_200810_02.nasl glsa_200810_03.nasl: Added new plugins. 2008-10-31 Chandrashekhar B <bchandra at secpod.com> Modified: trunk/openvas-plugins/VERSION =================================================================== --- trunk/openvas-plugins/VERSION 2008-12-03 14:04:10 UTC (rev 1906) +++ trunk/openvas-plugins/VERSION 2008-12-03 14:33:34 UTC (rev 1907) @@ -1 +1 @@ -1.0.5.SVN +1.0.5 Modified: trunk/openvas-plugins/packaging/debian/changelog =================================================================== --- trunk/openvas-plugins/packaging/debian/changelog 2008-12-03 14:04:10 UTC (rev 1906) +++ trunk/openvas-plugins/packaging/debian/changelog 2008-12-03 14:33:34 UTC (rev 1907) @@ -1,3 +1,9 @@ +openvas-plugins (1.0.5-1) unstable; urgency=low + + * New upstream release. + + -- Michael Wiegand <michael.wiegand at intevation.de> Wed, 3 Dec 2008 14:58:36 +0100 + openvas-plugins (1.0.4-1) unstable; urgency=low * New upstream release Modified: trunk/openvas-plugins/packaging/debian/patches/00list =================================================================== --- trunk/openvas-plugins/packaging/debian/patches/00list 2008-12-03 14:04:10 UTC (rev 1906) +++ trunk/openvas-plugins/packaging/debian/patches/00list 2008-12-03 14:33:34 UTC (rev 1907) @@ -1,4 +1,3 @@ 01_makefile_fix_distclean.dpatch 02_adjust_examples.dpatch 03_makefile_clean_space.dpatch -04_free_plugins.dpatch.dpatch Deleted: trunk/openvas-plugins/packaging/debian/patches/04_free_plugins.dpatch =================================================================== --- trunk/openvas-plugins/packaging/debian/patches/04_free_plugins.dpatch 2008-12-03 14:04:10 UTC (rev 1906) +++ trunk/openvas-plugins/packaging/debian/patches/04_free_plugins.dpatch 2008-12-03 14:33:34 UTC (rev 1907) @@ -1,70 +0,0 @@ -#! /bin/sh /usr/share/dpatch/dpatch-run -## 04_free_plugins.dpatch by Joey Schulze <joey at infodrom.org> -## -## All lines beginning with `## DP:' are a description of the patch. -## DP: It is the understanding of the OpenVAS project team that any -## DP: script distributed via the Tenable GPL feed is indeed GPLed as -## DP: per definition. They applied GPLv2 to the occasional tarballs, -## DP: so it is pretty clear the mean v2. (Jan-Oliver Wagner) - - - at DPATCH@ -diff -urNad openvas-plugins-1.0.4~/scripts/apache_conn_block.nasl openvas-plugins-1.0.4/scripts/apache_conn_block.nasl ---- openvas-plugins-1.0.4~/scripts/apache_conn_block.nasl 2008-11-28 10:57:01.000000000 +0100 -+++ openvas-plugins-1.0.4/scripts/apache_conn_block.nasl 2008-11-28 10:57:49.000000000 +0100 -@@ -1,3 +1,7 @@ -+# -+# GPL licensed by Tenable and distributed under Tenable GPL feed - 10 July 2006 -+# -+ - # Original script written by Tenable Network Security - # Modified by Scott Shebby scotts at scanalert.com - # OS check by George Theall -diff -urNad openvas-plugins-1.0.4~/scripts/bugbear_b_1080.nasl openvas-plugins-1.0.4/scripts/bugbear_b_1080.nasl ---- openvas-plugins-1.0.4~/scripts/bugbear_b_1080.nasl 2008-11-28 10:57:01.000000000 +0100 -+++ openvas-plugins-1.0.4/scripts/bugbear_b_1080.nasl 2008-11-28 10:57:49.000000000 +0100 -@@ -1,4 +1,8 @@ - # -+# GPL licensed by Tenable and distributed under Tenable GPL feed - 10 July 2006 -+# -+ -+# - # (C) Tenable Network Security - # - -diff -urNad openvas-plugins-1.0.4~/scripts/cherokee_0_4_7.nasl openvas-plugins-1.0.4/scripts/cherokee_0_4_7.nasl ---- openvas-plugins-1.0.4~/scripts/cherokee_0_4_7.nasl 2008-11-28 10:57:01.000000000 +0100 -+++ openvas-plugins-1.0.4/scripts/cherokee_0_4_7.nasl 2008-11-28 10:57:49.000000000 +0100 -@@ -1,4 +1,8 @@ - # -+# GPL licensed by Tenable and distributed under Tenable GPL feed - 10 July 2006 -+# -+ -+# - # (C) Tenable Network Security - # - -diff -urNad openvas-plugins-1.0.4~/scripts/ciscoworks_detect.nasl openvas-plugins-1.0.4/scripts/ciscoworks_detect.nasl ---- openvas-plugins-1.0.4~/scripts/ciscoworks_detect.nasl 2008-11-28 10:57:01.000000000 +0100 -+++ openvas-plugins-1.0.4/scripts/ciscoworks_detect.nasl 2008-11-28 10:57:49.000000000 +0100 -@@ -1,4 +1,8 @@ - # -+# GPL licensed by Tenable and distributed under Tenable GPL feed - 10 July 2006 -+# -+ -+# - # (C) Tenable Network Security - # - -diff -urNad openvas-plugins-1.0.4~/scripts/ftp_writeable_directories.nasl openvas-plugins-1.0.4/scripts/ftp_writeable_directories.nasl ---- openvas-plugins-1.0.4~/scripts/ftp_writeable_directories.nasl 2008-11-28 10:57:01.000000000 +0100 -+++ openvas-plugins-1.0.4/scripts/ftp_writeable_directories.nasl 2008-11-28 10:57:49.000000000 +0100 -@@ -1,4 +1,8 @@ - # -+# GPL licensed by Tenable and distributed under Tenable GPL feed - 10 July 2006 -+# -+ -+# - # (C) Tenable Network Security - # - From scm-commit at wald.intevation.org Wed Dec 3 15:38:07 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 15:38:07 +0100 (CET) Subject: [Openvas-commits] r1908 - tags Message-ID: <20081203143807.52B9F4C02D@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-03 15:38:07 +0100 (Wed, 03 Dec 2008) New Revision: 1908 Added: tags/openvas-plugins-release-1.0.5/ Log: Tagging the openvas-plugins 1.0.5 release. Copied: tags/openvas-plugins-release-1.0.5 (from rev 1907, trunk/openvas-plugins) From scm-commit at wald.intevation.org Wed Dec 3 15:40:03 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 15:40:03 +0100 (CET) Subject: [Openvas-commits] r1909 - trunk/openvas-plugins Message-ID: <20081203144003.D5BAC40763@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-03 15:40:03 +0100 (Wed, 03 Dec 2008) New Revision: 1909 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/VERSION Log: Post release version bump. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-03 14:38:07 UTC (rev 1908) +++ trunk/openvas-plugins/ChangeLog 2008-12-03 14:40:03 UTC (rev 1909) @@ -1,5 +1,11 @@ 2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> + Post release version bump. + + * VERSION: Set to 1.0.6.SVN. + +2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> + Preparing the openvas-plugins 1.0.5 release. * VERSION: Set to 1.0.5. Modified: trunk/openvas-plugins/VERSION =================================================================== --- trunk/openvas-plugins/VERSION 2008-12-03 14:38:07 UTC (rev 1908) +++ trunk/openvas-plugins/VERSION 2008-12-03 14:40:03 UTC (rev 1909) @@ -1 +1 @@ -1.0.5 +1.0.6.SVN From scm-commit at wald.intevation.org Wed Dec 3 15:48:09 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 15:48:09 +0100 (CET) Subject: [Openvas-commits] r1910 - trunk/doc/website Message-ID: <20081203144809.4B65040747@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-03 15:48:09 +0100 (Wed, 03 Dec 2008) New Revision: 1910 Modified: trunk/doc/website/code-quality.htm4 trunk/doc/website/template_header.m4 Log: Update links and code quality numbers for openvas-plugins 1.0.5. Modified: trunk/doc/website/code-quality.htm4 =================================================================== --- trunk/doc/website/code-quality.htm4 2008-12-03 14:40:03 UTC (rev 1909) +++ trunk/doc/website/code-quality.htm4 2008-12-03 14:48:09 UTC (rev 1910) @@ -292,6 +292,13 @@ <td>126/16</td> <td>not analyzed</td> </tr> +<tr> + <td>1.0.5</td> + <td>6300</td> + <td>374</td> + <td>125/16</td> + <td>not analyzed</td> +</tr> </table> <h3>OpenVAS-Client</h3> Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2008-12-03 14:40:03 UTC (rev 1909) +++ trunk/doc/website/template_header.m4 2008-12-03 14:48:09 UTC (rev 1910) @@ -143,7 +143,7 @@ <a href="http://wald.intevation.org/frs/?group_id=29&release_id=190">openvas-libraries 1.0.2</a><br> <a href="http://wald.intevation.org/frs/?group_id=29&release_id=191">openvas-libnasl 1.0.1</a><br> <a href="http://wald.intevation.org/frs/?group_id=29&release_id=196">openvas-server 1.0.2</a><br> - <a href="http://wald.intevation.org/frs/?group_id=29&release_id=217">openvas-plugins 1.0.4</a><br> + <a href="http://wald.intevation.org/frs/?group_id=29&release_id=225">openvas-plugins 1.0.5</a><br> </p> <p> @@ -159,7 +159,7 @@ <a href="http://wald.intevation.org/frs/?group_id=29&release_id=221">openvas-libnasl 2.0-beta2</a><br> <a href="http://wald.intevation.org/frs/?group_id=29&release_id=222">openvas-server 2.0-beta2</a><br> <a href="http://wald.intevation.org/frs/?group_id=29&release_id=223">openvas-client 2.0-beta2</a><br> - openvas-plugins: Use <a href="http://wald.intevation.org/frs/?group_id=29&release_id=217">openvas-plugins 1.0.4</a><br> + openvas-plugins: Use <a href="http://wald.intevation.org/frs/?group_id=29&release_id=225">openvas-plugins 1.0.5</a><br> </p> </div> From scm-commit at wald.intevation.org Wed Dec 3 18:25:25 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 18:25:25 +0100 (CET) Subject: [Openvas-commits] r1911 - in trunk/openvas-plugins: . scripts Message-ID: <20081203172525.3A9864073C@pyrosoma.intevation.org> Author: reinke Date: 2008-12-03 18:25:22 +0100 (Wed, 03 Dec 2008) New Revision: 1911 Added: trunk/openvas-plugins/scripts/deb_1670_1.nasl trunk/openvas-plugins/scripts/deb_1671_1.nasl trunk/openvas-plugins/scripts/deb_1672_1.nasl trunk/openvas-plugins/scripts/deb_1673_1.nasl trunk/openvas-plugins/scripts/deb_1674_1.nasl trunk/openvas-plugins/scripts/deb_1675_1.nasl trunk/openvas-plugins/scripts/deb_1676_1.nasl trunk/openvas-plugins/scripts/freebsd_cups-base7.nasl trunk/openvas-plugins/scripts/freebsd_hplip.nasl trunk/openvas-plugins/scripts/freebsd_openoffice.org-2.nasl trunk/openvas-plugins/scripts/freebsd_samba14.nasl trunk/openvas-plugins/scripts/freebsd_wordpress9.nasl trunk/openvas-plugins/scripts/glsa_200812_01.nasl trunk/openvas-plugins/scripts/glsa_200812_02.nasl trunk/openvas-plugins/scripts/glsa_200812_03.nasl trunk/openvas-plugins/scripts/glsa_200812_04.nasl trunk/openvas-plugins/scripts/glsa_200812_05.nasl trunk/openvas-plugins/scripts/glsa_200812_06.nasl trunk/openvas-plugins/scripts/glsa_200812_07.nasl Modified: trunk/openvas-plugins/ChangeLog Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/ChangeLog 2008-12-03 17:25:22 UTC (rev 1911) @@ -1,3 +1,13 @@ +2008-12-03 Thomas Reinke <reinke at securityspace.com> + * deb_1670_1.nasl deb_1671_1.nasl deb_1672_1.nasl + deb_1673_1.nasl deb_1674_1.nasl deb_1675_1.nasl + deb_1676_1.nasl freebsd_cups-base7.nasl freebsd_hplip.nasl + freebsd_openoffice.org-2.nasl freebsd_samba14.nasl + freebsd_wordpress9.nasl glsa_200812_01.nasl glsa_200812_02.nasl + glsa_200812_03.nasl glsa_200812_04.nasl glsa_200812_05.nasl + glsa_200812_06.nasl glsa_200812_07.nasl + New scripts + 2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> Post release version bump. Added: trunk/openvas-plugins/scripts/deb_1670_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1670_1.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/deb_1670_1.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,94 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1670-1 (enscript) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61933); + script_cve_id("CVE-2008-3863", "CVE-2008-4306"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1670-1 (enscript)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to enscript +announced via advisory DSA 1670-1. + +Several vulnerabilities have been discovered in Enscript, a converter +from ASCII text to Postscript, HTML or RTF. The Common Vulnerabilities +and Exposures project identifies the following problems: + +CVE-2008-3863 + +Ulf Harnhammer discovered that a buffer overflow may lead to +the execution of arbitrary code. + +CVE-2008-4306 + +Kees Cook and Tomas Hoger discovered that several buffer +overflows may lead to the execution of arbitrary code. + +For the stable distribution (etch), these problems have been fixed in +version 1.6.4-11.1. + +For the upcoming stable distribution (lenny) and the unstable +distribution (sid), these problems have been fixed in version 1.6.4-13. + +We recommend that you upgrade your enscript package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201670-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1670-1 (enscript)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"enscript", ver:"1.6.4-11.1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1671_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1671_1.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/deb_1671_1.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,174 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1671-1 (iceweasel) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61934); + if(NASL_LEVEL>=2191) { + script_cve_id("CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5021", "CVE-2008-5022", "CVE-2008-5023", "CVE-2008-5024"); + } else { + script_cve_id("CVE-2008-0017", "CVE-2008-4582", "CVE-2008-5012", "CVE-2008-5013", "CVE-2008-5014", "CVE-2008-5017", "CVE-2008-5018", "CVE-2008-5021"); + }; + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1671-1 (iceweasel)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to iceweasel +announced via advisory DSA 1671-1. + +Several remote vulnerabilities have been discovered in the Iceweasel +webbrowser, an unbranded version of the Firefox browser. The Common +Vulnerabilities and Exposures project identifies the following problems: + +CVE-2008-0017 + +Justin Schuh discovered that a buffer overflow in the http-index-format +parser could lead to arbitrary code execution. + +CVE-2008-4582 + +Liu Die Yu discovered an information leak through local shortcut +files. + +CVE-2008-5012 + +Georgi Guninski, Michal Zalewski and Chris Evan discovered that +the canvas element could be used to bypass same-origin +restrictions. + +CVE-2008-5013 + +It was discovered that insufficient checks in the Flash plugin glue +code could lead to arbitrary code execution. + +CVE-2008-5014 + +Jesse Ruderman discovered that a programming error in the +window.__proto__.__proto__ object could lead to arbitrary code +execution. + +CVE-2008-5017 + +It was discovered that crashes in the layout engine could lead to +arbitrary code execution. + +CVE-2008-5018 + +It was discovered that crashes in the Javascript engine could lead to +arbitrary code execution. + +CVE-2008-5021 + +It was discovered that a crash in the nsFrameManager might lead to +the execution of arbitrary code. + +CVE-2008-5022 + +moz_bug_r_a4 discovered that the same-origin check in +nsXMLHttpRequest::NotifyEventListeners() could be bypassed. + +CVE-2008-5023 + +Collin Jackson discovered that the -moz-binding property bypasses +security checks on codebase principals. + +CVE-2008-5024 + +Chris Evans discovered that quote characters were improperly +escaped in the default namespace of E4X documents. + +For the stable distribution (etch), these problems have been fixed in +version 2.0.0.18-0etch1. + +For the upcoming stable distribution (lenny) and the unstable distribution +(sid), these problems have been fixed in version 3.0.4-1 of iceweasel +and version 1.9.0.4-1 of xulrunner. Packages for arm and mips will be +provided soon. + +We recommend that you upgrade your iceweasel package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201671-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1671-1 (iceweasel)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"mozilla-firefox-gnome-support", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"firefox-dom-inspector", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"firefox-gnome-support", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"firefox", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"mozilla-firefox", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"iceweasel-dom-inspector", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"mozilla-firefox-dom-inspector", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"iceweasel", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"iceweasel-dbg", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"iceweasel-gnome-support", ver:"2.0.0.18-0etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1672_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1672_1.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/deb_1672_1.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,87 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1672-1 (imlib2) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61935); + script_cve_id("CVE-2008-5187"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1672-1 (imlib2)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to imlib2 +announced via advisory DSA 1672-1. + +Julien Danjou and Peter De Wachter discovered that a buffer overflow +in the XPM loader of Imlib2, a powerful image loading and rendering +library, might lead to arbitrary code execution. + +For the stable distribution (etch), this problem has been fixed in +version 1.3.0.0debian1-4+etch2. + +For the upcoming stable distribution (lenny) and the unstable +distribution (sid), this problem has been fixed in version 1.4.0-1.2. + +We recommend that you upgrade your imlib2 packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201672-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1672-1 (imlib2)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libimlib2-dev", ver:"1.3.0.0debian1-4+etch2", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libimlib2", ver:"1.3.0.0debian1-4+etch2", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1673_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1673_1.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/deb_1673_1.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,107 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1673-1 (wireshark) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61936); + script_cve_id("CVE-2008-3137", "CVE-2008-3138", "CVE-2008-3141", "CVE-2008-3145", "CVE-2008-3933", "CVE-2008-4683", "CVE-2008-4684", "CVE-2008-4685"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1673-1 (wireshark)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to wireshark +announced via advisory DSA 1673-1. + +Several remote vulnerabilities have been discovered network traffic +analyzer Wireshark. For details, please visit the referenced security +advisories. + +For the stable distribution (etch), these problems have been fixed in +version 0.99.4-5.etch.3. + +For the upcoming stable distribution (lenny), these problems have been +fixed in version 1.0.2-3+lenny2. + +For the unstable distribution (sid), these problems will be fixed soon. + +We recommend that you upgrade your wireshark packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201673-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1673-1 (wireshark)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"ethereal-common", ver:"0.99.4-5.etch.3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"tethereal", ver:"0.99.4-5.etch.3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark-common", ver:"0.99.4-5.etch.3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark-dev", ver:"0.99.4-5.etch.3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ethereal", ver:"0.99.4-5.etch.3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark", ver:"0.99.4-5.etch.3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ethereal-dev", ver:"0.99.4-5.etch.3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"tshark", ver:"0.99.4-5.etch.3", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1674_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1674_1.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/deb_1674_1.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,85 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1674-1 (jailer) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61937); + script_cve_id("CVE-2008-5139"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1674-1 (jailer)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to jailer +announced via advisory DSA 1674-1. + +Javier Fernandez-Sanguino Pena discovered that updatejail, a component +of the chroot maintenance tool Jailer, creates a predictable temporary +file name, which may lead to local denial of service through a symlink +attack. + +For the stable distribution (etch), this problem has been fixed in +version 0.4-9+etch1. + +For the upcoming stable distribution (lenny) and the unstable +distribution (sid), this problem has been fixed in version 0.4-10. + +We recommend that you upgrade your jailer package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201674-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1674-1 (jailer)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"jailer", ver:"0.4-9+etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1675_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1675_1.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/deb_1675_1.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,88 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1675-1 (phpmyadmin) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61938); + script_cve_id("CVE-2008-4326"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1675-1 (phpmyadmin)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to phpmyadmin +announced via advisory DSA 1675-1. + +Masako Oono discovered that phpMyAdmin, a web-based administration +interface for MySQL, insufficiently sanitises input allowing a +remote attacker to gather sensitive data through cross site scripting, +provided that the user uses the Internet Explorer web browser. + +This update also fixes a regression introduced in DSA 1641, that +broke changing of the language and encoding in the login screen. + +For the stable distribution (etch), these problems have been fixed in +version 4:2.9.1.1-9. + +For the unstable distribution (sid), these problems have been fixed in +version 4:2.11.8.1-3. + +We recommend that you upgrade your phpmyadmin package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201675-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1675-1 (phpmyadmin)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"phpmyadmin", ver:"2.9.1.1-9", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1676_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1676_1.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/deb_1676_1.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,84 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1676-1 (flamethrower (0.1.8-1+etch1)) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61939); + script_cve_id("CVE-2008-5141"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1676-1 (flamethrower (0.1.8-1+etch1))"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to flamethrower (0.1.8-1+etch1) +announced via advisory DSA 1676-1. + +Dmitry E. Oboukhov discovered that flamethrower creates predictable temporary +filenames, which may lead to a local denial of service through a symlink +attack. + +For the stable distribution (etch), this problem has been fixed in version +0.1.8-1+etch1. + +For the unstable distribution (sid), this problem has been fixed in +version 0.1.8-2. + +We recommend that you upgrade your flamethrower package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201676-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1676-1 (flamethrower (0.1.8-1+etch1))"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"flamethrower", ver:"0.1.8-1+etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_cups-base7.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_cups-base7.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/freebsd_cups-base7.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,96 @@ +# +#VID 87106b67-be13-11dd-a578-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 87106b67-be13-11dd-a578-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61957); + script_cve_id("CVE-2008-1722", "CVE-2008-5184"); + script_version ("$"); + name["english"] = "FreeBSD Ports: cups-base"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: cups-base + +CVE-2008-1722 +Multiple integer overflows in (1) filter/image-png.c and (2) +filter/image-zoom.c in CUPS 1.3 allow attackers to cause a denial of +service (crash) and trigger memory corruption, as demonstrated via a +crafted PNG image. + +CVE-2008-5184 +The web interface (cgi-bin/admin.c) in CUPS before 1.3.8 uses the +guest username when a user is not logged on to the web server, which +makes it easier for remote attackers to bypass intended policy and +conduct CSRF attacks via the (1) add and (2) cancel RSS subscription +functions. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://secunia.com/advisories/30190 +http://www.cups.org/str.php?L2974 +http://www.vuxml.org/freebsd/87106b67-be13-11dd-a578-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: cups-base"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"cups-base"); +if(!isnull(bver) && revcomp(a:bver, b:"1.3.9_2")<0) { + security_note(0, data:"Package cups-base version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_hplip.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_hplip.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/freebsd_hplip.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,97 @@ +# +#VID 37940643-be1b-11dd-a578-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 37940643-be1b-11dd-a578-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61956); + script_cve_id("CVE-2008-2940", "CVE-2008-2941"); + script_bugtraq_id(30683); + script_version ("$"); + name["english"] = "FreeBSD Ports: hplip"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: hplip + +CVE-2008-2940 +The alert-mailing implementation in HP Linux Imaging and Printing +(HPLIP) 1.6.7 allows local users to gain privileges and send e-mail +messages from the root account via vectors related to the setalerts +message, and lack of validation of the device URI associated with an +event message. + +CVE-2008-2941 +The hpssd message parser in hpssd.py in HP Linux Imaging and Printing +(HPLIP) 1.6.7 allows local users to cause a denial of service (process +stop) via a crafted packet, as demonstrated by sending 'msg=0' to TCP +port 2207. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +https://rhn.redhat.com/errata/RHSA-2008-0818.html +http://secunia.com/advisories/31470 +http://www.vuxml.org/freebsd/37940643-be1b-11dd-a578-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: hplip"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"hplip"); +if(!isnull(bver) && revcomp(a:bver, b:"2.8.2_3")<0) { + security_note(0, data:"Package hplip version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_openoffice.org-2.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_openoffice.org-2.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/freebsd_openoffice.org-2.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,119 @@ +# +#VID 842bafdd-be2f-11dd-a578-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 842bafdd-be2f-11dd-a578-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61953); + script_cve_id("CVE-2008-2237", "CVE-2008-2238"); + script_version ("$"); + name["english"] = "FreeBSD Ports: openoffice.org-2, openoffice.org-2-RC, openoffice.org-2-devel"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following packages are affected: + openoffice.org-2 + openoffice.org-2-RC + openoffice.org-2-devel + +CVE-2008-2237 +Heap-based buffer overflow in OpenOffice.org (OOo) 2.x before 2.4.2 +allows remote attackers to execute arbitrary code via a crafted WMF +file associated with a StarOffice/StarSuite document. + +CVE-2008-2238 +Multiple integer overflows in OpenOffice.org (OOo) 2.x before 2.4.2 +allow remote attackers to execute arbitrary code via crafted EMR +records in an EMF file associated with a StarOffice/StarSuite +document, which trigger a heap-based buffer overflow. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.openoffice.org/security/cves/CVE-2008-2237.html +http://www.openoffice.org/security/cves/CVE-2008-2238.html +http://www.vuxml.org/freebsd/842bafdd-be2f-11dd-a578-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: openoffice.org-2, openoffice.org-2-RC, openoffice.org-2-devel"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"openoffice.org-2"); +if(!isnull(bver) && revcomp(a:bver, b:"2.4")>=0 && revcomp(a:bver, b:"2.4.2")<0) { + security_note(0, data:"Package openoffice.org-2 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +if(!isnull(bver) && revcomp(a:bver, b:"2.4.20040402")>=0) { + security_note(0, data:"Package openoffice.org-2 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"openoffice.org-2-RC"); +if(!isnull(bver) && revcomp(a:bver, b:"2.4")>=0 && revcomp(a:bver, b:"2.4.2")<0) { + security_note(0, data:"Package openoffice.org-2-RC version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +if(!isnull(bver) && revcomp(a:bver, b:"2.4.20040402")>=0) { + security_note(0, data:"Package openoffice.org-2-RC version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"openoffice.org-2-devel"); +if(!isnull(bver) && revcomp(a:bver, b:"2.4")>=0 && revcomp(a:bver, b:"2.4.2")<0) { + security_note(0, data:"Package openoffice.org-2-devel version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +if(!isnull(bver) && revcomp(a:bver, b:"2.4.20040402")>=0) { + security_note(0, data:"Package openoffice.org-2-devel version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_samba14.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_samba14.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/freebsd_samba14.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,108 @@ +# +#VID 1583640d-be20-11dd-a578-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 1583640d-be20-11dd-a578-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61955); + script_cve_id("CVE-2008-4314"); + script_version ("$"); + name["english"] = "FreeBSD Ports: samba, samba3, ja-samba"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following packages are affected: + samba + samba3 + ja-samba + samba32-devel + +CVE-2008-4314 +smbd in Samba 3.0.29 through 3.2.4 might allow remote attackers to +read arbitrary memory and cause a denial of service via crafted (1) +trans, (2) trans2, and (3) nttrans requests, related to a 'cut&paste +error' that causes an improper bounds check to be performed. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.samba.org/samba/security/CVE-2008-4314.html +http://secunia.com/advisories/32813/ +http://www.vuxml.org/freebsd/1583640d-be20-11dd-a578-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: samba, samba3, ja-samba"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"samba"); +if(!isnull(bver) && revcomp(a:bver, b:"3.0.29,1")>=0 && revcomp(a:bver, b:"3.0.32_2,1")<0) { + security_note(0, data:"Package samba version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"samba3"); +if(!isnull(bver) && revcomp(a:bver, b:"3.0.29,1")>=0 && revcomp(a:bver, b:"3.0.32_2,1")<0) { + security_note(0, data:"Package samba3 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"ja-samba"); +if(!isnull(bver) && revcomp(a:bver, b:"3.0.29,1")>=0 && revcomp(a:bver, b:"3.0.32_2,1")<0) { + security_note(0, data:"Package ja-samba version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"samba32-devel"); +if(!isnull(bver) && revcomp(a:bver, b:"3.2.4_1")<0) { + security_note(0, data:"Package samba32-devel version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_wordpress9.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_wordpress9.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/freebsd_wordpress9.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,101 @@ +# +#VID 622bc638-be27-11dd-a578-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 622bc638-be27-11dd-a578-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(61954); + script_version ("$"); + name["english"] = "FreeBSD Ports: wordpress, de-wordpress, wordpress-mu"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following packages are affected: + wordpress + de-wordpress + wordpress-mu + zh-wordpress + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://secunia.com/advisories/32882/ +http://wordpress.org/development/2008/11/wordpress-265/ +http://www.vuxml.org/freebsd/622bc638-be27-11dd-a578-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: wordpress, de-wordpress, wordpress-mu"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"wordpress"); +if(!isnull(bver) && revcomp(a:bver, b:"2.6.5")<0) { + security_note(0, data:"Package wordpress version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"de-wordpress"); +if(!isnull(bver) && revcomp(a:bver, b:"2.6.5")<0) { + security_note(0, data:"Package de-wordpress version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"wordpress-mu"); +if(!isnull(bver) && revcomp(a:bver, b:"2.6.5")<0) { + security_note(0, data:"Package wordpress-mu version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"zh-wordpress"); +if(!isnull(bver) && revcomp(a:bver, b:"0")>0) { + security_note(0, data:"Package zh-wordpress version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200812_01.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200812_01.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/glsa_200812_01.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,83 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(61940); + script_cve_id("CVE-2008-5101"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200812-01 (optipng)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200812-01. + +A vulnerability in OptiPNG might result in user-assisted execution of +arbitrary code. + +Solution: +All OptiPNG users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=media-gfx/optipng-0.6.2' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-01 +http://bugs.gentoo.org/show_bug.cgi?id=246522 + +Risk factor : Medium"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200812-01 (optipng)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"media-gfx/optipng", unaffected: make_list("ge 0.6.2"), vulnerable: make_list("lt 0.6.2"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200812_02.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200812_02.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/glsa_200812_02.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,83 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(61941); + script_cve_id("CVE-2008-3863", "CVE-2008-4306"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200812-02 (enscript)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200812-02. + +Two buffer overflows in enscript might lead to the execution of arbitrary +code. + +Solution: +All enscript users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=app-text/enscript-1.6.4-r4' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-02 +http://bugs.gentoo.org/show_bug.cgi?id=243228 + +Risk factor : Medium"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200812-02 (enscript)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"app-text/enscript", unaffected: make_list("ge 1.6.4-r4"), vulnerable: make_list("lt 1.6.4-r4"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200812_03.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200812_03.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/glsa_200812_03.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,83 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(61942); + script_cve_id("CVE-2008-3651", "CVE-2008-3652"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200812-03 (ipsec-tools)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200812-03. + +IPsec-Tools' racoon is affected by a remote Denial of Service +vulnerability. + +Solution: +All IPsec-Tools users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=net-firewall/ipsec-tools-0.7.1' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-03 +http://bugs.gentoo.org/show_bug.cgi?id=232831 + +Risk factor : Medium"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200812-03 (ipsec-tools)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"net-firewall/ipsec-tools", unaffected: make_list("ge 0.7.1"), vulnerable: make_list("lt 0.7.1"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200812_04.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200812_04.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/glsa_200812_04.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,83 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(61943); + script_cve_id("CVE-2008-4298", "CVE-2008-4359", "CVE-2008-4360"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200812-04 (lighttpd)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200812-04. + +Multiple vulnerabilities in lighttpd may lead to information disclosure or +a Denial of Service. + +Solution: +All lighttpd users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=www-servers/lighttpd-1.4.20' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-04 +http://bugs.gentoo.org/show_bug.cgi?id=238180 + +Risk factor : Medium"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200812-04 (lighttpd)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"www-servers/lighttpd", unaffected: make_list("ge 1.4.20"), vulnerable: make_list("lt 1.4.20"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200812_05.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200812_05.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/glsa_200812_05.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,83 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(61944); + script_cve_id("CVE-2008-5008"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200812-05 (libsamplerate)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200812-05. + +A buffer overflow vulnerability in libsamplerate might lead to the +execution of arbitrary code. + +Solution: +All libsamplerate users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=media-libs/libsamplerate-0.1.4' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-05 +http://bugs.gentoo.org/show_bug.cgi?id=237037 + +Risk factor : Medium"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200812-05 (libsamplerate)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"media-libs/libsamplerate", unaffected: make_list("ge 0.1.4"), vulnerable: make_list("lt 0.1.4"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200812_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200812_06.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/glsa_200812_06.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,86 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(61945); + script_cve_id("CVE-2008-3281", "CVE-2008-3529", "CVE-2008-4409", "CVE-2008-4225", "CVE-2008-4226"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200812-06 (libxml2)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200812-06. + +Multiple vulnerabilities in libxml2 might lead to execution of arbitrary +code or Denial of Service. + +Solution: +All libxml2 users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=dev-libs/libxml2-2.7.2-r1' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-06 +http://bugs.gentoo.org/show_bug.cgi?id=234099 +http://bugs.gentoo.org/show_bug.cgi?id=237806 +http://bugs.gentoo.org/show_bug.cgi?id=239346 +http://bugs.gentoo.org/show_bug.cgi?id=245960 + +Risk factor : Medium"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200812-06 (libxml2)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"dev-libs/libxml2", unaffected: make_list("ge 2.7.2-r1"), vulnerable: make_list("lt 2.7.2-r1"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200812_07.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200812_07.nasl 2008-12-03 14:48:09 UTC (rev 1910) +++ trunk/openvas-plugins/scripts/glsa_200812_07.nasl 2008-12-03 17:25:22 UTC (rev 1911) @@ -0,0 +1,85 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(61946); + script_cve_id("CVE-2008-3102", "CVE-2008-4687", "CVE-2008-4688", "CVE-2008-4689"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200812-07 (mantisbt)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200812-07. + +Multiple vulnerabilities have been discovered in Mantis, the most severe of +which leading to the remote execution of arbitrary code. + +Solution: +All Mantis users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=www-apps/mantisbt-1.1.4-r1' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-07 +http://bugs.gentoo.org/show_bug.cgi?id=238570 +http://bugs.gentoo.org/show_bug.cgi?id=241940 +http://bugs.gentoo.org/show_bug.cgi?id=242722 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200812-07 (mantisbt)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"www-apps/mantisbt", unaffected: make_list("ge 1.1.4-r1"), vulnerable: make_list("lt 1.1.4-r1"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} From scm-commit at wald.intevation.org Wed Dec 3 19:21:36 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 3 Dec 2008 19:21:36 +0100 (CET) Subject: [Openvas-commits] r1912 - in trunk/openvas-manager: . src Message-ID: <20081203182136.85C204072B@pyrosoma.intevation.org> Author: mattm Date: 2008-12-03 19:21:35 +0100 (Wed, 03 Dec 2008) New Revision: 1912 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/openvasmd.c Log: Add more OMP commands, start adding server communication. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-03 17:25:22 UTC (rev 1911) +++ trunk/openvas-manager/ChangeLog 2008-12-03 18:21:35 UTC (rev 1912) @@ -1,3 +1,24 @@ +2008-12-03 Matthew Mundell <matt at mundell.ukfsn.org> + + Add more OMP commands, start adding server communication. + + * openvasmd.c: Add server records. Add some task allocation tracing. + (free_tasks, make_task): Correct looping. + (current_task): Rename current_client_task; + (tracef, logf): Flush trailing semicolons. + (CLIENT_READ, CLIENT_WRITE): Rename FD_CLIENT_*. + (SERVER_READ, SERVER_WRITE): Rename FD_SERVER_*. + (find_task, modify_task, start_task, strip_space): New functions. + (process_omp_input): Rename to process_omp_client_input. + (process_omp_client_input): Rename from process_omp_input. Add + beginnings of MODIFY_TASK, START_TASK and STATUS. + (process_omp_server_input): New function. + (TO_SERVER): New macro. + (serve_omp): Add server init and process_omp_server_input call. + Improve formatting. + (accept_and_maybe_fork): Add client socket shutdowns. Move client socket + close out of OVAS_SSL case. + 2008-11-27 Matthew Mundell <matt at mundell.ukfsn.org> Add OMP commands OTP_VERSION, LOGIN and NEW_TASK. @@ -13,10 +34,10 @@ Add choosing of protocol based on first message. * openvasmd.c (OMP, serve_otp, serve_client): New. - (read_protocol, serve_client): New. - (accept_and_maybe_fork): Call serve_client instead - of serve_omp. - (serve_omp): Move OTP code to serve_otp. + (read_protocol, serve_client): New. + (accept_and_maybe_fork): Call serve_client instead + of serve_omp. + (serve_omp): Move OTP code to serve_otp. 2008-11-21 Matthew Mundell <matt at mundell.ukfsn.org> Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2008-12-03 17:25:22 UTC (rev 1911) +++ trunk/openvas-manager/src/openvasmd.c 2008-12-03 18:21:35 UTC (rev 1912) @@ -50,6 +50,9 @@ * \htmlinclude openvasmd.html */ +// FIX for asprintf +#define _GNU_SOURCE + #include <arpa/inet.h> #include <assert.h> #include <errno.h> @@ -114,7 +117,8 @@ /** The size of the data buffers. When the client/server buffer is full * `select' stops watching for input from the client/server. */ -#define BUFFER_SIZE 2048 +//#define BUFFER_SIZE 8192 +#define BUFFER_SIZE 8192000 /** Second argument to `listen'. */ #define MAX_CONNECTIONS 512 @@ -133,7 +137,7 @@ #define LOG_FILE "/tmp/openvasmd.log" /** Trace flag. 0 to turn off all tracing messages. */ -#define TRACE 0 +#define TRACE 1 /** Trace text flag. 0 to turn off echoing of actual data transfered * (requires TRACE). */ @@ -158,7 +162,7 @@ fprintf (stderr, "%7i ", getpid()); \ fprintf (stderr, args); \ fflush (stderr); \ - } while (0); + } while (0) #else /** Dummy macro, enabled with TRACE. */ #define tracef(format, args...) @@ -172,7 +176,7 @@ fprintf (log_stream, "%7i ", getpid()); \ fprintf (log_stream, args); \ fflush (log_stream); \ - } while (0); + } while (0) #else /** Dummy macro, enabled with LOG. */ #define logf(format, args...) @@ -198,13 +202,13 @@ #endif /** File descriptor set mask: selecting on client read. */ -#define CLIENT_READ 1 +#define FD_CLIENT_READ 1 /** File descriptor set mask: selecting on client write. */ -#define CLIENT_WRITE 2 +#define FD_CLIENT_WRITE 2 /** File descriptor set mask: selecting on server read. */ -#define SERVER_READ 4 +#define FD_SERVER_READ 4 /** File descriptor set mask: selecting on server write. */ -#define SERVER_WRITE 8 +#define FD_SERVER_WRITE 8 typedef enum { @@ -227,32 +231,107 @@ char* login = NULL; char* credentials = NULL; +int server_initialising = 0; + +/* Helper functions. */ + +/** Return \ref string moved past any spaces, replacing with a terminating + NULL the first of any contiguos spaces at or before \ref end. */ +char* +strip_space (char* string, char* end) +{ + while (string[0] == ' ') string++; + char *last = end, *new_end = end; + new_end--; + while (new_end > string && new_end[0] == ' ') { last--; new_end--; } + if (last < end) last[0] = '\0'; + return string; +} + + +/* Server. */ + +typedef struct +{ + char* plugins_md5; +} server_t; + +server_t server; + +typedef enum +{ + SERVER_TOP, + SERVER_SERVER, + SERVER_DONE, + SERVER_PLUGINS_MD5 +} server_state_t; + +server_state_t server_state = SERVER_TOP; + + /* Tasks. */ typedef struct { unsigned int id; char* name; /* NULL if free. */ + unsigned int time; char* comment; char* description; int description_length; int description_size; + short running; } task_t; #define TASKS_INCREMENT 1024 -task_t* current_task = NULL; +task_t* current_client_task = NULL; +task_t* current_server_task = NULL; task_t* tasks = NULL; -int tasks_size = 0; +unsigned int tasks_size = 0; +unsigned int num_tasks = 0; +#if TRACE +void +print_tasks () +{ + task_t *index = tasks; + tracef ("tasks: %p\n", tasks); + tracef ("tasks end: %p\n", tasks + tasks_size); + while (index < tasks + tasks_size) + { + //tracef ("index: %p\n", index); + if (index->name) + { + tracef ("Task %u: \"%s\" %s\n%s\n\n", + index->id, + index->name, + index->comment ?: "", + index->description ?: ""); + } + index++; + } +} +#endif + int grow_tasks () { - task_t* new = realloc (tasks, tasks_size + TASKS_INCREMENT); + tracef ("task_t size: %i\n", sizeof (task_t)); + task_t* new = realloc (tasks, + (tasks_size + TASKS_INCREMENT) * sizeof (task_t)); if (new == NULL) return -1; tasks = new; - memset (tasks + tasks_size, 0, TASKS_INCREMENT); + + /* Clear the new part of the memory. */ + new = tasks + tasks_size; + memset (new, '\0', TASKS_INCREMENT * sizeof (task_t)); + tasks_size += TASKS_INCREMENT; + tracef ("tasks grown to %i\n", tasks_size); +#if TRACE + print_tasks (); +#endif return 0; } @@ -260,14 +339,21 @@ free_tasks () { task_t* index = tasks; - while (index < tasks + tasks_size) + task_t* end = tasks + tasks_size; + while (index < end) { if (index->name) - { - free (index->name); - free (index->comment); - free (index->description); - } + { + tracef ("Freeing task %u: \"%s\" %s (%i)\n%s\n\n", + index->id, + index->name, + index->comment, + index->description_length, + index->description); + free (index->name); + free (index->comment); + free (index->description); + } index++; } tasks_size = 0; @@ -276,27 +362,108 @@ } task_t* -make_task (char* name, char* comment) +make_task (char* name, unsigned int time, char* comment) { + tracef ("make_task %s %u %s\n", name, time, comment); if (tasks == NULL && grow_tasks ()) return NULL; task_t* index = tasks; + task_t* end = tasks + tasks_size; retry: - while (index < tasks + tasks_size) - if (index->name == NULL) - { - index->id = index - tasks; - index->name = name; - index->comment = comment; - index->description = NULL; - index->description_size = 0; - return index; - } + while (index < end) + { + if (index->name == NULL) + { + index->id = index - tasks; + index->name = name; + index->time = time; + index->comment = comment; + index->description = NULL; + index->description_size = 0; + index->running = 0; + tracef ("Made task %i at %p\n", index->id, index); + num_tasks++; + return index; + } + index++; + } index = (task_t*) tasks_size; if (grow_tasks ()) return NULL; index = index + (int) tasks; goto retry; } +task_t* +find_task (unsigned int id) +{ + task_t* index = tasks; + task_t* end = tasks + tasks_size; + while (index < end) { + if (index->name) tracef ("%u vs %u\n", index->id, id); + if (index->name && index->id == id) return index; else index++; + } + return NULL; +} + +void +modify_task (task_t* task, char* name, unsigned int time, char* comment) +{ + assert (task->name); + tracef ("modify_task %u\n", task->id); + task->name = name; + task->time = time; + task->comment = comment; + task->description_length = 0; +} + +#define TO_SERVER(msg) \ + do \ + { \ + if (BUFFER_SIZE - to_server_end < strlen (msg)) goto fail; \ + memcpy (to_server + to_server_end, msg, strlen (msg)); \ + tracef ("-> server: %s\n", msg); \ + to_server_end += strlen (msg); \ + } \ + while (0) + +int +start_task (task_t* task) +{ + tracef ("start task %u\n", task->id); + + TO_SERVER ("CLIENT <|> PREFERENCES <|>\n"); + TO_SERVER ("plugin_set <|> "); +#if 0 + TO_SERVER (task_plugins (task)); +#endif + TO_SERVER ("\n"); +#if 0 + queue_task_preferences (task); + queue_task_plugin_preferences (task); +#endif + TO_SERVER ("<|> CLIENT\n"); + + TO_SERVER ("CLIENT <|> RULES <|>\n"); +#if 0 + queue_task_rules (task); +#endif + TO_SERVER ("<|> CLIENT\n"); + +#if 0 + char* targets = task_preference (task, "targets"); + TO_SERVER ("CLIENT <|> LONG_ATTACK <|>\n%d\n%s\n<|> CLIENT", + strlen (targets), targets); +#else + TO_SERVER ("CLIENT <|> LONG_ATTACK <|>\n6\nchiles\n<|> CLIENT"); +#endif + + task->running = 1; + + return 0; + + fail: + return -1; +} + #define DESCRIPTION_INCREMENT 4096 int @@ -320,10 +487,12 @@ char* description = task->description; description += task->description_length; strncpy (description, line, line_length); + task->description_length += line_length; return 0; } +/* OpenVAS Transfer Protocol (OTP). */ /** Serve the OpenVAS Transfer Protocol (OTP). * @@ -365,22 +534,22 @@ if (from_client_end < BUFFER_SIZE) { FD_SET (client_socket, &readfds); - fds |= CLIENT_READ; + fds |= FD_CLIENT_READ; } if (from_server_end < BUFFER_SIZE) { FD_SET (server_socket, &readfds); - fds |= SERVER_READ; + fds |= FD_SERVER_READ; } if (from_server_start < from_server_end) { FD_SET (client_socket, &writefds); - fds |= CLIENT_WRITE; + fds |= FD_CLIENT_WRITE; } if (from_client_start < from_client_end) { FD_SET (server_socket, &writefds); - fds |= SERVER_WRITE; + fds |= FD_SERVER_WRITE; } /* Select, then handle result. */ @@ -405,7 +574,7 @@ return -1; } - if (fds & CLIENT_READ && FD_ISSET (client_socket, &readfds)) + if (fds & FD_CLIENT_READ && FD_ISSET (client_socket, &readfds)) { #if TRACE || LOG int initial_start = from_client_end; @@ -474,7 +643,7 @@ #endif /* TRACE || LOG */ } - if (fds & SERVER_WRITE && FD_ISSET (server_socket, &writefds)) + if (fds & FD_SERVER_WRITE && FD_ISSET (server_socket, &writefds)) { /* Write as much as possible to the server. */ while (from_client_start < from_client_end) @@ -494,7 +663,7 @@ #if OVAS_SSL if (count == GNUTLS_E_AGAIN || errno == EAGAIN) /* Wrote as much as possible, return to `select'. */ - goto end_server_write; + goto end_server_fd_write; if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) /* Interrupted, try write again. */ continue; @@ -506,7 +675,7 @@ #else if (errno == EAGAIN) /* Wrote as much as possible, return to `select'. */ - goto end_server_write; + goto end_server_fd_write; if (errno == EINTR) /* Interrupted, try write again. */ continue; @@ -519,11 +688,11 @@ } tracef ("=> server done\n"); from_client_start = from_client_end = 0; - end_server_write: + end_server_fd_write: ; } - if (fds & SERVER_READ && FD_ISSET (server_socket, &readfds)) + if (fds & FD_SERVER_READ && FD_ISSET (server_socket, &readfds)) { #if TRACE int initial_start = from_server_end; @@ -554,7 +723,7 @@ if (errno == GNUTLS_E_REHANDSHAKE) /* Return to select. TODO Rehandshake. */ break; - fprintf (stderr, "Failed to read to server.\n"); + fprintf (stderr, "Failed to read from server.\n"); gnutls_perror (count); #else if (errno == EAGAIN) @@ -589,7 +758,7 @@ #endif /* TRACE */ } - if (fds & CLIENT_WRITE && FD_ISSET (client_socket, &writefds)) + if (fds & FD_CLIENT_WRITE && FD_ISSET (client_socket, &writefds)) { /* Write as much as possible to the client. */ while (from_server_start < from_server_end) @@ -609,7 +778,7 @@ #if OVAS_SSL if (count == GNUTLS_E_AGAIN || errno == EAGAIN) /* Wrote as much as possible, return to `select'. */ - goto end_client_write; + goto end_client_fd_write; if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) /* Interrupted, try write again. */ continue; @@ -621,7 +790,7 @@ #else if (errno == EAGAIN) /* Wrote as much as possible, return to `select'. */ - goto end_client_write; + goto end_client_fd_write; if (errno == EINTR) /* Interrupted, try write again. */ continue; @@ -637,18 +806,22 @@ } tracef ("=> client done\n"); from_server_start = from_server_end = 0; - end_client_write: + end_client_fd_write: ; } } } } + +/* OpenVAS Management Protocol (OMP). */ + #define RESPOND(msg) \ do \ { \ if (BUFFER_SIZE - to_client_end < strlen (msg)) goto fail; \ memcpy (to_client + to_client_end, msg, strlen (msg)); \ + tracef ("-> client: %s\n", msg); \ to_client_end += strlen (msg); \ } \ while (0) @@ -659,27 +832,34 @@ * * \return 0 on success, -1 on error (e.g. too little buffer space for response). */ -int process_omp_input () +int process_omp_client_input () { char* messages = from_client + from_client_start; + //tracef ("consider %.*s\n", from_client_end - from_client_start, messages); while (memchr (messages, 10, from_client_end - from_client_start)) { /* Found a full line, process the message. */ char* command; - tracef ("messages: %s\n", messages); + tracef ("messages: %.*s...\n", + from_client_end - from_client_start < 200 + ? from_client_end - from_client_start + : 200, + messages); char* message = strsep (&messages, "\n"); tracef ("message: %s\n", message); from_client_start += strlen(message) + 1; - if (current_task) + if (current_client_task) { - /* A NEW_TASK description is being read. */ + /* A NEW_TASK or MODIFY_TASK description is being read. */ if (strlen (message) == 1 && message[0] == '.') { /* End of description marker. */ - current_task = NULL; - RESPOND ("200\n"); + char response[16]; + sprintf (response, "201 %i\n", current_client_task->id); + RESPOND (response); + current_client_task = NULL; continue; } else if (strlen (message) > 1 && message[0] == '.') @@ -689,7 +869,7 @@ message += 1; } - if (add_task_description_line (current_task, + if (add_task_description_line (current_client_task, message, messages - message)) goto out_of_memory; @@ -726,26 +906,178 @@ RESPOND ("401 LOGIN first.\n"); else if (strncasecmp ("NEW_TASK", command, 8) == 0) { + /* Scan name. */ char* next = strsep (&message, " "); if (next == message || next == NULL || strlen (next) == 0) - RESPOND ("404 NEW_TASK requires a name.\n"); + { + // FIX flush rest of command + RESPOND ("404 NEW_TASK requires a name.\n"); + continue; + } + tracef ("next %s\n", next); + // FIX parse name with spaces + char* name = strdup (next); + if (name == NULL) goto out_of_memory; + next = strsep (&message, " "); + if (next == message || next == NULL || strlen (next) == 0) + { + // FIX flush rest of command + RESPOND ("405 NEW_TASK requires a time.\n"); + continue; + } + tracef ("next %s\n", next); + /* Scan time. */ + int time; + if (sscanf (next, "%u", &time) != 1) + { + // FIX flush rest of command + RESPOND ("406 Failed to parse ID.\n"); + continue; + } + /* Scan comment. */ + char* comment = strdup (message); + if (comment == NULL) + { + free (name); + goto out_of_memory; + } + /* Make task. */ + current_client_task = make_task (name, time, comment); + if (current_client_task == NULL) + { + free (name); + free (comment); + goto out_of_memory; + } + } + else if (strncasecmp ("MODIFY_TASK", command, 11) == 0) + { + char* next = strsep (&message, " "); + if (next == message || next == NULL || strlen (next) == 0) + { + // FIX flush rest of command + RESPOND ("405 Command requires a task ID.\n"); + continue; + } + unsigned int id; + if (sscanf (next, "%u", &id) != 1) + { + RESPOND ("406 Failed to parse ID.\n"); + // FIX flush rest of command + continue; + } + current_client_task = find_task (id); + if (current_client_task == NULL) + { + RESPOND ("407 Failed to find task.\n"); + // FIX flush rest of command + continue; + } + // -- FIX same as above + /* Scan name. */ + next = strsep (&message, " "); + if (next == message || next == NULL || strlen (next) == 0) + { + // FIX flush rest of command + RESPOND ("404 NEW_TASK requires a name.\n"); + continue; + } + // FIX parse name with spaces + char* name = strdup (next); + if (name == NULL) goto out_of_memory; + next = strsep (&message, " "); + if (next == message || next == NULL || strlen (next) == 0) + { + // FIX flush rest of command + RESPOND ("405 NEW_TASK requires a time.\n"); + free (name); + continue; + } + /* Scan time. */ + int time; + if (sscanf (next, "%u", &time) != 1) + { + // FIX flush rest of command + RESPOND ("406 Failed to parse ID.\n"); + free (name); + continue; + } + /* Scan comment. */ + char* comment = strdup (message); + if (comment == NULL) + { + free (name); + goto out_of_memory; + } + // -- + modify_task (current_client_task, name, time, comment); + } + else if (strncasecmp ("START_TASK", command, 10) == 0) + { + // -- FIX same as above + char* next = strsep (&message, " "); + if (next == message || next == NULL || strlen (next) == 0) + { + // FIX flush rest of command + RESPOND ("405 Command requires a task ID.\n"); + continue; + } + unsigned int id; + if (sscanf (next, "%u", &id) != 1) + { + RESPOND ("406 Failed to parse ID.\n"); + // FIX flush rest of command + continue; + } + // -- + current_client_task = find_task (id); + if (current_client_task == NULL) + RESPOND ("407 Failed to find task.\n"); + else if (start_task (current_client_task)) + RESPOND ("408 Failed to start task.\n"); else + RESPOND ("200\n"); + } + else if (strncasecmp ("STATUS", command, 6) == 0) + { +#if 0 + // -- FIX same as above + char* next = strsep (&message, " "); + if (next == message || next == NULL || strlen (next) == 0) { - char* name = strdup (next); - if (name == NULL) goto out_of_memory; - char* comment = strdup (message); - if (comment == NULL) + // FIX flush rest of command + RESPOND ("405 Command requires a task ID.\n"); + continue; + } + unsigned int id; + if (sscanf (next, "%u", &id) != 1) + { + RESPOND ("406 Failed to parse ID.\n"); + // FIX flush rest of command + continue; + } + // -- +#endif + char response[16]; + sprintf (response, "210 %u\n", num_tasks); + RESPOND (response); + task_t* index = tasks; + task_t* end = tasks + tasks_size; + while (index < end) + { + if (index->name) { - free (name); - goto out_of_memory; + char* line; + if (asprintf (&line, "%u %s %c . . . . .\n", + index->id, + index->name, + index->running ? 'R' : 'N') + == -1) + goto fail; + RESPOND (line); + free (line); } - current_task = make_task (name, comment); - if (current_task == NULL) - { - free (name); - free (comment); - goto out_of_memory; - } + index++; } } else @@ -756,12 +1088,40 @@ RESPOND ("501 Manager out of memory.\n"); } /* while (memchr (... */ - // FIX if the buffer is full here then respond with err and clear buffer - // (or will hang waiting for buffer to empty) - if (from_client_start == from_client_end) - from_client_start = from_client_end = 0; - // FIX else move leftover half-line to front of buffer - // (to reduce the chance of filling the buffer) + if (from_client_start > 0 && from_client_start == from_client_end) + { + from_client_start = from_client_end = 0; + tracef ("start caught end\n"); + } + else if (from_client_start == 0) + { + if (from_client_end == BUFFER_SIZE) + { + // FIX if the buffer is entirely full here then respond with err and clear buffer + // (or will hang waiting for buffer to empty) + // this could happen if the client sends a line len >= buffer len + // could realloc buffer + tracef ("buffer full\n"); + goto fail; + } + } + else + { + /* Move the remaining partial line to the front of the buffer. This + ensures that there is space after the partial line into which + serve_omp can read the rest of the line. */ + char* start = from_client + from_client_start; + from_client_end -= from_client_start; + memmove (from_client, start, from_client_end); + from_client_start = 0; +#if TRACE + from_client[from_client_end] = '\0'; + //tracef ("new from_client: %s\n", from_client); + tracef ("new from_client_start: %i\n", from_client_start); + tracef ("new from_client_end: %i\n", from_client_end); +#endif + } + return 0; /* RESPOND jumps here when there is too little space in to_client for the @@ -771,6 +1131,143 @@ return -1; } +/** Process any lines available in from_server. + * + * \return 0 on success, -1 on error (e.g. too little buffer space in to_client). + */ +int process_omp_server_input () +{ + char* messages = from_server + from_server_start; + //tracef ("consider %.*s\n", from_server_end - from_server_start, messages); + + if (server_initialising) + { + switch (server_initialising) + { + case 1: + if (strncasecmp ("< OTP/1.0 >\n", messages, 12)) + { + tracef ("server fail: expected \"< OTP/1.0 >\n\"\n"); + goto fail; + } + server_initialising = 2; + from_server_start += 12; + break; + case 2: + if (strncasecmp ("User : ", messages, 7)) + { + tracef ("server fail: expected \"User : \"\n"); + goto fail; + } + from_server_start += 7; + TO_SERVER ("mattm\n"); // FIX + server_initialising = 3; + return 0; + case 3: + if (strncasecmp ("Password : ", messages, 11)) + { + tracef ("server fail: expected \"Password : \"\n"); + goto fail; + } + from_server_start += 11; + TO_SERVER ("mattm\n"); // FIX + server_initialising = 0; + return 0; + default: + goto fail; + } + } + else if (server_state == SERVER_DONE) + { + char *end; + server_done: + end = messages + from_server_end - from_server_start; + while (messages < end && messages[0] == ' ') messages++; + if ((int) (end - messages) < 6) return 0; + if (strncasecmp ("SERVER", messages, 6)) + { + tracef ("server fail: expected final \"SERVER\"\n"); + goto fail; + } + server_state = SERVER_TOP; + from_server_start += 6; + + tracef ("server:: new state %i\n", server_state); + } + + char* match; + while ((match = memchr (messages, '<', from_server_end - from_server_start)) + && (((int) (match - messages) - from_server_start + 1) < from_server_end) + && (match[1] == '|') + && (match[2] == '>')) + { + /* Found a full field, process the field. */ + tracef ("server messages: %.*s...\n", + from_server_end - from_server_start < 200 + ? from_server_end - from_server_start + : 200, + messages); + char* message = messages; + *match = '\0'; + from_server_start += match + 3 - messages; + messages = match + 3; + tracef ("server message: %s\n", message); + + /* Strip leading and trailing whitespace. */ + char* field = strip_space (message, + message + from_server_end - from_server_start); + + tracef ("server:: old state %i\n", server_state); + tracef ("server:: field %s\n", field); + switch (server_state) + { + case SERVER_DONE: + if (strncasecmp ("SERVER", field, 6)) + goto fail; + server_state = SERVER_TOP; + break; + case SERVER_PLUGINS_MD5: + { + char* md5 = strdup (field); + if (md5 == NULL) + goto out_of_memory; + tracef ("server:: got plugins_md5: %s\n", md5); + server.plugins_md5 = md5; + server_state = SERVER_DONE; + /* Jump to the done check, as this loop only considers fields + ending in <|>. */ + tracef ("server:: new state %i\n", server_state); + goto server_done; + } + case SERVER_SERVER: + if (strncasecmp ("PLUGINS_MD5", field, 11)) + goto fail; + server_state = SERVER_PLUGINS_MD5; + break; + default: + tracef ("switch t\n"); + tracef ("cmp %i\n", strncasecmp ("SERVER", field, 6)); + if (strncasecmp ("SERVER", field, 6)) + goto fail; + server_state = SERVER_SERVER; + } + tracef ("server:: new state %i\n", server_state); + } + + return 0; + + out_of_memory: + tracef ("out of mem (server)\n"); + + /* TO_SERVER FIX jumps here when there is too little space in to_client for the + response. The result is that the manager closes the connection, so + from_client_end and from_client_start can be left as they are. */ + fail: + return -1; + + +} + /** Serve the OpenVAS Management Protocol (OMP). * * @param[in] client_session The TLS session with the client. @@ -785,6 +1282,14 @@ gnutls_session_t* server_session, int client_socket, int server_socket) { + tracef ("Serving OMP.\n"); + + /* Initialise with the server. */ + memcpy (to_server + to_server_end, "< OTP/1.0 >\n", 12); + tracef ("-> server: < OTP/1.0 >\n"); + to_server_end += 12; + server_initialising = 1; + /* Handle the first client input, which was read by `read_protocol'. */ #if TRACE || LOG logf ("<= %.*s\n", from_client_end, from_client); @@ -794,14 +1299,13 @@ tracef ("<= client %i bytes\n", from_client_end - initial_start); #endif #endif /* TRACE || LOG */ - if (process_omp_input ()) return -1; + if (process_omp_client_input ()) return -1; - tracef ("Serving OMP.\n"); - /* Loop handling input from the sockets. */ int nfds = 1 + (client_socket > server_socket ? client_socket : server_socket); fd_set readfds, exceptfds, writefds; + unsigned char lastfds = 0; // FIX while (1) { /* Setup for select. */ @@ -811,26 +1315,33 @@ FD_ZERO (&writefds); FD_SET (client_socket, &exceptfds); FD_SET (server_socket, &exceptfds); + // FIX shutdown if any eg read fails if (from_client_end < BUFFER_SIZE) { FD_SET (client_socket, &readfds); - fds |= CLIENT_READ; + fds |= FD_CLIENT_READ; + if ((lastfds & FD_CLIENT_READ) == 0) tracef ("client read on\n"); } + else + { + if (lastfds & FD_CLIENT_READ) tracef ("client read off\n"); + } if (from_server_end < BUFFER_SIZE) { FD_SET (server_socket, &readfds); - fds |= SERVER_READ; + fds |= FD_SERVER_READ; } if (to_client_start < to_client_end) { FD_SET (client_socket, &writefds); - fds |= CLIENT_WRITE; + fds |= FD_CLIENT_WRITE; } if (to_server_start < to_server_end) { FD_SET (server_socket, &writefds); - fds |= SERVER_WRITE; + fds |= FD_SERVER_WRITE; } + lastfds = fds; /* Select, then handle result. */ int ret = select (nfds, &readfds, &writefds, &exceptfds, NULL); @@ -840,262 +1351,270 @@ perror ("Child select failed"); return -1; } - if (ret > 0) + if (ret == 0) continue; + + if (FD_ISSET (client_socket, &exceptfds)) { - if (FD_ISSET (client_socket, &exceptfds)) - { - fprintf (stderr, "Exception on client in child select.\n"); - return -1; - } + fprintf (stderr, "Exception on client in child select.\n"); + return -1; + } - if (FD_ISSET (server_socket, &exceptfds)) - { - fprintf (stderr, "Exception on server in child select.\n"); - return -1; - } + if (FD_ISSET (server_socket, &exceptfds)) + { + fprintf (stderr, "Exception on server in child select.\n"); + return -1; + } - if (fds & CLIENT_READ && FD_ISSET (client_socket, &readfds)) - { + if (fds & FD_CLIENT_READ && FD_ISSET (client_socket, &readfds)) + { + tracef ("FD_CLIENT_READ\n"); #if TRACE || LOG - int initial_start = from_client_end; + int initial_start = from_client_end; #endif - /* Read as much as possible from the client. */ - while (from_client_end < BUFFER_SIZE) - { - ssize_t count; + /* Read as much as possible from the client. */ + while (from_client_end < BUFFER_SIZE) + { + ssize_t count; #if OVAS_SSL - count = gnutls_record_recv (*client_session, - from_client + from_client_end, - BUFFER_SIZE - - from_client_end); + count = gnutls_record_recv (*client_session, + from_client + from_client_end, + BUFFER_SIZE + - from_client_end); #else - count = read (client_socket, - from_client + from_client_end, - BUFFER_SIZE - from_client_end); + count = read (client_socket, + from_client + from_client_end, + BUFFER_SIZE - from_client_end); #endif - if (count < 0) + tracef ("count: %i\n", count); + if (count < 0) + { +#if OVAS_SSL + if (count == GNUTLS_E_AGAIN) // || errno == EAGAIN) FIX + /* Got everything available, return to `select'. */ + break; + if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) FIX + /* Interrupted, try read again. */ + continue; + if (errno == GNUTLS_E_REHANDSHAKE) { -#if OVAS_SSL - if (count == GNUTLS_E_AGAIN || errno == EAGAIN) - /* Got everything available, return to `select'. */ - break; - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) - /* Interrupted, try read again. */ - continue; - if (errno == GNUTLS_E_REHANDSHAKE) - /* Return to select. TODO Rehandshake. */ - break; - fprintf (stderr, "Failed to read from client.\n"); - gnutls_perror (count); + /* Return to select. TODO Rehandshake. */ + tracef ("FIX should rehandshake\n"); + break; + } + fprintf (stderr, "Failed to read from client.\n"); + gnutls_perror (count); #else - if (errno == EAGAIN) - /* Got everything available, return to `select'. */ - break; - if (errno == EINTR) - /* Interrupted, try read again. */ - continue; - perror ("Failed to read from client"); + if (errno == EAGAIN) + /* Got everything available, return to `select'. */ + break; + if (errno == EINTR) + /* Interrupted, try read again. */ + continue; + perror ("Failed to read from client"); #endif - return -1; - } - if (count == 0) - /* End of file. */ - return 0; - from_client_end += count; + return -1; } + if (count == 0) + /* End of file. */ + return 0; + from_client_end += count; + } #if TRACE || LOG - /* This check prevents output in the "asynchronous network - error" case. */ - if (from_client_end > initial_start) - { - logf ("<= %.*s\n", - from_client_end - initial_start, - from_client + initial_start); + /* This check prevents output in the "asynchronous network + error" case. */ + if (from_client_end > initial_start) + { + logf ("<= %.*s\n", + from_client_end - initial_start, + from_client + initial_start); #if TRACE_TEXT - tracef ("<= client \"%.*s\"\n", - from_client_end - initial_start, - from_client + initial_start); + tracef ("<= client \"%.*s\"\n", + from_client_end - initial_start, + from_client + initial_start); #else - tracef ("<= client %i bytes\n", - from_client_end - initial_start); + tracef ("<= client %i bytes\n", + from_client_end - initial_start); #endif - } + } #endif /* TRACE || LOG */ - if (process_omp_input ()) return -1; - } + if (process_omp_client_input ()) return -1; + } - if (fds & SERVER_WRITE && FD_ISSET (server_socket, &writefds)) + if (fds & FD_SERVER_WRITE && FD_ISSET (server_socket, &writefds)) + { + /* Write as much as possible to the server. */ + while (to_server_start < to_server_end) { - /* Write as much as possible to the server. */ - while (to_server_start < to_server_end) - { - ssize_t count; + ssize_t count; #if OVAS_SSL - count = gnutls_record_send (*server_session, - to_server + to_server_start, - to_server_end - to_server_start); + count = gnutls_record_send (*server_session, + to_server + to_server_start, + to_server_end - to_server_start); #else - count = write (server_socket, - to_server + to_server_start, - to_server_end - to_server_start); + count = write (server_socket, + to_server + to_server_start, + to_server_end - to_server_start); #endif - if (count < 0) - { + if (count < 0) + { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN || errno == EAGAIN) - /* Wrote as much as possible, return to `select'. */ - goto end_server_write; - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) - /* Interrupted, try write again. */ - continue; - if (errno == GNUTLS_E_REHANDSHAKE) - /* Return to select. TODO Rehandshake. */ - break; - fprintf (stderr, "Failed to write to server.\n"); - gnutls_perror (count); + if (count == GNUTLS_E_AGAIN) // || errno == EAGAIN) + /* Wrote as much as possible, return to `select'. */ + goto end_server_fd_write; + if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) + /* Interrupted, try write again. */ + continue; + if (errno == GNUTLS_E_REHANDSHAKE) + /* Return to select. TODO Rehandshake. */ + break; + fprintf (stderr, "Failed to write to server.\n"); + gnutls_perror (count); #else - if (errno == EAGAIN) - /* Wrote as much as possible, return to `select'. */ - goto end_server_write; - if (errno == EINTR) - /* Interrupted, try write again. */ - continue; - perror ("Failed to write to server"); + if (errno == EAGAIN) + /* Wrote as much as possible, return to `select'. */ + goto end_server_fd_write; + if (errno == EINTR) + /* Interrupted, try write again. */ + continue; + perror ("Failed to write to server"); #endif - return -1; - } - to_server_start += count; - tracef ("=> server %i bytes\n", count); + return -1; } - tracef ("=> server done\n"); - to_server_start = to_server_end = 0; - end_server_write: - ; + to_server_start += count; + tracef ("=> server %i bytes\n", count); } + tracef ("=> server done\n"); + to_server_start = to_server_end = 0; + end_server_fd_write: + ; + } - if (fds & SERVER_READ && FD_ISSET (server_socket, &readfds)) - { + if (fds & FD_SERVER_READ && FD_ISSET (server_socket, &readfds)) + { #if TRACE - int initial_start = from_server_end; + int initial_start = from_server_end; #endif - /* Read as much as possible from the server. */ - while (from_server_end < BUFFER_SIZE) - { - ssize_t count; + /* Read as much as possible from the server. */ + while (from_server_end < BUFFER_SIZE) + { + ssize_t count; #if OVAS_SSL - count = gnutls_record_recv (*server_session, - from_server + from_server_end, - BUFFER_SIZE - - from_server_end); + count = gnutls_record_recv (*server_session, + from_server + from_server_end, + BUFFER_SIZE + - from_server_end); #else - count = read (server_socket, - from_server + from_server_end, - BUFFER_SIZE - from_server_end); + count = read (server_socket, + from_server + from_server_end, + BUFFER_SIZE - from_server_end); #endif - if (count < 0) - { + if (count < 0) + { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN || errno == EAGAIN) - /* Got everything available, return to `select'. */ - break; - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) - /* Interrupted, try read again. */ - continue; - if (errno == GNUTLS_E_REHANDSHAKE) - /* Return to select. TODO Rehandshake. */ - break; - fprintf (stderr, "Failed to read to server.\n"); - gnutls_perror (count); + if (count == GNUTLS_E_AGAIN) // || errno == EAGAIN) + /* Got everything available, return to `select'. */ + break; + if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) + /* Interrupted, try read again. */ + continue; + if (errno == GNUTLS_E_REHANDSHAKE) + /* Return to select. TODO Rehandshake. */ + break; + fprintf (stderr, "Failed to read from server.\n"); + gnutls_perror (count); #else - if (errno == EAGAIN) - /* Got everything available, return to `select'. */ - break; - if (errno == EINTR) - /* Interrupted, try read again. */ - continue; - perror ("Failed to read from server"); + if (errno == EAGAIN) + /* Got everything available, return to `select'. */ + break; + if (errno == EINTR) + /* Interrupted, try read again. */ + continue; + perror ("Failed to read from server"); #endif - return -1; - } - if (count == 0) - /* End of file. */ - return 0; - from_server_end += count; + return -1; } + if (count == 0) + /* End of file. */ + return 0; + from_server_end += count; + } #if TRACE - /* This check prevents output in the "asynchronous network - error" case. */ - if (from_server_end > initial_start) - { + /* This check prevents output in the "asynchronous network + error" case. */ + if (from_server_end > initial_start) + { #if TRACE_TEXT - tracef ("<= server \"%.*s\"\n", - from_server_end - initial_start, - from_server + initial_start); + tracef ("<= server \"%.*s\"\n", + from_server_end - initial_start, + from_server + initial_start); #else - tracef ("<= server %i bytes\n", - from_server_end - initial_start); + tracef ("<= server %i bytes\n", + from_server_end - initial_start); #endif - } + } #endif /* TRACE */ - } + if (process_omp_server_input ()) return -1; + } - if (fds & CLIENT_WRITE && FD_ISSET (client_socket, &writefds)) + if (fds & FD_CLIENT_WRITE && FD_ISSET (client_socket, &writefds)) + { + /* Write as much as possible to the client. */ + while (to_client_start < to_client_end) { - /* Write as much as possible to the client. */ - while (to_client_start < to_client_end) - { - ssize_t count; + ssize_t count; #if OVAS_SSL - count = gnutls_record_send (*client_session, - to_client + to_client_start, - to_client_end - to_client_start); + count = gnutls_record_send (*client_session, + to_client + to_client_start, + to_client_end - to_client_start); #else - count = write (client_socket, - to_client + to_client_start, - to_client_end - to_client_start); + count = write (client_socket, + to_client + to_client_start, + to_client_end - to_client_start); #endif - if (count < 0) - { + if (count < 0) + { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN || errno == EAGAIN) - /* Wrote as much as possible, return to `select'. */ - goto end_client_write; - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) - /* Interrupted, try write again. */ - continue; - if (errno == GNUTLS_E_REHANDSHAKE) - /* Return to select. TODO Rehandshake. */ - break; - fprintf (stderr, "Failed to write to client.\n"); - gnutls_perror (count); + if (count == GNUTLS_E_AGAIN) // || errno == EAGAIN) + /* Wrote as much as possible, return to `select'. */ + goto end_client_fd_write; + if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) + /* Interrupted, try write again. */ + continue; + if (errno == GNUTLS_E_REHANDSHAKE) + /* Return to select. TODO Rehandshake. */ + break; + fprintf (stderr, "Failed to write to client.\n"); + gnutls_perror (count); #else - if (errno == EAGAIN) - /* Wrote as much as possible, return to `select'. */ - goto end_client_write; - if (errno == EINTR) - /* Interrupted, try write again. */ - continue; - perror ("Failed to write to client"); + if (errno == EAGAIN) + /* Wrote as much as possible, return to `select'. */ + goto end_client_fd_write; + if (errno == EINTR) + /* Interrupted, try write again. */ + continue; + perror ("Failed to write to client"); #endif - return -1; - } - logf ("=> %.*s\n", - to_client_end - to_client_start, - to_client + to_client_start); - to_client_start += count; - tracef ("=> client %i bytes\n", count); + return -1; } - tracef ("=> client done\n"); - to_client_start = to_client_end = 0; - end_client_write: - ; + logf ("=> %.*s\n", + to_client_end - to_client_start, + to_client + to_client_start); + to_client_start += count; + tracef ("=> client %i bytes\n", count); } + tracef ("=> client done\n"); + to_client_start = to_client_end = 0; + end_client_fd_write: + ; } - } + } /* while (1) */ return 0; } + +/* Other functions. */ + /** Read the protocol from \arg client_session, which is on \arg * client_socket. * @@ -1137,7 +1656,7 @@ if (count < 0) { #if OVAS_SSL - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) + if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) /* Interrupted, try read again. */ goto retry; if (errno == GNUTLS_E_REHANDSHAKE) @@ -1188,8 +1707,8 @@ /** Serve the client. * * Connect to the openvasd server, then call either \ref serve_otp or \ref - * serve_omp to serve the protocol, depending on the first message read - * from the client. + * serve_omp to serve the protocol, depending on the first message that + * the client sends. * * @param[in] client_socket The socket connected to the client. * @@ -1274,8 +1793,11 @@ { if (ret == GNUTLS_E_AGAIN || ret == GNUTLS_E_INTERRUPTED +#if 0 || errno == EAGAIN - || errno == EINTR) + || errno == EINTR +#endif + ) goto retry; fprintf (stderr, "Failed to shake hands with server.\n"); gnutls_perror (ret); @@ -1373,14 +1895,13 @@ #endif close (server_socket); - return EXIT_FAILURE; } -#undef CLIENT_READ -#undef CLIENT_WRITE -#undef SERVER_READ -#undef SERVER_WRITE +#undef FD_CLIENT_READ +#undef FD_CLIENT_WRITE +#undef FD_SERVER_READ +#undef FD_SERVER_WRITE /** Accept and fork. * @@ -1422,6 +1943,7 @@ if (fcntl (client_socket, F_SETFL, O_NONBLOCK) == -1) { perror ("Failed to set client socket flag"); + shutdown (client_socket, SHUT_RDWR); close (client_socket); exit (EXIT_FAILURE); } @@ -1433,16 +1955,22 @@ fprintf (stderr, "Failed to attach server context to socket %i.\n", client_socket); + shutdown (client_socket, SHUT_RDWR); close (client_socket); exit (EXIT_FAILURE); } - tracef ("Server context attached.\n") + tracef ("Server context attached.\n"); int ret = serve_client (secure_client_socket); close_stream_connection (secure_client_socket); #else int ret = serve_client (client_socket); + if (shutdown (client_socket, SHUT_RDWR) == -1) + { + fprintf (stderr, "(fail on socket %i)\n", client_socket); + perror ("Failed to shutdown client socket"); + } + close (client_socket); #endif - close (client_socket); exit (ret); } case -1: @@ -1488,6 +2016,7 @@ } } + /** Entry point to the manager. * * Setup the manager and then loop forever passing connections to @@ -1503,6 +2032,12 @@ { int server_port, manager_port; tracef ("OpenVAS Manager\n"); + tracef ("GNUTLS_E_AGAIN %i\n", GNUTLS_E_AGAIN); + tracef ("GNUTLS_E_INTERRUPTED %i\n", GNUTLS_E_INTERRUPTED); + tracef ("GNUTLS_E_REHANDSHAKE %i\n", GNUTLS_E_REHANDSHAKE); + tracef ("-8: %s\n", strerror(8)); + tracef ("-9: %s\n", strerror(9)); + tracef ("-10: %s\n", strerror(10)); /* Process options. */ From scm-commit at wald.intevation.org Thu Dec 4 09:32:19 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 09:32:19 +0100 (CET) Subject: [Openvas-commits] r1913 - in trunk/openvas-client: . nessus Message-ID: <20081204083219.9FEC740732@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-04 09:32:18 +0100 (Thu, 04 Dec 2008) New Revision: 1913 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/nessus.c Log: * nessus/nessus.c (main): Fixed command line parsing to handle parameter assignments like --batchmode=host port ... correctly. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-03 18:21:35 UTC (rev 1912) +++ trunk/openvas-client/ChangeLog 2008-12-04 08:32:18 UTC (rev 1913) @@ -1,3 +1,8 @@ +2008-12-04 Michael Wiegand <michael.wiegand at intevation.de> + + * nessus/nessus.c (main): Fixed command line parsing to handle + parameter assignments like --batchmode=host port ... correctly. + 2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> * /nessus/prefs_dialog/prefs_dialog_plugin_prefs.c : Comments added/ @@ -37,7 +42,7 @@ 2008-12-02 Felix Wolfsteller <felix.wolfsteller at intevation.de> * nessus/plugin_infos.c (plugin_info_window_setup): respect the symbolic - values NOXREF, NOCVE, NOBID and NOSIGNKEY. + values NOXREF, NOCVE, NOBID and NOSIGNKEY. * nessus/pdf_output.c (print_plugin_information): Do not print appendix table rows if NOCVE, NOBID or NOXREF, improved text for signature Modified: trunk/openvas-client/nessus/nessus.c =================================================================== --- trunk/openvas-client/nessus/nessus.c 2008-12-03 18:21:35 UTC (rev 1912) +++ trunk/openvas-client/nessus/nessus.c 2008-12-04 08:32:18 UTC (rev 1913) @@ -660,7 +660,7 @@ #ifdef USE_GTK static gboolean no_pixmap = FALSE; #endif - static gboolean batch_mode = FALSE; + static gchar *batch_mode = NULL; static gboolean list_plugins = FALSE; static gboolean list_prefs = FALSE; static gchar *in_report = NULL; @@ -681,7 +681,7 @@ #ifdef USE_GTK { "no-pixmap", 'n', 0, G_OPTION_ARG_NONE, &no_pixmap, N_("No pixmaps"), NULL }, #endif - { "batch-mode", 'q', 0, G_OPTION_ARG_NONE, &batch_mode, N_("Batch-mode scan"), N_("<host> <port> <user> <pass> <targets-file> <result-file>") }, + { "batch-mode", 'q', 0, G_OPTION_ARG_STRING, &batch_mode, N_("Batch-mode scan"), N_("<host> <port> <user> <pass> <targets-file> <result-file>") }, { "make-config-file", 'm', G_OPTION_FLAG_HIDDEN, G_OPTION_ARG_NONE, &make_config_file, "", NULL }, { "config-file", 'c', 0, G_OPTION_ARG_FILENAME, &config_file, N_("Configuration file"), N_("<.rcfile>") }, #ifndef NO_GDCHART @@ -738,7 +738,7 @@ exit(0); } - if (batch_mode) + if (batch_mode != NULL) { quiet_mode = TRUE; } @@ -834,7 +834,7 @@ } #define BATCH_USAGE "-q host port user pass" -#define BATCH_ARGC 4 +#define BATCH_ARGC 3 #ifdef ENABLE_SAVE_TESTS if(list_sessions && (remaining_options_count < BATCH_ARGC) && !quiet_mode) @@ -904,7 +904,7 @@ cli_args_verbose(cli, verbose); /* with, or without ENABLE_CRYPTO_LAYER */ -#define NUM_ARGS 6 +#define NUM_ARGS 5 #ifndef ENABLE_SAVE_TESTS @@ -938,6 +938,7 @@ } else if (remaining_options_count != NUM_ARGS) { + printf("remaining_options_count: %d\n", remaining_options_count); printf(_("Batch mode requires login information.\n")); printf(_("Please use %s --help for more information.\n"), myself); exit(0); @@ -946,16 +947,16 @@ #endif /* next arguments: SERVER PORT */ - cli_args_server(cli, remaining_options[0]); - cli_args_port(cli, atoi(remaining_options[1])); + cli_args_server(cli, batch_mode); + cli_args_port(cli, atoi(remaining_options[0])); /* next argument: LOGIN */ - arg = remaining_options[2]; + arg = remaining_options[1]; cli_args_login(cli, arg); bzero(arg, strlen(arg)); /* next argument: PASSWORD */ - arg = remaining_options[3]; + arg = remaining_options[2]; cli_args_password(cli, arg); bzero(arg, strlen(arg)); @@ -994,20 +995,20 @@ { if(restore_session) { - cli_args_results(cli, remaining_options[4]); + cli_args_results(cli, remaining_options[3]); } else { if(!list_sessions) { - char * t = remaining_options[4]; + char * t = remaining_options[3]; if(t) cli_args_target(cli, t); else { fprintf(stderr, _("Missing parameter\n")); } - t = remaining_options[5]; + t = remaining_options[4]; if(t) cli_args_results(cli, t); else From scm-commit at wald.intevation.org Thu Dec 4 09:59:49 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 09:59:49 +0100 (CET) Subject: [Openvas-commits] r1914 - in trunk/openvas-client: . nessus Message-ID: <20081204085949.2F76540732@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-04 09:59:48 +0100 (Thu, 04 Dec 2008) New Revision: 1914 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/nessus.c Log: * nessus/nessus.c (main): Improved handling of --list-plugins and --list-prefs parameters, made error messages more useful, removed stray printf. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-04 08:32:18 UTC (rev 1913) +++ trunk/openvas-client/ChangeLog 2008-12-04 08:59:48 UTC (rev 1914) @@ -1,5 +1,11 @@ 2008-12-04 Michael Wiegand <michael.wiegand at intevation.de> + * nessus/nessus.c (main): Improved handling of --list-plugins and + --list-prefs parameters, made error messages more useful, removed + stray printf. + +2008-12-04 Michael Wiegand <michael.wiegand at intevation.de> + * nessus/nessus.c (main): Fixed command line parsing to handle parameter assignments like --batchmode=host port ... correctly. Modified: trunk/openvas-client/nessus/nessus.c =================================================================== --- trunk/openvas-client/nessus/nessus.c 2008-12-04 08:32:18 UTC (rev 1913) +++ trunk/openvas-client/nessus/nessus.c 2008-12-04 08:59:48 UTC (rev 1914) @@ -743,9 +743,10 @@ quiet_mode = TRUE; } - if (list_prefs) + if (list_prefs || list_plugins) { - ListOnly = 1; + ListOnly = 1; + quiet_mode = TRUE; } #ifdef ENABLE_SAVE_TESTS @@ -833,7 +834,7 @@ exit(1); } -#define BATCH_USAGE "-q host port user pass" +#define BATCH_USAGE "batch mode and <host> <port> <user> <pass> " #define BATCH_ARGC 3 #ifdef ENABLE_SAVE_TESTS @@ -845,7 +846,7 @@ if(restore_session && (remaining_options_count < BATCH_ARGC) && !quiet_mode) { - fprintf(stderr, _("restore-session requires -q %s result\n"), BATCH_USAGE); + fprintf(stderr, _("restore-session requires -q %s <result>\n"), BATCH_USAGE); exit(1); } @@ -936,9 +937,17 @@ exit(1); } } + else if(list_prefs || list_plugins) + { + if (remaining_options_count < NUM_ARGS - 2) + { + fprintf(stderr, "%s" BATCH_USAGE "\n", + _("list_prefs and list_plugins require ")); + exit(1); + } + } else if (remaining_options_count != NUM_ARGS) { - printf("remaining_options_count: %d\n", remaining_options_count); printf(_("Batch mode requires login information.\n")); printf(_("Please use %s --help for more information.\n"), myself); exit(0); From scm-commit at wald.intevation.org Thu Dec 4 10:19:04 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 10:19:04 +0100 (CET) Subject: [Openvas-commits] r1915 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20081204091904.3DB7440732@pyrosoma.intevation.org> Author: felix Date: 2008-12-04 10:19:03 +0100 (Thu, 04 Dec 2008) New Revision: 1915 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c Log: * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (pprefs_add_notebook_page) : Added comment, collapsed code duplicate. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-04 08:59:48 UTC (rev 1914) +++ trunk/openvas-client/ChangeLog 2008-12-04 09:19:03 UTC (rev 1915) @@ -1,3 +1,8 @@ +2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + (pprefs_add_notebook_page) : Added comment, collapsed code duplicate. + 2008-12-04 Michael Wiegand <michael.wiegand at intevation.de> * nessus/nessus.c (main): Improved handling of --list-plugins and Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-04 08:59:48 UTC (rev 1914) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-04 09:19:03 UTC (rev 1915) @@ -279,6 +279,15 @@ } +/** + * Adds a notebook page to either the plugin preference notebook or the + * credentials notebook and returns the vbox for it. + * @param ctrls Arglist in which the other Gtk widgets are held. + * @param name Name for the new notebook page. + * @param credentials If 0 page is added to preference notebook, otherwise to + * credentials notebook. + * @return The Gtk vbox nested in a Gtk scrolled window of the new page. + */ static GtkWidget * pprefs_add_notebook_page(ctrls, name, credentials) struct arglist *ctrls; @@ -286,38 +295,24 @@ int credentials; { GtkWidget *vbox = NULL; - + GtkWidget *notebook = NULL; + if (credentials == 0) - { - GtkWidget *listnotebook = arg_get_value(ctrls, "PLUGIN_PREFS"); - GtkWidget *s_window = gtk_scrolled_window_new(NULL, NULL); - - read_only_set_recurse(s_window); - gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(s_window), - GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); - gtk_widget_show(s_window); - vbox = gtk_vbox_new(FALSE, FALSE); - gtk_scrolled_window_add_with_viewport(GTK_SCROLLED_WINDOW(s_window), vbox); - gtk_widget_show(vbox); - - listnotebook_add_page(listnotebook, s_window, name, NULL); - } + notebook = arg_get_value(ctrls, "PLUGIN_PREFS"); else - { - GtkWidget *cred_listnotebook = arg_get_value(ctrls, "PLUGIN_CREDENTIALS"); - GtkWidget *s_window = gtk_scrolled_window_new(NULL, NULL); + notebook = arg_get_value(ctrls, "PLUGIN_CREDENTIALS"); + + GtkWidget *s_window = gtk_scrolled_window_new(NULL, NULL); + read_only_set_recurse(s_window); + gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(s_window), + GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); + gtk_widget_show(s_window); + vbox = gtk_vbox_new(FALSE, FALSE); + gtk_scrolled_window_add_with_viewport(GTK_SCROLLED_WINDOW(s_window), vbox); + gtk_widget_show(vbox); - read_only_set_recurse(s_window); - gtk_scrolled_window_set_policy(GTK_SCROLLED_WINDOW(s_window), - GTK_POLICY_AUTOMATIC, GTK_POLICY_AUTOMATIC); - gtk_widget_show(s_window); - vbox = gtk_vbox_new(FALSE, FALSE); - gtk_scrolled_window_add_with_viewport(GTK_SCROLLED_WINDOW(s_window), vbox); - gtk_widget_show(vbox); + listnotebook_add_page(notebook, s_window, name, NULL); - listnotebook_add_page(cred_listnotebook, s_window, name, NULL); - } - return vbox; } From scm-commit at wald.intevation.org Thu Dec 4 13:07:19 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 13:07:19 +0100 (CET) Subject: [Openvas-commits] r1916 - trunk/doc/website Message-ID: <20081204120719.C4B8C4075A@pyrosoma.intevation.org> Author: felix Date: 2008-12-04 13:07:19 +0100 (Thu, 04 Dec 2008) New Revision: 1916 Modified: trunk/doc/website/openvas-cr-20.htm4 Log: Included Jans comments CR#20 Modified: trunk/doc/website/openvas-cr-20.htm4 =================================================================== --- trunk/doc/website/openvas-cr-20.htm4 2008-12-04 09:19:03 UTC (rev 1915) +++ trunk/doc/website/openvas-cr-20.htm4 2008-12-04 12:07:19 UTC (rev 1916) @@ -28,7 +28,7 @@ PAGE_START <h2>OpenVAS Change Request #20: OpenVAS: Improve SSH Credentials Management</h2> -Status: In discusssion. +Status: Voted +4. <h3>Purpose</h3> @@ -40,6 +40,8 @@ <h3>References</h3> <p> +<a href="http://lists.wald.intevation.org/pipermail/openvas-devel/2008-December/001122.html"> +Voting thread on mailing list.</a> </p> <h3>Rationale</h3> @@ -96,6 +98,10 @@ <h3>Design and Implementation</h3> <p> +SSH Keys would be placed in subdirectories of scope directories. +</p> + +<p> The new preference type would have to be defined in openvas-libraries/include/libopenvas.h and openvas-client/nessus/comm.h. </p> @@ -111,9 +117,34 @@ preference type there. </p> + +This change Request can be carried out in three steps: +<ul> + <li> (client + server) Extend NASL script_add_preference types by + "sshcredentials".</li> + <li> (client) Offer per-scope list of known keys.</li> + <li> (client) Add key management facility.</li> +</ul> + +A discussion might follow, that is likely to spawn new Change Requests that +tackle these issues:<br> +<ul> + <li>(jan) We need to fix up the problem that ssh_funcs needs the public + key to work properly. In fact, the public key is not necessary and thus + should not be part of the sshcredentials. </li> + <li>(jan) Are we going to support both uname+pw and uname+key+pw? Or should we + drop one of them? </li> + <li>(miachael) If this mechanism proves useful in improving the handling of + SSH credentials, it could be extended to other credentials, like SMB, FTP + or HTTP login information. </li> +</ul> + + <h3>History</h3> <ul> +<li> 2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de>:<br> + Included comments from Mailinglist.</li> <li> 2008-11-20 Michael Wiegand <michael.wiegand at intevation.de>:<br> Initial text.</li> </ul> From scm-commit at wald.intevation.org Thu Dec 4 13:10:15 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 13:10:15 +0100 (CET) Subject: [Openvas-commits] r1917 - trunk/doc/website Message-ID: <20081204121015.3F0B64075A@pyrosoma.intevation.org> Author: felix Date: 2008-12-04 13:10:13 +0100 (Thu, 04 Dec 2008) New Revision: 1917 Modified: trunk/doc/website/openvas-crs.htm4 Log: Included CR23 in overview, updated CR20 status Modified: trunk/doc/website/openvas-crs.htm4 =================================================================== --- trunk/doc/website/openvas-crs.htm4 2008-12-04 12:07:19 UTC (rev 1916) +++ trunk/doc/website/openvas-crs.htm4 2008-12-04 12:10:13 UTC (rev 1917) @@ -63,9 +63,10 @@ <li> <a href="openvas-cr-17.html">OpenVAS Change Request #17: OTP: Make NVT signatures available to OpenVAS-Client</a> (in progress) <li> <a href="openvas-cr-18.html">OpenVAS Change Request #18: OpenVAS-Client: Improve Handling of False-Positives</a> (in progress) <li> <a href="openvas-cr-19.html">OpenVAS Change Request #19: Agree on a style guideline and on a format for the documentation</a> (in discussion) -<li> <a href="openvas-cr-20.html">OpenVAS Change Request #20: OpenVAS: Improve SSH Credentials Management</a> (in discussion) +<li> <a href="openvas-cr-20.html">OpenVAS Change Request #20: OpenVAS: Improve SSH Credentials Management</a> (in progress) <li> <a href="openvas-cr-21.html">OpenVAS Change Request #21: OpenVAS-Client: Improve Vulnerability Summary Listing</a> (in discussion) <li> <a href="openvas-cr-22.html">OpenVAS Change Request #22: OpenVAS-libnasl: Introduce new script_tag Command</a> (in progress) +<li> <a href="openvas-cr-23.html">OpenVAS Change Request #23: OpenVAS-libnasl: Standardize Script Families for NVT</a> (in discussion) </ul> <h3>How to write a change request</h3> From scm-commit at wald.intevation.org Thu Dec 4 13:20:07 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 13:20:07 +0100 (CET) Subject: [Openvas-commits] r1918 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20081204122007.841824075A@pyrosoma.intevation.org> Author: felix Date: 2008-12-04 13:20:07 +0100 (Thu, 04 Dec 2008) New Revision: 1918 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c Log: * nessus/prefs_dialog/prefs_dialog.c : Removed (disabled) menuitem_TODO. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-04 12:10:13 UTC (rev 1917) +++ trunk/openvas-client/ChangeLog 2008-12-04 12:20:07 UTC (rev 1918) @@ -1,5 +1,9 @@ -2008-12-03 Felix Wolfsteller <felix.wolfsteller at intevation.de> +2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * nessus/prefs_dialog/prefs_dialog.c : Removed (disabled) menuitem_TODO. + +2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (pprefs_add_notebook_page) : Added comment, collapsed code duplicate. Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2008-12-04 12:10:13 UTC (rev 1917) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2008-12-04 12:20:07 UTC (rev 1918) @@ -179,13 +179,6 @@ /* * Menu items */ -void -menuitem_TODO(menuitem, ctrls) - GtkWidget *menuitem; - struct arglist *ctrls; -{ - show_error(_("Not yet implemented.")); -} void menuitem_add(menuitem, menu, name, stockicon, func) @@ -464,13 +457,6 @@ menuitem_add(menuitem, submenu, "EXECSCOPE_MENUITEM", NULL, GTK_SIGNAL_FUNC(prefs_dialog_execute)); -#if 0 - menuitem = gtk_image_menu_item_new_from_stock("gtk-stop", accel_group); - menuitem_add(menuitem, submenu, "STOPSCOPE_MENUITEM", NULL, - GTK_SIGNAL_FUNC(menuitem_TODO)); - gtk_widget_set_sensitive(menuitem, FALSE); -#endif - menuitem_separator(submenu); menuitem = gtk_image_menu_item_new_with_mnemonic(_("_New")); From scm-commit at wald.intevation.org Thu Dec 4 13:42:49 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 13:42:49 +0100 (CET) Subject: [Openvas-commits] r1919 - in trunk/openvas-client: . nessus nessus/prefs_dialog Message-ID: <20081204124249.6313E4075D@pyrosoma.intevation.org> Author: felix Date: 2008-12-04 13:42:48 +0100 (Thu, 04 Dec 2008) New Revision: 1919 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/context.c trunk/openvas-client/nessus/context.h trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c Log: Transformed comments to javadoc style. * nessus/prefs_dialog/prefs_dialog.c : Transformed single star to double star ("javadoc") comments. * nessus/context.c : Added second star to start of function comments. * nessus/context.h : Documented signer_fp_certificates, removed comment duplicate (double of context.c). Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-04 12:20:07 UTC (rev 1918) +++ trunk/openvas-client/ChangeLog 2008-12-04 12:42:48 UTC (rev 1919) @@ -1,5 +1,17 @@ 2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Transformed comments to javadoc style. + + * nessus/prefs_dialog/prefs_dialog.c : Transformed single star to double + star ("javadoc") comments. + + * nessus/context.c : Added second star to start of function comments. + + * nessus/context.h : Documented signer_fp_certificates, removed comment + duplicate (double of context.c). + +2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * nessus/prefs_dialog/prefs_dialog.c : Removed (disabled) menuitem_TODO. 2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de> Modified: trunk/openvas-client/nessus/context.c =================================================================== --- trunk/openvas-client/nessus/context.c 2008-12-04 12:20:07 UTC (rev 1918) +++ trunk/openvas-client/nessus/context.c 2008-12-04 12:42:48 UTC (rev 1919) @@ -81,7 +81,8 @@ } -/* reset the tree store and model for the plugins. +/** + * Resets the tree store and model for the plugins. * When compiling without USE_GTK, this function does nothing. */ void @@ -101,7 +102,8 @@ #endif } -/* Force a redraw of the plugin prefs widgets. The redraw is not +/** + * Force a redraw of the plugin prefs widgets. The redraw is not * directly here. It will happen as soon as prefs_plugins_prefs_redraw * is called. * When compiling without USE_GTK, this function does nothing. @@ -122,7 +124,9 @@ } -/* Reset the plugin information of the context */ +/** + * Reset the plugin information of the context + */ void context_reset_plugins(struct context *context) { @@ -134,7 +138,7 @@ context_reset_plugin_tree(context); } -/* +/** * Add a plugin to the context. If the plugin is a scanner, it's added * to context->scanners and the corresponding scanner set. Otherwise * it's a normal plugin and is added to context->plugins list and the @@ -598,7 +602,8 @@ } -/* Fill the plugin preferences from the information read from the +/** + * Fill the plugin preferences from the information read from the * report's nessusrc. */ static void @@ -628,7 +633,8 @@ } -/* Load the plugin cache of the context if it has one, the context +/** + * Load the plugin cache of the context if it has one, the context * doesn't have plugin information yet and the user actually wants to * load plugin information for the given type of context. */ @@ -649,8 +655,9 @@ } } -/* This function sync the plugin preferences (for plugins and scanners) - * for the given context. +/** + * Syncs the plugin preferences (for plugins and scanners) for the given + * context. * In fact, the plugin preferences are copied from * context->plugins[plugin][plugin-pref] * and @@ -724,13 +731,12 @@ } -/* +/** * replacements for g_file_test which is unreliable on windows * if nessus and gtk are compiled with a different libc. * * FIXME: handle symbolic links */ - int check_exists(name) const char *name; Modified: trunk/openvas-client/nessus/context.h =================================================================== --- trunk/openvas-client/nessus/context.h 2008-12-04 12:20:07 UTC (rev 1918) +++ trunk/openvas-client/nessus/context.h 2008-12-04 12:42:48 UTC (rev 1919) @@ -76,11 +76,11 @@ GtkTreeStore *plugin_tree_store; GtkTreeModel *plugin_tree_model; #endif - GHashTable* signer_fp_certificates; - /* reports may have plugin information too. They can be quite large, - * so we avoid loading them. This flag indicates whether the plugin - * information has been loaded. - */ + /** Maps openvas_certificate* (value) to their fingerprints (key). */ + GHashTable* signer_fp_certificates; + /* Reports may have plugin information too. They can be quite large, + * so we avoid loading them.*/ + /** Indicates whether the plugin information has been loaded. */ int plugin_cache_loaded; }; @@ -96,15 +96,6 @@ void context_set_plugins_md5sum(struct context *context, const char *md5sum); void context_reset_plugins(struct context *context); -/* This function syncs the plugin preferences (for plugins and scanners) - * for the given context. - * In fact, the plugin preferences are copied from - * context->plugins[plugin][plugin-pref] - * and - * context->scanners->[plugin][plugin-pref] - * to - * context->prefs["PLUGINS_PREFS"][plugin] - */ void context_sync_plugin_prefs(struct context *); void context_collect(struct context*); Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2008-12-04 12:20:07 UTC (rev 1918) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2008-12-04 12:42:48 UTC (rev 1919) @@ -85,7 +85,7 @@ static void prefs_dialog_set_tooltips(struct arglist *); -/* +/** * launch the users manual pdf document with the configure * pdf viewer. */ @@ -115,7 +115,7 @@ g_free(path); } -/* +/** * Save the current global settings to ~/.nessusrc */ void @@ -131,7 +131,7 @@ show_info(_("The global settings have been saved.")); } -/* +/** * Toggle Toolbar on/off */ void @@ -153,7 +153,7 @@ } } -/* +/** * Toggle Message-Log on/off */ void @@ -216,7 +216,8 @@ } -/* Add a pair of new "stock" icons to the factory. +/** + * Add a pair of new "stock" icons to the factory. * * The parameters small and large are the arrays of char* that make up * an xpm. The icons are added to the factory as an icon set for the @@ -268,7 +269,8 @@ gtk_icon_factory_add(factory, stock_id, iconset); } -/* Create some nessus specific stock icons. +/** + * Create some nessus specific stock icons. * * This function adds several nessus specific icon sets for use in e.g. * menus and buttons. @@ -299,12 +301,8 @@ g_object_unref(G_OBJECT(factory)); } -/* - * prefs_dialog_setup - * - * This function draws the preferences dialog of the Nessus - * client - * +/** + * Draws the preferences dialog of the OpenVAS client */ void prefs_dialog_setup(context) @@ -1404,7 +1402,8 @@ } -/* XXX Warning: +/** + * XXX Warning: * saves to context->plugins and context->scanners, * NOT to context->prefs["PLUGINS_PREFS"] */ From scm-commit at wald.intevation.org Thu Dec 4 14:15:03 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 14:15:03 +0100 (CET) Subject: [Openvas-commits] r1920 - in trunk/openvas-plugins: . scripts Message-ID: <20081204131503.4AC2440763@pyrosoma.intevation.org> Author: chandra Date: 2008-12-04 14:15:00 +0100 (Thu, 04 Dec 2008) New Revision: 1920 Added: trunk/openvas-plugins/scripts/gb_alpine_tmail_n_dmail_bof_vuln_win.nasl trunk/openvas-plugins/scripts/gb_uw_imapd_tmail_n_dmail_bof_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_wireshark_smtp_dos_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_wireshark_smtp_dos_vuln_win.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-04 12:42:48 UTC (rev 1919) +++ trunk/openvas-plugins/ChangeLog 2008-12-04 13:15:00 UTC (rev 1920) @@ -1,3 +1,10 @@ +2008-12-04 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_uw_imapd_tmail_n_dmail_bof_vuln_lin.nasl, + scripts/gb_alpine_tmail_n_dmail_bof_vuln_win.nasl, + scripts/gb_wireshark_smtp_dos_vuln_lin.nasl, + scripts/gb_wireshark_smtp_dos_vuln_win.nasl: + Added new plugins + 2008-12-03 Thomas Reinke <reinke at securityspace.com> * deb_1670_1.nasl deb_1671_1.nasl deb_1672_1.nasl deb_1673_1.nasl deb_1674_1.nasl deb_1675_1.nasl Added: trunk/openvas-plugins/scripts/gb_alpine_tmail_n_dmail_bof_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_alpine_tmail_n_dmail_bof_vuln_win.nasl 2008-12-04 12:42:48 UTC (rev 1919) +++ trunk/openvas-plugins/scripts/gb_alpine_tmail_n_dmail_bof_vuln_win.nasl 2008-12-04 13:15:00 UTC (rev 1920) @@ -0,0 +1,99 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_alpine_tmail_n_dmail_bof_vuln_win.nasl 2008-12-04 11:59:24Z dec $ +# +# Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win) +# +# Authors: +# Veerendra GG <veerendragg at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800150); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5005"); + script_bugtraq_id(32072); + script_name(english:"Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)"); + desc["english"] = " + + Overview: The host has Alpine installed and is prone to Buffer Overflow + Vulnerabilities. + + Vulnerability Insight: + The flaws are caused due to boundary error in the tmail/dmail utility, + when processing overly long mailbox names composed of a username and + + character followed by a long string and also by specifying a long folder + extension argument on the command line. + + Impact: + Successful exploitation allows execution of arbitrary code, but requires + that the utilities are configured as a delivery backend for a mail transfer + agent allowing overly long destination mailbox names. + + Impact Level: Application + + Affected Software/OS: + University of Washington Alpine 2.00 and priror on Windows. + + Fix: Update to higher Version or Apply patches from, + http://www.washington.edu/alpine/tmailbug.html + + ***** + NOTE : Ignore this warning, if above mentioned patch is applied already. + ***** + + References: + http://www.washington.edu/alpine/ + http://secunia.com/advisories/32483 + http://www.frsirt.com/english/advisories/2008/3042/products + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.4 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Alpine"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +apVer = registry_get_sz(item:"DisplayName", + key:"SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Alpine_is1"); +if(!apVer){ + exit(0); +} + +apVer = apVer - "Alpine "; +if(version_is_less_equal(version:apVer, test_version:"2.00")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_alpine_tmail_n_dmail_bof_vuln_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_uw_imapd_tmail_n_dmail_bof_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_uw_imapd_tmail_n_dmail_bof_vuln_lin.nasl 2008-12-04 12:42:48 UTC (rev 1919) +++ trunk/openvas-plugins/scripts/gb_uw_imapd_tmail_n_dmail_bof_vuln_lin.nasl 2008-12-04 13:15:00 UTC (rev 1920) @@ -0,0 +1,121 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_uw_imapd_tmail_n_dmail_bof_vuln_lin.nasl 2008-12-04 16:11:31Z dec $ +# +# UW-imapd tmail and dmail BOF Vulnerabilities (Linux) +# +# Authors: +# Veerendra GG <veerendragg at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800149); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5005"); + script_bugtraq_id(32072); + script_name(english:"UW-imapd tmail and dmail BOF Vulnerabilities (Linux)"); + desc["english"] = " + + Overview: The host has UW-imapd installed and is prone to Buffer Overflow + vulnerabilities. + + Vulnerability Insight: + The flaws are caused due to boundary error in the tmail/dmail utility, + when processing overly long mailbox names composed of a username and '+' + character followed by a long string and when specifying a long folder + extension argument on the command line. + + Impact: + Successful exploitation allows execution of arbitrary code, but requires + that the utilities are configured as a delivery backend for a mail transfer + agent allowing overly long destination mailbox names. + + Impact Level: Application + + Affected Software/OS: + University of Washington Alpine 2.00 and priror on Linux. + University Of Washington's imapd Versions prior to 2007d on Linux. + + Fix: Update to Version 2007d. + http://www.washington.edu/imap/ + http://www.washington.edu/alpine/tmailbug.html + + References: + http://www.washington.edu/alpine/ + http://secunia.com/advisories/32483 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.4 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of UW-imapd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + exit(0); +} + + +include("version_func.inc"); + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +grep = find_bin(prog_name:"grep", sock:sock); +grep = chomp(grep[0]); + +garg[0] = "-o"; +garg[1] = "-m1"; +garg[2] = "-a"; +garg[3] = string("[0-9]\\+[0-9]\\+[0-9]\\+[0-9]a\\?.*OK"); + +imapPath = find_file(file_name:"imapd", file_path:"/", + useregex:TRUE, regexpar:"$", sock:sock); + +foreach imapBin (imapPath) +{ + imapBin = chomp(imapBin); + if(islocalhost()) + { + garg[4] = imapBin; + arg = garg; + } + else + { + arg = garg[0] + " " + garg[1] + " " + garg[2] + " " + + raw_string(0x22) + garg[3] + raw_string(0x22) + " " + imapBin; + } + + imapVer = get_bin_version(full_prog_name:grep, version_argv:arg, sock:sock, + ver_pattern:"[0-9][0-9][0-9][0-9][a-z]?"); + if(imapVer[1] != NULL) + { + if(version_is_less(version:imapVer[1] ,test_version:"2007d")){ + security_hole(0); + } + ssh_close_connection(); + exit(0); + } +} +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/gb_uw_imapd_tmail_n_dmail_bof_vuln_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_wireshark_smtp_dos_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_smtp_dos_vuln_lin.nasl 2008-12-04 12:42:48 UTC (rev 1919) +++ trunk/openvas-plugins/scripts/gb_wireshark_smtp_dos_vuln_lin.nasl 2008-12-04 13:15:00 UTC (rev 1920) @@ -0,0 +1,82 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_smtp_dos_vuln_win.nasl 565 2008-12-03 10:41:54Z dec $ +# +# Wireshark SMTP Processing Denial of Service Vulnerability (Linux) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800075); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5285"); + script_bugtraq_id(32422); + script_name(english:"Wireshark SMTP Processing Denial of Service Vulnerability (Linux)"); + desc["english"] = " + + Overview: The Remote host is installed with Wireshark and is prone to + denial of service vulnerability. + + Vulnerability Insight: + The flaw is due to an error in the SMTP dissector while processing + large SMTP packets. + + Impact: + Successful attacks may cause the application to crash via specially + crafted packets. + + Impact Level: Application + + Affected Software/OS: + Wireshark versions 1.0.4 and prior on Linux + + Fix: Upgrade to Wireshark 1.0.5 + http://www.wireshark.org/download.html + + References: + http://www.vupen.com/english/advisories/2008/3231 + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.7 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Denial of Service"); + script_dependencies("gb_wireshark_detect_lin.nasl"); + exit(0); +} + + +include("version_func.inc"); + +sharkVer = get_kb_item("Wireshark/Linux/Ver"); +if(!sharkVer){ + exit(0); +} + +if(version_is_less_equal(version:sharkVer, test_version:"1.0.4")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/gb_wireshark_smtp_dos_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_wireshark_smtp_dos_vuln_win.nasl 2008-12-04 12:42:48 UTC (rev 1919) +++ trunk/openvas-plugins/scripts/gb_wireshark_smtp_dos_vuln_win.nasl 2008-12-04 13:15:00 UTC (rev 1920) @@ -0,0 +1,82 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_wireshark_smtp_dos_vuln_win.nasl 565 2008-12-03 10:31:24Z dec $ +# +# Wireshark SMTP Processing Denial of Service Vulnerability (Win) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800074); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5285"); + script_bugtraq_id(32422); + script_name(english:"Wireshark SMTP Processing Denial of Service Vulnerability (Win)"); + desc["english"] = " + + Overview: The Remote host is installed with Wireshark and is prone to + denial of service vulnerability. + + Vulnerability Insight: + The flaw is due to an error in the SMTP dissector while processing + large SMTP packets. + + Impact: + Successful attacks may cause the application to crash via specially + crafted packets. + + Impact Level: Application + + Affected Software/OS: + Wireshark version 1.0.4 and prior on Windows. + + Fix: Upgrade to Wireshark 1.0.5 + http://www.wireshark.org/download.html + + References: + http://www.vupen.com/english/advisories/2008/3231 + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.7 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Denial of Service"); + script_dependencies("gb_wireshark_detect_win.nasl"); + exit(0); +} + + +include("version_func.inc"); + +sharkVer = get_kb_item("Wireshark/Win/Ver"); +if(!sharkVer){ + exit(0); +} + +if(version_is_less_equal(version:sharkVer, test_version:"1.0.4")){ + security_warning(0); +} From scm-commit at wald.intevation.org Thu Dec 4 22:20:23 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 22:20:23 +0100 (CET) Subject: [Openvas-commits] r1921 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20081204212023.49DC840760@pyrosoma.intevation.org> Author: joeyschulze Date: 2008-12-04 22:20:22 +0100 (Thu, 04 Dec 2008) New Revision: 1921 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_scope_tree.c Log: Implementation of CR#21: Improve Vulnerability Summary Listing Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-04 13:15:00 UTC (rev 1920) +++ trunk/openvas-client/ChangeLog 2008-12-04 21:20:22 UTC (rev 1921) @@ -1,3 +1,11 @@ +2008-12-04 Joey Schulze <joey at infodrom.org> + + * nessus/prefs_dialog/prefs_scope_tree.c (scopetree_move, + scopetree_new_with_parent, scopetreeview_create_columns, + scope_create_treestore): Adjust visible order of vulnerabilities + to most important one first + (Change Request #21) + 2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de> Transformed comments to javadoc style. Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_scope_tree.c 2008-12-04 13:15:00 UTC (rev 1920) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_scope_tree.c 2008-12-04 21:20:22 UTC (rev 1921) @@ -95,7 +95,7 @@ gtk_tree_path_free(path); gtk_tree_model_get(model, &iter, COL_NAME, ©_name, - COL_NOTE, ©_note, COL_WARN, ©_warn, COL_HOLE, ©_hole, + COL_HOLE, ©_hole, COL_WARN, ©_warn, COL_NOTE, ©_note, COL_EDITABLE, ©_editable, -1); /* create the target context */ @@ -105,7 +105,7 @@ gtk_tree_store_append(GTK_TREE_STORE(model), &iter, &parent); gtk_tree_store_set(GTK_TREE_STORE(model), &iter, COL_CONTEXT, context, COL_NAME, copy_name, - COL_NOTE, copy_note, COL_WARN, copy_warn, COL_HOLE, copy_hole, + COL_HOLE, copy_hole, COL_WARN, copy_warn, COL_NOTE, copy_note, COL_EDITABLE, copy_editable, -1); scopetree_save_treerowref(context, model, iter); @@ -287,7 +287,7 @@ gtk_tree_store_set(GTK_TREE_STORE(model), &iter, COL_CONTEXT, context, COL_NAME, prefs_get_string(context, "name"), - COL_NOTE, -1, COL_WARN, -1, COL_HOLE, -1, + COL_HOLE, -1, COL_WARN, -1, COL_NOTE, -1, COL_EDITABLE, TRUE, -1); scopetree_save_treerowref(context, model, iter); @@ -791,15 +791,15 @@ column = gtk_tree_view_column_new(); gtk_tree_view_column_set_resizable(GTK_TREE_VIEW_COLUMN(column), 1); - gtk_tree_view_column_set_title(column, _("Low")); + gtk_tree_view_column_set_title(column, _("High")); gtk_tree_view_append_column(GTK_TREE_VIEW(view), column); renderer = gtk_cell_renderer_text_new(); g_object_set(renderer, "xalign", (gfloat) 1.0, "xpad", (guint) 8, NULL); gtk_tree_view_column_pack_start(column, renderer, TRUE); - gtk_tree_view_column_add_attribute(column, renderer, "text", COL_NOTE); + gtk_tree_view_column_add_attribute(column, renderer, "text", COL_HOLE); gtk_tree_view_column_set_cell_data_func(column, renderer, cell_counts, - (gpointer) COL_NOTE, NULL); + (gpointer) COL_HOLE, NULL); column = gtk_tree_view_column_new(); gtk_tree_view_column_set_resizable(GTK_TREE_VIEW_COLUMN(column), 1); @@ -815,15 +815,15 @@ column = gtk_tree_view_column_new(); gtk_tree_view_column_set_resizable(GTK_TREE_VIEW_COLUMN(column), 1); - gtk_tree_view_column_set_title(column, _("High")); + gtk_tree_view_column_set_title(column, _("Low")); gtk_tree_view_append_column(GTK_TREE_VIEW(view), column); renderer = gtk_cell_renderer_text_new(); g_object_set(renderer, "xalign", (gfloat) 1.0, "xpad", (guint) 8, NULL); gtk_tree_view_column_pack_start(column, renderer, TRUE); - gtk_tree_view_column_add_attribute(column, renderer, "text", COL_HOLE); + gtk_tree_view_column_add_attribute(column, renderer, "text", COL_NOTE); gtk_tree_view_column_set_cell_data_func(column, renderer, cell_counts, - (gpointer) COL_HOLE, NULL); + (gpointer) COL_NOTE, NULL); } GtkTreeStore * @@ -846,7 +846,7 @@ gtk_tree_store_set(treestore, &global, COL_CONTEXT, context, COL_NAME, prefs_get_string(context, "name"), - COL_NOTE, -1, COL_WARN, -1, COL_HOLE, -1, + COL_HOLE, -1, COL_WARN, -1, COL_NOTE, -1, COL_EDITABLE, FALSE, -1); scopetree_save_treerowref(context, GTK_TREE_MODEL(treestore), global); @@ -857,7 +857,7 @@ gtk_tree_store_set(treestore, &task, COL_CONTEXT, tasks, COL_NAME, prefs_get_string(tasks, "name"), - COL_NOTE, -1, COL_WARN, -1, COL_HOLE, -1, + COL_HOLE, -1, COL_WARN, -1, COL_NOTE, -1, COL_EDITABLE, TRUE, -1); scopetree_save_treerowref(tasks, GTK_TREE_MODEL(treestore), task); scopetree_move_menuitem_add(tasks); @@ -869,7 +869,7 @@ gtk_tree_store_set(treestore, &scope, COL_CONTEXT, scopes, COL_NAME, prefs_get_string(scopes, "name"), - COL_NOTE, -1, COL_WARN, -1, COL_HOLE, -1, + COL_HOLE, -1, COL_WARN, -1, COL_NOTE, -1, COL_EDITABLE, TRUE, -1); scopetree_save_treerowref(scopes, GTK_TREE_MODEL(treestore), scope); @@ -880,7 +880,7 @@ gtk_tree_store_set(treestore, &report, COL_CONTEXT, reports, COL_NAME, prefs_get_string(reports, "name"), - COL_NOTE, -1, COL_WARN, -1, COL_HOLE, -1, + COL_HOLE, -1, COL_WARN, -1, COL_NOTE, -1, COL_EDITABLE, TRUE, -1); scopetree_save_treerowref(reports, GTK_TREE_MODEL(treestore), report); From scm-commit at wald.intevation.org Thu Dec 4 22:21:48 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 4 Dec 2008 22:21:48 +0100 (CET) Subject: [Openvas-commits] r1922 - trunk/doc/website Message-ID: <20081204212148.C6E5F40760@pyrosoma.intevation.org> Author: joeyschulze Date: 2008-12-04 22:21:48 +0100 (Thu, 04 Dec 2008) New Revision: 1922 Modified: trunk/doc/website/openvas-cr-21.htm4 Log: Vote results added, implementation complete Modified: trunk/doc/website/openvas-cr-21.htm4 =================================================================== --- trunk/doc/website/openvas-cr-21.htm4 2008-12-04 21:20:22 UTC (rev 1921) +++ trunk/doc/website/openvas-cr-21.htm4 2008-12-04 21:21:48 UTC (rev 1922) @@ -28,7 +28,7 @@ PAGE_START <h2>OpenVAS Change Request #21: OpenVAS-Client: Improve Vulnerability Summary Listing</h2> -Status: In discusssion. +Status: Voted +3. Implemented with SVN 1921. <h3>Purpose</h3> @@ -78,4 +78,6 @@ <ul> <li> 2008-11-26 Joey Schulze <joey at infodrom.org>:<br> Initial text.</li> +<li> 2008-12-04 Joey Schulze <joey at infodrom.org>:<br> + Vote results added, implementation complete.</li> </ul> From scm-commit at wald.intevation.org Fri Dec 5 08:50:10 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 08:50:10 +0100 (CET) Subject: [Openvas-commits] r1923 - in trunk/openvas-libraries: . libopenvas libopenvas_hg Message-ID: <20081205075010.3EF7540760@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 08:50:08 +0100 (Fri, 05 Dec 2008) New Revision: 1923 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/libopenvas/ftp_funcs.c trunk/openvas-libraries/libopenvas/network.c trunk/openvas-libraries/libopenvas/network.h trunk/openvas-libraries/libopenvas/pcap.c trunk/openvas-libraries/libopenvas/plugutils.c trunk/openvas-libraries/libopenvas/proctitle.c trunk/openvas-libraries/libopenvas/rand.c trunk/openvas-libraries/libopenvas/store.c trunk/openvas-libraries/libopenvas/www_funcs.c trunk/openvas-libraries/libopenvas_hg/test.c Log: Checking for potential code quality issues ahead of the 2.0-rc1 release, setting ignore flags for false positives and using more secure functions for certain string manipulations. * libopenvas_hg/test.c (main): Don't warn against getopt usage, it is not critical here since this application is only intended for demonstration purposes. * libopenvas/pcap.c (get_random_bytes): Ignore warning, this random seed is random enough for our purposes. * libopenvas/plugutils.c: (plug_set_cve_id, plug_set_bugtraq_id, plug_set_xref, plug_set_tag, proto_post_wrapped) Ignore warnings regarding strcat since the memory is allocated correctly before calling strcat. (host_add_port_proto, kb_get_port_state_proto, mark_successful_plugin, mark_post, add_plugin_preference, proto_post_wrapped, scanner_add_port, plug_set_port_transport, plug_get_port_transport, plug_set_ssl_item, find_in_path) Ignore warnings regarding snprintf since libc4 (where snprintf is a security issue) is most certainly not present on system able to compile and run openvas-libraries. (plug_get_key, plug_get_host_open_port) Ignore warnings about lrand48 being not random enough; it is random enough for the usage here. (find_in_path) Removed obsolete code, change sprintf usage to snprintf. * libopenvas/network.c: (get_encaps_name, get_encaps_through, open_sock_tcp, auth_printf) Ignore (v)snprintf warnings; see above. (_socket_get_next_source_addr) Ignore warning about lrand48; see above. * libopenvas/network.h: Ignore false positive in function declaration. * libopenvas/proctitle.c: (initsetproctitle) Changed ignore flag to RATS so both flawfinder and RATS honor it. (setproctitle) Ignore snprintf warnings (see above), change strcpy usage to strncpy. * libopenvas/www_funcs.c: (build_encode_URL) Change strcpy usage to strncpy, change sprintf usage to snprintf, ignore snprintf warnings (see above), ignore lrand48 warnings (see above). * libopenvas/rand.c (nessus_init_random, lrand48, srand48): Ignore warnings about insufficient randomness. * libopenvas/ftp_funcs.c (ftp_log_in): Changed remaining sprintf usage to snprintf, ignore snprintf warnings (see above). * libopenvas/store.c: (arglist2str, store_load_plugin, store_plugin, store_get_plugin_f) Change strcat usage to strncat; ignore RATS warnings regarding strncat since sufficient memory is allocate before strncat usage. (safe_copy, store_plugin) Change ignore flag to RATS. (store_init_sys, store_init_user, store_get_plugin_f, store_load_plugin, store_plugin) Ignore snprintf warnings (see above). Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/ChangeLog 2008-12-05 07:50:08 UTC (rev 1923) @@ -1,3 +1,58 @@ +2008-12-04 Michael Wiegand <michael.wiegand at intevation.de> + + Checking for potential code quality issues ahead of the 2.0-rc1 + release, setting ignore flags for false positives and using more + secure functions for certain string manipulations. + + * libopenvas_hg/test.c (main): Don't warn against getopt usage, it is + not critical here since this application is only intended for + demonstration purposes. + + * libopenvas/pcap.c (get_random_bytes): Ignore warning, this random + seed is random enough for our purposes. + + * libopenvas/plugutils.c: (plug_set_cve_id, plug_set_bugtraq_id, + plug_set_xref, plug_set_tag, proto_post_wrapped) Ignore warnings + regarding strcat since the memory is allocated correctly before + calling strcat. (host_add_port_proto, kb_get_port_state_proto, + mark_successful_plugin, mark_post, add_plugin_preference, + proto_post_wrapped, scanner_add_port, plug_set_port_transport, + plug_get_port_transport, plug_set_ssl_item, find_in_path) Ignore + warnings regarding snprintf since libc4 (where snprintf is a security + issue) is most certainly not present on system able to compile and run + openvas-libraries. (plug_get_key, plug_get_host_open_port) Ignore + warnings about lrand48 being not random enough; it is random enough + for the usage here. (find_in_path) Removed obsolete code, change + sprintf usage to snprintf. + + * libopenvas/network.c: (get_encaps_name, get_encaps_through, + open_sock_tcp, auth_printf) Ignore (v)snprintf warnings; see above. + (_socket_get_next_source_addr) Ignore warning about lrand48; see + above. + + * libopenvas/network.h: Ignore false positive in function declaration. + + * libopenvas/proctitle.c: (initsetproctitle) Changed ignore flag to + RATS so both flawfinder and RATS honor it. (setproctitle) Ignore + snprintf warnings (see above), change strcpy usage to strncpy. + + * libopenvas/www_funcs.c: (build_encode_URL) Change strcpy usage to + strncpy, change sprintf usage to snprintf, ignore snprintf warnings + (see above), ignore lrand48 warnings (see above). + + * libopenvas/rand.c (nessus_init_random, lrand48, srand48): Ignore + warnings about insufficient randomness. + + * libopenvas/ftp_funcs.c (ftp_log_in): Changed remaining sprintf usage + to snprintf, ignore snprintf warnings (see above). + + * libopenvas/store.c: (arglist2str, store_load_plugin, store_plugin, + store_get_plugin_f) Change strcat usage to strncat; ignore RATS + warnings regarding strncat since sufficient memory is allocate before + strncat usage. (safe_copy, store_plugin) Change ignore flag to RATS. + (store_init_sys, store_init_user, store_get_plugin_f, + store_load_plugin, store_plugin) Ignore snprintf warnings (see above). + 2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> Implementing CR #22 (New script_tag Command, Modified: trunk/openvas-libraries/libopenvas/ftp_funcs.c =================================================================== --- trunk/openvas-libraries/libopenvas/ftp_funcs.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/ftp_funcs.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -63,7 +63,7 @@ return 1; - snprintf(buf, sizeof(buf), "USER %s\r\n", username); + snprintf(buf, sizeof(buf), "USER %s\r\n", username); /* RATS: ignore */ write_stream_connection(soc, buf, strlen(buf)); n = recv_line(soc, buf, sizeof(buf) - 1); if(n <= 0) @@ -95,7 +95,7 @@ return 1; - snprintf(buf, sizeof(buf), "PASS %s\r\n", passwd); + snprintf(buf, sizeof(buf), "PASS %s\r\n", passwd); /* RATS: ignore */ write_stream_connection(soc, buf, strlen(buf)); n = recv_line(soc, buf, sizeof(buf) - 1); if( n <= 0 ) @@ -125,7 +125,7 @@ unsigned long * a; unsigned short * p; - sprintf(buf, "PASV\r\n"); + snprintf(buf, 7, "PASV\r\n"); /* RATS: ignore */ write_stream_connection(soc, buf, strlen(buf)); bzero(buf, sizeof(buf)); bzero(addr, sizeof(struct sockaddr_in)); Modified: trunk/openvas-libraries/libopenvas/network.c =================================================================== --- trunk/openvas-libraries/libopenvas/network.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/network.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -1899,7 +1899,7 @@ case NESSUS_ENCAPS_TLSv1: return "TLSv1"; default: - snprintf(str, sizeof(str), "[unknown transport layer - code %d (0x%x)]", code, code); + snprintf(str, sizeof(str), "[unknown transport layer - code %d (0x%x)]", code, code); /* RATS: ignore */ return str; } } @@ -1919,7 +1919,7 @@ case NESSUS_ENCAPS_TLSv1: return " through SSL"; default: - snprintf(str, sizeof(str), " through unknown transport layer - code %d (0x%x)", code, code); + snprintf(str, sizeof(str), " through unknown transport layer - code %d (0x%x)", code, code); /* RATS: ignore */ return str; } } @@ -2091,7 +2091,7 @@ * If we timed out against this port in the past, there's no need * to scan it again */ - snprintf(name, sizeof(name), "/tmp/ConnectTimeout/TCP/%d", port); + snprintf(name, sizeof(name), "/tmp/ConnectTimeout/TCP/%d", port); /* RATS: ignore */ if ( plug_get_key ( args, name, &type ) ) return -1; @@ -2149,7 +2149,7 @@ if ( current_src_addr_pid != mypid ) { current_src_addr_pid = mypid; - current_src_addr = lrand48() % ( num_addrs ) ; + current_src_addr = lrand48() % ( num_addrs ) ; /* RATS: ignore */ if ( src_addrs[current_src_addr].s_addr == 0 ) current_src_addr = 0; } @@ -2371,6 +2371,7 @@ bzero(buffer, sizeof(buffer)); va_start(param, data); + /* RATS: ignore */ vsnprintf(buffer, sizeof(buffer) - 1, data, param); va_end(param); Modified: trunk/openvas-libraries/libopenvas/network.h =================================================================== --- trunk/openvas-libraries/libopenvas/network.h 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/network.h 2008-12-05 07:50:08 UTC (rev 1923) @@ -57,7 +57,7 @@ int open_sock_opt_hn(const char * , unsigned int , int , int, int ); #ifdef __GNUC__ -void auth_printf(struct arglist *, char * , ...) __attribute__ (( format (printf, 2, 3))); +void auth_printf(struct arglist *, char * , ...) __attribute__ (( format (printf, 2, 3))); /* RATS: ignore */ #else void auth_printf(struct arglist *, char * , ...); #endif Modified: trunk/openvas-libraries/libopenvas/pcap.c =================================================================== --- trunk/openvas-libraries/libopenvas/pcap.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/pcap.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -283,7 +283,7 @@ } /* Seed our random generator */ gettimeofday(&tv, NULL); - srand((tv.tv_sec ^ tv.tv_usec) ^ getpid()); + srand((tv.tv_sec ^ tv.tv_usec) ^ getpid()); /* RATS: ignore */ for(i=0; i < sizeof(bytebuf) / sizeof(short); i++) { iptr = (short *) ((char *)bytebuf + i * sizeof(short)); Modified: trunk/openvas-libraries/libopenvas/plugutils.c =================================================================== --- trunk/openvas-libraries/libopenvas/plugutils.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/plugutils.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -300,7 +300,7 @@ if(old != NULL) { old = erealloc(old, strlen(old) + strlen(id) + 3); - strcat(old, ", "); + strcat(old, ", "); /* RATS: ignore */ /* Rid ff warnings */ /* Stmt's valid since len(id)+len(old)+len('\0'+", ") = size of realloc'd memory*/ strcat(old, id); /* RATS: ignore */ @@ -332,7 +332,7 @@ if(old != NULL) { old = erealloc(old, strlen(old) + strlen(id) + 3); - strcat(old, ", "); + strcat(old, ", "); /* RATS: ignore */ strcat(old, id); /* RATS: ignore */ arg_set_value(desc, "BUGTRAQ_ID", strlen(old), old); } @@ -361,9 +361,9 @@ if(old != NULL) { old = erealloc(old, strlen(old) + strlen(name) + strlen(value) + 4); - strcat(old, ", "); + strcat(old, ", "); /* RATS: ignore */ strcat(old, name); /* RATS: ignore */ - strcat(old, ":"); + strcat(old, ":"); /* RATS: ignore */ strcat(old, value); /* RATS: ignore */ arg_set_value(desc, "XREFS", strlen(old), old); } @@ -898,7 +898,7 @@ { char port_s[255]; - snprintf(port_s, sizeof(port_s), "Ports/%s/%d", proto, portnum); + snprintf(port_s, sizeof(port_s), "Ports/%s/%d", proto, portnum); /* RATS: ignore */ plug_set_key(args, port_s, ARG_INT, (void*)1); } @@ -982,7 +982,7 @@ /* Ok, we scanned it. What is its state ? */ - snprintf(port_s, sizeof(port_s), "Ports/%s/%d", proto, portnum); + snprintf(port_s, sizeof(port_s), "Ports/%s/%d", proto, portnum); /* RATS: ignore */ if(kb_item_get_int(kb, port_s) > 0 ) return 1; else @@ -1051,7 +1051,7 @@ bzero(data, sizeof(data)); - snprintf(data, sizeof(data), "Success/%s", oid); + snprintf(data, sizeof(data), "Success/%s", oid); /* RATS: ignore */ plug_set_key(desc, data, ARG_INT,(void*)1); } @@ -1066,7 +1066,7 @@ if(strlen(action) > (sizeof(entry_name) - 20)) return; - snprintf(entry_name, sizeof(entry_name), "SentData/%s/%s", plug_get_oid(desc), action); + snprintf(entry_name, sizeof(entry_name), "SentData/%s/%s", plug_get_oid(desc), action); /* RATS: ignore */ plug_set_key(desc, entry_name, ARG_STRING, content); } @@ -1116,20 +1116,20 @@ strcat(naction, "\n"); if( cve != NULL && cve[0] != '\0') { - strcat(naction, "CVE : "); + strcat(naction, "CVE : "); /* RATS: ignore */ strcat(naction, cve); /* RATS: ignore */ strcat(naction, "\n"); } if( bid != NULL && bid[0] != '\0' ) { - strcat(naction, "BID : "); + strcat(naction, "BID : "); /* RATS: ignore */ strcat(naction, bid); /* RATS: ignore */ strcat(naction, "\n"); } if( xref != NULL && xref[0] != '\0' ) { - strcat(naction, "Other references : "); + strcat(naction, "Other references : "); /* RATS: ignore */ strcat(naction, xref); /* RATS: ignore */ strcat(naction, "\n"); } @@ -1156,7 +1156,7 @@ *idbuffer = '\0'; } else { char * oid = plug_get_oid(desc); - snprintf(idbuffer, sizeof(idbuffer), "<|> %s ", oid); + snprintf(idbuffer, sizeof(idbuffer), "<|> %s ", oid); /* RATS: ignore */ } if(port>0){ snprintf(buffer, 1024 + len, @@ -1410,7 +1410,7 @@ } - snprintf(pref, sizeof(pref), "%s/%s", type, name); + snprintf(pref, sizeof(pref), "%s/%s", type, name); /* RATS: ignore */ arg_add_value(prefs, pref, ARG_STRING, strlen(defaul), estrdup(defaul)); } @@ -1639,7 +1639,7 @@ if(arg_get_value(args, "DIFF_SCAN")) { char port_s[255]; - snprintf(port_s, sizeof(port_s), "Ports/%s/%d", proto, port); + snprintf(port_s, sizeof(port_s), "Ports/%s/%d", proto, port); /* RATS: ignore */ if(kb_item_get_int(plug_get_kb(args), port_s) > 0) do_send = 0; } @@ -1800,7 +1800,7 @@ if ( to != NULL ) tictac = atoi(to); } - srand48(getpid() + getppid() + time(NULL)); + srand48(getpid() + getppid() + time(NULL)); /* RATS: ignore */ sig_term(_exit); sig_alarm(_exit); @@ -1915,7 +1915,7 @@ kb_item_get_all_free(k); if ( num_candidates != 0 ) - return candidates[lrand48() % num_candidates]; + return candidates[lrand48() % num_candidates]; /* RATS: ignore */ else if (open21) return 21; else @@ -1942,7 +1942,7 @@ { char s[256]; - snprintf(s, sizeof(s), "Transports/TCP/%d", port); + snprintf(s, sizeof(s), "Transports/TCP/%d", port); /* RATS: ignore */ plug_set_key(args, s, ARG_INT, GSIZE_TO_POINTER(tr)); } @@ -1953,7 +1953,7 @@ char s[256]; int trp; - snprintf(s, sizeof(s), "Transports/TCP/%d", port); + snprintf(s, sizeof(s), "Transports/TCP/%d", port); /* RATS: ignore */ trp = kb_item_get_int(plug_get_kb(args), s); if (trp >= 0) return trp; @@ -1976,7 +1976,7 @@ char * itemfname; { char s[256]; - snprintf(s, sizeof(s), "SSL/%s", item); + snprintf(s, sizeof(s), "SSL/%s", item); /* RATS: ignore */ plug_set_key(args, s, ARG_STRING, itemfname); } @@ -2023,14 +2023,7 @@ if (len >= MAXPATHLEN) return NULL; -#if 0 - /* Proposed by Devin Kowatch - If it's already an absolute path take it as is */ - if (name[0] == '/' && access(name, X_OK) == 0) - return name; /* Invalid: we should remove everything after the last / */ -#endif - - if (buf == NULL) /* Should we use a standard PATH here? */ + if (buf == NULL) /* Should we use a standard PATH here? */ return NULL; pbuf = buf; @@ -2051,7 +2044,7 @@ /* path too long: cannot be reached */ continue; - sprintf(p2, "/%s", name); + snprintf(p2, MAXPATHLEN, "/%s", name); /* RATS: ignore */ if (access(cmd, X_OK) == 0) { struct stat st; Modified: trunk/openvas-libraries/libopenvas/proctitle.c =================================================================== --- trunk/openvas-libraries/libopenvas/proctitle.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/proctitle.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -33,7 +33,7 @@ environ = (char **) emalloc((sizeof (char *) * (i + 1))+envpsize+1); s = ((char *)environ)+((sizeof (char *) * (i + 1))); for (i = 0; envp[i] != NULL; i++){ - strcpy(s,envp[i]); /* Flawfinder: ignore */ + strcpy(s,envp[i]); /* RATS: ignore */ environ[i] = s; s += strlen(s)+1; } @@ -88,7 +88,7 @@ #endif va_end(param); - snprintf(buf2, sizeof(buf2), "openvasd: %s", buf); + snprintf(buf2, sizeof(buf2), "openvasd: %s", buf); /* RATS: ignore */ bzero(buf, sizeof(buf)); strncpy(buf, buf2, sizeof(buf) - 1); @@ -100,7 +100,7 @@ i = LastArgv - Argv[0] - 2; buf[i] = '\0'; } - (void) strcpy(Argv[0], buf); + (void) strncpy(Argv[0], buf, SPT_BUFSIZE - 1); { char *p; p = &Argv[0][i]; while (p < LastArgv) Modified: trunk/openvas-libraries/libopenvas/rand.c =================================================================== --- trunk/openvas-libraries/libopenvas/rand.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/rand.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -46,18 +46,18 @@ fclose(fp); } x += time(NULL) + getpid() + getppid(); - srand48(x); + srand48(x); /* RATS: ignore */ } #ifndef HAVE_LRAND48 -long lrand48() +long lrand48() /* RATS: ignore */ { return rand(); } -void srand48(long seed) +void srand48(long seed) /* RATS: ignore */ { - srand(seed); + srand(seed); /* RATS: ignore */ } #endif Modified: trunk/openvas-libraries/libopenvas/store.c =================================================================== --- trunk/openvas-libraries/libopenvas/store.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/store.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -72,8 +72,8 @@ sz = strlen(arg->name) + 3 + strlen(ret) * 2; ret = erealloc(ret, sz); } - strcat(ret, ", "); - strcat(ret, arg->name); /* Flawfinder: ignore */ + strncat(ret, ", ", sz - 1); /* RATS: ignore */ + strncat(ret, arg->name, sz - 1); /* RATS: ignore */ arg = arg->next; } return ret; @@ -130,7 +130,7 @@ fprintf(stderr, "openvas-libraries/libopenvas/store.c: %s has a too long %s (%ld)\n", path, item, (long)strlen(str)); return -1; } - strcpy(dst, str); /* Flawfinder: ignore */ + strcpy(dst, str); /* RATS: ignore */ return 0; } /*-----------------------------------------------------------------------------*/ @@ -159,7 +159,7 @@ { current_mode = MODE_SYS; - snprintf(sys_store_dir, sizeof(sys_store_dir), "%s/.desc", dir); + snprintf(sys_store_dir, sizeof(sys_store_dir), "%s/.desc", dir); /* RATS: ignore */ if((mkdir(sys_store_dir, 0755) < 0) && (errno != EEXIST)) { fprintf(stderr, "mkdir(%s) : %s\n", sys_store_dir, strerror(errno)); @@ -181,7 +181,7 @@ int store_init_user(char * dir) { current_mode = MODE_USR; - snprintf(usr_store_dir, sizeof(usr_store_dir), "%s/.desc", dir); + snprintf(usr_store_dir, sizeof(usr_store_dir), "%s/.desc", dir); /* RATS: ignore */ if((mkdir(usr_store_dir, 0755) < 0) && (errno != EEXIST)) { fprintf(stderr, "mkdir(%s) : %s\n", usr_store_dir, strerror(errno)); @@ -211,13 +211,13 @@ if(dir == NULL || dir[0] == '\0' || file == NULL || file[0] == '\0') return -1; - snprintf(file_name, sizeof(file_name), "%s/%s", dir, file); + snprintf(file_name, sizeof(file_name), "%s/%s", dir, file); /* RATS: ignore */ str = strrchr(file_name, '.'); if(str != NULL) { str[0] = '\0'; if(strlen(file_name) + 6 < sizeof(file_name)) - strcat(file_name, ".desc"); + strncat(file_name, ".desc", MAXPATHLEN); /* RATS: ignore */ } if(file == NULL) @@ -305,20 +305,20 @@ bzero(pp, sizeof(pp)); /* Assemble file paths to stat them later */ - snprintf(desc_file, sizeof(desc_file), "%s/.desc/%s", dir, file); + snprintf(desc_file, sizeof(desc_file), "%s/.desc/%s", dir, file); /* RATS: ignore */ str = strrchr(desc_file, '.'); if( str != NULL ) { str[0] = '\0'; if( strlen(desc_file) + 6 < sizeof(desc_file) ) - strcat(desc_file, ".desc"); + strncat(desc_file, ".desc", MAXPATHLEN); /* RATS: ignore */ } - snprintf(asc_file, sizeof(asc_file), "%s/%s", dir, file); + snprintf(asc_file, sizeof(asc_file), "%s/%s", dir, file); /* RATS: ignore */ if( strlen(asc_file) + 5 < sizeof(desc_file) ) { - strcat(asc_file, ".asc"); + strncat(asc_file, ".asc", MAXPATHLEN); /* RATS: ignore */ } else { @@ -326,7 +326,7 @@ return NULL; } - snprintf(plug_file, sizeof(plug_file), "%s/%s", dir, file); + snprintf(plug_file, sizeof(plug_file), "%s/%s", dir, file); /* RATS: ignore */ /* Plugin and cache file have to exist */ if ( stat(plug_file, &stat_plug) < 0 || stat(desc_file, &stat_desc) < 0) @@ -357,7 +357,7 @@ } - snprintf(store_dir, sizeof(store_dir), "%s/.desc", dir); + snprintf(store_dir, sizeof(store_dir), "%s/.desc", dir); /* RATS: ignore */ if(store_get_plugin_f(&p, pp, store_dir, file) < 0) return NULL; @@ -444,17 +444,17 @@ str[0] = '\0'; } strcat(path, "/"); - strcat(path, file); /* Flawfinder: ignore */ + strcat(path, file); /* RATS: ignore */ - snprintf(desc_file, sizeof(desc_file), "%s/%s", dir, file); + snprintf(desc_file, sizeof(desc_file), "%s/%s", dir, file); /* RATS: ignore */ str = strrchr(desc_file, '.'); if( str != NULL ) { str[0] = '\0'; if(strlen(desc_file) + 6 < sizeof(desc_file) ) - strcat(desc_file, ".desc"); + strncat(desc_file, ".desc", MAXPATHLEN); /* RATS: ignore */ } Modified: trunk/openvas-libraries/libopenvas/www_funcs.c =================================================================== --- trunk/openvas-libraries/libopenvas/www_funcs.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas/www_funcs.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -113,7 +113,7 @@ ret = emalloc(l+ 1); if (path == NULL) - strcpy(ret, name); /* Flawfinder: ignore */ + strcpy(ret, name); else sprintf(ret, "%s/%s", path, name); @@ -164,7 +164,7 @@ *s2++ = *s; else { - strcpy(s2, "/./"); + strncpy(s2, "/./", l); s2 += 3; } while (*s != '\0') @@ -193,8 +193,8 @@ { *s2++ = '/'; for (i = reverse_traversal; i > 0; i --) - *s2++ = lrand48() % 26 + 'a'; - strcpy(s2, "/../"); + *s2++ = lrand48() % 26 + 'a'; /* RATS: ignore */ + strncpy(s2, "/../", l); s2 += 4; } while (*s != '\0') @@ -217,11 +217,11 @@ n_slash += 4; s = gizmo; - *s++ = lrand48() % 26 + 'A'; + *s++ = lrand48() % 26 + 'A'; /* RATS: ignore */ for (i = 1; i < 8; i ++) - *s++ = lrand48() % 26 + 'a'; + *s++ = lrand48() % 26 + 'a'; /* RATS: ignore */ *s++ = '\0'; - sprintf(ret2, "/%%20HTTP/1.0%%0d%%0a%s:%%20/../..%s", gizmo, ret); + snprintf(ret2, l, "/%%20HTTP/1.0%%0d%%0a%s:%%20/../..%s", gizmo, ret); /* RATS: ignore */ efree(&ret); ret = ret2; #ifdef URL_DEBUG @@ -239,9 +239,9 @@ s = gizmo; for (i = 0; i < 8; i ++) - *s++ = lrand48() % 26 + 'a'; + *s++ = lrand48() % 26 + 'a'; /* RATS: ignore */ *s++ = '\0'; - sprintf(ret2, "/index.htm%%3f%s=/..%s", gizmo, ret); + snprintf(ret2, l, "/index.htm%%3f%s=/..%s", gizmo, ret); /* RATS: ignore */ efree(&ret); ret = ret2; #ifdef URL_DEBUG @@ -417,7 +417,7 @@ else if (strcmp(abs_URI_host, "random name") == 0) { for (s2 = h, i = 0; i < 16; i ++) - *s2++ = lrand48() % 26 + 'a'; + *s2++ = lrand48() % 26 + 'a'; /* RATS: ignore */ *s2++ = '\0'; } else if (strcmp(abs_URI_host, "random IP") == 0) @@ -432,7 +432,7 @@ n_slash += 2; ret2 = emalloc(l + 1); - sprintf(ret2, "%s://%s%s", abs_URI_type, h, ret); + snprintf(ret2, l, "%s://%s%s", abs_URI_type, h, ret); /* RATS: ignore */ efree(&ret); ret = ret2; #ifdef URL_DEBUG @@ -447,8 +447,8 @@ { l += 3; ret2 = emalloc(l + 1); - strcpy(ret2, "%00"); - strcpy(ret2+3, ret); + strncpy(ret2, "%00", l); + strncpy(ret2+3, ret, (l - 3)); efree(&ret); ret = ret2; } @@ -477,9 +477,9 @@ ret2 = emalloc(l + 1); if (http09) - sprintf(ret2, "%s%c%s", method, sep_c, ret); + snprintf(ret2, l, "%s%c%s", method, sep_c, ret); /* RATS: ignore */ else - sprintf(ret2, "%s%c%s%c%s", method, sep_c, ret, sep_c, httpver); + snprintf(ret2, l, "%s%c%s%c%s", method, sep_c, ret, sep_c, httpver); /* RATS: ignore */ efree(&ret); ret = ret2; Modified: trunk/openvas-libraries/libopenvas_hg/test.c =================================================================== --- trunk/openvas-libraries/libopenvas_hg/test.c 2008-12-04 21:21:48 UTC (rev 1922) +++ trunk/openvas-libraries/libopenvas_hg/test.c 2008-12-05 07:50:08 UTC (rev 1923) @@ -22,7 +22,7 @@ int flags = 0; struct in_addr ip; - while((i=getopt(argc, argv, "dpsnD"))!=-1) + while((i=getopt(argc, argv, "dpsnD"))!=-1) /* RATS: ignore */ switch(i) { case 'd' : flags |= HG_DNS_AXFR;break; From scm-commit at wald.intevation.org Fri Dec 5 10:09:04 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 10:09:04 +0100 (CET) Subject: [Openvas-commits] r1924 - in trunk/openvas-libraries: . libopenvas Message-ID: <20081205090904.817D340760@pyrosoma.intevation.org> Author: felix Date: 2008-12-05 10:09:02 +0100 (Fri, 05 Dec 2008) New Revision: 1924 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/libopenvas/plugutils.c Log: * libopenvas/plugutils.c : Changed comment style, added param documentation for plug_set_sign_key_ids. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2008-12-05 07:50:08 UTC (rev 1923) +++ trunk/openvas-libraries/ChangeLog 2008-12-05 09:09:02 UTC (rev 1924) @@ -1,3 +1,8 @@ +2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + * libopenvas/plugutils.c : Changed comment style, added param + documentation for plug_set_sign_key_ids. + 2008-12-04 Michael Wiegand <michael.wiegand at intevation.de> Checking for potential code quality issues ahead of the 2.0-rc1 Modified: trunk/openvas-libraries/libopenvas/plugutils.c =================================================================== --- trunk/openvas-libraries/libopenvas/plugutils.c 2008-12-05 07:50:08 UTC (rev 1923) +++ trunk/openvas-libraries/libopenvas/plugutils.c 2008-12-05 09:09:02 UTC (rev 1924) @@ -88,7 +88,7 @@ -/* +/** * Escapes \n and \r properly. The resulting string * is copied in another buffer. */ @@ -127,7 +127,7 @@ return realloc(ret, strlen(ret) + 1); } -/* +/** * Replaces escape codes (\n, \r) by the real value * The resulting string is stored in another buffer */ @@ -427,8 +427,11 @@ return store_fetch_tag(desc); } -/* Set string that lists signature keys for a plugin or add it, when not empty. +/** + * Set string that lists signature keys for a plugin or add it, when not empty. * Key-ids are stored as comma- seperated list ('ABCDEFGH,ABCDEFG1'). + * @param desc Plugin as arglist. + * @param key_ids Comma-separated fingerprints. */ void plug_set_sign_key_ids(struct arglist* desc, char* key_ids) { @@ -447,7 +450,9 @@ } } -/* Return pointer to the string that lists signature keys for a plugin */ +/** + * Return pointer to the string that lists signature keys for a plugin + */ char* plug_get_sign_key_ids(struct arglist* desc) { return arg_get_value(desc, "SIGN_KEY_IDS"); @@ -1072,7 +1077,9 @@ -/* Pluto 24.6.00: reduced to one, and left the orig in place */ +/** + * Pluto 24.6.00: reduced to one, and left the orig in place + */ void proto_post_wrapped(desc, port, proto, action, what) struct arglist * desc; From scm-commit at wald.intevation.org Fri Dec 5 10:13:17 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 10:13:17 +0100 (CET) Subject: [Openvas-commits] r1925 - in trunk/openvas-libnasl: . nasl Message-ID: <20081205091317.4E18D40731@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 10:13:16 +0100 (Fri, 05 Dec 2008) New Revision: 1925 Modified: trunk/openvas-libnasl/ChangeLog trunk/openvas-libnasl/nasl/capture_packet.c trunk/openvas-libnasl/nasl/exec.c trunk/openvas-libnasl/nasl/nasl_cmd_exec.c trunk/openvas-libnasl/nasl/nasl_func.c trunk/openvas-libnasl/nasl/nasl_http.c trunk/openvas-libnasl/nasl/nasl_misc_funcs.c trunk/openvas-libnasl/nasl/nasl_nessusd_glue.c trunk/openvas-libnasl/nasl/nasl_packet_forgery.c trunk/openvas-libnasl/nasl/nasl_server.c trunk/openvas-libnasl/nasl/nasl_socket.c trunk/openvas-libnasl/nasl/nasl_text_utils.c trunk/openvas-libnasl/nasl/nasl_tree.c trunk/openvas-libnasl/nasl/nasl_var.c trunk/openvas-libnasl/nasl/preparse.c Log: Checking for potential code quality issues ahead of the 2.0-rc1 release, setting ignore flags for false positives. * nasl/nasl_var.c (get_var_name, array2str, var2str): Ignore warning regarding snprintf usage with very old libc. We assume systems able to compile and run openvas-libnasl no longer use libc4.[45] where this was a potential security issue. * nasl/nasl_misc_funcs.c (nasl_rand): Ignore warning regarding lrand48 not being random enough; it is random enough for our purposes. * nasl/nasl_tree.c (dump_cell_val, nasl_type_name, get_line_nb): Ignore snprintf warnings; see above. * nasl/nasl_nessusd_glue.c (isalldigit): Ignore snprintf warning; see above. * nasl/preparse.c (nasl_load_or_parse, nasl_parse_and_dump): Ignore snprintf warnings; see above. * nasl/nasl_server.c (_nasl_server_start): Ignore snprintf warnings; see above. * nasl/nasl_cmd_exec.c (nasl_get_tmp_dir): Ignore snprintf warning; see above. * nasl/nasl_socket.c (add_udp_data, get_udp_data, rm_udp_data): Ignore snprintf warnings; see above. * nasl/nasl_func.c (nasl_func_call): Ignore snprintf warnings; see above. * nasl/nasl_packet_forgery.c (get_ip_element, nasl_tcp_ping): Ignore snprintf warnings; see above. * nasl/nasl_text_utils.c: (nasl_hex, nasl_hexstr) Ignore snprintf warnings; see above. (_regreplace) Ignore strncat warning since enough memory has been allocated before strncat usage. * nasl/exec.c (cell2str, cell2str_and_size): Ignore snprintf warnings; see above. * nasl/capture_packet.c (init_capture_device): Ignore snprintf warning; see above. * nasl/nasl_http.c (_http_req): Ignore snprintf warnings; see above. Modified: trunk/openvas-libnasl/ChangeLog =================================================================== --- trunk/openvas-libnasl/ChangeLog 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/ChangeLog 2008-12-05 09:13:16 UTC (rev 1925) @@ -1,3 +1,52 @@ +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + + Checking for potential code quality issues ahead of the 2.0-rc1 + release, setting ignore flags for false positives. + + * nasl/nasl_var.c (get_var_name, array2str, var2str): Ignore warning + regarding snprintf usage with very old libc. We assume systems able to + compile and run openvas-libnasl no longer use libc4.[45] where this + was a potential security issue. + + * nasl/nasl_misc_funcs.c (nasl_rand): Ignore warning regarding lrand48 + not being random enough; it is random enough for our purposes. + + * nasl/nasl_tree.c (dump_cell_val, nasl_type_name, get_line_nb): + Ignore snprintf warnings; see above. + + * nasl/nasl_nessusd_glue.c (isalldigit): Ignore snprintf warning; see + above. + + * nasl/preparse.c (nasl_load_or_parse, nasl_parse_and_dump): Ignore + snprintf warnings; see above. + + * nasl/nasl_server.c (_nasl_server_start): Ignore snprintf warnings; + see above. + + * nasl/nasl_cmd_exec.c (nasl_get_tmp_dir): Ignore snprintf warning; + see above. + + * nasl/nasl_socket.c (add_udp_data, get_udp_data, rm_udp_data): Ignore + snprintf warnings; see above. + + * nasl/nasl_func.c (nasl_func_call): Ignore snprintf warnings; see + above. + + * nasl/nasl_packet_forgery.c (get_ip_element, nasl_tcp_ping): Ignore + snprintf warnings; see above. + + * nasl/nasl_text_utils.c: (nasl_hex, nasl_hexstr) Ignore snprintf + warnings; see above. (_regreplace) Ignore strncat warning since enough + memory has been allocated before strncat usage. + + * nasl/exec.c (cell2str, cell2str_and_size): Ignore snprintf warnings; + see above. + + * nasl/capture_packet.c (init_capture_device): Ignore snprintf + warning; see above. + + * nasl/nasl_http.c (_http_req): Ignore snprintf warnings; see above. + 2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> Implementing CR #22 (New script_tag Command, Modified: trunk/openvas-libnasl/nasl/capture_packet.c =================================================================== --- trunk/openvas-libnasl/nasl/capture_packet.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/capture_packet.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -53,7 +53,7 @@ filter = emalloc(256); free_filter = 1; if(islocalhost(&src) == 0) - snprintf(filter, 256, "ip and (src host %s and dst host %s)", + snprintf(filter, 256, "ip and (src host %s and dst host %s)", /* RATS: ignore */ a_src, a_dst); } Modified: trunk/openvas-libnasl/nasl/exec.c =================================================================== --- trunk/openvas-libnasl/nasl/exec.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/exec.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -189,7 +189,7 @@ case CONST_INT: p = malloc(16); if (p != NULL) - snprintf(p, 16, "%d", c->x.i_val); + snprintf(p, 16, "%d", c->x.i_val); /* RATS: ignore */ return p; case CONST_STR: @@ -238,7 +238,7 @@ p = malloc(16); if ( p == NULL ) return NULL; - snprintf(p, 16, "%d", c->x.i_val); + snprintf(p, 16, "%d", c->x.i_val); /* RATS: ignore */ if(sz != NULL)*sz = strlen(p); return p; Modified: trunk/openvas-libnasl/nasl/nasl_cmd_exec.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_cmd_exec.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_cmd_exec.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -451,7 +451,7 @@ char path[MAXPATHLEN]; if (check_authenticated(lexic) < 0) return NULL; - snprintf(path, sizeof(path), "%s/lib/openvas/tmp/", NESSUS_STATE_DIR); + snprintf(path, sizeof(path), "%s/lib/openvas/tmp/", NESSUS_STATE_DIR); /* RATS: ignore */ if (access(path, R_OK|W_OK|X_OK) < 0) { nasl_perror(lexic, "get_tmp_dir(): %s not available - check your OpenVAS installation\n", path); Modified: trunk/openvas-libnasl/nasl/nasl_func.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_func.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_func.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -176,7 +176,7 @@ { trace_buf = emalloc(TRACE_BUF_SZ); tn = - snprintf(trace_buf, TRACE_BUF_SZ, "Call %s(", f->func_name); + snprintf(trace_buf, TRACE_BUF_SZ, "Call %s(", f->func_name); /* RATS: ignore */ if (tn > 0) trace_buf_len += tn; } @@ -225,7 +225,7 @@ if (nasl_trace_fp != NULL && trace_buf_len < TRACE_BUF_SZ) { tn = - snprintf(trace_buf + trace_buf_len, + snprintf(trace_buf + trace_buf_len, /* RATS: ignore */ TRACE_BUF_SZ - trace_buf_len, "%s%d: %s", nb_a > 0 ? ", " : "", nb_u, @@ -242,7 +242,7 @@ if (nasl_trace_fp != NULL && trace_buf_len < TRACE_BUF_SZ) { tn = - snprintf(trace_buf + trace_buf_len, + snprintf(trace_buf + trace_buf_len, /* RATS: ignore */ TRACE_BUF_SZ - trace_buf_len, "%s%s: %s", nb_a > 0 ? ", " : "", pc->x.str_val, Modified: trunk/openvas-libnasl/nasl/nasl_http.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_http.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_http.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -80,13 +80,13 @@ } kb = plug_get_kb(script_infos); - snprintf(tmp, sizeof(tmp), "/tmp/http/auth/%d", port); + snprintf(tmp, sizeof(tmp), "/tmp/http/auth/%d", port); /* RATS: ignore */ auth = kb_item_get_str(kb, tmp); if (auth == NULL) auth = kb_item_get_str(kb, "http/auth"); - snprintf(tmp, sizeof(tmp), "http/%d", port); + snprintf(tmp, sizeof(tmp), "http/%d", port); /* RATS: ignore */ ver = kb_item_get_int(kb, tmp); if (data == NULL) @@ -96,7 +96,7 @@ else { cl = strlen(data); - snprintf(content_l_str, sizeof(content_l_str), "Content-Length: %d\r\n", cl); + snprintf(content_l_str, sizeof(content_l_str), "Content-Length: %d\r\n", cl); /* RATS: ignore */ } if( auth != NULL ) Modified: trunk/openvas-libnasl/nasl/nasl_misc_funcs.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_misc_funcs.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_misc_funcs.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -43,7 +43,7 @@ tree_cell * retc; retc = alloc_tree_cell(0, NULL); retc->type = CONST_INT; - retc->x.i_val = lrand48(); + retc->x.i_val = lrand48(); /* RATS: ignore */ return retc; } Modified: trunk/openvas-libnasl/nasl/nasl_nessusd_glue.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_nessusd_glue.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_nessusd_glue.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -52,7 +52,7 @@ if(!isdigit(str[i]))return 0; } - snprintf(buf, sizeof(buf), "%d", atoi(str)); + snprintf(buf, sizeof(buf), "%d", atoi(str)); /* RATS: ignore */ if ( strcmp(buf, str) != 0 ) return 0; else return 1; } Modified: trunk/openvas-libnasl/nasl/nasl_packet_forgery.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_packet_forgery.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_packet_forgery.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -178,8 +178,8 @@ - if(!strcmp(element, "ip_src")) { snprintf(ret_ascii, sizeof(ret_ascii), "%s", inet_ntoa(ip->ip_src)); flag ++;} - else if(!strcmp(element, "ip_dst")){ snprintf(ret_ascii, sizeof(ret_ascii), "%s", inet_ntoa(ip->ip_dst)); flag ++;} + if(!strcmp(element, "ip_src")) { snprintf(ret_ascii, sizeof(ret_ascii), "%s", inet_ntoa(ip->ip_src)); flag ++;} /* RATS: ignore */ + else if(!strcmp(element, "ip_dst")){ snprintf(ret_ascii, sizeof(ret_ascii), "%s", inet_ntoa(ip->ip_dst)); flag ++;} /* RATS: ignore */ if( flag == 0) { @@ -1212,7 +1212,7 @@ routethrough(dst, &src); } - snprintf(filter, sizeof(filter), "ip and src host %s", inet_ntoa(*dst)); + snprintf(filter, sizeof(filter), "ip and src host %s", inet_ntoa(*dst)); /* RATS: ignore */ bpf = init_capture_device(*dst, src, filter); Modified: trunk/openvas-libnasl/nasl/nasl_server.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_server.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_server.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -293,7 +293,7 @@ char * sfx = strrchr(de->d_name, '.'); if ( sfx != NULL && strcmp(sfx, ".nasl") == 0 ) { - snprintf(full_name, sizeof(full_name), "%s/%s", plugin_directory, de->d_name); + snprintf(full_name, sizeof(full_name), "%s/%s", plugin_directory, de->d_name); /* RATS: ignore */ if (nasl_parse_and_dump(full_name, de->d_name, cache_directory) < 0 ) { perror("nasl_parse_and_dump failed"); @@ -318,7 +318,7 @@ setproctitle("nasl plugins server"); fd = open(UX_PID_PATH, O_CREAT|O_TRUNC|O_WRONLY, 0644); - snprintf(buf, sizeof(buf), "%d", getpid()); + snprintf(buf, sizeof(buf), "%d", getpid()); /* RATS: ignore */ write(fd, buf, strlen(buf)); close(fd); @@ -353,7 +353,7 @@ struct stat st; unsigned int len, n = 0; - snprintf(full_name, sizeof(full_name), "%s/%s", cache_directory, de->d_name); + snprintf(full_name, sizeof(full_name), "%s/%s", cache_directory, de->d_name); /* RATS: ignore */ fd = open(full_name, O_RDONLY); if ( fd < 0 ) { Modified: trunk/openvas-libnasl/nasl/nasl_socket.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_socket.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_socket.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -102,7 +102,7 @@ udp_data = harg_create(123); arg_add_value(script_infos, "udp_data", ARG_PTR, -1, udp_data); } - snprintf(name, sizeof(name), "%d", soc); + snprintf(name, sizeof(name), "%d", soc); /* RATS: ignore */ if(harg_get_blob(udp_data, name) != NULL) harg_set_blob(udp_data, name, len, data); @@ -121,7 +121,7 @@ if(udp_data == NULL) return NULL; - snprintf(name, sizeof(name), "%d", soc); + snprintf(name, sizeof(name), "%d", soc); /* RATS: ignore */ ret = harg_get_blob(udp_data, name); if(ret == NULL) return NULL; @@ -139,7 +139,7 @@ if(udp_data == NULL) return; - snprintf(name, sizeof(name), "%d", soc); + snprintf(name, sizeof(name), "%d", soc); /* RATS: ignore */ harg_remove(udp_data, name); } Modified: trunk/openvas-libnasl/nasl/nasl_text_utils.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_text_utils.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_text_utils.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -320,7 +320,7 @@ if(v == -1) return NULL; - snprintf(ret, sizeof(ret), "0x%02x", (unsigned char)v); + snprintf(ret, sizeof(ret), "0x%02x", (unsigned char)v); /* RATS: ignore */ retc = alloc_tree_cell(0, NULL); retc->type = CONST_STR; retc->size = strlen(ret); @@ -348,7 +348,7 @@ for (i = 0; i < len; i++) { /* if i < len there are at least three chars left in ret + 2 * i */ - snprintf(ret + 2 * i, 3, "%02x", (unsigned char)s[i]); + snprintf(ret + 2 * i, 3, "%02x", (unsigned char)s[i]); /* RATS: ignore */ } retc = alloc_tree_cell(0, NULL); @@ -556,7 +556,7 @@ } tmp = strlen(buf); /* copy the part of the string before the match */ - strncat(buf, &string[pos], subs[0].rm_so); + strncat(buf, &string[pos], subs[0].rm_so); /* RATS: ignore */ /* copy replacement and backrefs */ walkbuf = &buf[tmp + subs[0].rm_so]; Modified: trunk/openvas-libnasl/nasl/nasl_tree.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_tree.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_tree.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -308,20 +308,20 @@ switch(c->type) { case CONST_INT: - snprintf(txt, sizeof(txt), "%d", c->x.i_val); + snprintf(txt, sizeof(txt), "%d", c->x.i_val); /* RATS: ignore */ break; case CONST_STR: case CONST_DATA: /* Beurk */ if (c->size >= sizeof(txt) + 2) { - snprintf(txt, sizeof(txt), "\"%s", c->x.str_val); + snprintf(txt, sizeof(txt), "\"%s", c->x.str_val); /* RATS: ignore */ strcpy(txt + (sizeof(txt) - 5), "...\""); } else - snprintf(txt, sizeof(txt), "\"%s\"", c->x.str_val); + snprintf(txt, sizeof(txt), "\"%s\"", c->x.str_val); /* RATS: ignore */ break; default: - snprintf(txt, sizeof(txt), "???? (%s)", nasl_type_name(c->type)); + snprintf(txt, sizeof(txt), "???? (%s)", nasl_type_name(c->type)); /* RATS: ignore */ break; } return txt; @@ -425,9 +425,9 @@ txt = txt4[i]; if (t >= 0 || t < sizeof(node_names) / sizeof(node_names[0])) - snprintf(txt, 32, "%s (%d)", node_names[t], t); + snprintf(txt, 32, "%s (%d)", node_names[t], t); /* RATS: ignore */ else - snprintf(txt, 32, "*UNKNOWN* (%d)", t); + snprintf(txt, 32, "*UNKNOWN* (%d)", t); /* RATS: ignore */ return txt; } @@ -451,7 +451,7 @@ static char txt[32]; if (c == NULL || c == FAKE_CELL || c->line_nb <= 0) return ""; - snprintf(txt, sizeof(txt), " at or near line %d ", c->line_nb); + snprintf(txt, sizeof(txt), " at or near line %d ", c->line_nb); /* RATS: ignore */ return txt; } Modified: trunk/openvas-libnasl/nasl/nasl_var.c =================================================================== --- trunk/openvas-libnasl/nasl/nasl_var.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/nasl_var.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -251,7 +251,7 @@ if (v->av_name != NULL) return v->av_name; #endif - snprintf(str, sizeof(str), "[%p]", v); + snprintf(str, sizeof(str), "[%p]", v); /* RATS: ignore */ return str; } @@ -1160,25 +1160,25 @@ switch (u->var_type) { case VAR2_INT: - snprintf(s+n, len - n, "%d: %d", i, u->v.v_int); + snprintf(s+n, len - n, "%d: %d", i, u->v.v_int); /* RATS: ignore */ n += strlen(s + n); break; case VAR2_STRING: case VAR2_DATA: if (u->v.v_str.s_siz < 64) { - snprintf(s+n, len - n, "%d: '%s'", i, u->v.v_str.s_val); + snprintf(s+n, len - n, "%d: '%s'", i, u->v.v_str.s_val); /* RATS: ignore */ n += strlen(s + n); } else { - snprintf(s+n, 70, "%d: '%s", i, u->v.v_str.s_val); + snprintf(s+n, 70, "%d: '%s", i, u->v.v_str.s_val); /* RATS: ignore */ n += strlen(s + n); n += sprintf(s+n, "'..."); } break; default: - snprintf(s+n, len-n, "%d: ????", i); + snprintf(s+n, len-n, "%d: ????", i); /* RATS: ignore */ n += strlen(s + n); break; } @@ -1202,24 +1202,24 @@ switch (u->var_type) { case VAR2_INT: - n += snprintf(s+n, len - n, "%s: %d", v->var_name, u->v.v_int); + n += snprintf(s+n, len - n, "%s: %d", v->var_name, u->v.v_int); /* RATS: ignore */ break; case VAR2_STRING: case VAR2_DATA: if (u->v.v_str.s_siz < 64) { - snprintf(s+n, len - n, "%s: '%s'", v->var_name, u->v.v_str.s_val); + snprintf(s+n, len - n, "%s: '%s'", v->var_name, u->v.v_str.s_val); /* RATS: ignore */ n += strlen(s + n); } else { - snprintf(s+n, 70+l, "%s: '%s", v->var_name, u->v.v_str.s_val); + snprintf(s+n, 70+l, "%s: '%s", v->var_name, u->v.v_str.s_val); /* RATS: ignore */ n += strlen(s + n); n += sprintf(s+n, "'..."); } break; default: - snprintf(s+n, len-n, "%s: ????", v->var_name); + snprintf(s+n, len-n, "%s: ????", v->var_name); /* RATS: ignore */ n += strlen(s + n); break; } @@ -1244,7 +1244,7 @@ switch (v->var_type) { case VAR2_INT: - snprintf(s1, sizeof(s1), "%d", v->v.v_int); + snprintf(s1, sizeof(s1), "%d", v->v.v_int); /* RATS: ignore */ return s1; /* buggy if called twice in a row */ case VAR2_STRING: Modified: trunk/openvas-libnasl/nasl/preparse.c =================================================================== --- trunk/openvas-libnasl/nasl/preparse.c 2008-12-05 09:09:02 UTC (rev 1924) +++ trunk/openvas-libnasl/nasl/preparse.c 2008-12-05 09:13:16 UTC (rev 1925) @@ -639,7 +639,7 @@ if ( cache_dir != NULL ) { - snprintf(name2, sizeof(name2), "%s/%s", cache_dir, basename); + snprintf(name2, sizeof(name2), "%s/%s", cache_dir, basename); /* RATS: ignore */ if (stat(name1, &st1) >= 0 && stat(name2, &st2) >= 0) { if (st2.st_mtime > st1.st_mtime) @@ -687,7 +687,7 @@ naslctxt ctx; if ( cache_dir == NULL ) return -1; - snprintf(name2, sizeof(name2), "%s/%s", cache_dir, basename); + snprintf(name2, sizeof(name2), "%s/%s", cache_dir, basename); /* RATS: ignore */ if (stat(name1, &st1) >= 0 && stat(name2, &st2) >= 0) From scm-commit at wald.intevation.org Fri Dec 5 10:50:36 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 10:50:36 +0100 (CET) Subject: [Openvas-commits] r1926 - in trunk/openvas-client: . nessus nessus/prefs_dialog Message-ID: <20081205095036.4CFB840763@pyrosoma.intevation.org> Author: felix Date: 2008-12-05 10:50:36 +0100 (Fri, 05 Dec 2008) New Revision: 1926 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/comm.h trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c Log: First step for CR #20: Add plugin preference type for ssh credentials. * nessus/comm.h : Added define for PREF_SSH_CREDENTIALS and todo item (define is duplicate of libopenvas.h) nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (pprefs_add_sshcredentials) : Function and proto to display combo box for future ssh key selection added. * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (prefs_dialog_plugins_prefs_fill) : Comment added, case of PREF_SSH_CREDENTIALS included, show_info in case of unknown preference type added. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 09:13:16 UTC (rev 1925) +++ trunk/openvas-client/ChangeLog 2008-12-05 09:50:36 UTC (rev 1926) @@ -1,3 +1,19 @@ +2008-12-05 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + First step for CR #20: Add plugin preference type for ssh credentials. + + * nessus/comm.h : Added define for PREF_SSH_CREDENTIALS and todo item + (define is duplicate of libopenvas.h) + + nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + (pprefs_add_sshcredentials) : Function and proto to display combo box + for future ssh key selection added. + + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + (prefs_dialog_plugins_prefs_fill) : Comment added, case of + PREF_SSH_CREDENTIALS included, show_info in case of unknown preference + type added. + 2008-12-04 Joey Schulze <joey at infodrom.org> * nessus/prefs_dialog/prefs_scope_tree.c (scopetree_move, Modified: trunk/openvas-client/nessus/comm.h =================================================================== --- trunk/openvas-client/nessus/comm.h 2008-12-05 09:13:16 UTC (rev 1925) +++ trunk/openvas-client/nessus/comm.h 2008-12-05 09:50:36 UTC (rev 1926) @@ -29,11 +29,14 @@ #ifndef _NESSUSC_COMM_H #define _NESSUSC_COMM_H +/* TODO ONMERGE: These are duplicates of defines in + openvas-libraries/include/libopenvas.h . */ #define PREF_CHECKBOX "checkbox" #define PREF_ENTRY "entry" #define PREF_RADIO "radio" #define PREF_PASSWORD "password" #define PREF_FILE "file" +#define PREF_SSH_CREDENTIALS "sshcredentials" #include "context.h" Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-05 09:13:16 UTC (rev 1925) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-05 09:50:36 UTC (rev 1926) @@ -36,6 +36,7 @@ #include "prefs_dialog_plugins_prefs.h" #include "listnotebook.h" #include "readonly.h" +#include "error_dlg.h" #include "nessus_i18n.h" @@ -46,9 +47,9 @@ static void pprefs_add_file(struct arglist *, struct arglist *, char *, GtkWidget*); static void pprefs_add_checkbox(struct arglist *, struct arglist *, char *, GtkWidget*); static void pprefs_add_radio(struct arglist *, struct arglist *, char *, GtkWidget*); +static void pprefs_add_sshcredentials(struct arglist *, struct arglist *, char *, GtkWidget*); - static void create_plugin_prefs_containers(ctrls) struct arglist *ctrls; @@ -119,7 +120,13 @@ "FRAME_CREDENTIALS")), readonly); } - +/** + * Fill the plugin preferences (and credentials) pages with the corresponding + * widgets and values. + * @param context The context to use. + * @param ctrls Arglist holding the notebook page widgets. + * @param plugins Plugin list. + */ void prefs_dialog_plugins_prefs_fill(context, ctrls, plugins) struct context *context; @@ -166,6 +173,11 @@ pprefs_add_checkbox(pprefs, prefs, value, vbox); else if(!strcmp(type, PREF_FILE)) pprefs_add_file(pprefs, prefs, value, vbox); + else if(!strcmp(type, PREF_SSH_CREDENTIALS)) + pprefs_add_sshcredentials(pprefs, prefs, value, vbox); + else + show_warning(_("%s asked for unknown preference type %s."), + plugs->name, type); } prefs = prefs->next; } @@ -376,7 +388,50 @@ return 0; } +/** + * Function to add a "ssh-credentials combo box" to select a ssh key. + */ +static void +pprefs_add_sshcredentials(struct arglist* pprefs, struct arglist* pref, + char* value, GtkWidget* vbox) +{ + GtkWidget* combobox; + GtkWidget* text; + GtkWidget* hbox; + char *name = pref->name; + char *fullname = arg_get_value(pref->value, "fullname"); + if(pprefs) + { + int type; + + if((type = arg_get_type(pprefs, fullname)) >= 0) + { + value = arg_get_value(pprefs, fullname); + if(type == ARG_INT) + { + if(value) + value = strdup("yes"); + else + value = strdup("no"); + } + } + } + hbox = gtk_hbox_new(FALSE, 0); + gtk_box_pack_start(GTK_BOX(vbox), hbox, FALSE, FALSE, 5); + gtk_widget_show(hbox); + + text = gtk_label_new(name); + gtk_box_pack_start(GTK_BOX(hbox), text, TRUE, TRUE, 5); + gtk_widget_show(text); + + combobox = gtk_combo_box_new_text (); + gtk_combo_box_append_text (GTK_COMBO_BOX(combobox), _("No SSH Key selected")); + gtk_combo_box_set_active(GTK_COMBO_BOX(combobox), 0); + gtk_box_pack_end(GTK_BOX(hbox), combobox, TRUE, TRUE, 5); + gtk_widget_show(combobox); +} + static void pprefs_add_entry(pprefs, pref, value, vbox) struct arglist *pprefs; From scm-commit at wald.intevation.org Fri Dec 5 10:56:31 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 10:56:31 +0100 (CET) Subject: [Openvas-commits] r1927 - in trunk/openvas-client: . nessus Message-ID: <20081205095631.16FC940763@pyrosoma.intevation.org> Author: felix Date: 2008-12-05 10:56:30 +0100 (Fri, 05 Dec 2008) New Revision: 1927 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/plugin_cache.c Log: * nessus/plugin_cache.c (plugin_cache_write) : gettexted error msg and added include. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 09:50:36 UTC (rev 1926) +++ trunk/openvas-client/ChangeLog 2008-12-05 09:56:30 UTC (rev 1927) @@ -1,11 +1,16 @@ 2008-12-05 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * nessus/plugin_cache.c (plugin_cache_write) : gettexted error msg and + added include. + +2008-12-05 Felix Wolfsteller <felix.wolfsteller at intevation.de> + First step for CR #20: Add plugin preference type for ssh credentials. * nessus/comm.h : Added define for PREF_SSH_CREDENTIALS and todo item (define is duplicate of libopenvas.h) - nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (pprefs_add_sshcredentials) : Function and proto to display combo box for future ssh key selection added. Modified: trunk/openvas-client/nessus/plugin_cache.c =================================================================== --- trunk/openvas-client/nessus/plugin_cache.c 2008-12-05 09:50:36 UTC (rev 1926) +++ trunk/openvas-client/nessus/plugin_cache.c 2008-12-05 09:56:30 UTC (rev 1927) @@ -100,6 +100,7 @@ #include "preferences.h" #include "globals.h" #include "plugin_cache.h" +#include "nessus_i18n.h" /* file format constants */ #define MAX_HEADER_ITEMS 3 @@ -345,7 +346,7 @@ file = fopen(filename, "w"); if (!file) { - show_error("Could not open file '%s' for writing", filename); + show_error(_("Could not open file '%s' for writing plugin cache"), filename); efree(&filename); return -1; } From scm-commit at wald.intevation.org Fri Dec 5 11:06:55 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 11:06:55 +0100 (CET) Subject: [Openvas-commits] r1928 - in trunk/openvas-server: . openvasd Message-ID: <20081205100655.2F72A40766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 11:06:54 +0100 (Fri, 05 Dec 2008) New Revision: 1928 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/openvasd/comm.c Log: * openvasd/comm.c (send_plug_info): Fixed insufficient memory allocation which could have caused a buffer overflow when trying to assemble the plugin_info string for NVTs with long CVEs, BIDs, XRefs and Tags. Made memory allocation more transparent. Ignore strcat warnings since enough memory is allocated beforehand now. Ignore snprintf warning since systems able to compile and run will most likely not use libc4.[45], where snprintf usage is a potential security issue. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2008-12-05 09:56:30 UTC (rev 1927) +++ trunk/openvas-server/ChangeLog 2008-12-05 10:06:54 UTC (rev 1928) @@ -1,3 +1,14 @@ +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + + * openvasd/comm.c (send_plug_info): Fixed insufficient memory + allocation which could have caused a buffer overflow when trying to + assemble the plugin_info string for NVTs with long CVEs, BIDs, XRefs + and Tags. Made memory allocation more transparent. Ignore strcat + warnings since enough memory is allocated beforehand now. Ignore + snprintf warning since systems able to compile and run will most likely + not use libc4.[45], where snprintf usage is a potential security + issue. + 2008-12-03 Michael Wiegand <michael.wiegand at intevation.de> Implementing CR #22 (New script_tag Command, Modified: trunk/openvas-server/openvasd/comm.c =================================================================== --- trunk/openvas-server/openvasd/comm.c 2008-12-05 09:56:30 UTC (rev 1927) +++ trunk/openvas-server/openvasd/comm.c 2008-12-05 10:06:54 UTC (rev 1928) @@ -118,6 +118,7 @@ char * t; const char *a, *b, *d, *e = NULL; char * desc = NULL; + unsigned int mem_size = 0; args = plugins->value; @@ -165,53 +166,62 @@ if(strchr(d, '\n')){ fprintf(stderr, "ERROR - %s %s\n", plug_get_oid(args), d); } + + mem_size = strlen(a) + /* Name */ + strlen(b) + /* Copyright */ + strlen(desc) + /* Description */ + strlen(d) + /* Summary */ + strlen(e) + /* Version */ + strlen(plug_get_family(args)) + /* Family */ + 7170 + /* CVEs + BIDs + XREFs + Tags + Keys */ + 100; /* Separators etc. */ + - str = emalloc(strlen(a) + strlen(b) + strlen(desc) + strlen(d) + - strlen(plug_get_family(args))+ 1024 + 128); - sprintf(str, "%s <|> %s <|> %s <|> %s <|> %s <|> %s <|> %s", + str = emalloc(mem_size); + snprintf(str, mem_size, "%s <|> %s <|> %s <|> %s <|> %s <|> %s <|> %s", /* RATS: ignore */ plug_get_oid(args), a, categories[j], b, desc, d, plug_get_family(args)); - strcat(str, " <|> "); - strcat(str, e); + strcat(str, " <|> "); /* RATS: ignore */ + strcat(str, e); /* RATS: ignore */ { char * id = plug_get_cve_id(args); if(id == NULL || strcmp(id, "") == 0 ) id = "NOCVE"; - strcat(str, " <|> "); - strcat(str, id); + strcat(str, " <|> "); /* RATS: ignore */ + strcat(str, id); /* RATS: ignore */ } { char * bid = plug_get_bugtraq_id(args); if(bid == NULL || strcmp(bid, "") == 0) bid = "NOBID"; - strcat(str, " <|> "); - strcat(str, bid); + strcat(str, " <|> "); /* RATS: ignore */ + strcat(str, bid); /* RATS: ignore */ } { char * xref = plug_get_xref(args); if(xref == NULL || strcmp(xref, "") == 0) xref = "NOXREF"; - strcat(str, " <|> "); - strcat(str, xref); + strcat(str, " <|> "); /* RATS: ignore */ + strcat(str, xref); /* RATS: ignore */ } { char * sign_keys = plug_get_sign_key_ids(args); if(sign_keys == NULL || strcmp(sign_keys, "") == 0) sign_keys = "NOSIGNKEYS"; - strcat(str, " <|> "); - strcat(str, sign_keys); + strcat(str, " <|> "); /* RATS: ignore */ + strcat(str, sign_keys); /* RATS: ignore */ } { char * tag = plug_get_tag(args); if(tag == NULL || strcmp(tag, "") == 0) tag = "NOTAG"; - strcat(str, " <|> "); - strcat(str, tag); + strcat(str, " <|> "); /* RATS: ignore */ + strcat(str, tag); /* RATS: ignore */ } auth_printf(globals, "%s\n", str); From scm-commit at wald.intevation.org Fri Dec 5 11:27:09 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 11:27:09 +0100 (CET) Subject: [Openvas-commits] r1929 - in trunk/openvas-server: . openvasd Message-ID: <20081205102709.4571740766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 11:27:09 +0100 (Fri, 05 Dec 2008) New Revision: 1929 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/openvasd/pluginload.c trunk/openvas-server/openvasd/processes.c Log: * openvasd/processes.c (create_process): Ignore warning about srand48 not being random enough; it is random enough for our purposes. * openvasd/pluginload.c (files_init, files_close): Ignore warnings about srand not being random enough; see above. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2008-12-05 10:06:54 UTC (rev 1928) +++ trunk/openvas-server/ChangeLog 2008-12-05 10:27:09 UTC (rev 1929) @@ -1,5 +1,13 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + * openvasd/processes.c (create_process): Ignore warning about srand48 + not being random enough; it is random enough for our purposes. + + * openvasd/pluginload.c (files_init, files_close): Ignore warnings + about srand not being random enough; see above. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + * openvasd/comm.c (send_plug_info): Fixed insufficient memory allocation which could have caused a buffer overflow when trying to assemble the plugin_info string for NVTs with long CVEs, BIDs, XRefs Modified: trunk/openvas-server/openvasd/pluginload.c =================================================================== --- trunk/openvas-server/openvasd/pluginload.c 2008-12-05 10:06:54 UTC (rev 1928) +++ trunk/openvas-server/openvasd/pluginload.c 2008-12-05 10:27:09 UTC (rev 1929) @@ -53,7 +53,7 @@ { struct files ** ret; int i; - srand(MAX_FILES); + srand(MAX_FILES); /* RATS: ignore */ ret = emalloc(sizeof(*ret) * (MAX_FILES + 1)); for(i=0;i<MAX_FILES;i++) ret[i] = NULL; @@ -107,7 +107,7 @@ if(files[i])printf("Warning, forgot some files!!\n"); efree(&files); - srand(time(NULL)); + srand(time(NULL)); /* RATS: ignore */ } Modified: trunk/openvas-server/openvasd/processes.c =================================================================== --- trunk/openvas-server/openvasd/processes.c 2008-12-05 10:06:54 UTC (rev 1928) +++ trunk/openvas-server/openvasd/processes.c 2008-12-05 10:27:09 UTC (rev 1929) @@ -103,7 +103,7 @@ nessus_signal(SIGUSR2, SIG_IGN); nessus_signal(SIGCHLD, sighand_chld); nessus_signal(SIGSEGV, sighand_segv); /* Comment this line out to dump a core and debug openvasd */ - srand48(getpid() + getppid() + (long)time(NULL)); + srand48(getpid() + getppid() + (long)time(NULL)); /* RATS: ignore */ (*function)(argument); EXIT(0); } From scm-commit at wald.intevation.org Fri Dec 5 11:40:46 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 11:40:46 +0100 (CET) Subject: [Openvas-commits] r1930 - in trunk/openvas-client: . nessus Message-ID: <20081205104046.E3DC040760@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 11:40:44 +0100 (Fri, 05 Dec 2008) New Revision: 1930 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/nessus.c Log: * nessus/nessus.c (main): Fixed error message. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 10:27:09 UTC (rev 1929) +++ trunk/openvas-client/ChangeLog 2008-12-05 10:40:44 UTC (rev 1930) @@ -1,3 +1,7 @@ +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + + * nessus/nessus.c (main): Fixed error message. + 2008-12-05 Felix Wolfsteller <felix.wolfsteller at intevation.de> * nessus/plugin_cache.c (plugin_cache_write) : gettexted error msg and Modified: trunk/openvas-client/nessus/nessus.c =================================================================== --- trunk/openvas-client/nessus/nessus.c 2008-12-05 10:27:09 UTC (rev 1929) +++ trunk/openvas-client/nessus/nessus.c 2008-12-05 10:40:44 UTC (rev 1930) @@ -942,7 +942,7 @@ if (remaining_options_count < NUM_ARGS - 2) { fprintf(stderr, "%s" BATCH_USAGE "\n", - _("list_prefs and list_plugins require ")); + _("list-prefs and list-plugins require ")); exit(1); } } From scm-commit at wald.intevation.org Fri Dec 5 11:53:18 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 11:53:18 +0100 (CET) Subject: [Openvas-commits] r1931 - in trunk/openvas-client: . po Message-ID: <20081205105318.E20614071E@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 11:53:18 +0100 (Fri, 05 Dec 2008) New Revision: 1931 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/po/de.po Log: * po/de.po: Updated German translation. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 10:40:44 UTC (rev 1930) +++ trunk/openvas-client/ChangeLog 2008-12-05 10:53:18 UTC (rev 1931) @@ -1,5 +1,9 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + * po/de.po: Updated German translation. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + * nessus/nessus.c (main): Fixed error message. 2008-12-05 Felix Wolfsteller <felix.wolfsteller at intevation.de> Modified: trunk/openvas-client/po/de.po =================================================================== --- trunk/openvas-client/po/de.po 2008-12-05 10:40:44 UTC (rev 1930) +++ trunk/openvas-client/po/de.po 2008-12-05 10:53:18 UTC (rev 1931) @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: OpenVAS-Client 1.0\n" "Report-Msgid-Bugs-To: openvas-devel at wald.intevation.org\n" -"POT-Creation-Date: 2008-12-02 09:28+0100\n" +"POT-Creation-Date: 2008-12-05 11:37+0100\n" "PO-Revision-Date: 2004-08-17 01:05+0200\n" "Last-Translator: Michael Wiegand <michael.wiegand at intevation.de>\n" "Language-Team: OpenVAS Developers <openvas-devel at wald.intevation.org>\n" @@ -145,125 +145,125 @@ msgid "Receiving dependencies: %d" msgstr "Empfange Abh?ngigkeiten: %d" -#: nessus/comm.c:437 +#: nessus/comm.c:447 #, c-format msgid "Error : we received a preference (%s) for the plugin %s\n" msgstr "Fehler: Eine Voreinstellung (%s) f?r Plugin %s wurde empfangen\n" -#: nessus/comm.c:440 +#: nessus/comm.c:450 #, c-format msgid "but apparently the server has not loaded it\n" msgstr "aber anscheinend hat der Server es nicht geladen\n" -#: nessus/comm.c:812 +#: nessus/comm.c:822 #, c-format msgid "Can't open %s: %s" msgstr "Kann %s nicht ?ffnen: %s" -#: nessus/comm.c:836 +#: nessus/comm.c:846 #, c-format msgid "Error reading from %s: %s" msgstr "Fehler beim Lesen von %s: %s" -#: nessus/comm.c:956 nessus/comm.c:1330 +#: nessus/comm.c:966 nessus/comm.c:1340 msgid "The daemon shut down the communication" msgstr "Der Daemon hat die Kommunikation abgebrochen" -#: nessus/comm.c:983 +#: nessus/comm.c:993 msgid "Error processing plugin information from the server" msgstr "Fehler bei der Verbeitung der Plugin-Information vom Server" -#: nessus/comm.c:989 +#: nessus/comm.c:999 msgid "Invalid SEND_PLUGINS_MD5 response from server" msgstr "Ung?ltige SEND_PLUGINS_MD5 Antwort vom Server" -#: nessus/comm.c:1156 +#: nessus/comm.c:1166 msgid "Invalid PLUGIN_INFO response from server" msgstr "Ung?ltige PLUGIN_INFO Antwort vom Server" -#: nessus/comm.c:1170 nessus/comm.c:1374 +#: nessus/comm.c:1180 nessus/comm.c:1384 msgid "Found and enabled one new plugin." msgstr "Es wurde ein neues Plugin gefunden und automatisch aktiviert." -#: nessus/comm.c:1172 nessus/comm.c:1376 +#: nessus/comm.c:1182 nessus/comm.c:1386 msgid "Found and disabled one new plugin." msgstr "Es wurde ein neues Plugin gefunden und automatisch deaktiviert." -#: nessus/comm.c:1177 nessus/comm.c:1381 +#: nessus/comm.c:1187 nessus/comm.c:1391 #, c-format msgid "Found and enabled %d new plugins." msgstr "Es wurden %d neue Plugins gefunden und automatisch aktiviert." -#: nessus/comm.c:1179 nessus/comm.c:1383 +#: nessus/comm.c:1189 nessus/comm.c:1393 #, c-format msgid "Found and disabled %d new plugins." msgstr "Es wurden %d neue Plugins gefunden und automatisch deaktiviert." -#: nessus/comm.c:1277 +#: nessus/comm.c:1287 msgid "Invalid PLUGINS_MD5 information sent from server" msgstr "Ung?ltige PLUGIN_MD5 Information vom Server" -#: nessus/comm.c:1310 +#: nessus/comm.c:1320 msgid "Error while updating the cached plugin information" msgstr "" "Fehler bei der Aktualisierung der zwischengespeicherten Plugin-Informationen" -#: nessus/comm.c:1674 +#: nessus/comm.c:1675 #, c-format msgid "Could not parse certificate: %s" msgstr "Konnte Zertifkat nicht verarbeiten: %s" -#: nessus/comm.c:1681 +#: nessus/comm.c:1682 #, c-format msgid "Invalid response from server to certificate request: %s" msgstr "Ung?ltige Serverantwort auf Zertifikatsanfrage: %s" -#: nessus/context.c:232 +#: nessus/context.c:236 msgid "context_remove_child detected existing children." msgstr "context_remove_child hat noch existierende Kindprozesse entdeckt." -#: nessus/context.c:385 nessus/prefs_dialog/prefs_scope_tree.c:273 +#: nessus/context.c:389 nessus/prefs_dialog/prefs_scope_tree.c:273 msgid "context_rename() called with illegal type" msgstr "context_rename() mit illegalem Typ aufgerufen" -#: nessus/context.c:402 nessus/context.c:433 +#: nessus/context.c:406 nessus/context.c:437 #, c-format msgid "Directory %s couldn't be renamed to %s: %s." msgstr "Verzeichnis %s konnte nicht in %s umbenannt werden: %s." -#: nessus/context.c:450 +#: nessus/context.c:454 #, c-format msgid "Can't move \"%s\" to \"%s\"." msgstr "Kann \"%s\" nicht nach \"%s\" verschieben." -#: nessus/context.c:473 nessus/context.c:512 nessus/html_graph_output.c:1116 +#: nessus/context.c:477 nessus/context.c:516 nessus/html_graph_output.c:1116 #, c-format msgid "Directory %s couldn't be created: %s." msgstr "Verzeichnis %s konnte nicht erzeugt werden: %s." -#: nessus/context.c:498 nessus/prefs_dialog/prefs_scan_assistant.c:263 +#: nessus/context.c:502 nessus/prefs_dialog/prefs_scan_assistant.c:263 msgid "unnamed task" msgstr "unbenannte Aufgabe" -#: nessus/context.c:501 nessus/prefs_dialog/prefs_scan_assistant.c:280 +#: nessus/context.c:505 nessus/prefs_dialog/prefs_scan_assistant.c:280 msgid "unnamed scope" msgstr "unbenannter Bereich" -#: nessus/context.c:504 +#: nessus/context.c:508 msgid "context_new(): No name provided for context" msgstr "context_new(): Kein Name f?r Kontext angegeben" -#: nessus/context.c:552 +#: nessus/context.c:556 #, c-format msgid "File %s couldn't be deleted: %s." msgstr "Datei %s konnte nicht gel?scht werden: %s." -#: nessus/context.c:558 +#: nessus/context.c:562 #, c-format msgid "Directory %s couldn't be deleted: %s." msgstr "Verzeichnis %s konnte nicht gel?scht werden: %s." -#: nessus/context.c:581 +#: nessus/context.c:585 msgid "context_delete() deleted the current context." msgstr "context_delete() hat den aktuellen Kontext gel?scht." @@ -308,11 +308,11 @@ msgid "Name" msgstr "Name" -#: nessus/filter.c:116 nessus/pdf_output.c:790 +#: nessus/filter.c:116 nessus/pdf_output.c:799 msgid "Description" msgstr "Beschreibung" -#: nessus/filter.c:122 nessus/pdf_output.c:580 nessus/pdf_output.c:778 +#: nessus/filter.c:122 nessus/pdf_output.c:580 nessus/pdf_output.c:784 msgid "Summary" msgstr "Zusammenfassung" @@ -324,15 +324,15 @@ msgid "ID number" msgstr "ID Nummer" -#: nessus/filter.c:140 nessus/pdf_output.c:779 +#: nessus/filter.c:140 nessus/pdf_output.c:785 msgid "Category" msgstr "Kategorie" -#: nessus/filter.c:146 nessus/pdf_output.c:782 +#: nessus/filter.c:146 nessus/pdf_output.c:789 msgid "CVE" msgstr "CVE" -#: nessus/filter.c:152 nessus/pdf_output.c:783 +#: nessus/filter.c:152 nessus/pdf_output.c:791 msgid "BID" msgstr "BID" @@ -605,19 +605,19 @@ msgid "New code since OpenVAS-Client: (C) 2007, 2008 Intevation GmbH\n" msgstr "Neuer Quelltext seit OpenVAS-Client: (C) 2007, 2008 Intevation GmbH\n" -#: nessus/nessus.c:760 +#: nessus/nessus.c:761 #, c-format msgid "The session ID is required to restore a session.\n" msgstr "" "F?r das Wiederherstellen einer Sitzung wird eine Sitzungs-ID ben?tigt.\n" -#: nessus/nessus.c:761 nessus/nessus.c:779 nessus/nessus.c:832 -#: nessus/nessus.c:916 nessus/nessus.c:942 +#: nessus/nessus.c:762 nessus/nessus.c:780 nessus/nessus.c:833 +#: nessus/nessus.c:917 nessus/nessus.c:952 #, c-format msgid "Please use %s --help for more information.\n" msgstr "Unter %s --help erhalten Sie weitere Informationen.\n" -#: nessus/nessus.c:778 +#: nessus/nessus.c:779 #, c-format msgid "" "You need to specify an input file as well as an output file for report " @@ -626,72 +626,76 @@ "F?r die Konvertierung eines Berichts muss sowohl eine Quelldatei als auch " "eine Zieldatei angegeben werden.\n" -#: nessus/nessus.c:815 +#: nessus/nessus.c:816 #, c-format msgid "Unsupported report type '%s'\n" msgstr "Nicht unterst?tztes Berichtsformat '%s'\n" -#: nessus/nessus.c:823 +#: nessus/nessus.c:824 #, c-format msgid "Could not import '%s' - is it a .nbe file?\n" msgstr "Kann '%s' nicht importieren - ist es eine .nbe Datei?\n" -#: nessus/nessus.c:831 +#: nessus/nessus.c:832 #, c-format msgid "The option -make_config_file can only be used in batch mode.\n" msgstr "" "Die Option -make_config_file kann nur im Batch-Modus angewandt werden\n" -#: nessus/nessus.c:842 +#: nessus/nessus.c:843 #, c-format msgid "list-sessions requires %s\n" msgstr "list-sessions erfordert %s\n" -#: nessus/nessus.c:848 +#: nessus/nessus.c:849 #, c-format -msgid "restore-session requires -q %s result\n" -msgstr "restore-session erfordert -q %s result\n" +msgid "restore-session requires -q %s <result>\n" +msgstr "restore-session erfordert -q %s <result>\n" -#: nessus/nessus.c:854 +#: nessus/nessus.c:855 #, c-format msgid "--restore-session and --list-sessions are mutually exclusive\n" msgstr "" "--restore-session und --list-sessions schliessen sich gegenseitig aus\n" -#: nessus/nessus.c:892 +#: nessus/nessus.c:893 #, c-format msgid "Verbose mode can only be used in batch mode\n" msgstr "Wortreicher Modus kann nur f?r Batch-Modus angewandt werden\n" -#: nessus/nessus.c:915 nessus/nessus.c:941 +#: nessus/nessus.c:916 nessus/nessus.c:951 #, c-format msgid "Batch mode requires login information.\n" msgstr "Der Batch-Modus ben?tigt Anmeldeinformationen.\n" -#: nessus/nessus.c:926 +#: nessus/nessus.c:927 msgid "list-sessions only requires " msgstr "list-sessions erfordert lediglich " -#: nessus/nessus.c:935 +#: nessus/nessus.c:936 msgid "restore-session only requires " msgstr "restore-session erfordert lediglich " -#: nessus/nessus.c:966 nessus/nessus.c:981 +#: nessus/nessus.c:945 +msgid "list-prefs and list-plugins require " +msgstr "list-prefs und list-plugins erfordern " + +#: nessus/nessus.c:976 nessus/nessus.c:991 #, c-format msgid "Could not connect to openvasd\n" msgstr "Kann keine Verbindung zu openvasd aufbauen\n" -#: nessus/nessus.c:1008 nessus/nessus.c:1015 +#: nessus/nessus.c:1018 nessus/nessus.c:1025 #, c-format msgid "Missing parameter\n" msgstr "Fehlender Parameter\n" -#: nessus/nessus.c:1043 +#: nessus/nessus.c:1053 #, c-format msgid "A new openvasrc file has been saved\n" msgstr "Eine neue openvasrc Datei wurde gespeichert\n" -#: nessus/nessus.c:1086 +#: nessus/nessus.c:1096 #, c-format msgid "" "\n" @@ -850,43 +854,47 @@ msgid "Total" msgstr "Gesamt" -#: nessus/pdf_output.c:712 nessus/pdf_output.c:721 +#: nessus/pdf_output.c:713 nessus/pdf_output.c:717 nessus/pdf_output.c:727 msgid "Signed by" msgstr "Signiert von" -#: nessus/pdf_output.c:712 +#: nessus/pdf_output.c:713 msgid "not signed" msgstr "nicht signiert" -#: nessus/pdf_output.c:729 +#: nessus/pdf_output.c:718 +msgid "unknown signature(s)" +msgstr "unbekannte Signatur(en)" + +#: nessus/pdf_output.c:735 msgid "trusted" msgstr "vertrauensw?rdig" -#: nessus/pdf_output.c:730 +#: nessus/pdf_output.c:736 msgid "not trusted" msgstr "nicht vertrauensw?rdig" -#: nessus/pdf_output.c:743 +#: nessus/pdf_output.c:749 msgid "unknown signature" msgstr "unbekannte Signatur" -#: nessus/pdf_output.c:780 +#: nessus/pdf_output.c:786 msgid "Family" msgstr "Familie" -#: nessus/pdf_output.c:781 +#: nessus/pdf_output.c:787 msgid "Version" msgstr "Version" -#: nessus/pdf_output.c:784 +#: nessus/pdf_output.c:793 msgid "XRefs" msgstr "Querverweise" -#: nessus/pdf_output.c:800 +#: nessus/pdf_output.c:809 msgid "Parameters" msgstr "Paramter" -#: nessus/pdf_output.c:830 +#: nessus/pdf_output.c:839 msgid "Appendix: NVT Information" msgstr "Anhang: NVT Informationen" @@ -911,7 +919,7 @@ msgid "disabled" msgstr "ausgeschaltet" -#: nessus/plugin_infos.c:176 nessus/plugin_infos.c:565 +#: nessus/plugin_infos.c:176 nessus/plugin_infos.c:578 msgid "Set plugin timeout..." msgstr "Setze Plugin Timeout..." @@ -979,16 +987,21 @@ msgid "Plugin Version: %s" msgstr "Plugin-Version: %s" -#: nessus/plugin_infos.c:444 +#: nessus/plugin_infos.c:442 +#, c-format +msgid "Script tags: %s" +msgstr "Script-Tags: %s" + +#: nessus/plugin_infos.c:455 msgid "Plugin description:" msgstr "Beschreibung des Plugins:" -#: nessus/plugin_infos.c:499 +#: nessus/plugin_infos.c:512 #, c-format msgid "Signature information available on server connection." msgstr "Signaturinformation bei bestehender Serververbindung verf?gbar." -#: nessus/plugin_infos.c:503 +#: nessus/plugin_infos.c:516 #, c-format msgid "" "Signatures:\n" @@ -997,7 +1010,7 @@ "Signaturen:\n" "\tUnbekannte Signatur(en)." -#: nessus/plugin_infos.c:507 +#: nessus/plugin_infos.c:520 #, c-format msgid "" "Signatures:\n" @@ -1006,29 +1019,29 @@ "Signaturen:\n" "\tNVT ist nicht signiert." -#: nessus/plugin_infos.c:516 +#: nessus/plugin_infos.c:529 #, c-format msgid "Signatures:" msgstr "Signaturen:" -#: nessus/plugin_infos.c:519 +#: nessus/plugin_infos.c:532 #, c-format msgid "Signatures (NOT verified):" msgstr "Signaturen (NICHT ?berpr?ft)" -#: nessus/plugin_infos.c:536 +#: nessus/plugin_infos.c:549 msgid "<span color=\"green\">trusted</span>" msgstr "<span color=\"green\">vertrauensw?rdig</span>" -#: nessus/plugin_infos.c:537 +#: nessus/plugin_infos.c:550 msgid "<span color=\"red\">untrusted</span>" msgstr "<span color=\"red\">nicht vertrauensw?rdig</span>" -#: nessus/plugin_infos.c:545 +#: nessus/plugin_infos.c:558 msgid "View" msgstr "Ansicht" -#: nessus/plugin_infos.c:572 +#: nessus/plugin_infos.c:585 msgid "Show dependencies" msgstr "Zeige Abh?ngigkeiten" @@ -1215,15 +1228,15 @@ msgid "Connection timed out" msgstr "Zeit?berschreitung bei Verbindung" -#: nessus/sslui.c:85 +#: nessus/sslui.c:86 msgid "SSL Setup" msgstr "SSL Einrichtung" -#: nessus/sslui.c:128 +#: nessus/sslui.c:129 msgid "Display and remember the server certificate, do not care about the CA" msgstr "Serverzertifikat anzeigen und speichern, CA nicht beachten" -#: nessus/sslui.c:138 +#: nessus/sslui.c:139 msgid "" "Trust the server certificate if and only if it is valid and certified by the " "CA" @@ -1231,16 +1244,16 @@ "Dem Serverzertifikat nur dann vertrauen, wenn es g?ltig ist und von der CA " "zertifiziert wurde" -#: nessus/sslui.c:146 +#: nessus/sslui.c:147 msgid "Verify that the server certificate is valid *and* remember it" msgstr "" "Die G?ltigkeit des Serverzertifikates ?berpr?fen und das Zertifikat speichern" -#: nessus/sslui.c:157 +#: nessus/sslui.c:158 msgid "OK" msgstr "OK" -#: nessus/sslui.c:194 +#: nessus/sslui.c:195 msgid "" "Please choose your level of SSL paranoia (Hint: if you want to manage\n" "many servers from your client, choose 2. Otherwise, choose 1, or 3,\n" @@ -1251,29 +1264,29 @@ "falls\n" "Sie paranoid sind.\n" -#: nessus/sslui.c:280 +#: nessus/sslui.c:288 msgid "This certificate has never been shown before. Here it is:" msgstr "Dieses Zertifikat wurde noch nie angezeigt. Hier ist es:" -#: nessus/sslui.c:310 +#: nessus/sslui.c:319 msgid "Do you accept this certificate?" msgstr "Soll das Zertifikat akzeptiert werden?" -#: nessus/sslui.c:320 +#: nessus/sslui.c:327 msgid "Yes" msgstr "Ja" -#: nessus/sslui.c:326 +#: nessus/sslui.c:333 msgid "No" msgstr "Nein" -#: nessus/sslui.c:377 +#: nessus/sslui.c:384 #, c-format msgid "This certificate has never been seen before and can't be shown\n" msgstr "" "Dieses Zertifikat wurde noch nie betrachtet und kann nicht angezeigt werden\n" -#: nessus/sslui.c:397 +#: nessus/sslui.c:404 #, c-format msgid "Do you accept it? (y/n) " msgstr "Akzeptieren Sie es? (y/n)" @@ -1298,7 +1311,7 @@ msgstr "Verbindung: Benutzer %s" #: nessus/prefs_dialog/prefs_context.c:291 -#: nessus/prefs_dialog/prefs_dialog.c:777 +#: nessus/prefs_dialog/prefs_dialog.c:761 msgid "not connected" msgstr "nicht verbunden" @@ -1329,150 +1342,146 @@ msgid "The global settings have been saved." msgstr "Die globalen Einstellungen wurden gespeichert." -#: nessus/prefs_dialog/prefs_dialog.c:187 -msgid "Not yet implemented." -msgstr "Noch nicht implementiert" - -#: nessus/prefs_dialog/prefs_dialog.c:362 +#: nessus/prefs_dialog/prefs_dialog.c:353 msgid "OpenVAS-Client" msgstr "OpenVAS-Client" -#: nessus/prefs_dialog/prefs_dialog.c:384 +#: nessus/prefs_dialog/prefs_dialog.c:375 msgid "_File" msgstr "_Datei" -#: nessus/prefs_dialog/prefs_dialog.c:389 +#: nessus/prefs_dialog/prefs_dialog.c:380 msgid "_Connect" msgstr "_Verbinden" -#: nessus/prefs_dialog/prefs_dialog.c:393 +#: nessus/prefs_dialog/prefs_dialog.c:384 msgid "_Disconnect" msgstr "_Abmelden" -#: nessus/prefs_dialog/prefs_dialog.c:400 +#: nessus/prefs_dialog/prefs_dialog.c:391 msgid "SLAD _Install" msgstr "SLAD _Installieren" -#: nessus/prefs_dialog/prefs_dialog.c:404 +#: nessus/prefs_dialog/prefs_dialog.c:395 msgid "_Scan Assistant" msgstr "_Scan-Assistent" -#: nessus/prefs_dialog/prefs_dialog.c:412 +#: nessus/prefs_dialog/prefs_dialog.c:403 msgid "Save _Global Settings" msgstr "_Globale Einstellungen speichern" -#: nessus/prefs_dialog/prefs_dialog.c:424 +#: nessus/prefs_dialog/prefs_dialog.c:415 msgid "_View" msgstr "_Ansicht" -#: nessus/prefs_dialog/prefs_dialog.c:429 +#: nessus/prefs_dialog/prefs_dialog.c:420 msgid "_Toolbar" msgstr "_Werkzeugleiste" -#: nessus/prefs_dialog/prefs_dialog.c:433 +#: nessus/prefs_dialog/prefs_dialog.c:424 msgid "_Message log" msgstr "_Nachrichtenprotokoll" -#: nessus/prefs_dialog/prefs_dialog.c:439 +#: nessus/prefs_dialog/prefs_dialog.c:430 msgid "_Task" msgstr "_Aufgabe" -#: nessus/prefs_dialog/prefs_dialog.c:444 -#: nessus/prefs_dialog/prefs_dialog.c:476 +#: nessus/prefs_dialog/prefs_dialog.c:435 +#: nessus/prefs_dialog/prefs_dialog.c:460 msgid "_New" msgstr "_Neu" -#: nessus/prefs_dialog/prefs_dialog.c:448 -#: nessus/prefs_dialog/prefs_dialog.c:480 -#: nessus/prefs_dialog/prefs_dialog.c:512 +#: nessus/prefs_dialog/prefs_dialog.c:439 +#: nessus/prefs_dialog/prefs_dialog.c:464 +#: nessus/prefs_dialog/prefs_dialog.c:496 msgid "_Rename" msgstr "Um_bennen" -#: nessus/prefs_dialog/prefs_dialog.c:458 +#: nessus/prefs_dialog/prefs_dialog.c:449 msgid "_Scope" msgstr "_Bereich" -#: nessus/prefs_dialog/prefs_dialog.c:489 +#: nessus/prefs_dialog/prefs_dialog.c:473 msgid "_Move to task" msgstr "_verschieben zu Aufgabe" -#: nessus/prefs_dialog/prefs_dialog.c:507 +#: nessus/prefs_dialog/prefs_dialog.c:491 msgid "_Report" msgstr "Be_richt" -#: nessus/prefs_dialog/prefs_dialog.c:522 +#: nessus/prefs_dialog/prefs_dialog.c:506 msgid "_Import" msgstr "_Import" -#: nessus/prefs_dialog/prefs_dialog.c:526 +#: nessus/prefs_dialog/prefs_dialog.c:510 msgid "E_xport" msgstr "E_xport" -#: nessus/prefs_dialog/prefs_dialog.c:536 +#: nessus/prefs_dialog/prefs_dialog.c:520 msgid "_Help" msgstr "_Hilfe" -#: nessus/prefs_dialog/prefs_dialog.c:541 +#: nessus/prefs_dialog/prefs_dialog.c:525 msgid "_Users Manual" msgstr "_Benutzerhandbuch" -#: nessus/prefs_dialog/prefs_dialog.c:545 +#: nessus/prefs_dialog/prefs_dialog.c:529 msgid "_About" msgstr "?b_er" -#: nessus/prefs_dialog/prefs_dialog.c:581 -#: nessus/prefs_dialog/prefs_dialog.c:583 +#: nessus/prefs_dialog/prefs_dialog.c:565 +#: nessus/prefs_dialog/prefs_dialog.c:567 #: nessus/prefs_dialog/prefs_scan_assistant.c:238 msgid "Scan Assistant" msgstr "Scan-Assistent" -#: nessus/prefs_dialog/prefs_dialog.c:590 -#: nessus/prefs_dialog/prefs_dialog.c:592 +#: nessus/prefs_dialog/prefs_dialog.c:574 +#: nessus/prefs_dialog/prefs_dialog.c:576 msgid "New" msgstr "Neu" -#: nessus/prefs_dialog/prefs_dialog.c:599 -#: nessus/prefs_dialog/prefs_dialog.c:601 +#: nessus/prefs_dialog/prefs_dialog.c:583 +#: nessus/prefs_dialog/prefs_dialog.c:585 msgid "Delete" msgstr "L?schen" -#: nessus/prefs_dialog/prefs_dialog.c:611 -#: nessus/prefs_dialog/prefs_dialog.c:613 +#: nessus/prefs_dialog/prefs_dialog.c:595 +#: nessus/prefs_dialog/prefs_dialog.c:597 msgid "Connect" msgstr "Verbinden" -#: nessus/prefs_dialog/prefs_dialog.c:621 -#: nessus/prefs_dialog/prefs_dialog.c:623 +#: nessus/prefs_dialog/prefs_dialog.c:605 +#: nessus/prefs_dialog/prefs_dialog.c:607 msgid "Disconnect" msgstr "Abmelden" -#: nessus/prefs_dialog/prefs_dialog.c:633 -#: nessus/prefs_dialog/prefs_dialog.c:635 +#: nessus/prefs_dialog/prefs_dialog.c:617 +#: nessus/prefs_dialog/prefs_dialog.c:619 msgid "Execute" msgstr "Ausf?hren" -#: nessus/prefs_dialog/prefs_dialog.c:656 +#: nessus/prefs_dialog/prefs_dialog.c:640 msgid "Context" msgstr "Kontext" -#: nessus/prefs_dialog/prefs_dialog.c:686 +#: nessus/prefs_dialog/prefs_dialog.c:670 msgid "Comments" msgstr "Kommentare" -#: nessus/prefs_dialog/prefs_dialog.c:692 +#: nessus/prefs_dialog/prefs_dialog.c:676 msgid "Options" msgstr "Optionen" -#: nessus/prefs_dialog/prefs_dialog.c:698 +#: nessus/prefs_dialog/prefs_dialog.c:682 #: nessus/prefs_dialog/prefs_dialog_prefs.c:185 msgid "Report" msgstr "Report" -#: nessus/prefs_dialog/prefs_dialog.c:718 +#: nessus/prefs_dialog/prefs_dialog.c:702 msgid "Message log" msgstr "Nachrichtenprotokoll" -#: nessus/prefs_dialog/prefs_dialog.c:739 +#: nessus/prefs_dialog/prefs_dialog.c:723 msgid "" "Welcome to OpenVAS-Client, http://www.openvas.org/\n" "NessusClient origin: Copyright 1998-2007 by Renaud Deraison\n" @@ -1486,7 +1495,7 @@ "Renaud Deraison, Thomas Arendsen Hein, Jan-Oliver Wagner, Bernhard Herzog, " "Michel Arboi (SSL-Unterst?tzung), Bruce Verderaime (Kuchendiagramme)\n" -#: nessus/prefs_dialog/prefs_dialog.c:1539 +#: nessus/prefs_dialog/prefs_dialog.c:1524 msgid "" "You must enter the name of the primary target\n" "to attack in the 'target' section" @@ -1624,11 +1633,20 @@ msgid "Credentials" msgstr "Zugangsdaten" -#: nessus/prefs_dialog/prefs_dialog_plugins_prefs.c:351 +#: nessus/prefs_dialog/prefs_dialog_plugins_prefs.c:179 +#, c-format +msgid "%s asked for unknown preference type %s." +msgstr "%s verlangt unbekannten Einstellungstyp %s." + +#: nessus/prefs_dialog/prefs_dialog_plugins_prefs.c:379 msgid "Select file" msgstr "Datei ausw?hlen" -#: nessus/prefs_dialog/prefs_dialog_plugins_prefs.c:496 +#: nessus/prefs_dialog/prefs_dialog_plugins_prefs.c:429 +msgid "No SSH Key selected" +msgstr "Kein SSH-Schl?ssel ausgew?hlt" + +#: nessus/prefs_dialog/prefs_dialog_plugins_prefs.c:567 msgid "Select..." msgstr "Ausw?hlen..." @@ -2463,16 +2481,16 @@ msgstr "on_scope_edited(): Men?eintrag hat keinen Bezeichner." #: nessus/prefs_dialog/prefs_scope_tree.c:794 -msgid "Low" -msgstr "Niedrig" +msgid "High" +msgstr "Hoch" #: nessus/prefs_dialog/prefs_scope_tree.c:806 msgid "Medium" msgstr "Mittel" #: nessus/prefs_dialog/prefs_scope_tree.c:818 -msgid "High" -msgstr "Hoch" +msgid "Low" +msgstr "Niedrig" #: nessus/prefs_dialog/prefs_options.c:93 msgid "General" @@ -2570,6 +2588,9 @@ msgid "Perform a DNS zone transfer" msgstr "F?hre einen DNS-Zonentransfer durch" +#~ msgid "Not yet implemented." +#~ msgstr "Noch nicht implementiert" + #~ msgid "Security hole found" #~ msgstr "Sicherheitsloch gefunden" From scm-commit at wald.intevation.org Fri Dec 5 12:23:37 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 12:23:37 +0100 (CET) Subject: [Openvas-commits] r1932 - in trunk/openvas-client: . nessus Message-ID: <20081205112337.6251A4072D@pyrosoma.intevation.org> Author: felix Date: 2008-12-05 12:23:37 +0100 (Fri, 05 Dec 2008) New Revision: 1932 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/context.c trunk/openvas-client/nessus/context.h Log: Towards step 2 for CR #20: contexts scan .ssh directory for files. ( http://www.openvas.org/openvas-cr-20.html ). * nessus/context.h : Added list sshkeys to context struct. * nessus/context.c (context_init) : Function header reformatted, documented, sshkeys initialization. * nessus/context.c (context_add_plugin) : documented. * nessus/context.c (context_pickup_sshkeys) : new function to scan scopes .ssh directory. * nessus/context.c (context_collect_recurse) : calling context_pickup_sshkeys on appropriate directory, comment. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 10:53:18 UTC (rev 1931) +++ trunk/openvas-client/ChangeLog 2008-12-05 11:23:37 UTC (rev 1932) @@ -1,3 +1,21 @@ +2008-12-05 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + Towards step 2 for CR #20: contexts scan .ssh directory for files. + ( http://www.openvas.org/openvas-cr-20.html ). + + * nessus/context.h : Added list sshkeys to context struct. + + * nessus/context.c (context_init) : Function header reformatted, + documented, sshkeys initialization. + + * nessus/context.c (context_add_plugin) : documented. + + * nessus/context.c (context_pickup_sshkeys) : new function to scan + scopes .ssh directory. + + * nessus/context.c (context_collect_recurse) : calling + context_pickup_sshkeys on appropriate directory, comment. + 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> * po/de.po: Updated German translation. Modified: trunk/openvas-client/nessus/context.c =================================================================== --- trunk/openvas-client/nessus/context.c 2008-12-05 10:53:18 UTC (rev 1931) +++ trunk/openvas-client/nessus/context.c 2008-12-05 11:23:37 UTC (rev 1932) @@ -35,10 +35,15 @@ struct context *Global; struct context *Context; +/** + * Initializes a Context child of a parent Context, including memory + * allocation. + * The context_type will be the parents context_type +1. + * @param context Double pointer to child (memory will be allocated). + * @param parent The parent context. + */ void -context_init(context, parent) - struct context **context; - struct context *parent; +context_init(struct context **context, struct context *parent) { *context = emalloc(sizeof(struct context)); (*context)->parent = parent; @@ -64,6 +69,7 @@ #endif (*context)->plugin_cache_loaded = 0; (*context)->signer_fp_certificates = NULL; + (*context)->sshkeys= NULL; } struct context * @@ -148,7 +154,9 @@ * "auto_enable_new_plugins" preference for the scope at hand. * * XXX: do we need hashing for pluginset? - * Returns 1 if the added plugin was known before (was in cache), 0 otherwise + * @param context Cotnext to which to add the plugin to. + * @param plugin Plugin to add to context. + * @return 1 if the added plugin was known before (was in cache), 0 otherwise. */ int context_add_plugin(struct context *context, struct nessus_plugin *plugin) @@ -241,7 +249,38 @@ *child_ptr = next; } + /** + * Adds all filenames from the directory sshdir (usually contex/scope/.ssh) + * to the contexts sshkeys list. + * @param context The context that shall get the sshkey filenames added. + * @param sshdir Directory to scan for files. + */ +static void context_pickup_sshkeys(struct context* context, const char* sshdir) +{ + GDir* dir; + dir = g_dir_open(sshdir, 0, NULL); + + // Add all (non directory) file names to list + if(dir != NULL) + { + gchar* file; + while( (file = (gchar*) g_dir_read_name(dir)) ) + { + char* dir_check = g_build_filename(sshdir, file, NULL); + + if(!check_is_dir(dir_check)) + context->sshkeys = g_slist_prepend(context->sshkeys, estrdup(file)); + + efree(&dir_check); + } + + g_dir_close(dir); + } + // else we could not open the directory +} + +/** * Collects contexts from a directory (recursively descends in the directory). * Contexts are recognized by a openvasrc or report.nbe file, initialized and * added as childs to the context given as parameter "context". @@ -268,9 +307,15 @@ continue; path = g_build_filename(dir, file, NULL); - - if(context->type < CONTEXT_REPORT && check_is_dir(path)) + + /* 4 possible cases: .ssh directory, child directory, report or rc file + found and "no hit" */ + if(check_is_dir(path) && strcmp(file, ".ssh") == 0) { + context_pickup_sshkeys(context, path); + } + else if(context->type < CONTEXT_REPORT && check_is_dir(path)) + { struct context *child = context_create_child(context); child->dir = estrdup(path); Modified: trunk/openvas-client/nessus/context.h =================================================================== --- trunk/openvas-client/nessus/context.h 2008-12-05 10:53:18 UTC (rev 1931) +++ trunk/openvas-client/nessus/context.h 2008-12-05 11:23:37 UTC (rev 1932) @@ -78,6 +78,8 @@ #endif /** Maps openvas_certificate* (value) to their fingerprints (key). */ GHashTable* signer_fp_certificates; + /** List of the names of ssh public key files in scope/.ssh subfolder */ + GSList* sshkeys; /* Reports may have plugin information too. They can be quite large, * so we avoid loading them.*/ /** Indicates whether the plugin information has been loaded. */ From scm-commit at wald.intevation.org Fri Dec 5 15:00:58 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:00:58 +0100 (CET) Subject: [Openvas-commits] r1933 - in trunk/openvas-plugins: . scripts Message-ID: <20081205140058.BB72640763@pyrosoma.intevation.org> Author: chandra Date: 2008-12-05 15:00:57 +0100 (Fri, 05 Dec 2008) New Revision: 1933 Added: trunk/openvas-plugins/scripts/gb_gallery_sec_bypass_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-05 11:23:37 UTC (rev 1932) +++ trunk/openvas-plugins/ChangeLog 2008-12-05 14:00:57 UTC (rev 1933) @@ -1,3 +1,7 @@ +2008-12-05 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_gallery_sec_bypass_vuln.nasl: + Added new plugin + 2008-12-04 Chandrashekhar B <bchandra at secpod.com> * scripts/gb_uw_imapd_tmail_n_dmail_bof_vuln_lin.nasl, scripts/gb_alpine_tmail_n_dmail_bof_vuln_win.nasl, Added: trunk/openvas-plugins/scripts/gb_gallery_sec_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_gallery_sec_bypass_vuln.nasl 2008-12-05 11:23:37 UTC (rev 1932) +++ trunk/openvas-plugins/scripts/gb_gallery_sec_bypass_vuln.nasl 2008-12-05 14:00:57 UTC (rev 1933) @@ -0,0 +1,114 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_gallery_sec_bypass_vuln.nasl 567 2008-12-04 16:42:16Z dec $ +# +# Gallery Unspecified Security Bypass Vulnerability +# +# Authors: +# Sharath S <sharaths at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800312); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5296"); + script_bugtraq_id(32440); + script_name(english:"Gallery Unspecified Security Bypass Vulnerability"); + desc["english"] = " + + Overview: The host is running Gallery and is prone to Security Bypass + Vulnerability. + + Vulnerability Insight: + The flaw is caused due to improper validation of authentication cookies. + + Impact: + Successful exploitation allows attackers to bypass authentication and gain + administrative access to the application, if register_globals is enabled. + + Impact Level: Application + + Affected Software/OS: + Gallery Version 1.5.x before 1.5.10 and 1.6 before 1.6-RC3 on all + platform. + + Fix: Update to version 1.5.10 or 1.6-RC3. + http://codex.gallery2.org/Downloads + + References: + http://secunia.com/advisories/32817 + http://xforce.iss.net/xforce/xfdb/46804 + http://gallery.menalto.com/last_official_G1_releases + + CVSS Score: + CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.0 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Gallery"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"CGI abuses"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +foreach dir (make_list("/gallery", cgi_dirs())) +{ + sndReq = http_get(item:string(dir, "/index.php"), port:port); + rcvRes = http_keepalive_send_recv(port:port,data:sndReq,bodyonly:1); + if(rcvRes == NULL){ + exit(0); + } + + if("Powered by Gallery" >< rcvRes) + { + gallVer = eregmatch(pattern:"([0-9.]+)(-[A-Z0-9]+)? -", string:rcvRes); + gallVer = ereg_replace(pattern:" -", string:gallVer[0], replace:""); + gallVer = ereg_replace(pattern:"-", string:gallVer, replace:"."); + + if(gallVer != NULL) + { + # Grep version prior to 1.5.10 and 1.6-RC3 + if(gallVer =~ "^1.5" && version_in_range(version:gallVer, + test_version:"1.5", test_version2:"1.5.9")){ + security_warning(port); + exit(0); + } + if(gallVer =~ "^1.6" && version_in_range(version:gallVer, + test_version:"1.6", test_version2:"1.6.RC2")){ + security_warning(port); + exit(0); + } + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_gallery_sec_bypass_vuln.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Fri Dec 5 15:10:49 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:10:49 +0100 (CET) Subject: [Openvas-commits] r1934 - trunk/openvas-libraries Message-ID: <20081205141049.2C20C40766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:10:42 +0100 (Fri, 05 Dec 2008) New Revision: 1934 Modified: trunk/openvas-libraries/CHANGES trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION Log: Preparing the openvas-server 2.0-rc1 release. * CHANGES: Updated. * VERSION: Set to 2.0.0.rc1. Modified: trunk/openvas-libraries/CHANGES =================================================================== --- trunk/openvas-libraries/CHANGES 2008-12-05 14:00:57 UTC (rev 1933) +++ trunk/openvas-libraries/CHANGES 2008-12-05 14:10:42 UTC (rev 1934) @@ -1,3 +1,29 @@ +openvas-libraries 2.0-rc1 (2008-12-05) + +This release is the first release candidate for the upcoming 2.0 release of OpenVAS. + +Unless serious bugs are discovered, this release candidate will become the final +OpenVAS 2.0 release. Users are encouraged to test this release and to report +bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . + +If you have used the 2.0-beta2 release, we recommend that you update all your +OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and +openvas-client) to 2.0-rc1. + +If you are currently using the stable 1.0.x branch and want to take part in +testing this release candidate, we recommend that you install 2.0-rc1 separately +from your OpenVAS 1.0 installation. Instructions on how to do this are available +from the OpenVAS website. + +Main changes since 2.0-beta2: +* Support for the new script_tag command in NASL scripts has been added. +* Code quality has been improved; a number of potential buffer overflows have been fixed. +* Minor bugfixes. + +Many thanks to everyone who has contributed to this release: Tim Brown, Matthew +Mundell, Felix Wolfsteller and Michael Wiegand. + + openvas-libraries 2.0-beta2 (2008-11-14) This release is the second beta version of the upcoming 2.0 release of OpenVAS. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2008-12-05 14:00:57 UTC (rev 1933) +++ trunk/openvas-libraries/ChangeLog 2008-12-05 14:10:42 UTC (rev 1934) @@ -1,9 +1,17 @@ -2008-12-04 Felix Wolfsteller <felix.wolfsteller at intevation.de> +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Preparing the openvas-libraries 2.0-rc1 release. + + * CHANGES: Updated. + + * VERSION: Set to 2.0.0.rc1. + +2008-12-05 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * libopenvas/plugutils.c : Changed comment style, added param documentation for plug_set_sign_key_ids. -2008-12-04 Michael Wiegand <michael.wiegand at intevation.de> +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> Checking for potential code quality issues ahead of the 2.0-rc1 release, setting ignore flags for false positives and using more Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2008-12-05 14:00:57 UTC (rev 1933) +++ trunk/openvas-libraries/VERSION 2008-12-05 14:10:42 UTC (rev 1934) @@ -1 +1 @@ -2.0.0.beta3.SVN +2.0.0.rc1 From scm-commit at wald.intevation.org Fri Dec 5 15:12:40 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:12:40 +0100 (CET) Subject: [Openvas-commits] r1935 - tags Message-ID: <20081205141240.6ECA440766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:12:39 +0100 (Fri, 05 Dec 2008) New Revision: 1935 Added: tags/openvas-libraries-release-2.0-rc1/ Log: Tagging openvas-libraries 2.0-rc1. Copied: tags/openvas-libraries-release-2.0-rc1 (from rev 1934, trunk/openvas-libraries) From scm-commit at wald.intevation.org Fri Dec 5 15:14:35 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:14:35 +0100 (CET) Subject: [Openvas-commits] r1936 - trunk/openvas-libraries Message-ID: <20081205141435.8B2A940766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:14:33 +0100 (Fri, 05 Dec 2008) New Revision: 1936 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION Log: Post release version bump. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2008-12-05 14:12:39 UTC (rev 1935) +++ trunk/openvas-libraries/ChangeLog 2008-12-05 14:14:33 UTC (rev 1936) @@ -1,5 +1,11 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Post release version bump. + + * VERSION: Set to 2.0.0.rc2.SVN. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Preparing the openvas-libraries 2.0-rc1 release. * CHANGES: Updated. Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2008-12-05 14:12:39 UTC (rev 1935) +++ trunk/openvas-libraries/VERSION 2008-12-05 14:14:33 UTC (rev 1936) @@ -1 +1 @@ -2.0.0.rc1 +2.0.0.rc2.SVN From scm-commit at wald.intevation.org Fri Dec 5 15:15:52 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:15:52 +0100 (CET) Subject: [Openvas-commits] r1937 - trunk/openvas-libnasl Message-ID: <20081205141552.1A45040766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:15:49 +0100 (Fri, 05 Dec 2008) New Revision: 1937 Modified: trunk/openvas-libnasl/CHANGES trunk/openvas-libnasl/ChangeLog trunk/openvas-libnasl/VERSION Log: Preparing the openvas-libnasl 2.0-rc1 release. * CHANGES: Updated. * VERSION: Set to 2.0.0.rc1. Modified: trunk/openvas-libnasl/CHANGES =================================================================== --- trunk/openvas-libnasl/CHANGES 2008-12-05 14:14:33 UTC (rev 1936) +++ trunk/openvas-libnasl/CHANGES 2008-12-05 14:15:49 UTC (rev 1937) @@ -1,3 +1,29 @@ +openvas-libnasl 2.0-rc1 (2008-12-05) + +This release is the first release candidate for the upcoming 2.0 release of OpenVAS. + +Unless serious bugs are discovered, this release candidate will become the final +OpenVAS 2.0 release. Users are encouraged to test this release and to report +bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . + +If you have used the 2.0-beta2 release, we recommend that you update all your +OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and +openvas-client) to 2.0-rc1. + +If you are currently using the stable 1.0.x branch and want to take part in +testing this release candidate, we recommend that you install 2.0-rc1 separately +from your OpenVAS 1.0 installation. Instructions on how to do this are available +from the OpenVAS website. + +Main changes since 2.0-beta2: +* Support for the new script_tag command in NASL scripts has been added. +* Code quality has been improved. +* Minor bugfixes. + +Many thanks to everyone who has contributed to this release: Tim Brown and +Michael Wiegand. + + openvas-libnasl 2.0-beta2 (2008-11-14) This release is the second beta version of the upcoming 2.0 release of OpenVAS. Modified: trunk/openvas-libnasl/ChangeLog =================================================================== --- trunk/openvas-libnasl/ChangeLog 2008-12-05 14:14:33 UTC (rev 1936) +++ trunk/openvas-libnasl/ChangeLog 2008-12-05 14:15:49 UTC (rev 1937) @@ -1,5 +1,13 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Preparing the openvas-libnasl 2.0-rc1 release. + + * CHANGES: Updated. + + * VERSION: Set to 2.0.0.rc1. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Checking for potential code quality issues ahead of the 2.0-rc1 release, setting ignore flags for false positives. Modified: trunk/openvas-libnasl/VERSION =================================================================== --- trunk/openvas-libnasl/VERSION 2008-12-05 14:14:33 UTC (rev 1936) +++ trunk/openvas-libnasl/VERSION 2008-12-05 14:15:49 UTC (rev 1937) @@ -1 +1 @@ -2.0.0.beta3.SVN +2.0.0.rc1 From scm-commit at wald.intevation.org Fri Dec 5 15:16:35 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:16:35 +0100 (CET) Subject: [Openvas-commits] r1938 - tags Message-ID: <20081205141635.6236940766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:16:34 +0100 (Fri, 05 Dec 2008) New Revision: 1938 Added: tags/openvas-libnasl-release-2.0-rc1/ Log: Tagging openvas-libnasl 2.0-rc1. Copied: tags/openvas-libnasl-release-2.0-rc1 (from rev 1937, trunk/openvas-libnasl) From scm-commit at wald.intevation.org Fri Dec 5 15:18:20 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:18:20 +0100 (CET) Subject: [Openvas-commits] r1939 - trunk/openvas-libnasl Message-ID: <20081205141820.345E740766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:18:20 +0100 (Fri, 05 Dec 2008) New Revision: 1939 Modified: trunk/openvas-libnasl/ChangeLog trunk/openvas-libnasl/VERSION Log: Post release version bump. Modified: trunk/openvas-libnasl/ChangeLog =================================================================== --- trunk/openvas-libnasl/ChangeLog 2008-12-05 14:16:34 UTC (rev 1938) +++ trunk/openvas-libnasl/ChangeLog 2008-12-05 14:18:20 UTC (rev 1939) @@ -1,5 +1,11 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Post release version bump. + + * VERSION: Set to 2.0.0.rc2.SVN. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Preparing the openvas-libnasl 2.0-rc1 release. * CHANGES: Updated. Modified: trunk/openvas-libnasl/VERSION =================================================================== --- trunk/openvas-libnasl/VERSION 2008-12-05 14:16:34 UTC (rev 1938) +++ trunk/openvas-libnasl/VERSION 2008-12-05 14:18:20 UTC (rev 1939) @@ -1 +1 @@ -2.0.0.rc1 +2.0.0.rc2.SVN From scm-commit at wald.intevation.org Fri Dec 5 15:19:56 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:19:56 +0100 (CET) Subject: [Openvas-commits] r1940 - trunk/openvas-server Message-ID: <20081205141956.AA40A40766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:19:55 +0100 (Fri, 05 Dec 2008) New Revision: 1940 Modified: trunk/openvas-server/CHANGES trunk/openvas-server/ChangeLog trunk/openvas-server/VERSION Log: Preparing the openvas-server 2.0-rc1 release. * CHANGES: Updated. * VERSION: Set to 2.0.0.rc1. Modified: trunk/openvas-server/CHANGES =================================================================== --- trunk/openvas-server/CHANGES 2008-12-05 14:18:20 UTC (rev 1939) +++ trunk/openvas-server/CHANGES 2008-12-05 14:19:55 UTC (rev 1940) @@ -1,3 +1,31 @@ +openvas-server 2.0-rc1 (2008-12-05) + +This release is the first release candidate for the upcoming 2.0 release of OpenVAS. + +Unless serious bugs are discovered, this release candidate will become the final +OpenVAS 2.0 release. Users are encouraged to test this release and to report +bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . + +If you have used the 2.0-beta2 release, we recommend that you update all your +OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and +openvas-client) to 2.0-rc1. + +If you are currently using the stable 1.0.x branch and want to take part in +testing this release candidate, we recommend that you install 2.0-rc1 separately +from your OpenVAS 1.0 installation. Instructions on how to do this are available +from the OpenVAS website. + +Main changes since 2.0-beta2: +* Support for the new script_tag command in NASL scripts has been added. +* Code quality has been improved, a potential buffer overflow due to + insufficient memory allocation has been fixed. +* Debian packaging files have been updated. +* Minor bugfixes. + +Many thanks to everyone who has contributed to this release: Tim Brown, Joey +Schulze, Felix Wolfsteller and Michael Wiegand. + + openvas-server 2.0-beta2 (2008-11-14) This release is the second beta version of the upcoming 2.0 release of OpenVAS. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2008-12-05 14:18:20 UTC (rev 1939) +++ trunk/openvas-server/ChangeLog 2008-12-05 14:19:55 UTC (rev 1940) @@ -1,5 +1,13 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Preparing the openvas-server 2.0-rc1 release. + + * CHANGES: Updated. + + * VERSION: Set to 2.0.0.rc1. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + * openvasd/processes.c (create_process): Ignore warning about srand48 not being random enough; it is random enough for our purposes. Modified: trunk/openvas-server/VERSION =================================================================== --- trunk/openvas-server/VERSION 2008-12-05 14:18:20 UTC (rev 1939) +++ trunk/openvas-server/VERSION 2008-12-05 14:19:55 UTC (rev 1940) @@ -1 +1 @@ -2.0.0.beta3.SVN +2.0.0.rc1 From scm-commit at wald.intevation.org Fri Dec 5 15:21:01 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:21:01 +0100 (CET) Subject: [Openvas-commits] r1941 - tags Message-ID: <20081205142101.AD6D140766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:20:59 +0100 (Fri, 05 Dec 2008) New Revision: 1941 Added: tags/openvas-server-release-2.0-rc1/ Log: Tagging openvas-server 2.0-rc1. Copied: tags/openvas-server-release-2.0-rc1 (from rev 1940, trunk/openvas-server) From scm-commit at wald.intevation.org Fri Dec 5 15:22:25 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:22:25 +0100 (CET) Subject: [Openvas-commits] r1942 - trunk/openvas-server Message-ID: <20081205142225.1A6E540766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:22:24 +0100 (Fri, 05 Dec 2008) New Revision: 1942 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/VERSION Log: Post release version bump. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2008-12-05 14:20:59 UTC (rev 1941) +++ trunk/openvas-server/ChangeLog 2008-12-05 14:22:24 UTC (rev 1942) @@ -1,5 +1,11 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Post release version bump. + + * VERSION: Set to 2.0.0.rc2.SVN. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Preparing the openvas-server 2.0-rc1 release. * CHANGES: Updated. Modified: trunk/openvas-server/VERSION =================================================================== --- trunk/openvas-server/VERSION 2008-12-05 14:20:59 UTC (rev 1941) +++ trunk/openvas-server/VERSION 2008-12-05 14:22:24 UTC (rev 1942) @@ -1 +1 @@ -2.0.0.rc1 +2.0.0.rc2.SVN From scm-commit at wald.intevation.org Fri Dec 5 15:23:46 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:23:46 +0100 (CET) Subject: [Openvas-commits] r1943 - trunk/openvas-client Message-ID: <20081205142346.5930140766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:23:45 +0100 (Fri, 05 Dec 2008) New Revision: 1943 Modified: trunk/openvas-client/CHANGES trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION Log: Preparing the openvas-client 2.0-rc1 release. * CHANGES: Updated. * VERSION: Set to 2.0.0.rc1. Modified: trunk/openvas-client/CHANGES =================================================================== --- trunk/openvas-client/CHANGES 2008-12-05 14:22:24 UTC (rev 1942) +++ trunk/openvas-client/CHANGES 2008-12-05 14:23:45 UTC (rev 1943) @@ -1,3 +1,38 @@ +openvas-client 2.0-rc1 (2008-12-05) + +This release is the first release candidate for the upcoming 2.0 release of OpenVAS. + +Unless serious bugs are discovered, this release candidate will become the final +OpenVAS 2.0 release. Users are encouraged to test this release and to report +bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . + +If you have used the 2.0-beta2 release, we recommend that you update all your +OpenVAS modules (openvas-libraries, openvas-libnasl, openvas-server and +openvas-client) to 2.0-rc1. + +If you are currently using the stable 1.0.x branch and want to take part in +testing this release candidate, we recommend that you install 2.0-rc1 separately +from your OpenVAS 1.0 installation. Instructions on how to do this are available +from the OpenVAS website. + +Main changes since 2.0-beta2: +* Support for the new script_tag command in NASL scripts has been added. +* Support for displaying NVT signature information client in the GUI and in + various reports has been considerably improved. +* Report generation for PDF and HTML reports has been improved. +* The German translation has been updated. +* Code quality has been improved, a potential buffer overflow due to + insufficient memory allocation has been fixed. +* Debian packaging files have been updated. +* Code documentation has been improved. +* Command line parsing has been improved. +* Minor bugfixes. +* Code cleanups. + +Many thanks to everyone who has contributed to this release: Tim Brown, Joey +Schulze, Felix Wolfsteller and Michael Wiegand. + + openvas-client 2.0-beta2 (2008-11-14) This release is the second beta version of the upcoming 2.0 release of OpenVAS. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 14:22:24 UTC (rev 1942) +++ trunk/openvas-client/ChangeLog 2008-12-05 14:23:45 UTC (rev 1943) @@ -1,3 +1,11 @@ +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + + Preparing the openvas-client 2.0-rc1 release. + + * CHANGES: Updated. + + * VERSION: Set to 2.0.0.rc1. + 2008-12-05 Felix Wolfsteller <felix.wolfsteller at intevation.de> Towards step 2 for CR #20: contexts scan .ssh directory for files. Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2008-12-05 14:22:24 UTC (rev 1942) +++ trunk/openvas-client/VERSION 2008-12-05 14:23:45 UTC (rev 1943) @@ -1 +1 @@ -2.0.0.beta3.SVN +2.0.0.rc1 From scm-commit at wald.intevation.org Fri Dec 5 15:25:06 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:25:06 +0100 (CET) Subject: [Openvas-commits] r1944 - trunk/openvas-client Message-ID: <20081205142506.C2AD440766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:25:04 +0100 (Fri, 05 Dec 2008) New Revision: 1944 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION Log: Post release version bump. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 14:23:45 UTC (rev 1943) +++ trunk/openvas-client/ChangeLog 2008-12-05 14:25:04 UTC (rev 1944) @@ -1,5 +1,11 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Post release version bump. + + * VERSION: Set to 2.0.0.rc2.SVN. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Preparing the openvas-client 2.0-rc1 release. * CHANGES: Updated. Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2008-12-05 14:23:45 UTC (rev 1943) +++ trunk/openvas-client/VERSION 2008-12-05 14:25:04 UTC (rev 1944) @@ -1 +1 @@ -2.0.0.rc1 +2.0.0.rc2.SVN From scm-commit at wald.intevation.org Fri Dec 5 15:28:35 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:28:35 +0100 (CET) Subject: [Openvas-commits] r1945 - trunk/openvas-client Message-ID: <20081205142835.051AC40766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:28:34 +0100 (Fri, 05 Dec 2008) New Revision: 1945 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION Log: Revert post release version bump, forgot to tag. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 14:25:04 UTC (rev 1944) +++ trunk/openvas-client/ChangeLog 2008-12-05 14:28:34 UTC (rev 1945) @@ -1,5 +1,11 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Revert post release version bump, forgot to tag. + + * VERSION: Set to 2.0.0.rc1. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Post release version bump. * VERSION: Set to 2.0.0.rc2.SVN. Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2008-12-05 14:25:04 UTC (rev 1944) +++ trunk/openvas-client/VERSION 2008-12-05 14:28:34 UTC (rev 1945) @@ -1 +1 @@ -2.0.0.rc2.SVN +2.0.0.rc1 From scm-commit at wald.intevation.org Fri Dec 5 15:29:10 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:29:10 +0100 (CET) Subject: [Openvas-commits] r1946 - tags Message-ID: <20081205142910.DC85E40766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:29:09 +0100 (Fri, 05 Dec 2008) New Revision: 1946 Added: tags/openvas-client-release-2.0-rc1/ Log: Tagging openvas-client 2.0-rc1. Copied: tags/openvas-client-release-2.0-rc1 (from rev 1945, trunk/openvas-client) From scm-commit at wald.intevation.org Fri Dec 5 15:30:36 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:30:36 +0100 (CET) Subject: [Openvas-commits] r1947 - trunk/openvas-client Message-ID: <20081205143036.B48F640766@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:30:35 +0100 (Fri, 05 Dec 2008) New Revision: 1947 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION Log: Real post release version bump. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 14:29:09 UTC (rev 1946) +++ trunk/openvas-client/ChangeLog 2008-12-05 14:30:35 UTC (rev 1947) @@ -1,5 +1,11 @@ 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Real post release version bump. + + * VERSION: Set to 2.0.0.rc2.SVN. + +2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> + Revert post release version bump, forgot to tag. * VERSION: Set to 2.0.0.rc1. Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2008-12-05 14:29:09 UTC (rev 1946) +++ trunk/openvas-client/VERSION 2008-12-05 14:30:35 UTC (rev 1947) @@ -1 +1 @@ -2.0.0.rc1 +2.0.0.rc2.SVN From scm-commit at wald.intevation.org Fri Dec 5 15:46:50 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 15:46:50 +0100 (CET) Subject: [Openvas-commits] r1948 - trunk/doc/website Message-ID: <20081205144650.9485B40763@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 15:46:48 +0100 (Fri, 05 Dec 2008) New Revision: 1948 Modified: trunk/doc/website/code-quality.htm4 trunk/doc/website/template_header.m4 Log: Updated links and code quality numbers for 2.0-rc1. Modified: trunk/doc/website/code-quality.htm4 =================================================================== --- trunk/doc/website/code-quality.htm4 2008-12-05 14:30:35 UTC (rev 1947) +++ trunk/doc/website/code-quality.htm4 2008-12-05 14:46:48 UTC (rev 1948) @@ -115,7 +115,15 @@ <td>368</td> <td>93/26</td> <td>3</td> -</tr></table> +</tr> +<tr> + <td>2.0-rc1</td> + <td>11254</td> + <td>317</td> + <td>84/13</td> + <td>3</td> +</tr> +</table> <h3>openvas-libnasl</h3> @@ -176,7 +184,13 @@ <td>62/22</td> <td>not analyzed</td> </tr> - +<tr> + <td>2.0-rc1</td> + <td>16437</td> + <td>290</td> + <td>61/21</td> + <td>not analyzed</td> +</tr> </table> <h3>openvas-server</h3> @@ -245,6 +259,13 @@ <td>93/19</td> <td>not analyzed</td> </tr> +<tr> + <td>2.0-rc1</td> + <td>9527</td> + <td>367</td> + <td>93/16</td> + <td>not analyzed</td> +</tr> </table> <h3>openvas-plugins</h3> @@ -367,6 +388,13 @@ <td>169/47</td> <td>6</td> </tr> +<tr> + <td>2.0-rc1</td> + <td>26983</td> + <td>659</td> + <td>164/45</td> + <td>6</td> +</tr> </table> <h3>How the numbers have been assembled</h3> Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2008-12-05 14:30:35 UTC (rev 1947) +++ trunk/doc/website/template_header.m4 2008-12-05 14:46:48 UTC (rev 1948) @@ -154,11 +154,11 @@ </p> <p> - OpenVAS 2.0 BETA:<br> - <a href="http://wald.intevation.org/frs/?group_id=29&release_id=220">openvas-libraries 2.0-beta2</a><br> - <a href="http://wald.intevation.org/frs/?group_id=29&release_id=221">openvas-libnasl 2.0-beta2</a><br> - <a href="http://wald.intevation.org/frs/?group_id=29&release_id=222">openvas-server 2.0-beta2</a><br> - <a href="http://wald.intevation.org/frs/?group_id=29&release_id=223">openvas-client 2.0-beta2</a><br> + OpenVAS 2.0-RC1:<br> + <a href="http://wald.intevation.org/frs/?group_id=29&release_id=226">openvas-libraries 2.0-rc1</a><br> + <a href="http://wald.intevation.org/frs/?group_id=29&release_id=227">openvas-libnasl 2.0-rc1</a><br> + <a href="http://wald.intevation.org/frs/?group_id=29&release_id=228">openvas-server 2.0-rc1</a><br> + <a href="http://wald.intevation.org/frs/?group_id=29&release_id=229">openvas-client 2.0-rc1</a><br> openvas-plugins: Use <a href="http://wald.intevation.org/frs/?group_id=29&release_id=225">openvas-plugins 1.0.5</a><br> </p> </div> From scm-commit at wald.intevation.org Fri Dec 5 16:21:05 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 5 Dec 2008 16:21:05 +0100 (CET) Subject: [Openvas-commits] r1949 - trunk/doc/website Message-ID: <20081205152105.CF50F4076A@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-05 16:21:05 +0100 (Fri, 05 Dec 2008) New Revision: 1949 Added: trunk/doc/website/openvas-cr-24.htm4 Modified: trunk/doc/website/openvas-crs.htm4 Log: Uploaded CR #24. Added: trunk/doc/website/openvas-cr-24.htm4 =================================================================== --- trunk/doc/website/openvas-cr-24.htm4 2008-12-05 14:46:48 UTC (rev 1948) +++ trunk/doc/website/openvas-cr-24.htm4 2008-12-05 15:21:05 UTC (rev 1949) @@ -0,0 +1,150 @@ +m4_dnl -*-html-*- +m4_include(`template.m4') + +m4_dnl OpenVAS +m4_dnl $Id$ +m4_dnl Description: OpenVAS Change Request #24 +m4_dnl +m4_dnl Authors: +m4_dnl Michael Wiegand <michael.wiegand at intevation.de> +m4_dnl Stjepan Gros <sgros.ml at gmail.com> +m4_dnl +m4_dnl Copyright: +m4_dnl Copyright (C) 2008 Intevation GmbH +m4_dnl +m4_dnl This program is free software; you can redistribute it and/or modify +m4_dnl it under the terms of the GNU General Public License version 2, +m4_dnl as published by the Free Software Foundation. +m4_dnl +m4_dnl This program is distributed in the hope that it will be useful, +m4_dnl but WITHOUT ANY WARRANTY; without even the implied warranty of +m4_dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +m4_dnl GNU General Public License for more details. +m4_dnl +m4_dnl You should have received a copy of the GNU General Public License +m4_dnl along with this program; if not, write to the Free Software +m4_dnl Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + + +PAGE_START +<h2>OpenVAS Change Request #24: OpenVAS-Server: Reorganize NVTs in Subdirectories</h2> + +<p> +Status: In discusssion. +</p> + +<h3>Purpose</h3> + +<p> +To make maintaining the NVT tree easier. +</p> + +<p> +To be compliant with LSB/FHS. +</p> + +<h3>References</h3> + +<p> +<a href="http://lists.wald.intevation.org/pipermail/openvas-devel/2008-October/001014.html">Patch +suggested by Stjepan Gros on openvas-devel</a> +</p> + +<h3>Rationale</h3> + +<p> +Right now, the OpenVAS-Server expects all NVTs to be in one single directory on +the server machine and will only look in this directory when looking for NVTs +when starting up. Also, plugins are placed inside lib subdirectory but they +are platform independent, read-only data which is better placed in share +subdirectory. Likewise, the server creates one single subdirectory for +cached NVT data inside plugins subdirectory which has two drawbacks. First, +it requires write access in what should be read-only directory and, second, +it will only use this cache directory. +</p> + +<p> +The current approach poses two problems. First, as the NVT collection gets +larger and larger, especially if the user subscribes to one or more high +volume NVT feeds. This could lead to unexpected and undesirable results, +for example when different feeds contain files with the same file name. +If different feeds could be isolated into different directories, this would +improve the situation for feed subscribers as well as feed managers. The +second problem is that this directory organisation doesn't align well with +<a href="http://www.pathname.com/fhs/pub/fhs-2.3.html#USRSHAREARCHITECTUREINDEPENDENTDATA">FHS</a> +(and indirectrly with LSB) and how distributions distribute files on +file system. +</p> + +<p> +Furthermore, it may not always be necessary to load all NVTs available to the +server on startup; with different directories, the server would be able to make +only a subset of his NVTs available to connecting client for security or speed +reasons. +</p> + +<h3>Effects</h3> + +<p> +The code changes will not break existing installations upgrading to a new +version of OpenVAS, or new installations that do not explicitly specify +alternative path to plugins and include directories. +</p> + +<p> +The critical change will be when/if plugins themselves are reorganized and +feeds change structure. This could break old/existing installations. +This has to be further discussed. +</p> + +<p> +Three new configuration directives will be introduced that control OpenVAS +behavior with respect to where plugins are placed: include_folder, +plugins_folder and cache_folder. +</p> + +<h3>Design and Implementation</h3> + +<p> +Cache directory will be subdivided into a set of one letter +directories. Each plugin will be placed into appropriate +subdirectory based on the first letter of the name. The other +possibility (maybe better) is to use OID as a name for the +plugin in a cache and possibly for the organization of the +directory structure. +</p> + +<p> +Modify openvas-server/openvasd/nasl_plugins.c to propagate additional +info about plugin and include directories to openvas-libnasl component. +</p> + +<p> +Modify openvas-server/openvasd/openvasd.c to include old style +behavior in case none of include_folder, plugins_folder and cache_folder +were given in the configuration file. +</p> + +<p> +Modify openvas-server/openvasd/pluginload.c to recurse through given +plugin directories and load all the plugins. +</p> + +<p> +Modify openvas-libnasl/nasl subsystem to search include directories. +And grammar to include new directives. +</p> + +<h3>History</h3> + +<ul> +<li> 2008-12-04 Stjepan Gros <sgros.ml at gmail.com>:<br> + Link on FHS/LSB<br> + Additional details in design and implementation section<br> + </li> +<li> 2008-12-02 Stjepan Gros <sgros.ml at gmail.com>:<br> + Rephrasing rationale<br> + </li> +<li> 2008-11-26 Michael Wiegand <michael.wiegand at intevation.de>:<br> + Initial text.</li> +</ul> Modified: trunk/doc/website/openvas-crs.htm4 =================================================================== --- trunk/doc/website/openvas-crs.htm4 2008-12-05 14:46:48 UTC (rev 1948) +++ trunk/doc/website/openvas-crs.htm4 2008-12-05 15:21:05 UTC (rev 1949) @@ -67,6 +67,7 @@ <li> <a href="openvas-cr-21.html">OpenVAS Change Request #21: OpenVAS-Client: Improve Vulnerability Summary Listing</a> (in discussion) <li> <a href="openvas-cr-22.html">OpenVAS Change Request #22: OpenVAS-libnasl: Introduce new script_tag Command</a> (in progress) <li> <a href="openvas-cr-23.html">OpenVAS Change Request #23: OpenVAS-libnasl: Standardize Script Families for NVT</a> (in discussion) +<li> <a href="openvas-cr-24.html">OpenVAS Change Request #24: OpenVAS-Server: Reorganize NVTs in Subdirectories</a> (in discussion) </ul> <h3>How to write a change request</h3> From scm-commit at wald.intevation.org Mon Dec 8 12:10:57 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 8 Dec 2008 12:10:57 +0100 (CET) Subject: [Openvas-commits] r1950 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20081208111057.2799D40719@pyrosoma.intevation.org> Author: felix Date: 2008-12-08 12:10:56 +0100 (Mon, 08 Dec 2008) New Revision: 1950 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/listnotebook.c trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c Log: Comments. * nessus/prefs_dialog/prefs_dialog_prefs.c (prefs_dialog_prefs) : Function header style, comment. * nessus/prefs_dialog/listnotebook.c : Made comments javadoc-conform. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-05 15:21:05 UTC (rev 1949) +++ trunk/openvas-client/ChangeLog 2008-12-08 11:10:56 UTC (rev 1950) @@ -1,3 +1,12 @@ +2008-12-08 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + Comments. + + * nessus/prefs_dialog/prefs_dialog_prefs.c (prefs_dialog_prefs) : + Function header style, comment. + + * nessus/prefs_dialog/listnotebook.c : Made comments javadoc-conform. + 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> Real post release version bump. Modified: trunk/openvas-client/nessus/prefs_dialog/listnotebook.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/listnotebook.c 2008-12-05 15:21:05 UTC (rev 1949) +++ trunk/openvas-client/nessus/prefs_dialog/listnotebook.c 2008-12-08 11:10:56 UTC (rev 1950) @@ -26,8 +26,10 @@ * do so, delete this exception statement from your version. */ -/* This module defines a list notebook, that is a notebook whose pages - * are controlled by a list box. The gtk widget the represents such a +/** + * \file + * This module defines a list notebook, that is a notebook whose pages + * are controlled by a list box. The gtk widget that represents such a * listnotebook is a paned window with a tree view showing the list of * pages and a notebook. */ @@ -45,8 +47,11 @@ NUM_COLS }; -/* selection func for the tree view. Change the notebook page according - * to the new selection in the tree view */ + +/** + * selection func for the tree view. Change the notebook page according + * to the new selection in the tree view + */ static gboolean selection_func(selection, model, path, path_currently_selected, userdata) GtkTreeSelection *selection; @@ -69,7 +74,8 @@ } -/* Change the selection of the list to match the notebook's current page +/** + * Change the selection of the list to match the notebook's current page */ static void notebook_page_switched(notebook, page, page_num, user_data) @@ -113,12 +119,12 @@ } -/* Create the listnotebook. +/** + * Create the listnotebook. * * If horizontal is TRUE, use a horizontal paned window, otherwise a * vertical one. */ - GtkWidget * listnotebook_new(horizontal, sorted) gboolean horizontal; @@ -209,8 +215,8 @@ } - -/* Add a page to the listnotebook in the box. +/** + * Add a page to the listnotebook in the box. * * The parameter page should be the widget that makes up the new page. * It will be added to the notebook and the list store. The parameter @@ -246,8 +252,10 @@ } -/* Select a specific notebook page. The page_num is the index in the - * (optionallly sorted) list, so that 0 is the page listed first */ +/** + * Select a specific notebook page. The page_num is the index in the + * (optionallly sorted) list, so that 0 is the page listed first. + */ void listnotebook_select_page(listnotebook, page_num) GtkWidget*listnotebook; Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c 2008-12-05 15:21:05 UTC (rev 1949) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c 2008-12-08 11:10:56 UTC (rev 1950) @@ -26,13 +26,15 @@ #include "context.h" #include "preferences.h" -/* Build and run the preferences Dialog. In case of finishing the - * dialog with OK, store the changed preferences data. */ +/** + * Build and run the preferences Dialog. In case of finishing the + * dialog with OK, store the changed preferences data. + * @param menuitem Not required here, but mandatory since function is connected + * via GTK_SIGNAL_CONNECT. + * @param ctrls Pointer to arglist where the gui elements are hooked into. + */ void -prefs_dialog_prefs(menuitem, ctrls) - GtkMenuItem * menuitem; /* not required here, but mandatory since - function is connected via GTK_SIGNAL_CONNECT */ - gpointer ctrls; +prefs_dialog_prefs(GtkMenuItem * menuitem, gpointer ctrls) { GtkWindow * window = GTK_WINDOW(arg_get_value(ctrls, "WINDOW")); GtkWidget * dialog; From scm-commit at wald.intevation.org Tue Dec 9 09:41:03 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Dec 2008 09:41:03 +0100 (CET) Subject: [Openvas-commits] r1951 - trunk/doc/website Message-ID: <20081209084103.6929240729@pyrosoma.intevation.org> Author: jan Date: 2008-12-09 09:41:01 +0100 (Tue, 09 Dec 2008) New Revision: 1951 Modified: trunk/doc/website/openvas-oids.htm4 Log: Added OVAL, fixed typos. Modified: trunk/doc/website/openvas-oids.htm4 =================================================================== --- trunk/doc/website/openvas-oids.htm4 2008-12-08 11:10:56 UTC (rev 1950) +++ trunk/doc/website/openvas-oids.htm4 2008-12-09 08:41:01 UTC (rev 1951) @@ -61,12 +61,14 @@ | | | | | +--... | | -| +--.3 (.DSA-LVT): Family of Local Vulnerbaility Checks for Debian Security Alerts +| +--.3 (.DSA-LVT): Family of Local Vulnerability Checks for Debian Security Alerts | | | -| | +--1157.1: Implementaiton for DSA 1157, Version 1 of the script (example) +| | +--1157.1: Implementation for DSA 1157, Version 1 of the script (example) | | | +--... (next families) | ++--.2 (.OVAL): OVAL scripts +| +--... (other things of OpenVAS project that need a unique ID) </pre> From scm-commit at wald.intevation.org Tue Dec 9 13:07:20 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Dec 2008 13:07:20 +0100 (CET) Subject: [Openvas-commits] r1952 - in trunk/openvas-client: . nessus nessus/prefs_dialog Message-ID: <20081209120720.28E584072A@pyrosoma.intevation.org> Author: felix Date: 2008-12-09 13:07:20 +0100 (Tue, 09 Dec 2008) New Revision: 1952 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/comm.c trunk/openvas-client/nessus/context.h trunk/openvas-client/nessus/latex_output.c trunk/openvas-client/nessus/prefs_dialog/listnotebook.c trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_auth.c Log: Comments, minor style changes. * nessus/latex_output.c : Comments to javadoc style. * nessus/comm.c (comm_send_file) : Removed K&R funciton header, comment. * nessus/comm.c (gui_comm_send_preferences) : Donated braces, intendation. * nessus/context.h : Added comment about badly placed functions. * nessus/prefs_dialog/listnotebook.c (listnotebook_new) : Comment improved. * nessus/prefs_dialog/prefs_dialog_auth.c (prefs_dialog_auth_connection): Comment to javadoc style. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-09 08:41:01 UTC (rev 1951) +++ trunk/openvas-client/ChangeLog 2008-12-09 12:07:20 UTC (rev 1952) @@ -1,3 +1,22 @@ +2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + Comments. + + * nessus/latex_output.c : Comments to javadoc style. + + * nessus/comm.c (comm_send_file) : Removed K&R funciton header, comment. + + * nessus/comm.c (gui_comm_send_preferences) : Donated braces, + intendation. + + * nessus/context.h : Added comment about badly placed functions. + + * nessus/prefs_dialog/listnotebook.c (listnotebook_new) : Comment + improved. + + * nessus/prefs_dialog/prefs_dialog_auth.c (prefs_dialog_auth_connection): + Comment to javadoc style. + 2008-12-08 Felix Wolfsteller <felix.wolfsteller at intevation.de> Comments. Modified: trunk/openvas-client/nessus/comm.c =================================================================== --- trunk/openvas-client/nessus/comm.c 2008-12-09 08:41:01 UTC (rev 1951) +++ trunk/openvas-client/nessus/comm.c 2008-12-09 12:07:20 UTC (rev 1952) @@ -760,9 +760,12 @@ t[0] = 0; network_printf(context->socket, "%s[%s]:%s <|> %s\n", plugs->name, type, name, v); free(v); - } else + } + else + { network_printf(context->socket, "%s[%s]:%s <|> %s\n", plugs->name, type, name, value); - + } + if(!strcmp(type, PREF_FILE)) { if(!files_to_send) @@ -802,10 +805,14 @@ return gui_comm_send_preferences(context); } +/** + * Send a file to the server, using OTP ATTACHED_FILE command. + * @param context The context to use. + * @param fname Path to file to send. + * @return 0 on success or empty fname argument, -1 on error. + */ int -comm_send_file(context ,fname) - struct context * context; - char *fname; +comm_send_file(struct context* context, char* fname) { int fd; struct stat stt; Modified: trunk/openvas-client/nessus/context.h =================================================================== --- trunk/openvas-client/nessus/context.h 2008-12-09 08:41:01 UTC (rev 1951) +++ trunk/openvas-client/nessus/context.h 2008-12-09 12:07:20 UTC (rev 1952) @@ -107,7 +107,7 @@ void context_delete(struct context*); void context_save_recurse(struct context*); - +/* TODO move to e.g. file_check.c */ int check_exists(const char *); int check_is_file(const char *); int check_is_dir(const char *); Modified: trunk/openvas-client/nessus/latex_output.c =================================================================== --- trunk/openvas-client/nessus/latex_output.c 2008-12-09 08:41:01 UTC (rev 1951) +++ trunk/openvas-client/nessus/latex_output.c 2008-12-09 12:07:20 UTC (rev 1952) @@ -84,12 +84,12 @@ } -/* +/** * Print the LaTeX header */ static void latex_print_header(FILE * f) { -/* +/** * Fancy headers */ fprintf(f, "\\documentclass{article}\n"); @@ -115,7 +115,7 @@ } -/* +/** * Print the LaTeX footer */ static void latex_print_footer(FILE * f) @@ -135,7 +135,7 @@ ****************************************************************************/ -/* +/** * Nothing found : excellent */ void latex_introduction_a(FILE * f, struct arglist * hosts, int holes, int warnings, int notes) @@ -161,7 +161,7 @@ fprintf(f, "that is a A (worst being E). Congratulations !"); } -/* +/** * Some things found, but not serious on the overall */ void latex_introduction_b(FILE * f, struct arglist * hosts, int holes, int warnings, int notes) @@ -193,7 +193,7 @@ } -/* +/** * A lot of small things have been found. That's not good */ int latex_introduction_c(FILE * f, struct arglist * hosts, int holes, int warnings, int notes) @@ -390,7 +390,7 @@ } -/* +/** * This function will create the new section that has the name * of the current host. */ Modified: trunk/openvas-client/nessus/prefs_dialog/listnotebook.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/listnotebook.c 2008-12-09 08:41:01 UTC (rev 1951) +++ trunk/openvas-client/nessus/prefs_dialog/listnotebook.c 2008-12-09 12:07:20 UTC (rev 1952) @@ -120,10 +120,13 @@ /** - * Create the listnotebook. + * Creates a listnotebook. * * If horizontal is TRUE, use a horizontal paned window, otherwise a * vertical one. + * @param horizontal If TRUE, window is horizonzal paned, otherwise vertical. + * @param sorted if TRUE, entries will be sorted. + * @return A custom listnotebook GtkWidget. */ GtkWidget * listnotebook_new(horizontal, sorted) @@ -222,6 +225,11 @@ * It will be added to the notebook and the list store. The parameter * title is the title of the page used in the list. The stock-id, if * not NULL, should be the name of the icon to use. + * + * @param listnotebook The listnotebook to add a page to. + * @param page GtkWidget that makes up the new page. + * @param title The pages title. + * @param stock_id Name of the icon to use or NULL. */ void listnotebook_add_page(listnotebook, page, title, stock_id) Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_auth.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_auth.c 2008-12-09 08:41:01 UTC (rev 1951) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_auth.c 2008-12-09 12:07:20 UTC (rev 1952) @@ -582,7 +582,7 @@ prefs_dialog_auth_connect_dialog(Context, ctrls); } -/* +/** * Try connecting if not already connected and context->passwd is * available. passwd may be empty (but != NULL) for user certificates. * If this fails, raise the login dialog. From scm-commit at wald.intevation.org Tue Dec 9 13:22:03 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Dec 2008 13:22:03 +0100 (CET) Subject: [Openvas-commits] r1953 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20081209122203.D640B4072A@pyrosoma.intevation.org> Author: felix Date: 2008-12-09 13:22:03 +0100 (Tue, 09 Dec 2008) New Revision: 1953 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c Log: Refactoring and comments of plugin preference gui creation. * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (create_plugin_prefs_containers) : Documentation added. * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (get_pref_value) : Method extracted to convert int values to yes/no. * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (pprefs_add_sshcredentials) : use of get_pref_value, comment, combobox stub. * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (pprefs_add_entry, pprefs_add_password, pprefs_add_file, pprefs_add_radio, pprefs_add_checkbox) : Duplicate code removal through extraction and use of new pref_get_value function. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-09 12:07:20 UTC (rev 1952) +++ trunk/openvas-client/ChangeLog 2008-12-09 12:22:03 UTC (rev 1953) @@ -1,7 +1,21 @@ 2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> - Comments. + Refactoring and comments of plugin preference gui creation. + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + (create_plugin_prefs_containers) : Documentation added. + + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + (get_pref_value) : Method extracted to convert int values to yes/no. + + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + (pprefs_add_sshcredentials) : use of get_pref_value, comment, combobox + stub. + +2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + Comments, minor style changes. + * nessus/latex_output.c : Comments to javadoc style. * nessus/comm.c (comm_send_file) : Removed K&R funciton header, comment. Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-09 12:07:20 UTC (rev 1952) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-09 12:22:03 UTC (rev 1953) @@ -47,9 +47,14 @@ static void pprefs_add_file(struct arglist *, struct arglist *, char *, GtkWidget*); static void pprefs_add_checkbox(struct arglist *, struct arglist *, char *, GtkWidget*); static void pprefs_add_radio(struct arglist *, struct arglist *, char *, GtkWidget*); -static void pprefs_add_sshcredentials(struct arglist *, struct arglist *, char *, GtkWidget*); +static void pprefs_add_sshcredentials(struct arglist *, struct arglist *, char *, GtkWidget*, struct context* context); - +/** + * Adds and hooks up (or resets) the two notebook pages for Plugin Preferences + * and Credentials. + * These pages are itself notebooks with dynamical content. + * @param ctrls Arglist to hook the notebooks into. + */ static void create_plugin_prefs_containers(ctrls) struct arglist *ctrls; @@ -174,7 +179,7 @@ else if(!strcmp(type, PREF_FILE)) pprefs_add_file(pprefs, prefs, value, vbox); else if(!strcmp(type, PREF_SSH_CREDENTIALS)) - pprefs_add_sshcredentials(pprefs, prefs, value, vbox); + pprefs_add_sshcredentials(pprefs, prefs, value, vbox, context); else show_warning(_("%s asked for unknown preference type %s."), plugs->name, type); @@ -389,34 +394,49 @@ } /** + * Returns "yes" or "no" if preference is of type ARG_INT. + * @return ("yes" or "no") when pref of type int, value otherwise. + */ +static char* get_pref_value(struct arglist* prefname, struct arglist* prefvalue, + char* value) +{ + char* fullname = arg_get_value(prefname->value, "fullname"); + + if(prefvalue) + { + int type; + + if((type = arg_get_type(prefvalue, fullname)) >= 0) + { + value = arg_get_value(prefvalue, fullname); + if(type == ARG_INT) + { + if(value) + value = strdup("yes"); + else + value = strdup("no"); + } + } + } + + return value; +} + +/** * Function to add a "ssh-credentials combo box" to select a ssh key. */ static void pprefs_add_sshcredentials(struct arglist* pprefs, struct arglist* pref, - char* value, GtkWidget* vbox) + char* value, GtkWidget* vbox, struct context* context) { GtkWidget* combobox; GtkWidget* text; GtkWidget* hbox; char *name = pref->name; - char *fullname = arg_get_value(pref->value, "fullname"); + GSList* list_iter = NULL; - if(pprefs) - { - int type; - - if((type = arg_get_type(pprefs, fullname)) >= 0) - { - value = arg_get_value(pprefs, fullname); - if(type == ARG_INT) - { - if(value) - value = strdup("yes"); - else - value = strdup("no"); - } - } - } + value = get_pref_value(pref, pprefs, value); + hbox = gtk_hbox_new(FALSE, 0); gtk_box_pack_start(GTK_BOX(vbox), hbox, FALSE, FALSE, 5); gtk_widget_show(hbox); @@ -427,6 +447,15 @@ combobox = gtk_combo_box_new_text (); gtk_combo_box_append_text (GTK_COMBO_BOX(combobox), _("No SSH Key selected")); + // Add file names (e.g. of future context->sshkeys) to combo box + list_iter = NULL; + + while(list_iter != NULL) + { + gtk_combo_box_append_text(GTK_COMBO_BOX(combobox), (char*) list_iter->data); + list_iter = list_iter->next; + } + gtk_combo_box_set_active(GTK_COMBO_BOX(combobox), 0); gtk_box_pack_end(GTK_BOX(hbox), combobox, TRUE, TRUE, 5); gtk_widget_show(combobox); @@ -441,24 +470,9 @@ { GtkWidget *entry, *text, *box; char *name = pref->name; - char *fullname = arg_get_value(pref->value, "fullname"); - - if(pprefs) - { - int type; - - if((type = arg_get_type(pprefs, fullname)) >= 0) - { - value = arg_get_value(pprefs, fullname); - if(type == ARG_INT) - { - if(value) - value = strdup("yes"); - else - value = strdup("no"); - } - } - } + + value = get_pref_value(pref, pprefs, value); + box = gtk_hbox_new(FALSE, 0); gtk_box_pack_start(GTK_BOX(vbox), box, FALSE, FALSE, 5); gtk_widget_show(box); @@ -484,24 +498,9 @@ { GtkWidget *entry, *text, *box; char *name = pref->name; - char *fullname = arg_get_value(pref->value, "fullname"); - - if(pprefs) - { - int type; - - if((type = arg_get_type(pprefs, fullname)) >= 0) - { - value = arg_get_value(pprefs, fullname); - if(type == ARG_INT) - { - if(value) - value = strdup("yes"); - else - value = strdup("no"); - } - } - } + + value = get_pref_value(pref, pprefs, value); + box = gtk_hbox_new(FALSE, 0); gtk_box_pack_start(GTK_BOX(vbox), box, FALSE, FALSE, 5); gtk_widget_show(box); @@ -528,24 +527,9 @@ GtkWidget *entry, *text, *box; GtkWidget *hbox, *button; char *name = pref->name; - char *fullname = arg_get_value(pref->value, "fullname"); - - if(pprefs) - { - int type; - - if((type = arg_get_type(pprefs, fullname)) >= 0) - { - value = arg_get_value(pprefs, fullname); - if(type == ARG_INT) - { - if(value) - value = strdup("yes"); - else - value = strdup("no"); - } - } - } + + value = get_pref_value(pref, pprefs, value); + box = gtk_hbox_new(FALSE, 0); gtk_box_pack_start(GTK_BOX(vbox), box, FALSE, FALSE, 5); gtk_widget_show(box); @@ -586,27 +570,10 @@ GtkWidget *label; char *t; GSList *list = NULL; - char *fullname = arg_get_value(pref->value, "fullname"); - char *def = NULL; + char* def = NULL; + + def = get_pref_value(pref, pprefs, def); - if(pprefs) - { - int type; - - if((type = arg_get_type(pprefs, fullname)) >= 0) - { - def = arg_get_value(pprefs, fullname); - if(type == ARG_INT) - { - if(def) - def = strdup("yes"); - else - def = strdup("no"); - } - } - } - - label = gtk_label_new(pref->name); gtk_box_pack_start(GTK_BOX(vbox), label, FALSE, FALSE, 5); gtk_widget_show(label); @@ -654,24 +621,9 @@ GtkWidget *button; char *name = pref->name; char *def = NULL; - char *fullname = arg_get_value(pref->value, "fullname"); - if(pprefs) - { - int type; - - if((type = arg_get_type(pprefs, fullname)) >= 0) - { - def = arg_get_value(pprefs, fullname); - if(type == ARG_INT) - { - if(def) - def = strdup("yes"); - else - def = strdup("no"); - } - } - } + def = get_pref_value(pref, pprefs, def); + box = gtk_hbox_new(FALSE, 0); gtk_box_pack_start(GTK_BOX(vbox), box, FALSE, FALSE, 5); gtk_widget_show(box); From scm-commit at wald.intevation.org Tue Dec 9 13:27:25 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Dec 2008 13:27:25 +0100 (CET) Subject: [Openvas-commits] r1954 - in trunk/openvas-plugins: . scripts Message-ID: <20081209122725.7EFF84072C@pyrosoma.intevation.org> Author: chandra Date: 2008-12-09 13:27:23 +0100 (Tue, 09 Dec 2008) New Revision: 1954 Added: trunk/openvas-plugins/scripts/gb_awstats_xss_vuln.nasl trunk/openvas-plugins/scripts/gb_vlc_media_player_intgr_bof_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_vlc_media_player_intgr_bof_vuln_win.nasl trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_win.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-09 12:22:03 UTC (rev 1953) +++ trunk/openvas-plugins/ChangeLog 2008-12-09 12:27:23 UTC (rev 1954) @@ -1,3 +1,11 @@ +2008-12-09 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl, + scripts/gb_w3c_amaya_mult_bof_vuln_dec08_win.nasl, + scripts/gb_vlc_media_player_intgr_bof_vuln_lin.nasl, + scripts/gb_awstats_xss_vuln.nasl, + scripts/gb_vlc_media_player_intgr_bof_vuln_win.nasl: + Added new plugins + 2008-12-05 Chandrashekhar B <bchandra at secpod.com> * scripts/gb_gallery_sec_bypass_vuln.nasl: Added new plugin Added: trunk/openvas-plugins/scripts/gb_awstats_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_awstats_xss_vuln.nasl 2008-12-09 12:22:03 UTC (rev 1953) +++ trunk/openvas-plugins/scripts/gb_awstats_xss_vuln.nasl 2008-12-09 12:27:23 UTC (rev 1954) @@ -0,0 +1,104 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_awstats_xss_vuln.nasl 589 2008-12-05 12:28:51Z dec $ +# +# AWStats awstats.pl XSS Vulnerability - Dec08 +# +# Authors: +# Veerendra GG <veerendragg at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800151); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5080 "); + script_name(english:"AWStats awstats.pl XSS Vulnerability - Dec08"); + desc["english"] = " + + Overview: The host is running AWStats, which is prone to XSS Vulnerability. + + Vulnerability Insight: + The flaw is caused due to query_string parameter in awstats.pl which is not + properly sanitized before being returned to the user. + + Impact: Successful attack could lead to execution of arbitrary HTML and + script code in the context of an affected site. + + NOTE: This issue exists because of an incomplete fix for CVE-2008-3714. + + Impact Level: Application + + Affected Software/OS: + AWStats 6.8 and earlier. + + Fix: Update to higher Version or Apply patches from, + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432#21 + + ***** + NOTE : Ignore this warning, if above mentioned patch is applied already. + ***** + + References: + https://bugzilla.redhat.com/show_bug.cgi?id=474396 + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=495432 + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N) + CVSS Temporal Score : 3.4 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of AWStats"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"CGI abuses"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +foreach dir (make_list("/awstats/wwwroot/cgi-bin", cgi_dirs())) +{ + sndReq = http_get(item: dir + "/awstats.pl", port:port); + rcvRes = http_keepalive_send_recv(port:port, data:sndReq, bodyonly:1); + + if(rcvRes == NULL){ + exit(0); + } + + if("Advanced Web Statistics" >< rcvRes) + { + awVer = eregmatch(pattern:"AWStats ([0-9.]+)", string:rcvRes); + if(awVer[1] != NULL && version_is_less_equal(version:awVer[1], + test_version:"6.8")){ + security_warning(port); + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_awstats_xss_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_vlc_media_player_intgr_bof_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_vlc_media_player_intgr_bof_vuln_lin.nasl 2008-12-09 12:22:03 UTC (rev 1953) +++ trunk/openvas-plugins/scripts/gb_vlc_media_player_intgr_bof_vuln_lin.nasl 2008-12-09 12:27:23 UTC (rev 1954) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_vlc_media_player_intgr_bof_vuln_lin.nasl 585 2008-12-04 15:15:20Z dec $ +# +# VLC Media Player Buffer Overflow Vulnerability (Linux) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800077); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5276"); + script_bugtraq_id(32545); + script_name(english:"VLC Media Player Buffer Overflow Vulnerability (Linux)"); + desc["english"] = " + + Overview: This host is installed with VLC Media Player and is prone to + Buffer Overflow Vulnerability. + + Vulnerability Insight: + The flaw is caused due to a boundary error while parsing ReadRealIndex + function in real.c in the Real demuxer plugin. + + Impact: Successful exploitation allows attackers to execute arbitrary + code by tricking a user into opening a specially crafted .rm file to + crash an affected application. + + Impact Level: Application + + Affected Software/OS: + VLC media player 0.9.0 through 0.9.7 on Linux (Any). + + Fix: Upgrade to VLC media player 0.9.8 + http://www.videolan.org/vlc/ + + References: + http://www.videolan.org/security/sa0811.html + http://www.vupen.com/english/advisories/2008/3287 + http://www.trapkit.de/advisories/TKADV2008-013.txt + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of VLC Media Player"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Denial of Service"); + exit(0); +} + + +include("version_func.inc"); + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +vlcBinPath = find_bin(prog_name:"vlc", sock:sock); +foreach binPath (vlcBinPath) +{ + vlcVer = get_bin_version(full_prog_name:chomp(binPath), version_argv:"--version", + ver_pattern:"ersion ([0-9.]+[a-z]?)", sock:sock); + if(vlcVer[1] != NULL) + { + # VLC Media Player Version 0.9.0 to 0.9.7 + if(version_in_range(version:vlcVer[1], test_version:"0.9.0", + test_version2:"0.9.7")){ + security_hole(0); + } + ssh_close_connection(); + exit(0); + } +} +ssh_close_connection(); Added: trunk/openvas-plugins/scripts/gb_vlc_media_player_intgr_bof_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_vlc_media_player_intgr_bof_vuln_win.nasl 2008-12-09 12:22:03 UTC (rev 1953) +++ trunk/openvas-plugins/scripts/gb_vlc_media_player_intgr_bof_vuln_win.nasl 2008-12-09 12:27:23 UTC (rev 1954) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_vlc_media_player_intgr_bof_vuln_win.nasl 585 2008-12-04 14:49:25Z dec $ +# +# VLC Media Player Buffer Overflow Vulnerability (Win) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800076); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5276"); + script_bugtraq_id(32545); + script_name(english:"VLC Media Player Buffer Overflow Vulnerability (Win)"); + desc["english"] = " + + Overview: This host is installed with VLC Media Player and is prone to + Buffer Overflow Vulnerability. + + Vulnerability Insight: + The flaw is caused due to a boundary error while parsing ReadRealIndex + function in real.c in the Real demuxer plugin. + + Impact: Successful exploitation allows attackers to execute arbitrary + code by tricking a user into opening a specially crafted .rm file to + crash an affected application. + + Impact Level: Application + + Affected Software/OS: + VLC media player 0.9.0 through 0.9.7 on Windows (Any). + + Fix: Upgrade to VLC media player 0.9.8 + http://www.videolan.org/vlc/ + + References: + http://www.videolan.org/security/sa0811.html + http://www.vupen.com/english/advisories/2008/3287 + http://www.trapkit.de/advisories/TKADV2008-013.txt + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of VLC Media Player"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Denial of Service"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +vlcVer = registry_get_sz(item:"Version", key:"SOFTWARE\VideoLAN\VLC"); +if(!vlcVer){ + exit(0); +} + +# VLC Media Player Version 0.9.0 to 0.9.7 +if(version_in_range(version:vlcVer, test_version:"0.9.0", test_version2:"0.9.7")){ + security_hole(0); +} Added: trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl 2008-12-09 12:22:03 UTC (rev 1953) +++ trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl 2008-12-09 12:27:23 UTC (rev 1954) @@ -0,0 +1,102 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl 553 2008-12-03 18:13:16Z dec $ +# +# W3C Amaya Multiple Buffer Overflow Vulnerabilities - Dec08 (Linux) +# +# Authors: +# Sharath S <sharaths at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800313); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5282"); + script_bugtraq_id(32442); + script_name(english:"W3C Amaya Multiple Buffer Overflow Vulnerabilities - Dec08 (Linux)"); + desc["english"] = " + + Overview: This host is installed with W3C Amaya Web Browser and is prone to + multiple stack based Buffer Overflow vulnerabilities. + + Vulnerability Insight: + The flaws are caused due to boundary error when processing, + - HTML <div> tag with a long id field. + - link with a long HREF attribute. + + Impact: + Successful exploitation could allow execution of arbitrary code or + crash an affected browser. + + Impact Level: Application + + Affected Software/OS: + W3C Amaya Web Browser Version 10.0.1 and prior on Linux. + + Fix: Update to higher version. + http://www.w3.org/Amaya/User/BinDist.html + + References: + http://secunia.com/advisories/32848 + http://www.bmgsec.com.au/advisories/amaya-id.txt + http://www.bmgsec.com.au/advisories/amaya-url.txt + http://www.vupen.com/english/advisories/2008/3255 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 9.0 + Risk factor: Critical"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of W3C Amaya Web Browser"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + exit(0); +} + + +include("version_func.inc"); + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +amayaPath = find_file(file_name:"AmayaPage_WX.html", file_path:"/", + useregex=TRUE, regexpar:"$", sock:sock); +if(amayaPath == NULL){ + exit(0); +} + +foreach path (amayaPath){ + arg = chomp(path) + " | grep -i amaya"; + amayaVer = get_bin_version(full_prog_name:"cat", version_argv:arg, + ver_pattern:"Amaya ([.0-9]+)", sock:sock); + if(amayaVer[1]) + { + if(version_is_less_equal(version:amayaVer[1], test_version:"10.0.1")){ + security_hole(0); + } + ssh_close_connection(); + exit(0); + } +} +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_win.nasl 2008-12-09 12:22:03 UTC (rev 1953) +++ trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_win.nasl 2008-12-09 12:27:23 UTC (rev 1954) @@ -0,0 +1,103 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_w3c_amaya_mult_bof_vuln_dec08_win.nasl 553 2008-12-03 11:40:16Z dec $ +# +# W3C Amaya Multiple Buffer Overflow Vulnerabilities - Dec08 (Win) +# +# Authors: +# Sharath S <sharaths at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800311); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5282"); + script_bugtraq_id(32442); + script_name(english:"W3C Amaya Multiple Buffer Overflow Vulnerabilities - Dec08 (Win)"); + desc["english"] = " + + Overview: This host is installed with W3C Amaya Web Browser and is prone to + Multiple Stack based Buffer Overflow Vulnerabilities. + + Vulnerability Insight: + The flaws are caused due to boundary error when processing, + - HTML <div> tag with a long id field. + - link with a long HREF attribute. + + Impact: + Successful exploitation could allow execution of arbitrary code or + crash an affected browser. + + Impact Level: Application + + Affected Software/OS: + W3C Amaya Web Browser Version 10.0.1 and prior on Windows + + Fix: Update to higher version. + http://www.w3.org/Amaya/User/BinDist.html + + References: + http://secunia.com/advisories/32848 + http://www.bmgsec.com.au/advisories/amaya-id.txt + http://www.bmgsec.com.au/advisories/amaya-url.txt + http://www.vupen.com/english/advisories/2008/3255 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 9.0 + Risk factor: Critical"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of W3C Amaya Web Browser"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +keys = registry_enum_keys(key:key); + +foreach item (keys) +{ + if("Amaya" >< registry_get_sz(key:key + item, item:"DisplayName")) + { + w3cVer = registry_get_sz(key:key + item, item:"DisplayVersion"); + if(!w3cVer){ + exit(0); + } + + if(version_is_less_equal(version:w3cVer, test_version:"10.0.1")){ + security_hole(0); + exit(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/gb_w3c_amaya_mult_bof_vuln_dec08_win.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Tue Dec 9 13:45:22 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Dec 2008 13:45:22 +0100 (CET) Subject: [Openvas-commits] r1955 - in trunk/openvas-client: . nessus Message-ID: <20081209124522.4B28F40734@pyrosoma.intevation.org> Author: felix Date: 2008-12-09 13:45:21 +0100 (Tue, 09 Dec 2008) New Revision: 1955 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/comm.c Log: Various comments revamped, Todo (harglst -> Glib list) added. * nessus/comm.c : Documentation in javadoc style, harglst removal todo. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-09 12:27:23 UTC (rev 1954) +++ trunk/openvas-client/ChangeLog 2008-12-09 12:45:21 UTC (rev 1955) @@ -1,5 +1,11 @@ 2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Various comments revamped, Todo (harglst -> Glib list) added. + + * nessus/comm.c : Documentation in javadoc style, harglst removal todo. + +2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Refactoring and comments of plugin preference gui creation. * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c @@ -11,6 +17,12 @@ * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (pprefs_add_sshcredentials) : use of get_pref_value, comment, combobox stub. + + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + (pprefs_add_entry, pprefs_add_password, pprefs_add_file, + pprefs_add_radio, pprefs_add_checkbox) : Duplicate code removal through + extraction and use of new pref_get_value function. + 2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> Modified: trunk/openvas-client/nessus/comm.c =================================================================== --- trunk/openvas-client/nessus/comm.c 2008-12-09 12:27:23 UTC (rev 1954) +++ trunk/openvas-client/nessus/comm.c 2008-12-09 12:45:21 UTC (rev 1955) @@ -57,7 +57,7 @@ #define COMM_GET_PLUGINS 1 #define COMM_GET_DEPENDENCIES 2 -/* +/** * Update the UI while receiving plugin or dependency information. * For GTK this is displayed with a progress bar (maybe this should * be moved to a separate prefs_progressbar module) @@ -291,7 +291,7 @@ -/* +/** * comm_init * * This function initializes the communication between @@ -299,14 +299,10 @@ * Its role is to check that the remote server is using the * protocol specified in the argument proto_name * - * Arguments : - * soc : a socket connected to the remote server - * proto_name : the protocol with which the client intends to communicate - * Returns : - * 0 if the remote server is using proto_name - * -1 if it's not + * @param soc A socket connected to the remote server. + * @param proto_name The protocol with which the client intends to communicate. + * @return 0 if the remote server is using proto_name and -1 if it's not. */ - int comm_init(soc, proto_name) int soc; @@ -619,12 +615,17 @@ return (0); } - +/** + * Sends entries from preference arglist to server. + * Collects file preferences on the way and registers them in upload parameter + * (to be send later on). + * @param[out] upload harglist that collects filenames. + */ static int cli_send_prefs_arglist(context, pref, upload, pprefs) struct context * context; struct arglist *pref; - harglst **upload; + harglst **upload; // TODO replace harglst by a simple Glib list int pprefs; { if(!pref) @@ -658,7 +659,7 @@ struct context *context; { struct arglist *preferences = context->prefs; - harglst *files_to_send = NULL; + harglst *files_to_send = NULL; // TODO replace harglst by a simple Glib list struct arglist *pref = arg_get_value(preferences, "SERVER_PREFS"); struct arglist *pprefs = arg_get_value(preferences, "PLUGINS_PREFS"); @@ -698,7 +699,7 @@ struct context *context; { struct arglist *preferences = context->prefs; - harglst *files_to_send = NULL; + harglst *files_to_send = NULL; // TODO replace harglst by a simple Glib list struct arglist *pref = arg_get_value(preferences, "SERVER_PREFS"); struct nessus_plugin *plugins[2]; int i; @@ -794,7 +795,10 @@ } - +/** + * Gateways to gui_comm_send_preferences or cli_comm_send_preferences, depending + * on quite_mode. + */ int comm_send_preferences(context) struct context *context; @@ -814,6 +818,7 @@ int comm_send_file(struct context* context, char* fname) { + printf("BUGME Send file %s\n", fname); int fd; struct stat stt; long tot = 0; @@ -880,7 +885,7 @@ } -/* +/** * Retrieves the server rules and store them in * a subcategory in the preferences */ @@ -941,7 +946,8 @@ } -/* Get the md5sums for each plugin from the server. For each pair of +/** + * Get the md5sums for each plugin from the server. For each pair of * plugin id and md5sum received from the server, this function calls * the given callback function with the context, the plugin id, the * md5sum, the plugin with the id (NULL if the plugin is not already @@ -1028,7 +1034,9 @@ struct missing_plugin * plugins; }; -/* initialize a missing_plugins_list struct */ +/** + * initialize a missing_plugins_list struct + */ static void missing_plugins_list_init(struct missing_plugins_list * missing) { @@ -1036,7 +1044,9 @@ missing->plugins = NULL; } -/* Add an entry to the list of missing/outdated plugins */ +/** + * Add an entry to the list of missing/outdated plugins + */ static void missing_plugins_list_add(struct missing_plugins_list * missing, const char * oid, const char * md5sum) @@ -1058,8 +1068,10 @@ } -/* free the list of missing plugins. Does not free the struct - * itself. */ +/** + * Free the list of missing plugins. Does not free the struct + * itself. + */ static void missing_plugins_list_free(struct missing_plugins_list * missing) { @@ -1071,7 +1083,8 @@ } -/* callback for comm_get_plugins_md5 that checks the md5sum of an +/** + * Callback for comm_get_plugins_md5 that checks the md5sum of an * existing plugin. * * If plugin is given, i.e. if it's a known plugin, and the md5sums are @@ -1099,7 +1112,8 @@ } -/* Remove outdated plugins from the plugin list. The return value is a +/** + * Remove outdated plugins from the plugin list. The return value is a * pointer to the first plugin that was not removed or NULL if all * plugins have been removed. * @@ -1139,7 +1153,8 @@ } -/* Fetch the information for the plugins listed in missing. +/** + * Fetch the information for the plugins listed in missing. * Return 0 on success, -1 on errors. */ static int @@ -1201,11 +1216,13 @@ } -/* Update the plugins in context by comparing them to the individual +/** + * Update the plugins in context by comparing them to the individual * md5sums from the server. Missing and updated plugins are fetched * from the server, plugins that no longer exist on the server are * removed. If successful, the function returns 0 and a non-zero value - * otherwise */ + * otherwise + */ static int update_individual_plugins(struct context *context, char * buf, int bufsz) { @@ -1230,7 +1247,8 @@ } -/* callback for comm_get_plugins_md5 that simply adds the md5sum to a plugin +/** + * Callback for comm_get_plugins_md5 that simply adds the md5sum to a plugin */ static int add_md5sum_to_plugin(struct context *context, const char * oid, @@ -1420,7 +1438,7 @@ ---------------------------------------------------------------------------*/ -/* +/** * Does the server support sessions saving ? */ int From scm-commit at wald.intevation.org Tue Dec 9 14:05:45 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Dec 2008 14:05:45 +0100 (CET) Subject: [Openvas-commits] r1956 - in trunk/openvas-client: . nessus Message-ID: <20081209130545.5E4C040736@pyrosoma.intevation.org> Author: felix Date: 2008-12-09 14:05:44 +0100 (Tue, 09 Dec 2008) New Revision: 1956 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/comm.c Log: TODO ( harglst-> GSList for temporarily storing filenames) done. * nessus/comm.c (cli_send_prefs_arglist) : K&R header removed, comment added. * nessus/commc.c (cli_comm_send_preferences, gui_comm_send_preferences, cli_send_prefs_arglist) : Use GSList instead of harglst. * nessus/commc.c (comm_send_file) : Cleaned of debug printf. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-09 12:45:21 UTC (rev 1955) +++ trunk/openvas-client/ChangeLog 2008-12-09 13:05:44 UTC (rev 1956) @@ -1,5 +1,17 @@ 2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> + TODO ( harglst-> GSList for temporarily storing filenames) done. + + * nessus/comm.c (cli_send_prefs_arglist) : K&R header removed, comment + added. + + * nessus/commc.c (cli_comm_send_preferences, gui_comm_send_preferences, + cli_send_prefs_arglist) : Use GSList instead of harglst. + + * nessus/commc.c (comm_send_file) : Cleaned of debug printf. + +2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Various comments revamped, Todo (harglst -> Glib list) added. * nessus/comm.c : Documentation in javadoc style, harglst removal todo. Modified: trunk/openvas-client/nessus/comm.c =================================================================== --- trunk/openvas-client/nessus/comm.c 2008-12-09 12:45:21 UTC (rev 1955) +++ trunk/openvas-client/nessus/comm.c 2008-12-09 13:05:44 UTC (rev 1956) @@ -619,14 +619,12 @@ * Sends entries from preference arglist to server. * Collects file preferences on the way and registers them in upload parameter * (to be send later on). - * @param[out] upload harglist that collects filenames. + * @param[out] upload GSList double pointer where to collect filenames. + * @return 0 on success, on error -1. */ static int -cli_send_prefs_arglist(context, pref, upload, pprefs) - struct context * context; - struct arglist *pref; - harglst **upload; // TODO replace harglst by a simple Glib list - int pprefs; +cli_send_prefs_arglist(struct context *context, struct arglist *pref, + GSList** upload, int pprefs) { if(!pref) return -1; @@ -637,9 +635,7 @@ { if(strstr(pref->name, "[" PREF_FILE "]:")) { - if(!*upload) - *upload = harg_create(50); - harg_add_int(*upload, pref->value, 1); + (*upload) = g_slist_prepend( (*upload), pref->value ); } network_printf(context->socket, "%s <|> %s\n", pref->name, pref->value); @@ -659,7 +655,7 @@ struct context *context; { struct arglist *preferences = context->prefs; - harglst *files_to_send = NULL; // TODO replace harglst by a simple Glib list + GSList *files_to_send = NULL; struct arglist *pref = arg_get_value(preferences, "SERVER_PREFS"); struct arglist *pprefs = arg_get_value(preferences, "PLUGINS_PREFS"); @@ -677,17 +673,10 @@ if(pprefs) cli_send_prefs_arglist(context, pprefs, &files_to_send, 1); network_printf(context->socket, "<|> CLIENT\n"); - if(files_to_send) + while(files_to_send != NULL) { - hargwalk *hw; - char *key; - - hw = harg_walk_init(files_to_send); - while((key = (char *)harg_walk_next(hw))) - { - comm_send_file(context, key); - } - harg_close_all(files_to_send); /* frees memory */ + comm_send_file(context, files_to_send->data); + files_to_send = g_slist_next(files_to_send); } return (0); } @@ -699,7 +688,7 @@ struct context *context; { struct arglist *preferences = context->prefs; - harglst *files_to_send = NULL; // TODO replace harglst by a simple Glib list + GSList* files_to_send = NULL; struct arglist *pref = arg_get_value(preferences, "SERVER_PREFS"); struct nessus_plugin *plugins[2]; int i; @@ -769,9 +758,7 @@ if(!strcmp(type, PREF_FILE)) { - if(!files_to_send) - files_to_send = harg_create(50); - harg_add_int(files_to_send, value, 1); + files_to_send = g_slist_prepend(files_to_send, value); } plugin_prefs = plugin_prefs->next; } @@ -779,17 +766,10 @@ } } network_printf(context->socket, "<|> CLIENT\n"); - if(files_to_send != NULL ) + while(files_to_send != NULL ) { - hargwalk *hw; - char *key; - - hw = harg_walk_init(files_to_send); - while((key = (char *)harg_walk_next(hw))) - { - comm_send_file(context, key); - } - harg_close_all(files_to_send); /* frees memory */ + comm_send_file(context, files_to_send->data); + files_to_send = g_slist_next(files_to_send); } return (0); } @@ -818,7 +798,6 @@ int comm_send_file(struct context* context, char* fname) { - printf("BUGME Send file %s\n", fname); int fd; struct stat stt; long tot = 0; From scm-commit at wald.intevation.org Tue Dec 9 14:36:43 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 9 Dec 2008 14:36:43 +0100 (CET) Subject: [Openvas-commits] r1957 - trunk/doc/website Message-ID: <20081209133643.1B62C4072C@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-09 14:36:41 +0100 (Tue, 09 Dec 2008) New Revision: 1957 Modified: trunk/doc/website/index.htm4 trunk/doc/website/openvas-cr-13.htm4 trunk/doc/website/openvas.css trunk/doc/website/template_header.m4 Log: Website update. * Updated CR #13 (OVAL) with actual implementation. * Updated main page, made content more structured. * Made changes to the CSS to make the website easier to read on monitors with high horizontal resolution (i.e. made the content a little narrower). * Fixed typo in sidebar. * Added link to bugtracker. Modified: trunk/doc/website/index.htm4 =================================================================== --- trunk/doc/website/index.htm4 2008-12-09 13:05:44 UTC (rev 1956) +++ trunk/doc/website/index.htm4 2008-12-09 13:36:41 UTC (rev 1957) @@ -43,28 +43,64 @@ <img src="pix/OpenVAS-Structure.png" alt="The OpenVAS structure"> <p> -<b>Status:</b> All necessary cleanups (due to the fork from Nessus) +<b>Status:</b> (as of December 9th, 2008) +</p> +<ul> +<li>All necessary cleanups (due to the fork from Nessus) of the OpenVAS client and server components have been completed. -The current set of released modules is ready to execute scans using +The current set of released modules allows the execution of scans using a secure connection between client and server. -The <a href="openvas-nvt-feed.html">OpenVAS NVT Feed</a> service offers signed -scripts for specific NVT families. -Several NVTs inherited from Nessus are still broken because they depend on a +<li>The <a href="openvas-nvt-feed.html">OpenVAS NVT Feed</a> service offers more +than 5,000 signed scripts. +<li>Several NVTs inherited from Nessus are still broken because they depend on a non-free component. -See also the <a href="roadmap.html">Roadmap</a> for further details. -To be informed about OpenVAS news, you should -<a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-announce">subscribe</a> -to the announcement mailing list. +<li>The upcoming 2.0 release is approaching fast. The first release candidate +(2.0-rc1) was released on December 5th, 2008. +</ul> + +<p> +See also the <a href="roadmap.html">Roadmap</a> for upcoming changes and events. </p> +<p> +Do you want to be the first to know about important OpenVAS developments? +Consider subscribing to the <a +href="http://lists.wald.intevation.org/mailman/listinfo/openvas-announce">OpenVAS-Announcement +mailing list</a>. +</p> + <h2>Project News</h2> +<h3>December 5th, 2008 - OpenVAS 2.0-rc1 released</h3> + +<p> +The OpenVAS developers are happy to announce the release of the 2.0-rc1 +versions of openvas-libraries, openvas-libnasl, openvas-server and +openvas-client. +</p> + +<p> +This release is the first release candidate for the upcoming 2.0 release of +OpenVAS. Unless serious bugs are discovered, this release candidate will become +the final OpenVAS 2.0 release. Users are encouraged to test this release and to +report bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . +</p> + +<p> +This release marks another milestone towards the improvement of the OpenVAS +infrastructure; it uses the finalized version of OTP, the new OpenVAS Transport +Protocol which debuted in 2.0-beta1 and has now completely replaced the old +Nessus Transport Protocol (NTP). +</p> + <h3>November 14th, 2008 - OpenVAS and backtrack</h3> <p>As OpenVAS is not in Backtrack 3 by default (yet!). You can download lzm module or download remastered backtrack3 which includes OpenVAS lzm (it still fits on 700 Mb CD). It's good way of testing OpenVAS in case you want to try it out. </p> +<p> <a href="openvas-bt.html">Read more and download ...</a> +</p> <h3>October 30th, 2008 - 2008 OpenVAS Contest Winners Announced</h3> @@ -83,64 +119,10 @@ worldwide. </p> -<a href="openvas-contest-2008.html">And the winners are ...</a> - -<h3>October 15th, 2008 - OpenVAS 2.0 Begins Public Beta Phase</h3> - <p> -In late September 2008, the OpenVAS developer team released the 2.0-beta1 -version of OpenVAS, the Open Vulnerability Assessment System for network -security scanning.<br> -The intended audience for this beta release are experienced users interested -in upcoming features as well as developers of vulnerability checks. +<a href="openvas-contest-2008.html">And the winners are ...</a> </p> -<p> -The new version introduces first steps towards support for OVAL, the <a -href="http://oval.mitre.org">Open Vulnerability and Assessment Language</a>. -OVAL is an international, information security, community standard to promote -open, standardized and publicly available security content.<br> -The OpenVAS server can now execute OVAL files just like its own Network -Vulnerability Tests (NVTs) by using the OVAL definitions interpreter "ovaldi". -While the plain ovaldi tool can only check local systems where it is -installed, the combination with OpenVAS enables it to test any target system -for which OpenVAS has collected information. The beta1 release offers sample -support for Red Hat Enterprise Linux security announcements which are -provided as OVAL definitions. -</p> - -<p> -Major internal changes include the cleaned and extended protocol for -client-server communication (OTP) and the transition to the new OID-based -scheme for unique IDs of vulnerability tests. The switch from the NTP -inherited from Nessus to OTP was necessary due to security and design -considerations. -</p> - -<p> -The OpenVAS (NVTs) remain compatible with both the 1.0 and 2.0 series of -OpenVAS. This also means that the free OpenVAS NVT feed service (which has -recently extended to deliver the full range of NVTs, grown to over 5000 -available NVTs) is also compatible for both release series. The switch from NTP -to OTP does not affect NVTs already in existance. This means NVTs written in -NASL continue to be fully supported by OpenVAS. There is no need to make changes -to your old NASL scripts -- unless you want to use the new features. -</p> - -<p> -The first release candidate of the new OpenVAS Compendium has been made -available in PDF and HTML format for final reviews and as a base for translation -into other languages (a translation to German is already in progress) as well. -</p> - -<p> -The OpenVAS team is looking forward to feedback for the beta1 release. If you -want to participate in the beta phase by sharing your experience with beta1 or -if you have any questions, please feel free to use the public mailing lists or -visit us in our <a href="http://www.openvas.org/online-chat.html">IRC online -chat</a>. -</p> - <h2>Contact</h2> <p> Modified: trunk/doc/website/openvas-cr-13.htm4 =================================================================== --- trunk/doc/website/openvas-cr-13.htm4 2008-12-09 13:05:44 UTC (rev 1956) +++ trunk/doc/website/openvas-cr-13.htm4 2008-12-09 13:36:41 UTC (rev 1957) @@ -28,7 +28,7 @@ PAGE_START <h2>OpenVAS Change Request #13: Integrating the OVAL interpreter ovaldi into OpenVAS Server</h2> -Status: Voted +4. +Status: Voted +4. A proof-of-concept has been implemented and is included in OpenVAS since 2.0-beta1. <h3>Purpose</h3> @@ -96,10 +96,11 @@ <p> The ovaldi interpreter will be run as a sub-process of openvasd and be - able to access the openvasd's knowledge base (read-only) to retrieve information - gathered by other NVTs. Results are returned to openvasd for writing it into the - knowledge base. The rest of the this section explains the potential problems and proposed - solutions in more detail. + able to access information gathered by OpenVAS and prepared in the form of an + <a + href="http://oval.mitre.org/language/about/structure.html#system_characteristics">OVAL + System Characteristics file</a>. The OpenVAS server returns the results of the + ovaldi run to the client along with the results of other NVTs. </p> <h4>Run Tests Against the OpenVAS Knowledge Base</h4> @@ -118,26 +119,22 @@ </p> <p> - We will have to reimplement the tests ovaldi performs so that they use - the knowledge base instead. This can be done relatively easily as - described in the section <a href="#openvas-probes"> "OpenVAS Probes in - ovaldi"</a> below. + We have already reimplemented some tests ovaldi performs so that they use + data gathered in the knowledge base instead. This can be done relatively + easily by exporting relevant parts of the knowledge base into a format ovaldi + can understand, for example one conforming to the System Characteristics + schema mentioned above. </p> <p> Of course, tests run against the knowledge base will not be able to run tests that need information not currently available from the - knowledge base. The OVAL definitions for RedHat systems, for - instance, include tests that check whether a given RPM was - cryptographically signed with a specific key. This information can be - retrieved from the RPM database on the remote system, but OpenVAS - currently does not do that. + knowledge base. </p> <p> - Also, at first we would probably not implement all the tests that OVAL - supports, only the ones we need for the subset of OVAL definitions we - support initially. + Also, we do not implement all the tests that OVAL supports from the beginning, + only the ones we need for the subset of OVAL definitions we support initially. </p> @@ -147,7 +144,7 @@ Per default ovaldi outputs the results of the tests in the form of XML files and also generates an HTML file from those. To be usable for OpenVAS it would be necessary to report the results back to the - openvasd. The technical details of this are outlined + openvasd. The technical details of this are outlined in <a href="#reporting-to-openvas">"Ovaldi Reporting Back to OpenVAS"</a> below. </p> @@ -155,34 +152,20 @@ <h4>Reporting Metadata</h4> <p> - In addition to results, ovaldi will have to report the metadata of the - individual tests to openvasd too. The metadata include the - descriptions of the tests, which systems are affected, what the - vulnerability is, references to CVEs, etc. Since ovaldi includes this - metadata in the reports it generates, it shouldn't be difficult to - report this information to openvasd, too. + In addition to results, openvasd needs to be able to read the metadata of the + individual OVAL definitions in order to communicate them to the client and to + allow the client to select the definitions which should be executed. This can + be done relatively easy by parsing the XML files containing the individual + definitions and transmitting them to the client similar to the way this is + done with NASL- or NES-based NVTs. </p> -<p> - However, it should be possible to extract this information from the - descriptions before actually running the tests so that the OpenVAS - client can show a list of the tests to let the user select which - subset of tests to run. -</p> - -<p> - The technical details of this are outlined - in <a href="#reporting-to-openvas">"Ovaldi Reporting Back to - OpenVAS"</a> below. -</p> - <h4>Map OVAL IDs to OpenVAS OIDs</h4> <p> - NVTs are identified by OIDs within OpenVAS - (once <a href="file:///local-vol1/bh/openvas/misc/doc/website/openvas-cr-1.html">Change - Request #1</a> is implemented). OVAL descriptions are identified by - an ID which is a character string of the form: + NVTs are identified by OIDs within OpenVAS (once <a + href="openvas-cr-1.html">Change Request #1</a> is implemented). OVAL + descriptions are identified by an ID which is a character string of the form: </p> <pre> @@ -284,89 +267,41 @@ </p> -<h4><a name="openvas-probes">OpenVAS Probes in ovaldi</a></h4> +<h4><a name="reporting-to-openvas">Ovaldi Reporting Back to OpenVAS</a></h4> <p> - The ovaldi sources are organized into several components: - <ul> - <li> - a general OVAL interpreter</li> - <li> - <p> - "probes" implementing the various tests supported by OVAL - </p> - <p> - The probes are further split into several sub-directories, with one - directory each for: - <ul> - <li>platform independent probes</li> - <li>probes for windows</li> - <li>probes for solaris</li> - <li>probes for linux</li> - </ul> - </p> - </li> - </ul> + When integrated with OpenVAS, ovaldi needs to report metadata and test + results back to openvasd. This is done by parsing the XML results file + generated by ovaldi and the sending the relevant information to the client. </p> -<p> - Each of the platform specific probes directories contains a class - called ProbeFactory which is used to instantiate the objects - implementing the actual tests. Which probe factory is used simply - depends on which one is linked into the final executable. The - directory with the platform independent probes doesn't have a probe - factory. The platform specific factories instantiate the platform - independent probes too. -</p> +<h3>Implementation</h3> <p> - This design of course implies that a single ovaldi executable can only - execute the OVAL descriptions for one platform. Given the intended - way ovaldi operates -- running on the system which is to be tested -- - this is not a limitation, though. + This is a unsorted initial collection of explicit changes/extensions to + the code: </p> -<p> - To get ovaldi to access the OpenVAS knowledge base we can simply treat - OpenVAS as a new platform and introduce a new probe factory that - instantiates probes that refer to the knowledge base instead of the - local system. -</p> - -<h4><a name="reporting-to-openvas">Ovaldi Reporting Back to OpenVAS</a></h4> - -<p> - When integrated with OpenVAS, ovaldi needs to report metadata and test - results back to openvasd. The general approach to this would be to - replace the code that generates the XML based reports with code that - transmits the information to openvasd. We will likely have to replace - the main driver code (src/Main.cpp) with our own version, because the - current implementation hard-wires too much of the reporting for our - purposes. It should not be difficult to simply link with our version - of Main.cpp instead of the one coming with ovaldi. -</p> - -<h4>Implementation TODOs</h4> - -This is a unsorted initial collection of explicit changes/extensions to -the code: - <ul> <li> openvas-plugins/scipts/gather-package-list.nasl: Extend (perhaps - optional) to retrieve signatures for packages. -<li> ovaldi: src/Main.cpp: Change report driver code to serve the - needs of OpenVAS. -<li> ovaldi: Extend with a OpenVAS-KB probe factory -<li> Handling of .oval files: Location should be inside directory "oval" - which is located in /usr/lib/openvas/plugins/. - This would also allow for easy extension of OpenVAS NVT feed/sync. - However, the .oval files should not be handled inside the OpenVAS SVN - repository because the management takes place at the OVAL project. + optional) to retrieve signatures for packages. (done) +<li> openvas-server/openvasd/oval_plugins.c: New "class" implementing the + described functionality similar to the nasl_plugins.c and nes_plugins.c + files. </ul> +<p> + Right now, it is necessary to use a patched version of ovaldi due to + limitations in the current ovaldi version regarding the parsing of System + Characteristics files. More details can be found on the <a + href="integrated-tools.html">Integrated Tools</a> page. +</a> + <h3>History</h3> <ul> +<li> 2008-12-09 Michael Wiegand <michael.wiegand at intevation.de>:<br> + Updated status and implementation details. <li> 2008-07-10 Jan-Oliver Wagner <jan-oliver.wagner at intevation.de>:<br> Added voting result. <li> 2008-06-26 Bernhard Herzog <bernhard.herzog at intevation.de>:<br> Modified: trunk/doc/website/openvas.css =================================================================== --- trunk/doc/website/openvas.css 2008-12-09 13:05:44 UTC (rev 1956) +++ trunk/doc/website/openvas.css 2008-12-09 13:36:41 UTC (rev 1957) @@ -30,6 +30,8 @@ background-color: #ffffff; font-family: sans-serif; font-size: 12px; + margin-left: 10%; + margin-right: 10%; } H1 { @@ -57,6 +59,7 @@ font-weight: normal; font-style:italic; color: black; + padding-left: 2px; } STRONG { @@ -108,6 +111,7 @@ font-weight: bold; font-size: 80%; width: 100%; + padding-left: 40px; } #navbar TD { @@ -135,7 +139,7 @@ #main { min-width: 250px; padding: 40px; - padding-top: 20px; + padding-top: 10px; padding-right: 0px; padding-bottom: 0px; line-height: 150%; Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2008-12-09 13:05:44 UTC (rev 1956) +++ trunk/doc/website/template_header.m4 2008-12-09 13:36:41 UTC (rev 1957) @@ -69,7 +69,7 @@ </div> <div class="box"> - <h1>Information/Howto's</h1> + <h1>Information/Howtos</h1> <p> <a href="__TMPL_ROOT`'integrated-tools.html">Integrated tools</a><br> <a href="__TMPL_ROOT`'sources-for-security-issues-information.html">Security info sources</a><br> @@ -85,6 +85,9 @@ <div class="box"> <h1>Support</h1> <p> + <a href="http://bugs.openvas.org/">Bug Tracker</a> + </p> + <p> Mailinglist Discussion:<br> <a href="http://lists.wald.intevation.org/pipermail/openvas-discuss/">Archive</a> | <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss">Subscribe</a> From scm-commit at wald.intevation.org Wed Dec 10 05:23:59 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 05:23:59 +0100 (CET) Subject: [Openvas-commits] r1958 - in trunk/openvas-plugins: . scripts Message-ID: <20081210042359.025CE4075A@pyrosoma.intevation.org> Author: reinke Date: 2008-12-10 05:23:56 +0100 (Wed, 10 Dec 2008) New Revision: 1958 Added: trunk/openvas-plugins/scripts/deb_1677_1.nasl trunk/openvas-plugins/scripts/deb_1678_1.nasl trunk/openvas-plugins/scripts/deb_1679_1.nasl trunk/openvas-plugins/scripts/deb_1680_1.nasl trunk/openvas-plugins/scripts/deb_1681_1.nasl trunk/openvas-plugins/scripts/deb_1682_1.nasl trunk/openvas-plugins/scripts/deb_1683_1.nasl trunk/openvas-plugins/scripts/freebsd_dovecot-managesieve.nasl trunk/openvas-plugins/scripts/freebsd_habari.nasl trunk/openvas-plugins/scripts/freebsd_mantis3.nasl trunk/openvas-plugins/scripts/freebsd_mantis4.nasl trunk/openvas-plugins/scripts/freebsd_mgetty+sendfax.nasl trunk/openvas-plugins/scripts/freebsd_php53.nasl trunk/openvas-plugins/scripts/freebsd_php54.nasl trunk/openvas-plugins/scripts/freebsd_squirrelmail6.nasl trunk/openvas-plugins/scripts/freebsd_vlc-devel.nasl trunk/openvas-plugins/scripts/freebsd_wireshark1.nasl trunk/openvas-plugins/scripts/glsa_200812_08.nasl Modified: trunk/openvas-plugins/ChangeLog Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/ChangeLog 2008-12-10 04:23:56 UTC (rev 1958) @@ -1,3 +1,14 @@ +2008-12-09 Thomas Reinke <reinke at securityspace.com> + * deb_1677_1.nasl deb_1678_1.nasl deb_1679_1.nasl + deb_1680_1.nasl deb_1681_1.nasl deb_1682_1.nasl + deb_1683_1.nasl freebsd_dovecot-managesieve.nasl + freebsd_habari.nasl freebsd_mantis3.nasl freebsd_mantis4.nasl + freebsd_mgetty+sendfax.nasl freebsd_php53.nasl + freebsd_php54.nasl freebsd_squirrelmail6.nasl + freebsd_vlc-devel.nasl freebsd_wireshark1.nasl + glsa_200812_08.nasl + New scripts + 2008-12-09 Chandrashekhar B <bchandra at secpod.com> * scripts/gb_w3c_amaya_mult_bof_vuln_dec08_lin.nasl, scripts/gb_w3c_amaya_mult_bof_vuln_dec08_win.nasl, Added: trunk/openvas-plugins/scripts/deb_1677_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1677_1.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/deb_1677_1.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,114 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1677-1 (cupsys) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62839); + script_cve_id("CVE-2008-5286"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1677-1 (cupsys)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to cupsys +announced via advisory DSA 1677-1. + +An integer overflow has been discovered in the image validation code +of cupsys, the Common UNIX Printing System. An attacker could trigger +this bug by supplying a malicious graphic that could lead to the +execution of arbitrary code. + +For the stable distribution (etch) this problem has been fixed in +version 1.2.7-4etch6. + +For testing distribution (lenny) this issue will be fixed soon. + +For the unstable distribution (sid) this problem has been fixed in +version 1.3.8-1lenny4. + +We recommend that you upgrade your cupsys packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201677-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1677-1 (cupsys)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"cupsys-common", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libcupsys2-gnutls10", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"cupsys", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"cupsys-bsd", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"cupsys-client", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"cupsys-dbg", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libcupsimage2", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libcupsimage2-dev", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libcupsys2", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libcupsys2-dev", ver:"1.2.7-4etch6", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1678_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1678_1.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/deb_1678_1.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1678-1 (perl) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62840); + script_cve_id("CVE-2008-5302", "CVE-2008-5303", "CVE-2005-0448", "CVE-2004-0452"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1678-1 (perl)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to perl +announced via advisory DSA 1678-1. + +Paul Szabo rediscovered a vulnerability in the File::Path::rmtree +function of Perl. It was possible to exploit a race condition to create +setuid binaries in a directory tree or remove arbitrary files when a +process is deleting this tree. This issue was originally known as +CVE-2005-0448 and CVE-2004-0452, which were addressed by DSA-696-1 and +DSA-620-1. Unfortunately, they were reintroduced later. + +For the stable distribution (etch), these problems have been fixed in +version 5.8.8-7etch5. + +For the unstable distribution (sid), these problems have been fixed in +version 5.10.0-18 and will migrate to the testing distribution (lenny) +shortly. + +We recommend that you upgrade your perl packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201678-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1678-1 (perl)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libcgi-fast-perl", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"perl-doc", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"perl-modules", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"perl", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libperl5.8", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"perl-debug", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"perl-suid", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libperl-dev", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"perl-base", ver:"5.8.8-7etch5", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1679_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1679_1.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/deb_1679_1.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,83 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1679-1 (awstats) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62841); + script_cve_id("CVE-2008-3714"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1679-1 (awstats)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to awstats +announced via advisory DSA 1679-1. + +Morgan Todd discovered a cross-site scripting vulnerability in awstats, +a log file analyzer, involving the config request parameter (and +possibly others; CVE-2008-3714). + +For the stable distribution (etch), this problem has been fixed in version +6.5+dfsg-1+etch1. + +The unstable (sid) and testing (lenny) distribution will be fixed soon. + +We recommend that you upgrade your awstats package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201679-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1679-1 (awstats)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"awstats", ver:"6.5+dfsg-1+etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1680_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1680_1.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/deb_1680_1.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,118 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1680-1 (clamav) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62842); + script_cve_id("CVE-2008-5050", "CVE-2008-5314"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1680-1 (clamav)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to clamav +announced via advisory DSA 1680-1. + +Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers +from an off-by-one-error in its VBA project file processing, leading to +a heap-based buffer overflow and potentially arbitrary code execution +(CVE-2008-5050). + +Ilja van Sprundel discovered that ClamAV contains a denial of service +condition in its JPEG file processing because it does not limit the +recursion depth when processing JPEG thumbnails (CVE-2008-5314). + +For the stable distribution (etch), these problems have been fixed in +version 0.90.1dfsg-4etch16. + +For the unstable distribution (sid), these problems have been fixed in +version 0.94.dfsg.2-1. + +The testing distribution (lenny) will be fixed soon. + +We recommend that you upgrade your clamav packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201680-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1680-1 (clamav)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"clamav-base", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"clamav-docs", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"clamav-testfiles", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libclamav2", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"clamav-daemon", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"clamav-freshclam", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libclamav-dev", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"clamav-dbg", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"clamav-milter", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"clamav", ver:"0.90.1dfsg-4etch16", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1681_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1681_1.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/deb_1681_1.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,403 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1681-1 (linux-2.6.24) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62843); + if(NASL_LEVEL>=2191) { + script_cve_id("CVE-2008-3528", "CVE-2008-4554", "CVE-2008-4576", "CVE-2008-4618", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029", "CVE-2008-5134", "CVE-2008-5182", "CVE-2008-5300"); + } else { + script_cve_id("CVE-2008-3528", "CVE-2008-4554", "CVE-2008-4576", "CVE-2008-4618", "CVE-2008-4933", "CVE-2008-4934", "CVE-2008-5025", "CVE-2008-5029"); + }; + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1681-1 (linux-2.6.24)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to linux-2.6.24 +announced via advisory DSA 1681-1. + +Several vulnerabilities have been discovered in the Linux kernel that +may lead to a denial of service or privilege escalation. The Common +Vulnerabilities and Exposures project identifies the following +problems: + +CVE-2008-3528 + +Eugene Teo reported a local DoS issue in the ext2 and ext3 +filesystems. Local users who have been granted the privileges +necessary to mount a filesystem would be able to craft a corrupted +filesystem that causes the kernel to output error messages in an +infinite loop. + +CVE-2008-4554 + +Milos Szeredi reported that the usage of splice() on files opened +with O_APPEND allows users to write to the file at arbitrary +offsets, enabling a bypass of possible assumed semantics of the +O_APPEND flag. + +CVE-2008-4576 + +Vlad Yasevich reported an issue in the SCTP subsystem that may +allow remote users to cause a local DoS by triggering a kernel +oops. + +CVE-2008-4618 + +Wei Yongjun reported an issue in the SCTP subsystem that may allow +remote users to cause a local DoS by triggering a kernel panic. + +CVE-2008-4933 + +Eric Sesterhenn reported a local DoS issue in the hfsplus +filesystem. Local users who have been granted the privileges +necessary to mount a filesystem would be able to craft a corrupted +filesystem that causes the kernel to overrun a buffer, resulting +in a system oops or memory corruption. + +CVE-2008-4934 + +Eric Sesterhenn reported a local DoS issue in the hfsplus +filesystem. Local users who have been granted the privileges +necessary to mount a filesystem would be able to craft a corrupted +filesystem that results in a kernel oops due to an unchecked +return value. + +CVE-2008-5025 + +Eric Sesterhenn reported a local DoS issue in the hfs filesystem. +Local users who have been granted the privileges necessary to +mount a filesystem would be able to craft a filesystem with a +corrupted catalog name length, resulting in a system oops or +memory corruption. + +CVE-2008-5029 + +Andrea Bittau reported a DoS issue in the unix socket subsystem +that allows a local user to cause memory corruption, resulting in +a kernel panic. + +CVE-2008-5134 + +Johannes Berg reported a remote DoS issue in the libertas wireless +driver, which can be triggered by a specially crafted beacon/probe +response. + +CVE-2008-5182 + +Al Viro reported race conditions in the inotify subsystem that may +allow local users to acquire elevated privileges. + +CVE-2008-5300 + +Dann Frazier reported a DoS condition that allows local users to +cause the out of memory handler to kill off privileged processes +or trigger soft lockups due to a starvation issue in the unix +socket subsystem. + +For the stable distribution (etch), these problems have been fixed in +version 2.6.24-6~etchnhalf.7. + +We recommend that you upgrade your linux-2.6.24 packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201681-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1681-1 (linux-2.6.24)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"linux-doc-2.6.24", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-manual-2.6.24", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-source-2.6.24", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-patch-debian-2.6.24", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-support-2.6.24-etchnhalf.1", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-tree-2.6.24", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-generic", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-common", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-generic", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-alpha", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-legacy", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-legacy", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-amd64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-amd64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-amd64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-ixp4xx", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-arm", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-footbridge", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-ixp4xx", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-iop32x", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-footbridge", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-iop32x", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc64-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc64-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-hppa", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-686", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-686-bigmem", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-686", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-486", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-i386", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-486", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-686-bigmem", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-mckinley", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-itanium", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-mckinley", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-itanium", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-ia64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-r5k-ip32", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-5kc-malta", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-4kc-malta", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-r4k-ip22", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-mips", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-4kc-malta", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-5kc-malta", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-r5k-ip32", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-r4k-ip22", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-r5k-cobalt", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-mipsel", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-powerpc", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-powerpc-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-powerpc64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-powerpc", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-powerpc", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-powerpc-miboot", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-powerpc64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-powerpc-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-s390x", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-s390", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-s390-tape", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-s390x", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-s390", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-s390", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-sparc", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sparc64-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sparc64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sparc64", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sparc64-smp", ver:"2.6.24-6~etchnhalf.7", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1682_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1682_1.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/deb_1682_1.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,84 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1682-1 (squirrelmail) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62844); + script_cve_id("CVE-2008-2379"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1682-1 (squirrelmail)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to squirrelmail +announced via advisory DSA 1682-1. + +Ivan Markovic discovered that SquirrelMail, a webmail application, did not +sufficiently sanitise incoming HTML email, allowing an attacker to perform +cross site scripting through sending a malicious HTML email. + +For the stable distribution (etch), this problem has been fixed in +version 1.4.9a-3. + +For the unstable distribution (sid), this problem has been fixed in +version 1.4.15-4. + +We recommend that you upgrade your squirrelmail package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201682-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1682-1 (squirrelmail)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"squirrelmail", ver:"1.4.9a-3", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1683_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1683_1.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/deb_1683_1.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,83 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1683-1 (streamripper) +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62845); + script_cve_id("CVE-2007-4337", "CVE-2008-4829"); + script_version ("$"); + name["english"] = "Debian Security Advisory DSA 1683-1 (streamripper)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to streamripper +announced via advisory DSA 1683-1. + +Multiple buffer overflows involving HTTP header and playlist parsing +have been discovered in streamripper (CVE-2007-4337, CVE-2008-4829). + +For the stable distribution (etch), these problems have been fixed in +version 1.61.27-1+etch1. + +For the unstable distribution (sid) and the testing distribution +(lenny), these problems have been fixed in version 1.63.5-2. + +We recommend that you upgrade your streamripper package. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201683-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Debian Security Advisory DSA 1683-1 (streamripper)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Debian Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"streamripper", ver:"1.61.27-1+etch1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_dovecot-managesieve.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_dovecot-managesieve.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_dovecot-managesieve.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,93 @@ +# +#VID 3efc106e-c451-11dd-a721-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 3efc106e-c451-11dd-a721-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62854); + script_cve_id("CVE-2008-5301"); + script_version ("$"); + name["english"] = "FreeBSD Ports: dovecot-managesieve"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: dovecot-managesieve + +CVE-2008-5301 +Directory traversal vulnerability in the ManageSieve implementation in +Dovecot 1.0.15, 1.1, and 1.2 allows remote attackers to read and +modify arbitrary .sieve files via a '..' (dot dot) in a script name. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.vupen.com/english/advisories/2008/3190 +http://secunia.com/Advisories/32768/ +http://dovecot.org/list/dovecot/2008-November/035259.html +http://www.vuxml.org/freebsd/3efc106e-c451-11dd-a721-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: dovecot-managesieve"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"dovecot-managesieve"); +if(!isnull(bver) && revcomp(a:bver, b:"0.10.4")<0) { + security_note(0, data:"Package dovecot-managesieve version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +if(!isnull(bver) && revcomp(a:bver, b:"0.11.0")>=0 && revcomp(a:bver, b:"0.11.1")<0) { + security_note(0, data:"Package dovecot-managesieve version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_habari.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_habari.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_habari.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,88 @@ +# +#VID 578f6322-c450-11dd-a721-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 578f6322-c450-11dd-a721-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62855); + script_cve_id("CVE-2008-4601"); + script_version ("$"); + name["english"] = "FreeBSD Ports: habari"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: habari + +CVE-2008-4601 +Cross-site scripting (XSS) vulnerability in the login feature in +Habari CMS 0.5.1 allows remote attackers to inject arbitrary web +script or HTML via the habari_username parameter. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://packetstorm.linuxsecurity.com/0810-exploits/habaricms-xss.txt +http://secunia.com/advisories/32311/ +http://www.vuxml.org/freebsd/578f6322-c450-11dd-a721-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: habari"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"habari"); +if(!isnull(bver) && revcomp(a:bver, b:"0.5.2")<0) { + security_note(0, data:"Package habari version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_mantis3.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_mantis3.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_mantis3.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,88 @@ +# +#VID af2745c0-c3e0-11dd-a721-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID af2745c0-c3e0-11dd-a721-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62857); + script_cve_id("CVE-2008-4687"); + script_version ("$"); + name["english"] = "FreeBSD Ports: mantis"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: mantis + +CVE-2008-4687 +manage_proj_page.php in Mantis before 1.1.4 allows remote +authenticated users to execute arbitrary code via a sort parameter +containing PHP sequences, which are processed by create_function +within the multi_sort function in core/utility_api.php. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://secunia.com/advisories/32314/ +http://www.vuxml.org/freebsd/af2745c0-c3e0-11dd-a721-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: mantis"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"mantis"); +if(!isnull(bver) && revcomp(a:bver, b:"1.1.4")<0) { + security_note(0, data:"Package mantis version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_mantis4.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_mantis4.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_mantis4.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,100 @@ +# +#VID 29255141-c3df-11dd-a721-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 29255141-c3df-11dd-a721-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62858); + script_cve_id("CVE-2008-2276", "CVE-2008-3331", "CVE-2008-3332", "CVE-2008-3333"); + script_version ("$"); + name["english"] = "FreeBSD Ports: mantis"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: mantis + +CVE-2008-2276 +Cross-site request forgery (CSRF) vulnerability in +manage_user_create.php in Mantis 1.1.1 allows remote attackers to +create new administrative users via a crafted link. +CVE-2008-3331 +Cross-site scripting (XSS) vulnerability in return_dynamic_filters.php +in Mantis before 1.1.2 allows remote attackers to inject arbitrary web +script or HTML via the filter_target parameter. +CVE-2008-3332 +Eval injection vulnerability in adm_config_set.php in Mantis before +1.1.2 allows remote authenticated administrators to execute arbitrary +code via the value parameter. +CVE-2008-3333 +Directory traversal vulnerability in core/lang_api.php in Mantis +before 1.1.2 allows remote attackers to include and execute arbitrary +files via the language parameter to the user preferences page +(account_prefs_update.php). + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://secunia.com/advisories/30270/ +http://www.vuxml.org/freebsd/29255141-c3df-11dd-a721-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: mantis"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"mantis"); +if(!isnull(bver) && revcomp(a:bver, b:"1.1.2")<0) { + security_note(0, data:"Package mantis version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_mgetty+sendfax.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_mgetty+sendfax.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_mgetty+sendfax.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,87 @@ +# +#VID 44ee8160-c453-11dd-a721-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 44ee8160-c453-11dd-a721-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62853); + script_cve_id("CVE-2008-4936"); + script_version ("$"); + name["english"] = "FreeBSD Ports: mgetty+sendfax"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: mgetty+sendfax + +CVE-2008-4936 +faxspool in mgetty 1.1.36 allows local users to overwrite arbitrary +files via a symlink attack on a /tmp/faxsp.##### temporary file. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=496403 +https://bugs.gentoo.org/show_bug.cgi?id=235806 +http://www.vuxml.org/freebsd/44ee8160-c453-11dd-a721-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: mgetty+sendfax"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"mgetty+sendfax"); +if(!isnull(bver) && revcomp(a:bver, b:"1.1.35_2")<0) { + security_note(0, data:"Package mgetty+sendfax version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_php53.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_php53.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_php53.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,83 @@ +# +#VID 1f9e2376-c52f-11dd-8cbc-00163e000016 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 1f9e2376-c52f-11dd-8cbc-00163e000016 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62850); + script_version ("$"); + name["english"] = "FreeBSD Ports: php5"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: php5 + +===== + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.php.net/archive/2008.php#id2008-12-07-1 +http://www.vuxml.org/freebsd/1f9e2376-c52f-11dd-8cbc-00163e000016.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: php5"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"php5"); +if(!isnull(bver) && revcomp(a:bver, b:"5.2.8")<0) { + security_note(0, data:"Package php5 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_php54.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_php54.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_php54.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,117 @@ +# +#VID 27d01223-c457-11dd-a721-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 27d01223-c457-11dd-a721-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62852); + script_cve_id("CVE-2008-2371", "CVE-2008-2829", "CVE-2008-3658", "CVE-2008-3659", "CVE-2008-3660"); + script_version ("$"); + name["english"] = "FreeBSD Ports: php5"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: php5 + +CVE-2008-2371 +Heap-based buffer overflow in pcre_compile.c in the Perl-Compatible +Regular Expression (PCRE) library 7.7 allows context-dependent +attackers to cause a denial of service (crash) or possibly execute +arbitrary code via a regular expression that begins with an option and +contains multiple branches. +CVE-2008-2829 +php_imap.c in PHP 5.2.5, 5.2.6, 4.x, and other versions, uses obsolete +API calls that allow context-dependent attackers to cause a denial of +service (crash) and possibly execute arbitrary code via a long IMAP +request, which triggers an 'rfc822.c legacy routine buffer overflow' +error message. +CVE-2008-3658 +Buffer overflow in the imageloadfont function in ext/gd/gd.c in PHP +4.4.x before 4.4.9 and PHP 5.2 before 5.2.6-r6 allows +context-dependent attackers to cause a denial of service (crash) and +possibly execute arbitrary code via a crafted font file. +CVE-2008-3659 +Buffer overflow in the memnstr function in PHP 4.4.x before 4.4.9 and +PHP 5.6 through 5.2.6 allows context-dependent attackers to cause a +denial of service (crash) and possibly execute arbitrary code via the +delimiter argument to the explode function. NOTE: the scope of this +issue is limited since most applications would not use an +attacker-controlled delimiter, but local attacks against safe_mode are +feasible. +CVE-2008-3660 +PHP 4.4.x before 4.4.9, and 5.x through 5.2.6, when used as a FastCGI +module, allows remote attackers to cause a denial of service (crash) +via a request with multiple dots preceding the extension, as +demonstrated using foo..php. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.php.net/ChangeLog-5.php#5.2.7 +http://www.sektioneins.de/advisories/SE-2008-06.txt +http://secunia.com/advisories/30916/ +http://secunia.com/advisories/31409/ +http://secunia.com/advisories/32964/ +http://www.vuxml.org/freebsd/27d01223-c457-11dd-a721-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: php5"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"php5"); +if(!isnull(bver) && revcomp(a:bver, b:"5.2.7")<0) { + security_note(0, data:"Package php5 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_squirrelmail6.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_squirrelmail6.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_squirrelmail6.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,88 @@ +# +#VID d1ce8a4f-c235-11dd-8cbc-00163e000016 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID d1ce8a4f-c235-11dd-8cbc-00163e000016 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62859); + script_cve_id("CVE-2008-2379"); + script_version ("$"); + name["english"] = "FreeBSD Ports: squirrelmail"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: squirrelmail + +CVE-2008-2379 +Cross-site scripting (XSS) vulnerability in SquirrelMail before 1.4.17 +allows remote attackers to inject arbitrary web script or HTML via a +crafted hyperlink in an HTML part of an e-mail message. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://secunia.com/Advisories/32143/ +http://sourceforge.net/project/shownotes.php?release_id=644750&group_id=311 +http://www.vuxml.org/freebsd/d1ce8a4f-c235-11dd-8cbc-00163e000016.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: squirrelmail"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"squirrelmail"); +if(!isnull(bver) && revcomp(a:bver, b:"1.4.17")<0) { + security_note(0, data:"Package squirrelmail version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_vlc-devel.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_vlc-devel.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_vlc-devel.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,90 @@ +# +#VID acf80afa-c3ef-11dd-a721-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID acf80afa-c3ef-11dd-a721-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62856); + script_cve_id("CVE-2008-5276"); + script_bugtraq_id(32545); + script_version ("$"); + name["english"] = "FreeBSD Ports: vlc-devel"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: vlc-devel + +CVE-2008-5276 +Integer overflow in the ReadRealIndex function in real.c in the Real +demuxer plugin in VideoLAN VLC media player 0.9.0 through 0.9.7 allows +remote attackers to execute arbitrary code via a malformed RealMedia +(.rm) file that triggers a heap-based buffer overflow. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.trapkit.de/advisories/TKADV2008-013.txt +http://www.videolan.org/security/sa0811.html +http://www.vuxml.org/freebsd/acf80afa-c3ef-11dd-a721-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "FreeBSD Ports: vlc-devel"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"vlc-devel"); +if(!isnull(bver) && revcomp(a:bver, b:"0.9.8a")<0) { + security_note(0, data:"Package vlc-devel version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_wireshark1.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_wireshark1.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/freebsd_wireshark1.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,118 @@ +# +#VID baece347-c489-11dd-a721-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID baece347-c489-11dd-a721-0030843d3802 +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(62851); + script_cve_id("CVE-2008-5285"); + script_version ("$"); + name["english"] = "wireshark -- SMTP Processing Denial of Service Vulnerability"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following packages are affected: + wireshark + wireshark-lite + ethereal + ethereal-lite + tethereal + tethereal-lite + +CVE-2008-5285 +Wireshark 1.0.4 and earlier allows remote attackers to cause a denial +of service via a long SMTP request, which triggers an infinite loop. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://secunia.com/advisories/32840/ +http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065840.html +http://www.vuxml.org/freebsd/baece347-c489-11dd-a721-0030843d3802.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "wireshark -- SMTP Processing Denial of Service Vulnerability"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "FreeBSD Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"wireshark"); +if(!isnull(bver) && revcomp(a:bver, b:"1.0.4_1")<0) { + security_note(0, data:"Package wireshark version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"wireshark-lite"); +if(!isnull(bver) && revcomp(a:bver, b:"1.0.4_1")<0) { + security_note(0, data:"Package wireshark-lite version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"ethereal"); +if(!isnull(bver) && revcomp(a:bver, b:"1.0.4_1")<0) { + security_note(0, data:"Package ethereal version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"ethereal-lite"); +if(!isnull(bver) && revcomp(a:bver, b:"1.0.4_1")<0) { + security_note(0, data:"Package ethereal-lite version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"tethereal"); +if(!isnull(bver) && revcomp(a:bver, b:"1.0.4_1")<0) { + security_note(0, data:"Package tethereal version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"tethereal-lite"); +if(!isnull(bver) && revcomp(a:bver, b:"1.0.4_1")<0) { + security_note(0, data:"Package tethereal-lite version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200812_08.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200812_08.nasl 2008-12-09 13:36:41 UTC (rev 1957) +++ trunk/openvas-plugins/scripts/glsa_200812_08.nasl 2008-12-10 04:23:56 UTC (rev 1958) @@ -0,0 +1,83 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke <reinke at securityspace.com> +# +# Copyright: +# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(62846); + script_cve_id("CVE-2008-4936"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200812-08 (mgetty)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200812-08. + +Mgetty uses temporary files in an insecure manner, allowing for symlink +attacks. + +Solution: +All Mgetty users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=net-dialup/mgetty-1.1.36-r2' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200812-08 +http://bugs.gentoo.org/show_bug.cgi?id=235806 + +Risk factor : Medium"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200812-08 (mgetty)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"net-dialup/mgetty", unaffected: make_list("ge 1.1.36-r2"), vulnerable: make_list("lt 1.1.36-r2"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} From scm-commit at wald.intevation.org Wed Dec 10 08:20:29 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 08:20:29 +0100 (CET) Subject: [Openvas-commits] r1959 - in trunk/openvas-plugins: . scripts Message-ID: <20081210072029.94B534075A@pyrosoma.intevation.org> Author: chandra Date: 2008-12-10 08:20:26 +0100 (Wed, 10 Dec 2008) New Revision: 1959 Added: trunk/openvas-plugins/scripts/secpod_mailscanner_infinite_loop_dos_vuln_900413.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_nov08_win.nasl Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-10 04:23:56 UTC (rev 1958) +++ trunk/openvas-plugins/ChangeLog 2008-12-10 07:20:26 UTC (rev 1959) @@ -1,3 +1,11 @@ +2008-12-10 Chandrashekhar B <bchandra at secpod.com> + * scripts/secpod_mailscanner_infinite_loop_dos_vuln_900413.nasl: + Added new plugin + + * scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl, + scripts/gb_adobe_flash_player_mult_vuln_nov08_win.nasl: + Updated the CVE reference list + 2008-12-09 Thomas Reinke <reinke at securityspace.com> * deb_1677_1.nasl deb_1678_1.nasl deb_1679_1.nasl deb_1680_1.nasl deb_1681_1.nasl deb_1682_1.nasl Modified: trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl 2008-12-10 04:23:56 UTC (rev 1958) +++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_nov08_lin.nasl 2008-12-10 07:20:26 UTC (rev 1959) @@ -29,7 +29,8 @@ script_id(800055); script_version("$Revision: 1.0 $"); script_cve_id("CVE-2008-4818", "CVE-2008-4819", "CVE-2008-4820", "CVE-2008-4821", - "CVE-2008-4822", "CVE-2008-4823", "CVE-2008-4824"); + "CVE-2008-4822", "CVE-2008-4823", "CVE-2008-4824", "CVE-2008-5361", + "CVE-2008-5362", "CVE-2008-5363"); script_bugtraq_id(32129); script_name(english:"Adobe Flash Player Multiple Vulnerabilities - Nov08 (Linux)"); desc["english"] = " Modified: trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_nov08_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_nov08_win.nasl 2008-12-10 04:23:56 UTC (rev 1958) +++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_nov08_win.nasl 2008-12-10 07:20:26 UTC (rev 1959) @@ -29,7 +29,8 @@ script_id(800054); script_version("$Revision: 1.0 $"); script_cve_id("CVE-2008-4818", "CVE-2008-4819", "CVE-2008-4820", "CVE-2008-4821", - "CVE-2008-4822", "CVE-2008-4823", "CVE-2008-4824"); + "CVE-2008-4822", "CVE-2008-4823", "CVE-2008-4824", "CVE-2008-5361", + "CVE-2008-5362", "CVE-2008-5363"); script_bugtraq_id(32129); script_name(english:"Adobe Flash Player Multiple Vulnerabilities - Nov08 (Win)"); desc["english"] = " Added: trunk/openvas-plugins/scripts/secpod_mailscanner_infinite_loop_dos_vuln_900413.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_mailscanner_infinite_loop_dos_vuln_900413.nasl 2008-12-10 04:23:56 UTC (rev 1958) +++ trunk/openvas-plugins/scripts/secpod_mailscanner_infinite_loop_dos_vuln_900413.nasl 2008-12-10 07:20:26 UTC (rev 1959) @@ -0,0 +1,89 @@ +############################################################################## +# +# MailScanner Infinite Loop Denial of Service Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/12/02 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0547 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900413); + script_bugtraq_id(32514); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Denial of Service"); + script_name(english:"MailScanner Infinite Loop Denial of Service Vulnerability"); + script_summary(english:"Check for vulnerable version of MailScanner"); + desc["english"] = " + Overview: This host is installed with MailScanner and is prone to Denial of + Service vulnerability. + + Vulnerability Insight: + This error is due to an issue in 'Clean' Function in message.pm. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes in a + crafted message and it can lead to system crash through high CPU resources. + + Impact Level: Application + + Affected Software/OS: + MailScanner version prior to 4.73.3-1 on all Linux platforms. + + Fix: + Upgrade to the latest MailScanner version 4.73.3-1 + http://www.mailscanner.info/downloads.html + + References: + http://osvdb.org/show/osvdb/50268 + http://secunia.com/Advisories/32915 + + CVSS Score: + CVSS Base Score : 9.0 (AV:N/AC:L/Au:NR/C:P/I:P/A:C) + CVSS Temporal Score : 6.6 + Risk factor: High"; + + script_description(english:desc["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/uname"); + exit(0); +} + + +include("ssh_func.inc"); + +if("Linux" >!< get_kb_item("ssh/login/uname")){ + exit(0); +} + +sock = ssh_login_or_reuse_connection(); +if(sock) +{ + ver = ssh_cmd(socket:sock, cmd:"MailScanner -v", timeout:120); + ssh_close_connection(); + if("MailScanner" >< ver){ + # Grep for MailScanner version prior to 4.73.3 + pattern = "MailScanner version ([0-3](\..*)|4(\.[0-6]?[0-9](\..*)?|\.7" + + "[0-2](\..*)?|\.73\.[0-3]))($|[^.0-9])"; + if(egrep(pattern:pattern, string:ver)){ + security_warning(0); + } + } +} From scm-commit at wald.intevation.org Wed Dec 10 10:18:30 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 10:18:30 +0100 (CET) Subject: [Openvas-commits] r1960 - in trunk/openvas-libraries: . libopenvas Message-ID: <20081210091830.B333840767@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-10 10:18:29 +0100 (Wed, 10 Dec 2008) New Revision: 1960 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/libopenvas/proctitle.c Log: * libopenvas/proctitle.c (setproctitle): Reverted one instance of strncpy usage back to strcpy since it causes issue on server startup under certain circumstances. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2008-12-10 07:20:26 UTC (rev 1959) +++ trunk/openvas-libraries/ChangeLog 2008-12-10 09:18:29 UTC (rev 1960) @@ -1,3 +1,9 @@ +2008-12-10 Michael Wiegand <michael.wiegand at intevation.de> + + * libopenvas/proctitle.c (setproctitle): Reverted one instance of + strncpy usage back to strcpy since it causes issue on server startup + under certain circumstances. + 2008-12-05 Michael Wiegand <michael.wiegand at intevation.de> Post release version bump. Modified: trunk/openvas-libraries/libopenvas/proctitle.c =================================================================== --- trunk/openvas-libraries/libopenvas/proctitle.c 2008-12-10 07:20:26 UTC (rev 1959) +++ trunk/openvas-libraries/libopenvas/proctitle.c 2008-12-10 09:18:29 UTC (rev 1960) @@ -100,7 +100,7 @@ i = LastArgv - Argv[0] - 2; buf[i] = '\0'; } - (void) strncpy(Argv[0], buf, SPT_BUFSIZE - 1); + (void) strcpy(Argv[0], buf); /* RATS: ignore */ { char *p; p = &Argv[0][i]; while (p < LastArgv) From scm-commit at wald.intevation.org Wed Dec 10 13:27:23 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 13:27:23 +0100 (CET) Subject: [Openvas-commits] r1961 - in trunk/openvas-manager: . src Message-ID: <20081210122723.D3FC84076B@pyrosoma.intevation.org> Author: mattm Date: 2008-12-10 13:27:23 +0100 (Wed, 10 Dec 2008) New Revision: 1961 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/openvasmd.c Log: After selecting, ensure that all input is read before the fd is selected again. Start handling server input: preferences, plugins dependencies and rules. Improve server input field parsing. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-10 09:18:29 UTC (rev 1960) +++ trunk/openvas-manager/ChangeLog 2008-12-10 12:27:23 UTC (rev 1961) @@ -1,3 +1,44 @@ +2008-12-10 Matthew Mundell <matt at mundell.ukfsn.org> + + After selecting, ensure that all input is read before the fd is + selected again. Start handling server input: preferences, plugins + dependencies and rules. Improve server input field parsing. + + * openvasmd.c: Prefix tracing messages with 3 spaces. Improve a few + comments. + (strip_space): Only strip spaces. + (TO_SERVER, start_task): Update fail destination. + (serve_otp, read_protocol): Compare GNUTLS_E_REHANDSHAKE to count + instead of errno. + (RESPOND): Update to revert parsing on fail. Update fail destination. + (process_omp_client_input): Update to revert parsing on start_task and + RESPOND failure. Update RESPOND fail destination. + (process_omp_server_input): Only update from_server_start after + TO_SERVER, in case TO_SERVER fails. On successful exit, reset the + from_server buffer. In the SERVER_DONE handling only strip spaces, + exit if there are too few characters in the message and move messages + along on success. Add preference, rule and plugins dependencies + handling. Improve the check for <|>. + (serve_omp): Compare count to GNUTLS_E_REHANDSHAKE instead of errno. + Move reading out to new functions read_from_client and + read_from_server. After selecting, ensure that all input is read + before the fd is selected again, including the cases where processing + of the input must wait for space in one of the output buffers + to_server and to_client. Drop the EAGAIN and EINTR check from + the OVAL_SSL cases. + (current_server_preference, current_server_plugin_dependency_name, + current_server_plugin_dependency_dependencies): New variables. + (free_g_ptr_array, maybe_free_server_preferences, + make_server_preferences, add_server_preference, + maybe_free_server_plugins_dependencies, + make_server_plugins_dependencies, add_server_plugins_dependency, + make_current_server_plugin_dependency, + append_to_current_server_plugin_dependency, + maybe_free_current_server_plugin_dependency, + finish_current_server_plugin_dependency, free_rule, + maybe_free_server_rules, make_server_rules, add_server_rule, + read_from_client, read_from_server): New functions. + 2008-12-03 Matthew Mundell <matt at mundell.ukfsn.org> Add more OMP commands, start adding server communication. Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2008-12-10 09:18:29 UTC (rev 1960) +++ trunk/openvas-manager/src/openvasmd.c 2008-12-10 12:27:23 UTC (rev 1961) @@ -117,8 +117,7 @@ /** The size of the data buffers. When the client/server buffer is full * `select' stops watching for input from the client/server. */ -//#define BUFFER_SIZE 8192 -#define BUFFER_SIZE 8192000 +#define BUFFER_SIZE 8192 /** Second argument to `listen'. */ #define MAX_CONNECTIONS 512 @@ -241,35 +240,181 @@ char* strip_space (char* string, char* end) { - while (string[0] == ' ') string++; + while (string[0] == ' ' || string[0] == '\n') + string++; char *last = end, *new_end = end; new_end--; - while (new_end > string && new_end[0] == ' ') { last--; new_end--; } + while (new_end > string && (new_end[0] == ' ' || new_end[0] == '\n')) + { last--; new_end--; } if (last < end) last[0] = '\0'; return string; } +/** Free \ref array. */ +void +free_g_ptr_array (gpointer array) +{ + g_ptr_array_free (array, TRUE); +} + -/* Server. */ +/* Server state. */ typedef struct { char* plugins_md5; + GHashTable* plugins_dependencies; + GHashTable* preferences; + GPtrArray* rules; } server_t; server_t server; typedef enum { - SERVER_TOP, + SERVER_DONE, + SERVER_PLUGINS_MD5, + SERVER_PLUGIN_DEPENDENCY_NAME, + SERVER_PLUGIN_DEPENDENCY_DEPENDENCY, + SERVER_PREFERENCE_NAME, + SERVER_PREFERENCE_VALUE, + SERVER_RULE, SERVER_SERVER, - SERVER_DONE, - SERVER_PLUGINS_MD5 + SERVER_TOP } server_state_t; server_state_t server_state = SERVER_TOP; +/* Server preferences. */ + +char* current_server_preference = NULL; + +void +maybe_free_server_preferences () +{ + if (server.preferences) g_hash_table_destroy (server.preferences); +} + +void +make_server_preferences () +{ + server.preferences = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + g_free); +} + +void +add_server_preference (char* preference, char* value) +{ + g_hash_table_insert (server.preferences, preference, value); +} + + +/* Server plugin dependencies. */ + +char* current_server_plugin_dependency_name = NULL; +GPtrArray* current_server_plugin_dependency_dependencies = NULL; + +void +maybe_free_server_plugins_dependencies () +{ + if (server.plugins_dependencies) + { + g_hash_table_destroy (server.plugins_dependencies); + server.plugins_dependencies = NULL; + } +} + +void +make_server_plugins_dependencies () +{ + assert (server.plugins_dependencies == NULL); + server.plugins_dependencies = g_hash_table_new_full (g_str_hash, + g_str_equal, + g_free, + free_g_ptr_array); +} + +void +add_server_plugins_dependency (char* name, GPtrArray* dependencies) +{ + assert (server.plugins_dependencies); + tracef (" server new dependency name: %s\n", name); + g_hash_table_insert (server.plugins_dependencies, name, dependencies); +} + +void +make_current_server_plugin_dependency (char* name) +{ + assert (current_server_plugin_dependency_name == NULL); + assert (current_server_plugin_dependency_dependencies == NULL); + current_server_plugin_dependency_name = name; + current_server_plugin_dependency_dependencies = g_ptr_array_new (); +} + +void +append_to_current_server_plugin_dependency (char* dependency) +{ + assert (current_server_plugin_dependency_dependencies); + tracef (" server appending plugin dependency: %s\n", dependency); + g_ptr_array_add (current_server_plugin_dependency_dependencies, dependency); +} + +void +maybe_free_current_server_plugin_dependency () +{ + if (current_server_plugin_dependency_name) + free (current_server_plugin_dependency_name); + if (current_server_plugin_dependency_dependencies) + g_ptr_array_free (current_server_plugin_dependency_dependencies, TRUE); +} + +void +finish_current_server_plugin_dependency () +{ + assert (current_server_plugin_dependency_name); + assert (current_server_plugin_dependency_dependencies); + add_server_plugins_dependency (current_server_plugin_dependency_name, + current_server_plugin_dependency_dependencies); + current_server_plugin_dependency_name = NULL; + current_server_plugin_dependency_dependencies = NULL; +} + + +/* Server rules. */ + +void +free_rule (void* rule, void* dummy) +{ + free (rule); +} + +void +maybe_free_server_rules () +{ + if (server.rules) + { + g_ptr_array_foreach (server.rules, free_rule, NULL); + g_ptr_array_free (server.rules, TRUE); + } +} + +void +make_server_rules () +{ + server.rules = g_ptr_array_new (); +} + +void +add_server_rule (char* rule) +{ + g_ptr_array_add (server.rules, rule); +} + + + /* Tasks. */ typedef struct @@ -296,14 +441,14 @@ print_tasks () { task_t *index = tasks; - tracef ("tasks: %p\n", tasks); - tracef ("tasks end: %p\n", tasks + tasks_size); + tracef (" tasks: %p\n", tasks); + tracef (" tasks end: %p\n", tasks + tasks_size); while (index < tasks + tasks_size) { - //tracef ("index: %p\n", index); + //tracef (" index: %p\n", index); if (index->name) { - tracef ("Task %u: \"%s\" %s\n%s\n\n", + tracef (" Task %u: \"%s\" %s\n%s\n\n", index->id, index->name, index->comment ?: "", @@ -317,7 +462,7 @@ int grow_tasks () { - tracef ("task_t size: %i\n", sizeof (task_t)); + tracef (" task_t size: %i\n", sizeof (task_t)); task_t* new = realloc (tasks, (tasks_size + TASKS_INCREMENT) * sizeof (task_t)); if (new == NULL) return -1; @@ -328,7 +473,7 @@ memset (new, '\0', TASKS_INCREMENT * sizeof (task_t)); tasks_size += TASKS_INCREMENT; - tracef ("tasks grown to %i\n", tasks_size); + tracef (" tasks grown to %i\n", tasks_size); #if TRACE print_tasks (); #endif @@ -344,7 +489,7 @@ { if (index->name) { - tracef ("Freeing task %u: \"%s\" %s (%i)\n%s\n\n", + tracef (" Freeing task %u: \"%s\" %s (%i)\n%s\n\n", index->id, index->name, index->comment, @@ -364,7 +509,7 @@ task_t* make_task (char* name, unsigned int time, char* comment) { - tracef ("make_task %s %u %s\n", name, time, comment); + tracef (" make_task %s %u %s\n", name, time, comment); if (tasks == NULL && grow_tasks ()) return NULL; task_t* index = tasks; task_t* end = tasks + tasks_size; @@ -380,7 +525,7 @@ index->description = NULL; index->description_size = 0; index->running = 0; - tracef ("Made task %i at %p\n", index->id, index); + tracef (" Made task %i at %p\n", index->id, index); num_tasks++; return index; } @@ -398,7 +543,7 @@ task_t* index = tasks; task_t* end = tasks + tasks_size; while (index < end) { - if (index->name) tracef ("%u vs %u\n", index->id, id); + if (index->name) tracef (" %u vs %u\n", index->id, id); if (index->name && index->id == id) return index; else index++; } return NULL; @@ -408,7 +553,7 @@ modify_task (task_t* task, char* name, unsigned int time, char* comment) { assert (task->name); - tracef ("modify_task %u\n", task->id); + tracef (" modify_task %u\n", task->id); task->name = name; task->time = time; task->comment = comment; @@ -418,7 +563,8 @@ #define TO_SERVER(msg) \ do \ { \ - if (BUFFER_SIZE - to_server_end < strlen (msg)) goto fail; \ + if (BUFFER_SIZE - to_server_end < strlen (msg)) \ + goto to_server_fail; \ memcpy (to_server + to_server_end, msg, strlen (msg)); \ tracef ("-> server: %s\n", msg); \ to_server_end += strlen (msg); \ @@ -428,7 +574,7 @@ int start_task (task_t* task) { - tracef ("start task %u\n", task->id); + tracef (" start task %u\n", task->id); TO_SERVER ("CLIENT <|> PREFERENCES <|>\n"); TO_SERVER ("plugin_set <|> "); @@ -460,7 +606,7 @@ return 0; - fail: + to_server_fail: return -1; } @@ -602,7 +748,7 @@ if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) /* Interrupted, try read again. */ continue; - if (errno == GNUTLS_E_REHANDSHAKE) + if (count == GNUTLS_E_REHANDSHAKE) /* Return to select. TODO Rehandshake. */ break; fprintf (stderr, "Failed to read from client.\n"); @@ -667,7 +813,7 @@ if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) /* Interrupted, try write again. */ continue; - if (errno == GNUTLS_E_REHANDSHAKE) + if (count == GNUTLS_E_REHANDSHAKE) /* Return to select. TODO Rehandshake. */ break; fprintf (stderr, "Failed to write to server.\n"); @@ -720,7 +866,7 @@ if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) /* Interrupted, try read again. */ continue; - if (errno == GNUTLS_E_REHANDSHAKE) + if (count == GNUTLS_E_REHANDSHAKE) /* Return to select. TODO Rehandshake. */ break; fprintf (stderr, "Failed to read from server.\n"); @@ -782,7 +928,7 @@ if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) /* Interrupted, try write again. */ continue; - if (errno == GNUTLS_E_REHANDSHAKE) + if (count == GNUTLS_E_REHANDSHAKE) /* Return to select. TODO Rehandshake. */ break; fprintf (stderr, "Failed to write to client.\n"); @@ -819,34 +965,42 @@ #define RESPOND(msg) \ do \ { \ - if (BUFFER_SIZE - to_client_end < strlen (msg)) goto fail; \ + if (BUFFER_SIZE - to_client_end < strlen (msg)) \ + { \ + (messages - 1)[0] = '\n'; \ + if (command) (message - 1)[0] = ' '; \ + goto respond_fail; \ + } \ memcpy (to_client + to_client_end, msg, strlen (msg)); \ tracef ("-> client: %s\n", msg); \ to_client_end += strlen (msg); \ } \ while (0) -/** Process any lines available in from_client, writing any - * resulting server commands to to_server and any replies for the client - * to to_client. +/** Process any lines available in from_client. * - * \return 0 on success, -1 on error (e.g. too little buffer space for response). + * Queue any resulting server commands in to_server and any replies for + * the client in to_client. + * + * \return 0 success, -1 error, -2 or -3 too little space in to_client or to_server. */ int process_omp_client_input () { char* messages = from_client + from_client_start; - //tracef ("consider %.*s\n", from_client_end - from_client_start, messages); + int original_from_client_start; + //tracef (" consider %.*s\n", from_client_end - from_client_start, messages); while (memchr (messages, 10, from_client_end - from_client_start)) { /* Found a full line, process the message. */ - char* command; - tracef ("messages: %.*s...\n", + original_from_client_start = from_client_start; + char* command = NULL; + tracef (" messages: %.*s...\n", from_client_end - from_client_start < 200 ? from_client_end - from_client_start : 200, messages); char* message = strsep (&messages, "\n"); - tracef ("message: %s\n", message); + tracef (" message: %s\n", message); from_client_start += strlen(message) + 1; if (current_client_task) @@ -878,7 +1032,7 @@ } command = strsep (&message, " "); - tracef ("command: %s\n", command); + tracef (" command: %s\n", command); if (strncasecmp ("OMP_VERSION", command, 11) == 0) RESPOND ("200 1.0\n"); @@ -914,7 +1068,7 @@ RESPOND ("404 NEW_TASK requires a name.\n"); continue; } - tracef ("next %s\n", next); + tracef (" next %s\n", next); // FIX parse name with spaces char* name = strdup (next); if (name == NULL) goto out_of_memory; @@ -925,7 +1079,7 @@ RESPOND ("405 NEW_TASK requires a time.\n"); continue; } - tracef ("next %s\n", next); + tracef (" next %s\n", next); /* Scan time. */ int time; if (sscanf (next, "%u", &time) != 1) @@ -1034,7 +1188,14 @@ if (current_client_task == NULL) RESPOND ("407 Failed to find task.\n"); else if (start_task (current_client_task)) - RESPOND ("408 Failed to start task.\n"); + { + /* to_server is full. */ + from_client_start = original_from_client_start; + /* Revert parsing. */ + (message - 1)[0] = ' '; + (messages - 1)[0] = '\n'; + return -2; + } else RESPOND ("200\n"); } @@ -1073,7 +1234,7 @@ index->name, index->running ? 'R' : 'N') == -1) - goto fail; + goto out_of_memory; RESPOND (line); free (line); } @@ -1091,18 +1252,19 @@ if (from_client_start > 0 && from_client_start == from_client_end) { from_client_start = from_client_end = 0; - tracef ("start caught end\n"); + tracef (" client start caught end\n"); } else if (from_client_start == 0) { if (from_client_end == BUFFER_SIZE) { - // FIX if the buffer is entirely full here then respond with err and clear buffer + // FIX if the buffer is entirely full here then respond with err and close connection // (or will hang waiting for buffer to empty) - // this could happen if the client sends a line len >= buffer len + // this could happen if the client sends a field with length >= buffer length // could realloc buffer - tracef ("buffer full\n"); - goto fail; + // which may eventually use all mem and bring down manager + tracef (" client buffer full\n"); + return -1; } } else @@ -1116,9 +1278,9 @@ from_client_start = 0; #if TRACE from_client[from_client_end] = '\0'; - //tracef ("new from_client: %s\n", from_client); - tracef ("new from_client_start: %i\n", from_client_start); - tracef ("new from_client_end: %i\n", from_client_end); + //tracef (" new from_client: %s\n", from_client); + tracef (" new from_client_start: %i\n", from_client_start); + tracef (" new from_client_end: %i\n", from_client_end); #endif } @@ -1127,27 +1289,38 @@ /* RESPOND jumps here when there is too little space in to_client for the response. The result is that the manager closes the connection, so from_client_end and from_client_start can be left as they are. */ - fail: - return -1; + respond_fail: + from_client_start = original_from_client_start; + return -3; } /** Process any lines available in from_server. * - * \return 0 on success, -1 on error (e.g. too little buffer space in to_client). + * Mostly update manager server records according to the input from the + * server. Only communicate with the server for initialisation. + * + * \return 0 on success, -1 on error or -3 if there is too little buffer space in to_server. */ int process_omp_server_input () { + char* match; char* messages = from_server + from_server_start; - //tracef ("consider %.*s\n", from_server_end - from_server_start, messages); + char* input; + int from_start, from_end; + //tracef (" consider %.*s\n", from_server_end - from_server_start, messages); + /* First, handle special server states where the input from the server + ends in something other than <|> (usually a newline). */ + if (server_initialising) { + // FIX read everything available switch (server_initialising) { case 1: if (strncasecmp ("< OTP/1.0 >\n", messages, 12)) { - tracef ("server fail: expected \"< OTP/1.0 >\n\"\n"); + tracef (" server fail: expected \"< OTP/1.0 >\n\"\n"); goto fail; } server_initialising = 2; @@ -1156,23 +1329,23 @@ case 2: if (strncasecmp ("User : ", messages, 7)) { - tracef ("server fail: expected \"User : \"\n"); + tracef (" server fail: expected \"User : \"\n"); goto fail; } + TO_SERVER ("mattm\n"); // FIX from_server_start += 7; - TO_SERVER ("mattm\n"); // FIX server_initialising = 3; - return 0; + goto succeed; case 3: if (strncasecmp ("Password : ", messages, 11)) { - tracef ("server fail: expected \"Password : \"\n"); + tracef (" server fail: expected \"Password : \"\n"); goto fail; } + TO_SERVER ("mattm\n"); // FIX from_server_start += 11; - TO_SERVER ("mattm\n"); // FIX server_initialising = 0; - return 0; + goto succeed; default: goto fail; } @@ -1182,92 +1355,483 @@ char *end; server_done: end = messages + from_server_end - from_server_start; - while (messages < end && messages[0] == ' ') messages++; - if ((int) (end - messages) < 6) return 0; + while (messages < end && (messages[0] == ' ' || messages[0] == '\n')) + { messages++; from_server_start++; } + if ((int) (end - messages) < 6) + /* Too few characters to be the end marker, return to select to + wait for more input. */ + goto succeed; if (strncasecmp ("SERVER", messages, 6)) { - tracef ("server fail: expected final \"SERVER\"\n"); + tracef (" server fail: expected final \"SERVER\"\n"); goto fail; } server_state = SERVER_TOP; from_server_start += 6; + messages += 6; - tracef ("server:: new state %i\n", server_state); + tracef (" server new state: %i\n", server_state); } + else if (server_state == SERVER_PREFERENCE_VALUE) + { + char *value, *end; + server_preference_value: + assert (current_server_preference); + end = messages + from_server_end - from_server_start; + while (messages < end && (messages[0] == ' ')) + { messages++; from_server_start++; } + if ((match = memchr (messages, '\n', from_server_end - from_server_start))) + { + match[0] = '\0'; + value = strdup (messages); + if (value == NULL) goto out_of_memory; + add_server_preference (current_server_preference, value); + server_state = SERVER_PREFERENCE_NAME; + tracef (" server new state: %i\n", server_state); + from_server_start += match + 1 - messages; + messages = match + 1; + } + else + /* Need to wait for a newline to end the value so return to select + to wait for more input. */ + goto succeed; + } + else if (server_state == SERVER_RULE) + { + server_rule: + while (1) + { + char *end; + end = messages + from_server_end - from_server_start; + while (messages < end && (messages[0] == ' ')) + { messages++; from_server_start++; } + if ((match = memchr (messages, ';', from_server_end - from_server_start))) + { + char* rule; + match[0] = '\0'; + rule = strdup (messages); + if (rule == NULL) goto out_of_memory; + add_server_rule (rule); + from_server_start += match + 1 - messages; + messages = match + 1; + } + else + /* Rules are followed by <|> SERVER so carry on, to check for + the <|>. */ + break; + } + } + else if (server_state == SERVER_SERVER) + { + /* Look for any newline delimited server commands. */ + char *end; + server_server: + end = messages + from_server_end - from_server_start; + while (messages < end && (messages[0] == ' ')) + { messages++; from_server_start++; } + if ((match = memchr (messages, '\n', from_server_end - from_server_start))) + { + match[0] = '\0'; + // FIX is there ever whitespace before the newline? + while (messages < end && (messages[0] == ' ')) + { messages++; from_server_start++; } + if (strncasecmp ("PLUGINS_DEPENDENCIES", messages, 20) == 0) + { + from_server_start += match + 1 - messages; + messages = match + 1; + maybe_free_server_plugins_dependencies (); + make_server_plugins_dependencies (); + server_state = SERVER_PLUGIN_DEPENDENCY_NAME; + tracef (" server new state: %i\n", server_state); + } + else + { + char* newline = match; + newline[0] = '\n'; + /* Check for a <|>. */ + input = messages; + from_start = from_server_start, from_end = from_server_end; + while (from_start < from_end + && (match = memchr (input, '<', from_end - from_start))) + { + if ((((int) (match - input) - from_start + 1) < from_end) + && (match[1] == '|') + && (match[2] == '>')) + { + if (match > newline) + /* The next <|> is after the newline, which is an error. */ + goto fail; + /* The next <|> is before the newline, which may be correct. Jump + over the <|> search in the `while' beginning the next section, + to save repeating the search. */ + goto server_server_command; + } + from_start += match + 1 - input; + input = match + 1; + } + /* Need more input for a newline or <|>. */ + goto succeed; + } + } + } + else if (server_state == SERVER_PLUGIN_DEPENDENCY_DEPENDENCY) + { + /* Look for the end of dependency marker: a newline that comes before + the next <|>. */ + char *separator, *end; + server_plugin_dependency_dependency: + separator = NULL; + /* Look for <|>. */ + input = messages; + from_start = from_server_start, from_end = from_server_end; + while (from_start < from_end + && (match = memchr (input, '<', from_end - from_start))) + { + if (((int) (match - input) - from_start + 1) < from_end + && (match[1] == '|') + && (match[2] == '>')) + { + separator = match; + break; + } + from_start += match + 1 - input; + input = match + 1; + } + /* Look for newline. */ + end = messages + from_server_end - from_server_start; + while (messages < end && (messages[0] == ' ')) + { messages++; from_server_start++; } + if ((match = memchr (messages, '\n', from_server_end - from_server_start))) + { + /* Compare newline position to <|> position. */ + if ((separator == NULL) || (match < separator)) + { + finish_current_server_plugin_dependency (); + from_server_start += match + 1 - messages; + messages = match + 1; + server_state = SERVER_PLUGIN_DEPENDENCY_NAME; + tracef (" server new state: %i\n", server_state); + } + } + } - char* match; - while ((match = memchr (messages, '<', from_server_end - from_server_start)) - && (((int) (match - messages) - from_server_start + 1) < from_server_end) - && (match[1] == '|') - && (match[2] == '>')) + /* Parse and handle any fields ending in <|>. */ + + input = messages; + from_start = from_server_start; + from_end = from_server_end; + while (from_start < from_end + && (match = memchr (input, '<', from_end - from_start))) { - /* Found a full field, process the field. */ - tracef ("server messages: %.*s...\n", - from_server_end - from_server_start < 200 - ? from_server_end - from_server_start - : 200, - messages); - char* message = messages; - *match = '\0'; - from_server_start += match + 3 - messages; - messages = match + 3; - tracef ("server message: %s\n", message); + if (((int) (match - input) - from_start + 1) < from_end + && (match[1] == '|') + && (match[2] == '>')) + { + server_server_command: + /* Found a full field, process the field. */ + tracef (" server messages: %.*s...\n", + from_server_end - from_server_start < 200 + ? from_server_end - from_server_start + : 200, + messages); + char* message = messages; + *match = '\0'; + from_server_start += match + 3 - messages; + messages = match + 3; + tracef (" server message: %s\n", message); - /* Strip leading and trailing whitespace. */ - char* field = strip_space (message, - message + from_server_end - from_server_start); + /* Strip leading and trailing whitespace. */ + char* field = strip_space (message, + message + from_server_end - from_server_start); - tracef ("server:: old state %i\n", server_state); - tracef ("server:: field %s\n", field); - switch (server_state) - { - case SERVER_DONE: - if (strncasecmp ("SERVER", field, 6)) - goto fail; - server_state = SERVER_TOP; - break; - case SERVER_PLUGINS_MD5: + tracef (" server old state %i\n", server_state); + tracef (" server field: %s\n", field); + switch (server_state) { - char* md5 = strdup (field); - if (md5 == NULL) - goto out_of_memory; - tracef ("server:: got plugins_md5: %s\n", md5); - server.plugins_md5 = md5; - server_state = SERVER_DONE; - /* Jump to the done check, as this loop only considers fields - ending in <|>. */ - tracef ("server:: new state %i\n", server_state); - goto server_done; +#if 0 + case SERVER_DONE: + if (strncasecmp ("SERVER", field, 6)) + goto fail; + server_state = SERVER_TOP; + break; +#endif + case SERVER_PLUGIN_DEPENDENCY_NAME: + { + if (strlen (field) == 0) + { + server_state = SERVER_DONE; + /* Jump to the done check, as this loop only considers fields + ending in <|>. */ + tracef (" server new state: %i\n", server_state); + goto server_done; + } + char* name = strdup (field); + if (name == NULL) + goto out_of_memory; + make_current_server_plugin_dependency (name); + server_state = SERVER_PLUGIN_DEPENDENCY_DEPENDENCY; + /* Jump to the newline check, as this loop only considers fields + ending in <|> and the list of dependencies can end in a + newline. */ + tracef (" server new state: %i\n", server_state); + goto server_plugin_dependency_dependency; + } + case SERVER_PLUGIN_DEPENDENCY_DEPENDENCY: + { + char* dep = strdup (field); + if (dep == NULL) + goto out_of_memory; + append_to_current_server_plugin_dependency (dep); + /* Jump to the newline check, as this loop only considers fields + ending in <|> and the list of dependencies can end in a + newline. */ + goto server_plugin_dependency_dependency; + } + case SERVER_PLUGINS_MD5: + { + char* md5 = strdup (field); + if (md5 == NULL) + goto out_of_memory; + tracef (" server got plugins_md5: %s\n", md5); + server.plugins_md5 = md5; + server_state = SERVER_DONE; + /* Jump to the done check, as this loop only considers fields + ending in <|>. */ + tracef (" server new state: %i\n", server_state); + goto server_done; + } + case SERVER_PREFERENCE_NAME: + { + if (strlen (field) == 0) + { + server_state = SERVER_DONE; + /* Jump to the done check, as this loop only considers fields + ending in <|>. */ + tracef (" server new state: %i\n", server_state); + goto server_done; + } + char* name = strdup (field); + if (name == NULL) goto out_of_memory; + current_server_preference = name; + server_state = SERVER_PREFERENCE_VALUE; + /* Jump to preference value check, as values end with a + newline and this loop only considers fields ending in <|>. */ + tracef (" server new state: %i\n", server_state); + goto server_preference_value; + } + case SERVER_RULE: + /* A <|> following a rule. */ + server_state = SERVER_DONE; + /* Jump to the done check, as this loop only considers fields + ending in <|>. */ + tracef (" server new state: %i\n", server_state); + goto server_done; + case SERVER_SERVER: + if (strncasecmp ("PLUGINS_MD5", field, 11) == 0) + server_state = SERVER_PLUGINS_MD5; + else if (strncasecmp ("PREFERENCES", field, 11) == 0) + { + maybe_free_server_preferences (); + make_server_preferences (); + server_state = SERVER_PREFERENCE_NAME; + } + else if (strncasecmp ("RULES", field, 5) == 0) + { + maybe_free_server_rules (); + make_server_rules (); + server_state = SERVER_RULE; + /* Jump to rules parsing, as each rule end in a ; and this + loop only considers fields ending in <|>. */ + tracef (" server new state: %i\n", server_state); + goto server_rule; + } + else + goto fail; + break; + case SERVER_TOP: + default: + tracef (" switch t\n"); + tracef (" cmp %i\n", strncasecmp ("SERVER", field, 6)); + if (strncasecmp ("SERVER", field, 6)) + goto fail; + server_state = SERVER_SERVER; + /* Jump to newline check, in case command ends in a newline. */ + tracef (" server new state: %i\n", server_state); + goto server_server; } - case SERVER_SERVER: - if (strncasecmp ("PLUGINS_MD5", field, 11)) - goto fail; - server_state = SERVER_PLUGINS_MD5; - break; - default: - tracef ("switch t\n"); - tracef ("cmp %i\n", strncasecmp ("SERVER", field, 6)); - if (strncasecmp ("SERVER", field, 6)) - goto fail; - server_state = SERVER_SERVER; + + tracef (" server new state: %i\n", server_state); } - tracef ("server:: new state %i\n", server_state); + from_start += match + 1 - input; + input = match + 1; } + succeed: + + if (from_server_start > 0 && from_server_start == from_server_end) + { + from_server_start = from_server_end = 0; + tracef (" server start caught end\n"); + } + else if (from_server_start == 0) + { + if (from_server_end == BUFFER_SIZE) + { + // FIX if the buffer is entirely full here then exit + // (or will hang waiting for buffer to empty) + // this could happen if the server sends a field with length >= buffer length + // could realloc buffer + // which may eventually use all mem and bring down manager + tracef (" server buffer full\n"); + return -1; + } + } + else + { + /* Move the remaining partial line to the front of the buffer. This + ensures that there is space after the partial line into which + serve_omp can read the rest of the line. */ + char* start = from_server + from_server_start; + from_server_end -= from_server_start; + memmove (from_server, start, from_server_end); + from_server_start = 0; +#if TRACE + from_server[from_server_end] = '\0'; + //tracef (" new from_server: %s\n", from_server); + tracef (" new from_server_start: %i\n", from_server_start); + tracef (" new from_server_end: %i\n", from_server_end); +#endif + } + return 0; out_of_memory: - tracef ("out of mem (server)\n"); + tracef (" out of mem (server)\n"); - /* TO_SERVER FIX jumps here when there is too little space in to_client for the - response. The result is that the manager closes the connection, so - from_client_end and from_client_start can be left as they are. */ + /* TO_SERVER jumps here when there is too little space in to_server for the + message. This results in a retry at processing the same message + later, so from_client_end and from_client_start should only be adjusted + after a call to TO_SERVER. */ + to_server_fail: + return -3; + fail: return -1; +} +/** Read as much as the from_client buffer will hold from the client. */ +int +read_from_client (gnutls_session_t* client_session, int client_socket) +{ + while (from_client_end < BUFFER_SIZE) + { + ssize_t count; +#if OVAS_SSL + count = gnutls_record_recv (*client_session, + from_client + from_client_end, + BUFFER_SIZE + - from_client_end); +#else + count = read (client_socket, + from_client + from_client_end, + BUFFER_SIZE - from_client_end); +#endif + tracef (" count: %i\n", count); + if (count < 0) + { +#if OVAS_SSL + if (count == GNUTLS_E_AGAIN) + /* Got everything available, return to `select'. */ + return 0; + if (count == GNUTLS_E_INTERRUPTED) + /* Interrupted, try read again. */ + continue; + if (count == GNUTLS_E_REHANDSHAKE) + { + /* \todo Rehandshake. */ + tracef (" FIX should rehandshake\n"); + continue; + } + fprintf (stderr, "Failed to read from client.\n"); + gnutls_perror (count); +#else + if (errno == EAGAIN) + /* Got everything available, return to `select'. */ + return 0; + if (errno == EINTR) + /* Interrupted, try read again. */ + continue; + perror ("Failed to read from client"); +#endif + return -1; + } + if (count == 0) + /* End of file. */ + return -3; + from_client_end += count; + } + /* Buffer full. */ + return -2; } +// FIX combine with read_from_client +/** Read as much as the from_server buffer will hold from the server. */ +int +read_from_server (gnutls_session_t* server_session, int server_socket) +{ + while (from_server_end < BUFFER_SIZE) + { + ssize_t count; +#if OVAS_SSL + count = gnutls_record_recv (*server_session, + from_server + from_server_end, + BUFFER_SIZE + - from_server_end); +#else + count = read (server_socket, + from_server + from_server_end, + BUFFER_SIZE - from_server_end); +#endif + tracef (" count: %i\n", count); + if (count < 0) + { +#if OVAS_SSL + if (count == GNUTLS_E_AGAIN) + /* Got everything available, return to `select'. */ + return 0; + if (count == GNUTLS_E_INTERRUPTED) + /* Interrupted, try read again. */ + continue; + if (count == GNUTLS_E_REHANDSHAKE) + { + /* \todo Rehandshake. */ + tracef (" FIX should rehandshake\n"); + continue; + } + fprintf (stderr, "Failed to read from server.\n"); + gnutls_perror (count); +#else + if (errno == EAGAIN) + /* Got everything available, return to `select'. */ + return 0; + if (errno == EINTR) + /* Interrupted, try read again. */ + continue; + perror ("Failed to read from server"); +#endif + return -1; + } + if (count == 0) + /* End of file. */ + return -3; + from_server_end += count; + } + + /* Buffer full. */ + return -2; +} + /** Serve the OpenVAS Management Protocol (OMP). * * @param[in] client_session The TLS session with the client. @@ -1282,8 +1846,19 @@ gnutls_session_t* server_session, int client_socket, int server_socket) { - tracef ("Serving OMP.\n"); + /* True if processing of the client input is waiting for space in the + to_server buffer. */ + short client_input_stalled = 0; + /* True if processing of the server input is waiting for space in the + to_client buffer. */ + gboolean server_input_stalled = FALSE; + /* True if there is more to read from the client. */ + gboolean from_client_more = FALSE; + /* True if there is more to read from the server. */ + gboolean from_server_more = FALSE; + tracef (" Serving OMP.\n"); + /* Initialise with the server. */ memcpy (to_server + to_server_end, "< OTP/1.0 >\n", 12); tracef ("-> server: < OTP/1.0 >\n"); @@ -1299,6 +1874,7 @@ tracef ("<= client %i bytes\n", from_client_end - initial_start); #endif #endif /* TRACE || LOG */ + // FIX handle client_input_stalled if (process_omp_client_input ()) return -1; /* Loop handling input from the sockets. */ @@ -1310,27 +1886,34 @@ { /* Setup for select. */ unsigned char fds = 0; /* What `select' is going to watch. */ + gboolean to_client_ok = TRUE; + gboolean to_server_ok = TRUE; FD_ZERO (&exceptfds); FD_ZERO (&readfds); FD_ZERO (&writefds); FD_SET (client_socket, &exceptfds); FD_SET (server_socket, &exceptfds); // FIX shutdown if any eg read fails - if (from_client_end < BUFFER_SIZE) + if (from_client_more == FALSE && from_client_end < BUFFER_SIZE) { FD_SET (client_socket, &readfds); fds |= FD_CLIENT_READ; - if ((lastfds & FD_CLIENT_READ) == 0) tracef ("client read on\n"); + if ((lastfds & FD_CLIENT_READ) == 0) tracef (" client read on\n"); } else { - if (lastfds & FD_CLIENT_READ) tracef ("client read off\n"); + if (lastfds & FD_CLIENT_READ) tracef (" client read off\n"); } - if (from_server_end < BUFFER_SIZE) + if (from_server_more == FALSE && from_server_end < BUFFER_SIZE) { FD_SET (server_socket, &readfds); fds |= FD_SERVER_READ; + if ((lastfds & FD_SERVER_READ) == 0) tracef (" server read on\n"); } + else + { + if (lastfds & FD_SERVER_READ) tracef (" server read off\n"); + } if (to_client_start < to_client_end) { FD_SET (client_socket, &writefds); @@ -1367,196 +1950,224 @@ if (fds & FD_CLIENT_READ && FD_ISSET (client_socket, &readfds)) { - tracef ("FD_CLIENT_READ\n"); + tracef (" FD_CLIENT_READ\n"); #if TRACE || LOG int initial_start = from_client_end; #endif - /* Read as much as possible from the client. */ - while (from_client_end < BUFFER_SIZE) + + do { - ssize_t count; -#if OVAS_SSL - count = gnutls_record_recv (*client_session, - from_client + from_client_end, - BUFFER_SIZE - - from_client_end); + switch (read_from_client (client_session, client_socket)) + { + case 0: /* Read everything. */ + from_client_more = FALSE; + break; + case -1: /* Error. */ + return -1; + case -2: /* from_client buffer full. */ + from_client_more = TRUE; + break; + case -3: /* End of file. */ + return 0; + default: /* Programming error. */ + assert (0); + } + +#if TRACE || LOG + /* This check prevents output in the "asynchronous network + error" case. */ + if (from_client_end > initial_start) + { + logf ("<= %.*s\n", + from_client_end - initial_start, + from_client + initial_start); +#if TRACE_TEXT + tracef ("<= client \"%.*s\"\n", + from_client_end - initial_start, + from_client + initial_start); #else - count = read (client_socket, - from_client + from_client_end, - BUFFER_SIZE - from_client_end); + tracef ("<= client %i bytes\n", + from_client_end - initial_start); #endif - tracef ("count: %i\n", count); - if (count < 0) + } +#endif /* TRACE || LOG */ + + continue_stalled_client_input: + switch (process_omp_client_input ()) { -#if OVAS_SSL - if (count == GNUTLS_E_AGAIN) // || errno == EAGAIN) FIX - /* Got everything available, return to `select'. */ + case 0: /* Processed all input. */ + client_input_stalled = 0; break; - if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) FIX - /* Interrupted, try read again. */ - continue; - if (errno == GNUTLS_E_REHANDSHAKE) - { - /* Return to select. TODO Rehandshake. */ - tracef ("FIX should rehandshake\n"); - break; - } - fprintf (stderr, "Failed to read from client.\n"); - gnutls_perror (count); -#else - if (errno == EAGAIN) - /* Got everything available, return to `select'. */ + case -1: /* Error. */ + return -1; + case -2: /* to_server buffer full. */ + tracef (" client input stalled 1\n"); + client_input_stalled = 1; break; - if (errno == EINTR) - /* Interrupted, try read again. */ - continue; - perror ("Failed to read from client"); -#endif - return -1; + case -3: /* to_client buffer full. */ + tracef (" client input stalled 2\n"); + client_input_stalled = 2; + break; + default: /* Programming error. */ + assert (0); } - if (count == 0) - /* End of file. */ - return 0; - from_client_end += count; + if (client_input_stalled) + /* Break in order to write to server. */ + break; } -#if TRACE || LOG - /* This check prevents output in the "asynchronous network - error" case. */ - if (from_client_end > initial_start) - { - logf ("<= %.*s\n", - from_client_end - initial_start, - from_client + initial_start); -#if TRACE_TEXT - tracef ("<= client \"%.*s\"\n", - from_client_end - initial_start, - from_client + initial_start); -#else - tracef ("<= client %i bytes\n", - from_client_end - initial_start); -#endif - } -#endif /* TRACE || LOG */ - if (process_omp_client_input ()) return -1; + while (from_client_more); + + if (server_input_stalled) + /* A process_omp_server_input and a process_omp_client_input + were both stalled by a full to_client buffer. After the + to_client write that followed, control passed to the stalled + client processing (above). Now jump to the stalled server + processing. */ + goto continue_stalled_server_input; } - if (fds & FD_SERVER_WRITE && FD_ISSET (server_socket, &writefds)) + if (fds & FD_SERVER_WRITE + && to_server_ok + && FD_ISSET (server_socket, &writefds)) { /* Write as much as possible to the server. */ - while (to_server_start < to_server_end) - { - ssize_t count; + + while (to_server_start < to_server_end) + { + ssize_t count; #if OVAS_SSL - count = gnutls_record_send (*server_session, - to_server + to_server_start, - to_server_end - to_server_start); + count = gnutls_record_send (*server_session, + to_server + to_server_start, + to_server_end - to_server_start); #else - count = write (server_socket, - to_server + to_server_start, - to_server_end - to_server_start); + count = write (server_socket, + to_server + to_server_start, + to_server_end - to_server_start); #endif - if (count < 0) - { + if (count < 0) + { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN) // || errno == EAGAIN) - /* Wrote as much as possible, return to `select'. */ - goto end_server_fd_write; - if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) - /* Interrupted, try write again. */ - continue; - if (errno == GNUTLS_E_REHANDSHAKE) - /* Return to select. TODO Rehandshake. */ - break; - fprintf (stderr, "Failed to write to server.\n"); - gnutls_perror (count); + if (count == GNUTLS_E_AGAIN) + { + /* Wrote as much as possible, either return to + `select' or re-attempt to process leftover + client input. */ + to_server_ok = FALSE; + goto end_server_fd_write; + } + if (count == GNUTLS_E_INTERRUPTED) + /* Interrupted, try write again. */ + continue; + if (count == GNUTLS_E_REHANDSHAKE) + /* \todo Rehandshake. */ + continue; + fprintf (stderr, "Failed to write to server.\n"); + gnutls_perror (count); #else - if (errno == EAGAIN) - /* Wrote as much as possible, return to `select'. */ - goto end_server_fd_write; - if (errno == EINTR) - /* Interrupted, try write again. */ - continue; - perror ("Failed to write to server"); + if (errno == EAGAIN) + { + /* Wrote as much as possible, either return to + `select' or re-attempt to process leftover + client input. */ + to_server_ok = FALSE; + goto end_server_fd_write; + } + if (errno == EINTR) + /* Interrupted, try write again. */ + continue; + perror ("Failed to write to server"); #endif - return -1; - } - to_server_start += count; - tracef ("=> server %i bytes\n", count); - } - tracef ("=> server done\n"); - to_server_start = to_server_end = 0; - end_server_fd_write: - ; + return -1; + } + to_server_start += count; + tracef ("=> server %i bytes\n", count); + } + tracef ("=> server done\n"); + to_server_start = to_server_end = 0; + /* For stalled client input processing. Flag that it is OK + to try write to the server again after re-attempting to + process any leftover client input. */ + to_server_ok = TRUE; + end_server_fd_write: + + if (client_input_stalled == 1) + /* A previous process_omp_client_input was stalled by a + full to_server buffer. Jump back to process the + remaining client input now that some of the to_server + buffer may have been written. */ + goto continue_stalled_client_input; } if (fds & FD_SERVER_READ && FD_ISSET (server_socket, &readfds)) { -#if TRACE + tracef (" FD_SERVER_READ\n"); +#if TRACE || LOG int initial_start = from_server_end; #endif - /* Read as much as possible from the server. */ - while (from_server_end < BUFFER_SIZE) + + do { - ssize_t count; -#if OVAS_SSL - count = gnutls_record_recv (*server_session, - from_server + from_server_end, - BUFFER_SIZE - - from_server_end); + switch (read_from_server (server_session, server_socket)) + { + case 0: /* Read everything. */ + from_server_more = FALSE; + break; + case -1: /* Error. */ + return -1; + case -2: /* from_server buffer full. */ + from_server_more = TRUE; + break; + case -3: /* End of file. */ + return 0; + default: /* Programming error. */ + assert (0); + } + +#if TRACE || LOG + /* This check prevents output in the "asynchronous network + error" case. */ + if (from_server_end > initial_start) + { + logf ("<= %.*s\n", + from_server_end - initial_start, + from_server + initial_start); +#if TRACE_TEXT + tracef ("<= server \"%.*s\"\n", + from_server_end - initial_start, + from_server + initial_start); #else - count = read (server_socket, - from_server + from_server_end, - BUFFER_SIZE - from_server_end); + tracef ("<= server %i bytes\n", + from_server_end - initial_start); #endif - if (count < 0) + } +#endif /* TRACE || LOG */ + + continue_stalled_server_input: + switch (process_omp_server_input ()) { -#if OVAS_SSL - if (count == GNUTLS_E_AGAIN) // || errno == EAGAIN) - /* Got everything available, return to `select'. */ + case 0: /* Processed all input. */ + server_input_stalled = FALSE; break; - if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) - /* Interrupted, try read again. */ - continue; - if (errno == GNUTLS_E_REHANDSHAKE) - /* Return to select. TODO Rehandshake. */ + case -1: /* Error. */ + return -1; + case -3: /* to_server buffer full. */ + tracef (" server input stalled\n"); + server_input_stalled = TRUE; break; - fprintf (stderr, "Failed to read from server.\n"); - gnutls_perror (count); -#else - if (errno == EAGAIN) - /* Got everything available, return to `select'. */ - break; - if (errno == EINTR) - /* Interrupted, try read again. */ - continue; - perror ("Failed to read from server"); -#endif - return -1; + case -2: + default: /* Programming error. */ + assert (0); } - if (count == 0) - /* End of file. */ - return 0; - from_server_end += count; + if (server_input_stalled) + /* Break in order to write to client. */ + break; } -#if TRACE - /* This check prevents output in the "asynchronous network - error" case. */ - if (from_server_end > initial_start) - { -#if TRACE_TEXT - tracef ("<= server \"%.*s\"\n", - from_server_end - initial_start, - from_server + initial_start); -#else - tracef ("<= server %i bytes\n", - from_server_end - initial_start); -#endif - } -#endif /* TRACE */ - if (process_omp_server_input ()) return -1; + while (from_server_more); } - if (fds & FD_CLIENT_WRITE && FD_ISSET (client_socket, &writefds)) + if (fds & FD_CLIENT_WRITE + && to_client_ok + && FD_ISSET (client_socket, &writefds)) { /* Write as much as possible to the client. */ while (to_client_start < to_client_end) @@ -1574,21 +2185,30 @@ if (count < 0) { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN) // || errno == EAGAIN) - /* Wrote as much as possible, return to `select'. */ - goto end_client_fd_write; - if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) + if (count == GNUTLS_E_AGAIN) + { + /* Wrote as much as possible, either return to + `select' or re-attempt to process leftover + server input. */ + to_client_ok = FALSE; + goto end_client_fd_write; + } + if (count == GNUTLS_E_INTERRUPTED) /* Interrupted, try write again. */ continue; - if (errno == GNUTLS_E_REHANDSHAKE) - /* Return to select. TODO Rehandshake. */ - break; + if (count == GNUTLS_E_REHANDSHAKE) + /* \todo Rehandshake. */ + continue; fprintf (stderr, "Failed to write to client.\n"); gnutls_perror (count); #else if (errno == EAGAIN) - /* Wrote as much as possible, return to `select'. */ - goto end_client_fd_write; + { + /* Wrote as much as possible, either return to + `select' or re-attempt to process leftover + server input. */ + to_client_ok = FALSE; + } if (errno == EINTR) /* Interrupted, try write again. */ continue; @@ -1604,8 +2224,28 @@ } tracef ("=> client done\n"); to_client_start = to_client_end = 0; - end_client_fd_write: - ; + /* For stalled server input processing. Flag that it is OK + to try write to the server again after re-attempting to + process any leftover server or client input. */ + to_client_ok = TRUE; + end_client_fd_write: + + if (client_input_stalled) + /* A previous process_omp_client_input was stalled by a + full to_client buffer. Jump back to process the + remaining client input now that some of the to_client + buffer may have been written. */ + goto continue_stalled_client_input; + + if (server_input_stalled) + /* A previous process_omp_server_input was stalled by a + full to_client buffer. Jump back to process the + remaining server input now that some of the to_client + buffer may have been written. + + If this is missed because client processing is also stalled, + it will be done after the client processing. */ + goto continue_stalled_server_input; } } /* while (1) */ @@ -1659,7 +2299,7 @@ if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) /* Interrupted, try read again. */ goto retry; - if (errno == GNUTLS_E_REHANDSHAKE) + if (count == GNUTLS_E_REHANDSHAKE) /* Try again. TODO Rehandshake. */ goto retry; fprintf (stderr, "Failed to read from client (read_protocol).\n"); @@ -1779,7 +2419,7 @@ perror ("Failed to connect to server"); goto server_fail; } - tracef ("Connected to server on socket %i.\n", server_socket); + tracef (" Connected to server on socket %i.\n", server_socket); #if OVAS_SSL /* Complete setup of server session. */ @@ -1959,7 +2599,7 @@ close (client_socket); exit (EXIT_FAILURE); } - tracef ("Server context attached.\n"); + tracef (" Server context attached.\n"); int ret = serve_client (secure_client_socket); close_stream_connection (secure_client_socket); #else @@ -1987,7 +2627,7 @@ void cleanup () { - tracef ("Cleaning up.\n"); + tracef (" Cleaning up.\n"); if (manager_socket > -1) close (manager_socket); #if LOG if (fclose (log_stream)) perror ("Failed to close log stream"); @@ -1995,9 +2635,15 @@ #if OVAS_SSL ovas_server_context_free (server_context); #endif + /** \todo Are these really necessary? */ if (login) free (login); if (credentials) free (credentials); if (tasks) free_tasks (); + if (current_server_preference) free (current_server_preference); + maybe_free_current_server_plugin_dependency (); + maybe_free_server_preferences (); + maybe_free_server_rules (); + maybe_free_server_plugins_dependencies (); } /** Handler for all signals. @@ -2031,13 +2677,13 @@ main (int argc, char** argv) { int server_port, manager_port; - tracef ("OpenVAS Manager\n"); - tracef ("GNUTLS_E_AGAIN %i\n", GNUTLS_E_AGAIN); - tracef ("GNUTLS_E_INTERRUPTED %i\n", GNUTLS_E_INTERRUPTED); - tracef ("GNUTLS_E_REHANDSHAKE %i\n", GNUTLS_E_REHANDSHAKE); - tracef ("-8: %s\n", strerror(8)); - tracef ("-9: %s\n", strerror(9)); - tracef ("-10: %s\n", strerror(10)); + tracef (" OpenVAS Manager\n"); + tracef (" GNUTLS_E_AGAIN %i\n", GNUTLS_E_AGAIN); + tracef (" GNUTLS_E_INTERRUPTED %i\n", GNUTLS_E_INTERRUPTED); + tracef (" GNUTLS_E_REHANDSHAKE %i\n", GNUTLS_E_REHANDSHAKE); + tracef (" -8: %s\n", strerror(8)); + tracef (" -9: %s\n", strerror(9)); + tracef (" -10: %s\n", strerror(10)); /* Process options. */ @@ -2120,6 +2766,11 @@ server_port = htons (OPENVASD_PORT); } + /* Initialise server information needed by `cleanup'. */ + + server.preferences = NULL; + server.rules = NULL; + /* Register the `cleanup' function. */ if (atexit (&cleanup)) @@ -2222,10 +2873,10 @@ exit (EXIT_FAILURE); } - tracef ("Manager bound to address %s port %i\n", + tracef (" Manager bound to address %s port %i\n", manager_address_string, ntohs (manager_address.sin_port)); - tracef ("Set to connect to address %s port %i\n", + tracef (" Set to connect to address %s port %i\n", server_address_string, ntohs (server_address.sin_port)); From scm-commit at wald.intevation.org Wed Dec 10 14:19:34 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 14:19:34 +0100 (CET) Subject: [Openvas-commits] r1962 - in trunk/openvas-client: . po Message-ID: <20081210131934.D032740773@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-10 14:19:32 +0100 (Wed, 10 Dec 2008) New Revision: 1962 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/po/de.po Log: * po/de.po: Fixed errors in German translation pointed out by Hans Ullrich. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-10 12:27:23 UTC (rev 1961) +++ trunk/openvas-client/ChangeLog 2008-12-10 13:19:32 UTC (rev 1962) @@ -1,3 +1,8 @@ +2008-12-10 Michael Wiegand <michael.wiegand at intevation.de> + + * po/de.po: Fixed errors in German translation pointed out by Hans + Ullrich. + 2008-12-09 Felix Wolfsteller <felix.wolfsteller at intevation.de> TODO ( harglst-> GSList for temporarily storing filenames) done. Modified: trunk/openvas-client/po/de.po =================================================================== --- trunk/openvas-client/po/de.po 2008-12-10 12:27:23 UTC (rev 1961) +++ trunk/openvas-client/po/de.po 2008-12-10 13:19:32 UTC (rev 1962) @@ -8,7 +8,7 @@ msgstr "" "Project-Id-Version: OpenVAS-Client 1.0\n" "Report-Msgid-Bugs-To: openvas-devel at wald.intevation.org\n" -"POT-Creation-Date: 2008-12-05 11:37+0100\n" +"POT-Creation-Date: 2008-12-10 14:11+0100\n" "PO-Revision-Date: 2004-08-17 01:05+0200\n" "Last-Translator: Michael Wiegand <michael.wiegand at intevation.de>\n" "Language-Team: OpenVAS Developers <openvas-devel at wald.intevation.org>\n" @@ -218,52 +218,52 @@ msgid "Invalid response from server to certificate request: %s" msgstr "Ung?ltige Serverantwort auf Zertifikatsanfrage: %s" -#: nessus/context.c:236 +#: nessus/context.c:244 msgid "context_remove_child detected existing children." msgstr "context_remove_child hat noch existierende Kindprozesse entdeckt." -#: nessus/context.c:389 nessus/prefs_dialog/prefs_scope_tree.c:273 +#: nessus/context.c:434 nessus/prefs_dialog/prefs_scope_tree.c:273 msgid "context_rename() called with illegal type" msgstr "context_rename() mit illegalem Typ aufgerufen" -#: nessus/context.c:406 nessus/context.c:437 +#: nessus/context.c:451 nessus/context.c:482 #, c-format msgid "Directory %s couldn't be renamed to %s: %s." msgstr "Verzeichnis %s konnte nicht in %s umbenannt werden: %s." -#: nessus/context.c:454 +#: nessus/context.c:499 #, c-format msgid "Can't move \"%s\" to \"%s\"." msgstr "Kann \"%s\" nicht nach \"%s\" verschieben." -#: nessus/context.c:477 nessus/context.c:516 nessus/html_graph_output.c:1116 +#: nessus/context.c:522 nessus/context.c:561 nessus/html_graph_output.c:1116 #, c-format msgid "Directory %s couldn't be created: %s." msgstr "Verzeichnis %s konnte nicht erzeugt werden: %s." -#: nessus/context.c:502 nessus/prefs_dialog/prefs_scan_assistant.c:263 +#: nessus/context.c:547 nessus/prefs_dialog/prefs_scan_assistant.c:263 msgid "unnamed task" msgstr "unbenannte Aufgabe" -#: nessus/context.c:505 nessus/prefs_dialog/prefs_scan_assistant.c:280 +#: nessus/context.c:550 nessus/prefs_dialog/prefs_scan_assistant.c:280 msgid "unnamed scope" msgstr "unbenannter Bereich" -#: nessus/context.c:508 +#: nessus/context.c:553 msgid "context_new(): No name provided for context" msgstr "context_new(): Kein Name f?r Kontext angegeben" -#: nessus/context.c:556 +#: nessus/context.c:601 #, c-format msgid "File %s couldn't be deleted: %s." msgstr "Datei %s konnte nicht gel?scht werden: %s." -#: nessus/context.c:562 +#: nessus/context.c:607 #, c-format msgid "Directory %s couldn't be deleted: %s." msgstr "Verzeichnis %s konnte nicht gel?scht werden: %s." -#: nessus/context.c:585 +#: nessus/context.c:630 msgid "context_delete() deleted the current context." msgstr "context_delete() hat den aktuellen Kontext gel?scht." @@ -1096,7 +1096,7 @@ #: nessus/preferences.c:511 #, c-format msgid "# This file was automagically created by OpenVAS-Client\n" -msgstr "# Diese Datei wurd automagisch durch OpenVAS-Client erzeugt\n" +msgstr "# Diese Datei wurde automagisch durch OpenVAS-Client erzeugt\n" #: nessus/preferences.c:630 msgid "Global Settings" @@ -1876,7 +1876,7 @@ "max_checks processes!" msgstr "" "Maximale Anzahl der Tests, die gleichzeitig gegen jedes einzelne Ziel " -"durchgef?rt werden soll. Beachten Sie, dass der OpenVAS-Server Max-" +"durchgef?rt werden sollen. Beachten Sie, dass der OpenVAS-Server Max-" "Zielrechner x Max-Tests Prozesse starten wird!" #: nessus/prefs_dialog/prefs_help.h:62 @@ -1916,7 +1916,7 @@ msgstr "" "Sicherheits-Tests bitten unter Umst?nden den OpenVAS-Server darum, nur dann " "gestartet zu werden, wenn sich bestimmte Informationen, die durch andere " -"Plugins gesammelt wurden, in der Wissenbasis befinden oder falls und nur " +"Plugins gesammelt wurden, in der Wissenbasis befinden oder falls, und nur " "dann, wenn ein angegebener Port offen ist. Diese Option kann die Tests " "beschleunigen, kann aber dazu f?hren, dass OpenVAS Server einige L?cken " "?bersieht. Wer paranoid ist, schaltet diese Option aus." @@ -1975,7 +1975,7 @@ msgstr "" "Um Zeit beim Scannen einzusparen, kann man OpenVAS-Server anweisen, TCP-" "Ports, die nicht gescannt wurden, als geschlossen zu betrachten. Dies f?hrt " -"zu einem unvollst?ndigen Ergebniss, aber es spart Zeit und sorgt daf?r, dass " +"zu einem unvollst?ndigen Ergebnis, aber es spart Zeit und sorgt daf?r, dass " "keine Pakete an Ports gesendet werden die nicht von Ihnen explizit benannt " "wurden. Wird diese Option ausgeschaltet, betrachtet OpenVAS Server die Ports " "mit unbestimmten Zustand als offen." @@ -2052,7 +2052,7 @@ "Das Warnungs-Symbol bedeutet, dass dieses Plugin Dienste auf dem Zielsystem " "das gesamte System zum Absturz bringen kann. Sie sollten sehr vorsichtig " "sein, wenn Sie diese Option einschalten, da es n?tig werden k?nnte, einige " -"Zielsystem manuell neu zu starten." +"Zielsysteme manuell neu zu starten." #: nessus/prefs_dialog/prefs_help.h:158 msgid "" @@ -2089,7 +2089,7 @@ "knowledge bases." msgstr "" "Wird diese Option eingeschaltet, werden nur solche Ziele getestet, f?r die " -"keine oder eine veraltete Wissensbasis vorliegt. Verwenden Sie dies Option, " +"keine oder eine veraltete Wissensbasis vorliegt. Verwenden Sie diese Option, " "wenn Sie die Wissensbasis anreichern wollen." #: nessus/prefs_dialog/prefs_help.h:177 @@ -2276,7 +2276,7 @@ " - Hosts of project ABC\n" "You should also enter a comment further explaining the task." msgstr "" -"Aufgaben beschreibe bestimmten T?tigkeitsbereiche. Sie k?nnen " +"Aufgaben beschreiben bestimmte T?tigkeitsbereiche. Sie k?nnen " "wiederkehrende\n" "T?tigkeit auf diese Weise nach Thema, H?ufigkeit, Ort oder ?hnlichem " "gruppieren\n" @@ -2341,7 +2341,7 @@ "sollen.\n" "Sie auf folgende Weise angegeben werden:\n" " - Einfacher Hostname (f?r Hosts innerhalb Ihres LAN)\n" -" - Voll qualifizierte Hostname (z.B. www.example.com)\n" +" - Voll qualifizierter Hostname (z.B. www.example.com)\n" " - IP Adresse (z.B. 192.168.0.1)\n" " - IP Netzwerk (z.B. 192.168.0.0/24 oder 192.168.0.0/255.255.255.0)\n" "Sie k?nnen mehrere Ziele angeben, indem Sie sie durch Kommas trennen." @@ -2364,8 +2364,8 @@ "und\n" "insbesondere Druckserver sind so fehlerhaft, dass sie dabei abst?rzen " "k?nnten.\n" -"Am besten holen Sie eine schriftliche Best?tigung ein, bevor Sie f?r den\n" -"Produktionbetrieb wichtige Server scannen." +"Am besten holen Sie eine schriftliche Best?tigung ein, bevor Sie\n" +"f?r den Produktionsbetrieb wichtige Server scannen." #: nessus/prefs_dialog/prefs_scan_assistant.c:309 msgid "Step 4: Execute" @@ -2393,7 +2393,7 @@ "Sie sind nun bereit einen Scan zu starten.\n" "\n" "Wenn Sie auf \"Ausf?hren\" klicken, wird der Verbindungs-Dialog auftauchen.\n" -"Sie m?ssen hier einen Nessus Server angeben, der die Ziele erreichen kann,\n" +"Sie m?ssen hier einen OpenVAS-Server angeben, der die Ziele erreichen kann,\n" "die Sie in den vorherigen Schriten angegeben haben.\n" "\n" "Achtung: Sie m?ssen einen Login auf diesem Server besitzen. Kontaktieren Sie " From scm-commit at wald.intevation.org Wed Dec 10 16:16:37 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 16:16:37 +0100 (CET) Subject: [Openvas-commits] r1963 - trunk/doc/website Message-ID: <20081210151637.23DC84077C@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-10 16:16:36 +0100 (Wed, 10 Dec 2008) New Revision: 1963 Modified: trunk/doc/website/index.htm4 trunk/doc/website/openvas-crs.htm4 trunk/doc/website/roadmap.htm4 Log: Updated status and roadmap, moved ideas from roadmap to change requests. Modified: trunk/doc/website/index.htm4 =================================================================== --- trunk/doc/website/index.htm4 2008-12-10 13:19:32 UTC (rev 1962) +++ trunk/doc/website/index.htm4 2008-12-10 15:16:36 UTC (rev 1963) @@ -55,7 +55,8 @@ <li>Several NVTs inherited from Nessus are still broken because they depend on a non-free component. <li>The upcoming 2.0 release is approaching fast. The first release candidate -(2.0-rc1) was released on December 5th, 2008. +(2.0-rc1) was released on December 5th, 2008 and the 2.0.0 release is currently +scheduled for December 17th, 2008. </ul> <p> Modified: trunk/doc/website/openvas-crs.htm4 =================================================================== --- trunk/doc/website/openvas-crs.htm4 2008-12-10 13:19:32 UTC (rev 1962) +++ trunk/doc/website/openvas-crs.htm4 2008-12-10 15:16:36 UTC (rev 1963) @@ -92,3 +92,59 @@ <li> Design and Implementation: Any technical details that seem appropriate. <li> History: Date, name and description of changes in ChangeLog format. </ul> + +<h2>Ideas for future OpenVAS functionalities</h2> + +<p> +These ideas result from general brain storming on the openvas-discuss mailing +list and OpenVAS developer conferences and have not yet lead to a change +request. If you would like to see a particular idea implemented or would like to +implement it yourself, please feel free to formulate a change request as +described above. +</p> + +<ul> +<li> Direct support of Database: + <p> + OpenVAS Server should optionally write results into a database. It is to + be discussed whether this is done additional to sending the results via + Nessus Protocol. Also the question is open whether the server manages + access to the database directly or whether users submit DB connection and + authorization details so that the data are written there. + </p> + +<li> Re-connect to running OpenVAS scans: + <p> + OpenVAS should run in the background without a permanent connection to the + client. Re-connection should then allow to get the results. Email + notification at scan completion is helpful as well. + </p> + +<li> Trace function: + <p> + Show sets of queries. Each query is composed of the rule that was used, the + destination IP and port, the data sent, and the data returned. This will + make it easier to determine false positives. + </p> + +<li> Improved NASL debugging + +<li> Condensed Plugins: + <p> + E.g. all the Debian local security checks could be condensed + into few (for each year). It is not clear yet which other implications + this might mean. + </p> + +<li> Generic Plugins: + <p> + Plugins with some heuristics to generically detect weaknesses + in web applications. + </p> + +<li> Consider popular issue-tracker or helpdesk systems to pull issues from + scan reports, sort them, prioritize and assign them. + +</ul> + + Modified: trunk/doc/website/roadmap.htm4 =================================================================== --- trunk/doc/website/roadmap.htm4 2008-12-10 13:19:32 UTC (rev 1962) +++ trunk/doc/website/roadmap.htm4 2008-12-10 15:16:36 UTC (rev 1963) @@ -29,91 +29,29 @@ <h2>Roadmap of OpenVAS project</h2> <p> -This is the current (October 2008) status of the roadmap for OpenVAS. +This is the current (December 2008) status of the roadmap for OpenVAS. More +detailed information on upcoming changes and current efforts can be found on the +<a href="openvas-crs.htm4">Change Requests page</a>. <p> -<h3>October 2008: German translation of OpenVAS Compendium</h3> +<h3>December 2008: Release OpenVAS 2.0.0</h3> <p> -Right after all main works on the english OpenVAS Compendium -have finished, the translation into german language will start. +This release marks another milestone for the OpenVAS project and is currently +scheduled for December 17th, 2008. </p> -<h3>November 2008: Second beta release of the new 2.0 series of OpenVAS</h3> +<h3>Early Summer 2009: OpenVAS DevCon2</h3> <p> -Depending on the problems found with OpenVAS 2.0-beta1, a second beta -release is planned for 4-8 weeks after the beta1 release. +The second OpenVAS developer conference is proposed to take place in Osnabrück, +Germany in early Summer 2009. </p> -<h2>Ideas for future OpenVAS functionalities</h2> +<h3>Fall 2009: OpenVAS 3.0.0</h3> <p> -These ideas result from general brain storming -on the openvas-discuss mailing list and OpenVAS developer -conferences. +The release of the next major version of OpenVAS in tentatively scheduled for +Fall 2009. </p> -<p> -The following items have not yet been decided upon for -the fixed roadmap and may still be subject to discussion. -There is no order in the list, new items are just appended. -</p> - -<ul> -<li> Plugin severity override: - <p> - Some places value some vulnerabilities more than others. - For example: some places rank anonymous CIFS connections - as vital to their business. Others say its a big risk. - Having a front end to override the degree instead of patching the - plugin would be nice. - This is related to ideas about false-positive marking. - </p> - -<li> Direct support of Database: - <p> - OpenVAS Server should optionally write results into a database. - It is to be discussed whether this is done additional to sending - the results via Nessus Protocol. Also the question is open whether - the server manages access to the database directly or whether users - submit DB connection and authorization details so that the - data are written there. - </p> - -<li> Re-connect to running OpenVAS scans: - <p> - OpenVAS should run in the background without - a permanent connection to the client. - Re-connection should then allow to get the results. - Email notification at scan completion is helpful - as well. - </p> - -<li> Trace function: - <p> - Show sets of queries. Each query is composed of the rule - that was used, the destination IP and port, the data sent, - and the data returned. This will make it easier to determine false positives. - </p> - -<li> Improved NASL debugging - -<li> Condensed Plugins: - <p> - E.g. all the Debian local security checks could be condensed - into few (for each year). It is not clear yet which other implications - this might mean. - </p> - -<li> Generic Plugins: - <p> - Plugins with some heuristics to generically detect weaknesses - in web applications. - </p> - -<li> Consider popular issue-tracker or helpdesk systems to pull issues from - scan reports, sort them, prioritize and assign them. - -</ul> - From scm-commit at wald.intevation.org Wed Dec 10 16:27:36 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 16:27:36 +0100 (CET) Subject: [Openvas-commits] r1964 - trunk/doc/website Message-ID: <20081210152736.A48B14077E@pyrosoma.intevation.org> Author: chandra Date: 2008-12-10 16:27:36 +0100 (Wed, 10 Dec 2008) New Revision: 1964 Modified: trunk/doc/website/openvas-cr-23.htm4 Log: Updated based on the feedback Modified: trunk/doc/website/openvas-cr-23.htm4 =================================================================== --- trunk/doc/website/openvas-cr-23.htm4 2008-12-10 15:16:36 UTC (rev 1963) +++ trunk/doc/website/openvas-cr-23.htm4 2008-12-10 15:27:36 UTC (rev 1964) @@ -147,7 +147,6 @@ </p> <pre> ['Local test', - 'Credentials', 'Local test SuSE/FC/Gent./Ubuntu', 'Windows SMB' ] @@ -193,53 +192,134 @@ The New List of Families </h4> <pre> -Families = [ - 'Backdoors', - 'Brute force attacks', - 'Web application abuses', - 'CISCO', - 'Default Unix Accounts', - 'Denial of Service', - 'Finger abuses', - 'Firewalls', - 'FTP', - 'Gain a shell remotely', - 'Gain root remotely', - 'General', - 'Netware', - 'Peer-To-Peer File Sharing', - 'Port scanners', - 'Remote file access', - 'RPC', - 'Service detection', - 'Settings', - 'SMTP problems', - 'SNMP', - 'Useless services', - 'Windows : Microsoft Bulletins', - 'Windows', - 'AIX Local Security Checks', - 'Debian Local Security Checks', - 'FreeBSD Local Security Checks', - 'Gentoo Local Security Checks', - 'MacOS X Local Security Checks', - 'Red Hat Local Security Checks', - 'Solaris Local Security Checks', - 'SuSE Local Security Checks' - 'Web Servers, - 'Buffer overflow' - 'Privilege escalation' - 'Malware' - ] +Families: +- 'Brute force attacks' + NVT attempts brute force methods to either detect the vulnerabilities or + gain control over the target system. + +- 'Web application abuses' + The vulnerability in question helps to conduct web based attacks such as + Cross Site Scripting, Cross Site Request Forgery, SQL Injection, File + Inclusion, Cookie Poisoning. + +- 'CISCO' + NVT's discvering all vulnerabilities related to Cisco devices, IOS, + Applications and management consoles are categorized into this family. + +- 'Default Unix Accounts' + NVT is attempting to identify the default and dangerous user accounts on + the target system. + +- 'Denial of Service' + When the NVT is describing any vulnerability that can be exploited to crash + or deny the service to legitimate users. Note that by categorizing the NVT + to this family, it doesn't inherently indicate that NVT itself is attempting + to crash or deny the service. Use ACT_DENIAL or ACT_KILL in script_category() + for such purposes. + +- 'Finger abuses' + Vulnerabilities related to 'finger' service. + +- 'Firewalls' + NVT is attempting to scan a firewall. Any vulnerability related to firewalls + can be categorized here, including any other traffic analyzers or malware + blockers. + +- 'FTP' + All vulnerabilities related to FTP servers or clients. + +- 'Gain a shell remotely' + In case a vulnerability lets the attacker gain the shell remotely for + reasons other than buffer overflow. + +- 'Netware' + +- 'Peer-To-Peer File Sharing' + +- 'Port scanners' + +- 'Remote file access' + +- 'RPC' + NVT is describing a vulnerability that can be exploited through an RPC + service. + +- 'Service detection' + +- 'Settings' + NVT's that set user preferences through script_add_preference() function. + +- 'SMTP problems' + Detecting vulnerabilities related to mail servers. + +- 'SNMP' + +- 'Useless services' + NVT is identifying services that may not be required to run on the target + system. + +- 'Windows : Microsoft Bulletins' + NVT's detecting the patch status of Windows systems based on the security + bulletins released by Microsoft. + +- 'Windows' + NVT's detecting the vulnerabilities in all Windows Operating System + including other Microsoft products are categorized into this family. + +- 'AIX Local Security Checks' + +- 'Debian Local Security Checks' + +- 'FreeBSD Local Security Checks' + +- 'Gentoo Local Security Checks' + +- 'MacOS X Local Security Checks' + +- 'Red Hat Local Security Checks' + +- 'Solaris Local Security Checks' + +- 'SuSE Local Security Checks' + +- 'Web Servers + NVT's detecting vulnerabilities in any web server or application server. + +- 'Buffer overflow' + +- 'Privilege escalation' + +- 'Credentials', + NVT's that set credentials such as SMB, SSH using script_add_preference(). + +- 'Malware' + NVT is attemping to detect a virus, worm, or trojan including backdoors. + +- 'General' + NVT's that cannot be categorized into any of the above families are grouped + into General. </pre> -<p> -Any addition to the above list will have to go through Change Request process. -</p> +<h4>Conventions</h4> +<ul> +<li> +Note that the family names are case-sensitive. +</li> +<li>Any addition to the above list will have to go through Change Request + process.</li> + +<li>Once voted, the family names will be documented in the OpenVAS Compendium +so that it acts as reference for NVT developers. </li> + + <h3>History</h3> <ul> <li> 2008-11-28 Chandrashekhar B <bchandra at secpod.com>:<br> Initial text.</li> +<li> + 2008-12-07 Chandrashekhar B <bchandra at secpod.com>:<br> + Updated based on the feedback recieved on the list. +</li> </ul> From scm-commit at wald.intevation.org Wed Dec 10 17:58:16 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 17:58:16 +0100 (CET) Subject: [Openvas-commits] r1965 - in trunk/openvas-plugins: . scripts Message-ID: <20081210165816.1CCE140776@pyrosoma.intevation.org> Author: chandra Date: 2008-12-10 17:58:14 +0100 (Wed, 10 Dec 2008) New Revision: 1965 Added: trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_vuln_win.nasl trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl trunk/openvas-plugins/scripts/gb_titan_ftp_server_bof_vuln.nasl trunk/openvas-plugins/scripts/secpod_ms08-071.nasl trunk/openvas-plugins/scripts/secpod_ms08-072.nasl trunk/openvas-plugins/scripts/secpod_ms08-073.nasl trunk/openvas-plugins/scripts/secpod_ms08-074.nasl trunk/openvas-plugins/scripts/secpod_ms08-076.nasl trunk/openvas-plugins/scripts/secpod_nero_showtime_remote_bof_vuln_900410.nasl trunk/openvas-plugins/scripts/secpod_tvp_taghandling_bof_vuln_900409.nasl trunk/openvas-plugins/scripts/secpod_virtualbox_acquiredaemonlock_vuln_lin_900408.nasl trunk/openvas-plugins/scripts/secpod_virtualbox_acquiredaemonlock_vuln_win_900407.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/ChangeLog 2008-12-10 16:58:14 UTC (rev 1965) @@ -1,3 +1,21 @@ +2008-12-10 Chandrashekhar B <bchandra at sepod.com> + * scripts/secpod_tvp_taghandling_bof_vuln_900409.nasl, + scripts/secpod_virtualbox_acquiredaemonlock_vuln_lin_900408.nasl, + scripts/secpod_nero_showtime_remote_bof_vuln_900410.nasl, + scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl, + scripts/secpod_virtualbox_acquiredaemonlock_vuln_win_900407.nasl, + scripts/gb_titan_ftp_server_bof_vuln.nasl, + scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl, + scripts/gb_adobe_acrobat_pdf_vuln_win.nasl: + Added new plugins + + * scripts/secpod_ms08-074.nasl, + * scripts/secpod_ms08-071.nasl, + * scripts/secpod_ms08-072.nasl, + * scripts/secpod_ms08-076.nasl, + * scripts/secpod_ms08-073.nasl: + MS Bulletins plugins for Dec08 + 2008-12-10 Chandrashekhar B <bchandra at secpod.com> * scripts/secpod_mailscanner_infinite_loop_dos_vuln_900413.nasl: Added new plugin Added: trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_vuln_win.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_vuln_win.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,101 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_adobe_acrobat_pdf_vuln_win.nasl 604 2008-12-10 09:32:12Z dec $ +# +# Adobe Acrobat 9 PDF Document Encryption Weakness Vulnerability (Win) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800078); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5331"); + script_bugtraq_id(32610); + script_name(english:"Adobe Acrobat 9 PDF Document Encryption Weakness Vulnerability (Win)"); + desc["english"] = " + + Overview: This host has Adobe Acrobat installed and is prone to encryption + weakness vulnerability. + + Vulnerability Insight: + The flaw is caused due to the way it handles encryption standards. + + Impact: + Successful exploitation could allow attackers to steal or guess document's + password via a brute force attacks. + + Impact Level: Application + + Affected Software/OS: + Adobe Acrobat version 9.0 on Windows. + + Fix: No solution or patch is available as on 09th December, 2008. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.adobe.com/products/ + + References: + http://blogs.adobe.com/security/2008/12/acrobat_9_and_password_encrypt.html + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.4 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Adobe Acrobat"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(!registry_key_exists(key:"SOFTWARE\Adobe")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + adobeName = registry_get_sz(item:"DisplayName", key:key +item); + if("Adobe Acrobat" >< adobeName) + { + adobeVer = registry_get_sz(item:"DisplayVersion", key:key + item); + if(!adobeVer){ + exit(0); + } + + if(adobeVer =~ "^9\.0(\.0)?$"){ + security_hole(0); + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_adobe_acrobat_pdf_vuln_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,103 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl 588 2008-12-09 16:15:42Z dec $ +# +# Apple iPhone Configuration Web Utility Directory Traversal Vulnerability +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800080); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5315"); + script_bugtraq_id(32412); + script_name(english:"Apple iPhone Configuration Web Utility Directory Traversal Vulnerability"); + desc["english"] = " + + Overview: This host has Apple iPhone Configuration Web Utility installed + and is prone to directory traversal vulnerability. + + Vulnerability Insight: + The issue is caused due to an input validation error when processing HTTP + GET requests. + + Impact: + Successful exploitation could allow attackers to download arbitrary files + from the affected system via directory traversal attacks. + + Impact Level: Application + + Affected Software/OS: + iPhone Configuration Web Utility 1.0.x for Windows + + Fix: Upgrade to iPhone Configuration Utility 1.1 + http://support.apple.com/downloads/iPhone_Configuration_Utility_1_1_for_Windows + + References: + http://secunia.com/advisories/32852 + http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065822.html + + CVSS Score: + CVSS Base Score : 7.8 (AV:N/AC:L/Au:NR/C:C/I:N/A:N) + CVSS Temporal Score : 5.8 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of iPhone Utility"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Misc."); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(!registry_key_exists(key:"SOFTWARE\Apple Inc.")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + iPhoneName = registry_get_sz(item:"DisplayName", key:key +item); + if(iPhoneName =~ "iPhone Configuration.*Utility") + { + iPhoneVer = registry_get_sz(item:"DisplayVersion", key:key + item); + if(!iPhoneVer){ + exit(0); + } + + if(version_is_less(version:iPhoneVer, test_version:"1.1.0.43")){ + security_hole(0); + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_apple_iphone_conf_web_utlty_dir_trvsl_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_titan_ftp_server_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_titan_ftp_server_bof_vuln.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/gb_titan_ftp_server_bof_vuln.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_titan_ftp_server_bof_vuln.nasl 550 2008-12-01 18:36:29Z nov $ +# +# Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800073); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-5281", "CVE-2008-0702", "CVE-2008-0725"); + script_bugtraq_id(27611); + script_name(english:"Titan FTP Server DELE Command Remote Buffer Overflow Vulnerability"); + desc["english"] = " + + Overview: This host is running Titan FTP Server and is prone to remote + buffer overflow vulnerability. + + Vulnerability Insight: + The flaw exists in server due to improper handling of input passed to the + command DELE. + + Impact: + Successful exploitation will allow remote attackers to deny the service. + + Affected Software/OS: + Titan FTP Server version 6.05 build 550 and prior. + + Fix: + Upgrade to the latest version, + http://www.titanftp.com/download/index.html + + References: + http://packetstormsecurity.org/0802-exploits/titan-heap-py.txt + http://secunia.com/advisories/28760 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Titan FTP Server"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 Intevation GmbH"); + script_family(english:"Denial of Service"); + script_dependencies("find_service.nes"); + script_require_ports("Services/ftp", 21); + exit(0); +} + + +include("ftp_func.inc"); +include("version_func.inc"); + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(!get_port_state(port)){ + exit(0); +} + +banner = get_ftp_banner(port:port); +if("Titan FTP Server" >!< banner){ + exit(0); +} + +ftpVer = eregmatch(pattern:"Titan FTP Server ([0-9.]+)", string:banner); +if(ftpVer[1] != NULL) +{ + # Grep for version <= 6.05.550 + if(version_is_less_equal(version:ftpVer[1], test_version:"6.05.550")){ + security_hole(port); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_titan_ftp_server_bof_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_ms08-071.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms08-071.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_ms08-071.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,152 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms08-071.nasl 637 2008-12-10 09:16:04Z dec $ +# +# Vulnerabilities in GDI Could Allow Remote Code Execution (956802) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: SecPod +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + + +if(description) +{ + script_id(900059); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-2249", "CVE-2008-3465"); + script_bugtraq_id(32634, 32637); + script_name(english:"Vulnerabilities in GDI Could Allow Remote Code Execution (956802)"); + desc["english"] = " + + Overview: This host has critical security update missing according to + Microsoft Bulletin MS08-071. + + Vulnerability Insight: + The flaw caused due to, + - overflow error in GDI when processing headers in Windows Metafile (WMF) + files. + - an error exists in the the way the GDI handles file size parameters in + WMF files. + + Impact: + Successful exploitation could execute arbitrary code on the remote system + and cause heap based buffer overflow via a specially crafted WMF file. + + Impact Level: System + + Affected Software/OS: Microsoft Windows 2K/XP/2003 + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link. + http://www.microsoft.com/technet/security/bulletin/ms08-071.mspx + + References: + http://www.microsoft.com/technet/security/bulletin/ms08-071.mspx + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor : High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the vulnerable File Version"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_family(english:"Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){ + exit(0); +} + +# Check for Hotfix 956802 (MS08-071). +if(hotfix_missing(name:"956802") == 0){ + exit(0); +} + +dllPath = registry_get_sz(item:"Install Path", + key:"SOFTWARE\Microsoft\COM3\Setup"); +if(!dllPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:dllPath + "\gdi32.dll"); + +dllVer = GetVer(file:file, share:share); +if(!dllVer){ + exit(0); +} + +if(hotfix_check_sp(win2k:5) > 0) +{ + # Check for gdi32.dll version < 5.0.2195.7205 + if(version_is_less(version:dllVer, test_version:"5.0.2195.7205")){ + security_hole(0); + } +} + +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Check for gdi32.dll version < 5.1.2600.3466 + if(version_is_less(version:dllVer, test_version:"5.1.2600.3466")){ + security_hole(0); + } + } + else if("Service Pack 3" >< SP) + { + # Check for gdi32.dll version < 5.1.2600.5698 + if(version_is_less(version:dllVer, test_version:"5.1.2600.5698")){ + security_hole(0); + } + } + else security_hole(0); +} + +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 1" >< SP) + { + # Check for gdi32.dll version < 5.2.3790.3233 + if(version_is_less(version:dllVer, test_version:"5.2.3790.3233")){ + security_hole(0); + } + } + else if("Service Pack 2" >< SP) + { + # Check for gdi32.dll version < 5.2.3790.4396 + if(version_is_less(version:dllVer, test_version:"5.2.3790.4396")){ + security_hole(0); + } + } + else security_hole(0); +} Added: trunk/openvas-plugins/scripts/secpod_ms08-072.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms08-072.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_ms08-072.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms08-072.nasl 643 2008-12-10 18:17:09Z dec $ +# +# Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: SecPod +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + + +if(description) +{ + script_id(900063); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-4024", "CVE-2008-4025", "CVE-2008-4026", + "CVE-2008-4027", "CVE-2008-4028", "CVE-2008-4030", + "CVE-2008-4031", "CVE-2008-4837"); + script_bugtraq_id(32579, 32580, 32581, 32583, 32584, 32585, 32594, 32642); + script_name(english:"Vulnerabilities in Microsoft Office Word Could Allow Remote Code Execution (957173)"); + desc["english"] = " + + Overview: This host has critical security update missing according to + Microsoft Bulletin MS08-072. + + Vulnerability Insight: + Microsoft office is prone to multiple vulnerabilities. For more information + refer, http://secunia.com/advisories/30285/ + + Impact: + Successful exploitation could execute arbitrary code on the remote system + and corrupt memory via a specially crafted Excel Spreadsheet (XLS) file. + + Impact Level: System + + Affected Software/OS: + Microsoft Office 2K/XP/2003/2007 + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link. + http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx + + References: + http://www.microsoft.com/technet/security/bulletin/ms08-072.mspx + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor : High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the vulnerable File Version"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_family(english:"Windows : Microsoft Bulletins"); + script_dependencies("secpod_office_products_version_900032.nasl", + "secpod_ms_office_detection_900025.nasl"); + script_require_keys("SMB/WindowsVersion", "SMB/Office/Word/Version"); + exit(0); +} + + +include("version_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(egrep(pattern:"^(9|10|11|12)\..*", string:get_kb_item("MS/Office/Ver"))) +{ + wordVer = get_kb_item("SMB/Office/Word/Version"); + if(!wordVer){ + exit(0); + } + + if(version_in_range(version:wordVer, test_version:"9.0", + test_version2:"9.0.8973")){ + security_hole(0); + } + else if(version_in_range(version:wordVer, test_version:"10.0", + test_version2:"10.0.6849")){ + security_hole(0); + } + else if(version_in_range(version:wordVer, test_version:"11.0", + test_version2:"11.0.8236")){ + security_hole(0); + } + else if(version_in_range(version:wordVer, test_version:"12.0", + test_version2:"12.0.6331.4999")){ + security_hole(0); + } +} Added: trunk/openvas-plugins/scripts/secpod_ms08-073.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms08-073.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_ms08-073.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,186 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms08-073.nasl 642 2008-12-10 16:41:09Z dec $ +# +# Cumulative Security Update for Internet Explorer (958215) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: SecPod +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900062); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-4258", "CVE-2008-4259", "CVE-2008-4260", "CVE-2008-4261"); + script_bugtraq_id(32586, 32593, 32595, 32596); + script_name(english:"Cumulative Security Update for Internet Explorer (958215)"); + desc["english"] = " + + Overview: This host has critical security update missing according to + Microsoft Bulletin MS08-073. + + Vulnerability Insight: + The flaws are caused due to, + - error when handling parameters passed to unspecified navigation methods. + - error when fetching a file with an overly long path from a WebDAV share. + - unspecified use-after-free error. + - a boundary error when processing an overly long filename extension + specified inside an EMBED tag. + + Impact: + Successful exploitation could result in stack based buffer overflow by + sending overly long specially crafted file via web page to corrupt heap + memory. + + Impact Level: System + + Affected Software/OS: + Internet Explorer 5.01 & 6 on MS Windows 2000 + Internet Explorer 6 on MS Windows 2003 and XP + Internet Explorer 7 on MS Windows 2003 and XP + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link. + http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx + + References: + http://www.microsoft.com/technet/security/bulletin/ms08-073.mspx + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor : High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the vulnerable File Version"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_family(english:"Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){ + exit(0); +} + +ieVer = registry_get_sz(key:"SOFTWARE\Microsoft\Internet Explorer", + item:"Version"); +if(!ieVer){ + ieVer = registry_get_sz(item:"IE", + key:"SOFTWARE\Microsoft\Internet Explorer\Version Vector"); +} + +if(!ieVer){ + exit(0); +} + +# MS08-073 Hotfix (958215) +if(hotfix_missing(name:"958215") == 0){ + exit(0); +} + +dllPath = registry_get_sz(item:"Install Path", + key:"SOFTWARE\Microsoft\COM3\Setup"); + +dllPath += "\mshtml.dll"; +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath); + +vers = GetVer(file:file, share:share); +if(!vers){ + exit(0); +} + +if(hotfix_check_sp(win2k:5) > 0) +{ + # Check for IE version 5 < 5.0.3870.1500 + if(version_in_range(version:vers, test_version:"5.0", + test_version2:"5.0.3870.1499")){ + security_hole(0); + } + # Check for IE version 6 < 6.0.2800.1617 + else if(version_in_range(version:vers, test_version:"6.0", + test_version2:"6.0.2800.1616")){ + security_hole(0); + } +} + +if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Check for IE version 6 < 6.0.2900.3462 + if(version_in_range(version:vers, test_version:"6.0", + test_version2:"6.0.2900.3461")){ + security_hole(0); + } + } + else if("Service Pack 3" >< SP) + { + # Check for IE version 6 < 6.0.2900.5694 + if(version_in_range(version:vers, test_version:"6.0", + test_version2:"6.0.2900.5693")){ + security_hole(0); + } + } + else security_hole(0); + + # Check for IE version 7 < 7.0.6000.16762 + if(version_in_range(version:vers, test_version:"7.0", + test_version2:"7.0.6000.16761")){ + security_hole(0); + } +} + +if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 1" >< SP) + { + # Check for IE version 6 < 6.0.3790.3229 + if(version_in_range(version:vers, test_version:"6.0", + test_version2:"6.0.3790.3228")){ + security_hole(0); + } + } + else if("Service Pack 2" >< SP) + { + # Check for IE version 6 < 6.0.3790.4392 + if(version_in_range(version:vers, test_version:"6.0", + test_version2:"6.0.3790.4391")){ + security_hole(0); + } + } + else security_hole(0); + + # Check for IE version 7 < 7.0.6000.16762 + if(version_in_range(version:vers, test_version:"7.0", + test_version2:"7.0.6000.16761")){ + security_hole(0); + } +} Added: trunk/openvas-plugins/scripts/secpod_ms08-074.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms08-074.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_ms08-074.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,107 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms08-074.nasl 641 2008-12-10 15:21:05Z dec $ +# +# Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: SecPod +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + + +if(description) +{ + script_id(900061); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-4264", "CVE-2008-4265", "CVE-2008-4266"); + script_bugtraq_id(32618, 32621, 32622); + script_name(english:"Vulnerabilities in Microsoft Office Excel Could Allow Remote Code Execution (959070)"); + desc["english"] = " + + Overview: This host has critical security update missing according to + Microsoft Bulletin MS08-074. + + Vulnerability Insight: + The flaws are caused due to, + - an error while validating an index value in a NAME record. + - an error in the processing of Excel records. + - an error in the processing of Excel formula. + + Impact: + Successful exploitation could execute arbitrary code on the remote system + and corrupt memory via a specially crafted Excel Spreadsheet (XLS) file. + + Impact Level: System + + Affected Software/OS: Microsoft Windows 2K/XP/2003 + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link. + http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx + + References: + http://www.microsoft.com/technet/security/bulletin/ms08-074.mspx + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 6.9 + Risk factor : High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the vulnerable File Version"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_family(english:"Windows : Microsoft Bulletins"); + script_dependencies("secpod_office_products_version_900032.nasl", + "secpod_ms_office_detection_900025.nasl"); + script_require_keys("SMB/WindowsVersion", "SMB/Office/Word/Version"); + exit(0); +} + + +include("version_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(egrep(pattern:"^(9|10|11|12)\..*", string:get_kb_item("MS/Office/Ver"))) +{ + excelVer = get_kb_item("SMB/Office/Excel/Version"); + if(!excelVer){ + exit(0); + } + + if(version_in_range(version:excelVer, test_version:"9.0", + test_version2:"9.0.8973")){ + security_hole(0); + } + else if(version_in_range(version:excelVer, test_version:"10.0", + test_version2:"10.0.6849")){ + security_hole(0); + } + else if(version_in_range(version:excelVer, test_version:"11.0", + test_version2:"11.0.8236")){ + security_hole(0); + } + else if(version_in_range(version:excelVer, test_version:"12.0", + test_version2:"12.0.6331.4999")){ + security_hole(0); + } +} Added: trunk/openvas-plugins/scripts/secpod_ms08-076.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms08-076.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_ms08-076.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,232 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms08-076.nasl 638 2008-12-10 11:31:47Z dec $ +# +# Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807) +# +# Authors: +# Chandan S <schandan at secpod.com> +# +# Copyright: SecPod +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + + +if(description) +{ + script_id(900060); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-3009", "CVE-2008-3010"); + script_bugtraq_id(32653, 32654); + script_name(english:"Vulnerabilities in Windows Media Components Could Allow Remote Code Execution (959807)"); + desc["english"] = " + + Overview: This host has critical security update missing according to + Microsoft Bulletin MS08-076. + + Vulnerability Insight: + The flaws are caused due to, + - an error within the Service Principal Name (SPN) implementation when + handling NTLM credentials. + - an error when handling ISATAP URLs. + + Impact: + Successful exploitation could allow attackers to disclose NTLM credentials + to gain access with the privileges of a target user via replay attacks. + + Impact Level: System + + Affected Software/OS: Microsoft Windows 2K/XP/2003 + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link. + http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx + + References: + http://www.microsoft.com/technet/security/bulletin/ms08-076.mspx + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.4 + Risk factor : High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the vulnerable File Version"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_family(english:"Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){ + exit(0); +} + +function get_version(dllFile) +{ + dllPath = registry_get_sz(item:"Install Path", + key:"SOFTWARE\Microsoft\COM3\Setup"); + if(!dllPath){ + exit(0); + } + + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:dllPath + dllFile); + + dllVer = GetVer(file:file, share:share); + return dllVer; +} + + +# Windows Media Player 6.4 on 2K/XP/2003 +activeKey = "SOFTWARE\Microsoft\Active setup\Installed Components\"; +playerVer = registry_get_sz(item:"Version", + key:"SOFTWARE\Microsoft\Active setup\Installed Components" + + "\{22d6f312-b0f6-11d0-94ab-0080c74c7e95}"); +if(playerVer) +{ + # Check for Hotfix 954600 (MS08-076). + if(hotfix_missing(name:"954600") == 1) + { + dllVer = get_version(dllFile:"\Strmdll.dll"); + if(dllVer != NULL) + { + if(version_is_less(version:dllVer, test_version:"4.1.0.3937")) + { + security_hole(0); + exit(0); + } + } + } +} + +# Windows Media Format Runtime 7.1, 9.0, 9.5 and 11 on 2K/XP/2003 +dllVer = get_version(dllFile:"\Wmvcore.dll"); +if(dllVer) +{ + # Check for Hotfix 952069 (MS08-076). + if(hotfix_missing(name:"952069") == 1) + { + if(hotfix_check_sp(win2k:5) > 0) + { + # Check for version < 5.0.2195.7151 (7.1 and 9.0) + if(version_is_less(version:dllVer, test_version:"9.0.0.3268")){ + security_hole(0); + } + } + + else if(hotfix_check_sp(xp:4) > 0) + { + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + if(version_in_range(version:dllVer, test_version:"9.0", + test_version2:"9.0.0.3267")){ + security_hole(0); + } + else if(version_in_range(version:dllVer, test_version:"10.0", + test_version2:"10.0.0.3702")){ + security_hole(0); + } + else if(version_in_range(version:dllVer, test_version:"11.0", + test_version2:"11.0.5721.5250")){ + security_hole(0); + } + } + else if("Service Pack 3" >< SP) + { + if(version_in_range(version:dllVer, test_version:"9.0", + test_version2:"9.0.0.4503")){ + security_hole(0); + } + else if(version_in_range(version:dllVer, test_version:"10.0", + test_version2:"10.0.0.3702")){ + security_hole(0); + } + else if(version_in_range(version:dllVer, test_version:"11.0", + test_version2:"11.0.5721.5250")){ + security_hole(0); + } + } + else security_hole(0); + } + + else if(hotfix_check_sp(win2003:3) > 0) + { + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 1" >< SP) + { + if(version_in_range(version:dllVer, test_version:"10.0", + test_version2:"10.0.0.3710")){ + security_hole(0); + } + } + else if("Service Pack 2" >< SP) + { + if(version_in_range(version:dllVer, test_version:"10.0", + test_version2:"10.0.0.4000")){ + security_hole(0); + } + } + else security_hole(0); + } + } +} + +# Windows Media Services 4.1 and 9.0 on 2K/2003 +# Check for Hotfix 952068 (MS08-076). +if(hotfix_missing(name:"952068") == 1) +{ + if(hotfix_check_sp(win2k:5) > 0) + { + dllVer = get_version(dllFile:"\windows media\server\Nsum.exe"); + if(dllVer != NULL) + { + if(version_is_less(version:dllVer, test_version:"4.1.0.3936")){ + security_hole(0); + } + } + } + else if(hotfix_check_sp(win2003:3) > 0) + { + dllVer = get_version(dllFile:"\windows media\server\Wmsserver.dll"); + if(dllVer != NULL) + { + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 1" >< SP) + { + if(version_is_less(version:dllVer, test_version:"9.1.1.3845")){ + security_hole(0); + } + } + else if("Service Pack 2" >< SP) + { + if(version_is_less(version:dllVer, test_version:"9.1.1.5000")){ + security_hole(0); + } + } + else security_hole(0); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_nero_showtime_remote_bof_vuln_900410.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_nero_showtime_remote_bof_vuln_900410.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_nero_showtime_remote_bof_vuln_900410.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,91 @@ +############################################################################## +# +# Nero ShowTime 'm3u' File Remote Buffer Overflow Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/12/08 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0543 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900410); + script_bugtraq_id(32446); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Denial of Service"); + script_name(english:"Nero ShowTime 'm3u' File Remote Buffer Overflow Vulnerability"); + script_summary(english:"Check for vulnerable version of Nero Showtime"); + desc["english"] = " + Overview: This host is installed with Nero Showtime and is prone to + 'm3u' File Remote Buffer Overflow Vulnerability. + + Vulnerability Insight: + This error is due to inadequate boundary checks on user supplied input. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes in the + context of the application. + + Impact Level: Application + + Affected Software/OS: + Nero ShowTime 5.0.15.0 and prior on all Windows platforms. + + Fix: Solution/Patch not available as on 08th December, 2008. + + References: + http://milw0rm.com/exploits/7207 + http://secunia.com/Advisories/32850 + + CVSS Score: + CVSS Base Score : 5.1 (AV:N/AC:H/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 4.6 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +neroExe = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" + + "\App Paths\ShowTime.exe", + item:"Path"); +if(neroExe) +{ + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:neroExe); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:neroExe); + showtime = file + "ShowTime.exe"; + showtime = GetVer(file:showtime, share:share); + { + #Grep for Nero ShowTime 5.0.15.0 and prior. + pattern = "^([0-4]\..*|5\.0(\.[0-9](\..*)?|\.1[0-4](\..*)?|\.15(\.0)?)?)"; + if(egrep(pattern:pattern,string:showtime)){ + security_warning(0); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_tvp_taghandling_bof_vuln_900409.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_tvp_taghandling_bof_vuln_900409.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_tvp_taghandling_bof_vuln_900409.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,91 @@ +############################################################################## +# +# Total Video Player 'TVP type' Tag Handling Remote BOF Vulnerability +# +# Copyright: SecPod +# +# Date Written: 2008/12/10 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0541 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## +if(description) +{ + script_id(900409); + script_bugtraq_id(32456); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Denial of Service"); + script_name(english:"Total Video Player 'TVP type' Tag Handling Remote BOF Vulnerability"); + script_summary(english:"Check for vulnerable version of Total Video Player"); + desc["english"] = " + Overview: + This host is installed with Total Video Player and is prone to remote Buffer + Overflow vulnerability. + + Vulnerability Insight: + The vulnerability is caused when the application parses a '.au' file containing + specially crafted 'TVP type' tags containing overly long strings. These can be + exploited by lack of bound checking in user supplied data before copying it to + an insufficiently sized memory buffer. + + Impact: + Successful exploitation will let the attacker execute malicious arbitrary + codes and can cause denial of service. + + Impact Level: Application + + Affected Software/OS: + EffectMatrix Software, Total Video Player version 1.31 and prior on Windows. + + Fix: No solution/patch is available as on 10th December, 2008. + + References: + http://milw0rm.com/exploits/7219 + http://www.juniper.net/security/auto/vulnerabilities/vuln32456.html + + CVSS Score: + CVSS Base Score : 8.3 (AV:N/AC:M/Au:NR/C:P/I:P/A:C) + CVSS Temporal Score : 7.5 + Risk factor: High"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +keys = registry_enum_keys(key:key); + +foreach entries (keys) +{ + tvpName = registry_get_sz(key:key + entries, item:"DisplayName"); + pattern = "Player ([0]\..*|1\.([0-2]?[0-9]|3[01]))($|[^.0-9])"; + + #Grep for version 1.31 or prior + if("E.M. Total Video Player" >< tvpName && + egrep(pattern:pattern, string:tvpName)){ + security_warning(0); + } +} Added: trunk/openvas-plugins/scripts/secpod_virtualbox_acquiredaemonlock_vuln_lin_900408.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_virtualbox_acquiredaemonlock_vuln_lin_900408.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_virtualbox_acquiredaemonlock_vuln_lin_900408.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,89 @@ +############################################################################## +# +# Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Linux) +# +# Copyright: SecPod +# +# Date Written: 2008/12/02 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0535 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900408); + script_bugtraq_id(32444); + script_cve_id("CVE-2008-5256"); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Linux)"); + script_summary(english:"Check for vulnerable version of Sun xVM VirtualBox"); + desc["english"] = " + Overview: This host is installed with Sun xVM VirtualBox and is prone to + Insecure Temporary Files vulnerability. + + Vulnerability Insight: + Error is due to insecured handling of temporary files in the 'AcquireDaemonLock' + function in ipcdUnix.cpp. This allows local users to overwrite arbitrary + files via a symlink attack on a '/tmp/.vbox-$USER-ipc/lock' temporary file. + + Impact: + Successful exploitation will let the attacker perform malicious actions + with the escalated previleges. + + Impact Level: Application + + Affected Software/OS: + Sun xVM VirutalBox version prior to 2.0.6 versions on all Linux platforms. + + Fix: Upgrade to the latest version 2.0.6 or above. + http://www.virtualbox.org/wiki/Downloads + + References: + http://secunia.com/Advisories/32851 + http://www.virtualbox.org/wiki/Changelog + + CVSS Score: + CVSS Base Score : 4.4 (AV:L/AC:M/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 3.2 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/uname"); + exit(0); +} + + +include("ssh_func.inc"); + +if("Linux" >!< get_kb_item("ssh/login/uname")){ + exit(0); +} + +sock = ssh_login_or_reuse_connection(); +if(sock) +{ + xvm_linux = ssh_cmd(socket:sock, cmd:"VBoxDeleteIF -v", timeout:120); + ssh_close_connection(); + if("VirtualBox" >< xvm_linux){ + pattern = "version ([0-1](\..*)?|2\.0(\.[0-5])?)$"; + if(egrep(pattern:pattern, string:xvm_linux)){ + security_warning(0); + } + } +} Added: trunk/openvas-plugins/scripts/secpod_virtualbox_acquiredaemonlock_vuln_win_900407.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_virtualbox_acquiredaemonlock_vuln_win_900407.nasl 2008-12-10 15:27:36 UTC (rev 1964) +++ trunk/openvas-plugins/scripts/secpod_virtualbox_acquiredaemonlock_vuln_win_900407.nasl 2008-12-10 16:58:14 UTC (rev 1965) @@ -0,0 +1,86 @@ +############################################################################## +# +# Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Win) +# +# Copyright: SecPod +# +# Date Written: 2008/12/02 +# +# Revision: 1.0 +# +# Log: sghosal +# Issue #0535 +# +# This program was written by SecPod and is licensed under the GNU GPL +# license. Please refer to the below link for details, +# http://www.gnu.org/licenses/gpl.html +# This header contains information regarding licensing terms under the GPL, +# and information regarding obtaining source code from the Author. +# Consequently, pursuant to section 3(c) of the GPL, you must accompany the +# information found in this header with any distribution you make of this +# Program. +############################################################################## + +if(description) +{ + script_id(900407); + script_bugtraq_id(32444); + script_cve_id("CVE-2008-5256"); + script_copyright(english:"Copyright (C) 2008 SecPod"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"Misc."); + script_name(english:"Sun xVM VirtualBox Insecure Temporary Files Vulnerability (Win)"); + script_summary(english:"Check for vulnerable version of Sun xVM VirtualBox"); + desc["english"] = " + Overview: This host is installed with Sun xVM VirtualBox and is prone to + Insecure Temporary Files vulnerability. + + Vulnerability Insight: + Error is due to insecured handling of temporary files in the 'AcquireDaemonLock' + function in ipcdUnix.cpp. This allows local users to overwrite arbitrary + files via a symlink attack on a TMP/.vbox-$USER-ipc/lock temporary file. + + Impact: + Successful exploitation will let the attacker perform malicious actions + with the escalated previleges. + + Impact Level: Application + + Affected Software/OS: + Sun xVM VirutalBox version prior to 2.0.6 versions on all Windows platforms. + + Fix: + Upgrade to the latest version 2.0.6 or above. + http://www.virtualbox.org/wiki/Downloads + + References: + http://secunia.com/Advisories/32851 + + CVSS Score: + CVSS Base Score : 4.4 (AV:L/AC:M/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 3.2 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +xvm_key = registry_get_sz(key:"SOFTWARE\Sun\xVM VirtualBox", item:"Version"); +if(xvm_key) +{ + pattern = "^([0-1](\..*)?|2\.0(\.[0-5])?)$"; + if(egrep(pattern:pattern, string:xvm_key)){ + security_warning(0); + } +} From scm-commit at wald.intevation.org Wed Dec 10 21:10:32 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 21:10:32 +0100 (CET) Subject: [Openvas-commits] r1966 - in trunk/openvas-manager: . src Message-ID: <20081210201032.7EF5540781@pyrosoma.intevation.org> Author: mattm Date: 2008-12-10 21:10:31 +0100 (Wed, 10 Dec 2008) New Revision: 1966 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/openvasmd.c Log: Drop remaining EAGAIN and EINTR checks from OVAL_SSL cases. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-10 16:58:14 UTC (rev 1965) +++ trunk/openvas-manager/ChangeLog 2008-12-10 20:10:31 UTC (rev 1966) @@ -1,5 +1,10 @@ 2008-12-10 Matthew Mundell <matt at mundell.ukfsn.org> + * openvasmd.c (serve_otp, read_protocol, serve_client): + Drop EAGAIN and EINTR checks from OVAL_SSL cases. + +2008-12-10 Matthew Mundell <matt at mundell.ukfsn.org> + After selecting, ensure that all input is read before the fd is selected again. Start handling server input: preferences, plugins dependencies and rules. Improve server input field parsing. Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2008-12-10 16:58:14 UTC (rev 1965) +++ trunk/openvas-manager/src/openvasmd.c 2008-12-10 20:10:31 UTC (rev 1966) @@ -742,10 +742,10 @@ if (count < 0) { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN || errno == EAGAIN) + if (count == GNUTLS_E_AGAIN) /* Got everything available, return to `select'. */ break; - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) + if (count == GNUTLS_E_INTERRUPTED) /* Interrupted, try read again. */ continue; if (count == GNUTLS_E_REHANDSHAKE) @@ -807,10 +807,10 @@ if (count < 0) { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN || errno == EAGAIN) + if (count == GNUTLS_E_AGAIN) /* Wrote as much as possible, return to `select'. */ goto end_server_fd_write; - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) + if (count == GNUTLS_E_INTERRUPTED) /* Interrupted, try write again. */ continue; if (count == GNUTLS_E_REHANDSHAKE) @@ -860,10 +860,10 @@ if (count < 0) { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN || errno == EAGAIN) + if (count == GNUTLS_E_AGAIN) /* Got everything available, return to `select'. */ break; - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) + if (count == GNUTLS_E_INTERRUPTED) /* Interrupted, try read again. */ continue; if (count == GNUTLS_E_REHANDSHAKE) @@ -922,10 +922,10 @@ if (count < 0) { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN || errno == EAGAIN) + if (count == GNUTLS_E_AGAIN) /* Wrote as much as possible, return to `select'. */ goto end_client_fd_write; - if (count == GNUTLS_E_INTERRUPTED || errno == EINTR) + if (count == GNUTLS_E_INTERRUPTED) /* Interrupted, try write again. */ continue; if (count == GNUTLS_E_REHANDSHAKE) @@ -2296,7 +2296,7 @@ if (count < 0) { #if OVAS_SSL - if (count == GNUTLS_E_INTERRUPTED) // || errno == EINTR) + if (count == GNUTLS_E_INTERRUPTED) /* Interrupted, try read again. */ goto retry; if (count == GNUTLS_E_REHANDSHAKE) @@ -2432,12 +2432,7 @@ if (ret < 0) { if (ret == GNUTLS_E_AGAIN - || ret == GNUTLS_E_INTERRUPTED -#if 0 - || errno == EAGAIN - || errno == EINTR -#endif - ) + || ret == GNUTLS_E_INTERRUPTED) goto retry; fprintf (stderr, "Failed to shake hands with server.\n"); gnutls_perror (ret); From scm-commit at wald.intevation.org Wed Dec 10 22:37:40 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 22:37:40 +0100 (CET) Subject: [Openvas-commits] r1967 - in trunk/openvas-manager: . src Message-ID: <20081210213740.A698B4077E@pyrosoma.intevation.org> Author: mattm Date: 2008-12-10 22:37:39 +0100 (Wed, 10 Dec 2008) New Revision: 1967 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/openvasmd.c Log: Bind to INADDR_ANY by default. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-10 20:10:31 UTC (rev 1966) +++ trunk/openvas-manager/ChangeLog 2008-12-10 21:37:39 UTC (rev 1967) @@ -1,5 +1,10 @@ 2008-12-10 Matthew Mundell <matt at mundell.ukfsn.org> + * openvasmd.c (OPENVASMD_ADDRESS): Remove. + (main): Bind to INADDR_ANY by default. + +2008-12-10 Matthew Mundell <matt at mundell.ukfsn.org> + * openvasmd.c (serve_otp, read_protocol, serve_client): Drop EAGAIN and EINTR checks from OVAL_SSL cases. Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2008-12-10 20:10:31 UTC (rev 1966) +++ trunk/openvas-manager/src/openvasmd.c 2008-12-10 21:37:39 UTC (rev 1967) @@ -87,9 +87,6 @@ #define OPENVAS_OS_NAME "FIX" #endif -/** Manager (openvasmd) address. */ -#define OPENVASMD_ADDRESS "127.0.0.1" - /** Server (openvasd) address. */ #define OPENVASD_ADDRESS "127.0.0.1" @@ -2715,9 +2712,6 @@ exit (EXIT_SUCCESS); } - if (manager_address_string == NULL) - manager_address_string = OPENVASMD_ADDRESS; - if (server_address_string == NULL) server_address_string = OPENVASD_ADDRESS; @@ -2851,12 +2845,17 @@ manager_address.sin_family = AF_INET; manager_address.sin_port = manager_port; - if (!inet_aton(manager_address_string, &manager_address.sin_addr)) + if (manager_address_string) { - fprintf (stderr, "Failed to create manager address %s.\n", - manager_address_string); - exit (EXIT_FAILURE); + if (!inet_aton (manager_address_string, &manager_address.sin_addr)) + { + fprintf (stderr, "Failed to create manager address %s.\n", + manager_address_string); + exit (EXIT_FAILURE); + } } + else + manager_address.sin_addr.s_addr = INADDR_ANY; if (bind (manager_socket, (struct sockaddr *) &manager_address, @@ -2869,7 +2868,7 @@ } tracef (" Manager bound to address %s port %i\n", - manager_address_string, + manager_address_string ? manager_address_string : "*", ntohs (manager_address.sin_port)); tracef (" Set to connect to address %s port %i\n", server_address_string, From scm-commit at wald.intevation.org Wed Dec 10 22:44:54 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 22:44:54 +0100 (CET) Subject: [Openvas-commits] r1968 - trunk/openvas-manager/doc Message-ID: <20081210214454.77D154077E@pyrosoma.intevation.org> Author: mattm Date: 2008-12-10 22:44:54 +0100 (Wed, 10 Dec 2008) New Revision: 1968 Added: trunk/openvas-manager/doc/footer.html Log: Initial revision. Copied: trunk/openvas-manager/doc/footer.html (from rev 1805, trunk/openvas-manager/footer.html) From scm-commit at wald.intevation.org Wed Dec 10 22:59:49 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 10 Dec 2008 22:59:49 +0100 (CET) Subject: [Openvas-commits] r1969 - in trunk/openvas-manager: . src Message-ID: <20081210215949.74BB540757@pyrosoma.intevation.org> Author: mattm Date: 2008-12-10 22:59:49 +0100 (Wed, 10 Dec 2008) New Revision: 1969 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/openvasmd.c Log: Convert tabs to spaces. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-10 21:44:54 UTC (rev 1968) +++ trunk/openvas-manager/ChangeLog 2008-12-10 21:59:49 UTC (rev 1969) @@ -1,5 +1,9 @@ 2008-12-10 Matthew Mundell <matt at mundell.ukfsn.org> + * openvasmd.c: Convert tabs to spaces. + +2008-12-10 Matthew Mundell <matt at mundell.ukfsn.org> + * openvasmd.c (OPENVASMD_ADDRESS): Remove. (main): Bind to INADDR_ANY by default. Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2008-12-10 21:44:54 UTC (rev 1968) +++ trunk/openvas-manager/src/openvasmd.c 2008-12-10 21:59:49 UTC (rev 1969) @@ -1725,46 +1725,46 @@ ssize_t count; #if OVAS_SSL count = gnutls_record_recv (*client_session, - from_client + from_client_end, - BUFFER_SIZE - - from_client_end); + from_client + from_client_end, + BUFFER_SIZE + - from_client_end); #else count = read (client_socket, - from_client + from_client_end, - BUFFER_SIZE - from_client_end); + from_client + from_client_end, + BUFFER_SIZE - from_client_end); #endif tracef (" count: %i\n", count); if (count < 0) - { + { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN) - /* Got everything available, return to `select'. */ - return 0; - if (count == GNUTLS_E_INTERRUPTED) - /* Interrupted, try read again. */ - continue; - if (count == GNUTLS_E_REHANDSHAKE) - { - /* \todo Rehandshake. */ - tracef (" FIX should rehandshake\n"); - continue; - } - fprintf (stderr, "Failed to read from client.\n"); - gnutls_perror (count); + if (count == GNUTLS_E_AGAIN) + /* Got everything available, return to `select'. */ + return 0; + if (count == GNUTLS_E_INTERRUPTED) + /* Interrupted, try read again. */ + continue; + if (count == GNUTLS_E_REHANDSHAKE) + { + /* \todo Rehandshake. */ + tracef (" FIX should rehandshake\n"); + continue; + } + fprintf (stderr, "Failed to read from client.\n"); + gnutls_perror (count); #else - if (errno == EAGAIN) - /* Got everything available, return to `select'. */ - return 0; - if (errno == EINTR) - /* Interrupted, try read again. */ - continue; - perror ("Failed to read from client"); + if (errno == EAGAIN) + /* Got everything available, return to `select'. */ + return 0; + if (errno == EINTR) + /* Interrupted, try read again. */ + continue; + perror ("Failed to read from client"); #endif - return -1; - } + return -1; + } if (count == 0) - /* End of file. */ - return -3; + /* End of file. */ + return -3; from_client_end += count; } @@ -1782,46 +1782,46 @@ ssize_t count; #if OVAS_SSL count = gnutls_record_recv (*server_session, - from_server + from_server_end, - BUFFER_SIZE - - from_server_end); + from_server + from_server_end, + BUFFER_SIZE + - from_server_end); #else count = read (server_socket, - from_server + from_server_end, - BUFFER_SIZE - from_server_end); + from_server + from_server_end, + BUFFER_SIZE - from_server_end); #endif tracef (" count: %i\n", count); if (count < 0) - { + { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN) - /* Got everything available, return to `select'. */ - return 0; - if (count == GNUTLS_E_INTERRUPTED) - /* Interrupted, try read again. */ - continue; - if (count == GNUTLS_E_REHANDSHAKE) - { - /* \todo Rehandshake. */ - tracef (" FIX should rehandshake\n"); - continue; - } - fprintf (stderr, "Failed to read from server.\n"); - gnutls_perror (count); + if (count == GNUTLS_E_AGAIN) + /* Got everything available, return to `select'. */ + return 0; + if (count == GNUTLS_E_INTERRUPTED) + /* Interrupted, try read again. */ + continue; + if (count == GNUTLS_E_REHANDSHAKE) + { + /* \todo Rehandshake. */ + tracef (" FIX should rehandshake\n"); + continue; + } + fprintf (stderr, "Failed to read from server.\n"); + gnutls_perror (count); #else - if (errno == EAGAIN) - /* Got everything available, return to `select'. */ - return 0; - if (errno == EINTR) - /* Interrupted, try read again. */ - continue; - perror ("Failed to read from server"); + if (errno == EAGAIN) + /* Got everything available, return to `select'. */ + return 0; + if (errno == EINTR) + /* Interrupted, try read again. */ + continue; + perror ("Failed to read from server"); #endif - return -1; - } + return -1; + } if (count == 0) - /* End of file. */ - return -3; + /* End of file. */ + return -3; from_server_end += count; } @@ -1954,43 +1954,43 @@ do { - switch (read_from_client (client_session, client_socket)) - { - case 0: /* Read everything. */ - from_client_more = FALSE; - break; - case -1: /* Error. */ - return -1; - case -2: /* from_client buffer full. */ - from_client_more = TRUE; - break; - case -3: /* End of file. */ - return 0; - default: /* Programming error. */ - assert (0); - } + switch (read_from_client (client_session, client_socket)) + { + case 0: /* Read everything. */ + from_client_more = FALSE; + break; + case -1: /* Error. */ + return -1; + case -2: /* from_client buffer full. */ + from_client_more = TRUE; + break; + case -3: /* End of file. */ + return 0; + default: /* Programming error. */ + assert (0); + } #if TRACE || LOG - /* This check prevents output in the "asynchronous network - error" case. */ - if (from_client_end > initial_start) - { - logf ("<= %.*s\n", - from_client_end - initial_start, - from_client + initial_start); + /* This check prevents output in the "asynchronous network + error" case. */ + if (from_client_end > initial_start) + { + logf ("<= %.*s\n", + from_client_end - initial_start, + from_client + initial_start); #if TRACE_TEXT - tracef ("<= client \"%.*s\"\n", - from_client_end - initial_start, - from_client + initial_start); + tracef ("<= client \"%.*s\"\n", + from_client_end - initial_start, + from_client + initial_start); #else - tracef ("<= client %i bytes\n", - from_client_end - initial_start); + tracef ("<= client %i bytes\n", + from_client_end - initial_start); #endif - } + } #endif /* TRACE || LOG */ continue_stalled_client_input: - switch (process_omp_client_input ()) + switch (process_omp_client_input ()) { case 0: /* Processed all input. */ client_input_stalled = 0; @@ -2014,13 +2014,13 @@ } while (from_client_more); - if (server_input_stalled) - /* A process_omp_server_input and a process_omp_client_input + if (server_input_stalled) + /* A process_omp_server_input and a process_omp_client_input were both stalled by a full to_client buffer. After the to_client write that followed, control passed to the stalled client processing (above). Now jump to the stalled server processing. */ - goto continue_stalled_server_input; + goto continue_stalled_server_input; } if (fds & FD_SERVER_WRITE @@ -2029,70 +2029,70 @@ { /* Write as much as possible to the server. */ - while (to_server_start < to_server_end) - { - ssize_t count; + while (to_server_start < to_server_end) + { + ssize_t count; #if OVAS_SSL - count = gnutls_record_send (*server_session, - to_server + to_server_start, - to_server_end - to_server_start); + count = gnutls_record_send (*server_session, + to_server + to_server_start, + to_server_end - to_server_start); #else - count = write (server_socket, - to_server + to_server_start, - to_server_end - to_server_start); + count = write (server_socket, + to_server + to_server_start, + to_server_end - to_server_start); #endif - if (count < 0) - { + if (count < 0) + { #if OVAS_SSL - if (count == GNUTLS_E_AGAIN) - { - /* Wrote as much as possible, either return to - `select' or re-attempt to process leftover - client input. */ - to_server_ok = FALSE; - goto end_server_fd_write; - } - if (count == GNUTLS_E_INTERRUPTED) - /* Interrupted, try write again. */ - continue; - if (count == GNUTLS_E_REHANDSHAKE) - /* \todo Rehandshake. */ - continue; - fprintf (stderr, "Failed to write to server.\n"); - gnutls_perror (count); + if (count == GNUTLS_E_AGAIN) + { + /* Wrote as much as possible, either return to + `select' or re-attempt to process leftover + client input. */ + to_server_ok = FALSE; + goto end_server_fd_write; + } + if (count == GNUTLS_E_INTERRUPTED) + /* Interrupted, try write again. */ + continue; + if (count == GNUTLS_E_REHANDSHAKE) + /* \todo Rehandshake. */ + continue; + fprintf (stderr, "Failed to write to server.\n"); + gnutls_perror (count); #else - if (errno == EAGAIN) - { - /* Wrote as much as possible, either return to - `select' or re-attempt to process leftover - client input. */ - to_server_ok = FALSE; - goto end_server_fd_write; - } - if (errno == EINTR) - /* Interrupted, try write again. */ - continue; - perror ("Failed to write to server"); + if (errno == EAGAIN) + { + /* Wrote as much as possible, either return to + `select' or re-attempt to process leftover + client input. */ + to_server_ok = FALSE; + goto end_server_fd_write; + } + if (errno == EINTR) + /* Interrupted, try write again. */ + continue; + perror ("Failed to write to server"); #endif - return -1; - } - to_server_start += count; - tracef ("=> server %i bytes\n", count); - } - tracef ("=> server done\n"); - to_server_start = to_server_end = 0; - /* For stalled client input processing. Flag that it is OK - to try write to the server again after re-attempting to - process any leftover client input. */ - to_server_ok = TRUE; + return -1; + } + to_server_start += count; + tracef ("=> server %i bytes\n", count); + } + tracef ("=> server done\n"); + to_server_start = to_server_end = 0; + /* For stalled client input processing. Flag that it is OK + to try write to the server again after re-attempting to + process any leftover client input. */ + to_server_ok = TRUE; end_server_fd_write: - if (client_input_stalled == 1) - /* A previous process_omp_client_input was stalled by a - full to_server buffer. Jump back to process the - remaining client input now that some of the to_server - buffer may have been written. */ - goto continue_stalled_client_input; + if (client_input_stalled == 1) + /* A previous process_omp_client_input was stalled by a + full to_server buffer. Jump back to process the + remaining client input now that some of the to_server + buffer may have been written. */ + goto continue_stalled_client_input; } if (fds & FD_SERVER_READ && FD_ISSET (server_socket, &readfds)) @@ -2104,43 +2104,43 @@ do { - switch (read_from_server (server_session, server_socket)) - { - case 0: /* Read everything. */ - from_server_more = FALSE; - break; - case -1: /* Error. */ - return -1; - case -2: /* from_server buffer full. */ - from_server_more = TRUE; - break; - case -3: /* End of file. */ - return 0; - default: /* Programming error. */ - assert (0); - } + switch (read_from_server (server_session, server_socket)) + { + case 0: /* Read everything. */ + from_server_more = FALSE; + break; + case -1: /* Error. */ + return -1; + case -2: /* from_server buffer full. */ + from_server_more = TRUE; + break; + case -3: /* End of file. */ + return 0; + default: /* Programming error. */ + assert (0); + } #if TRACE || LOG - /* This check prevents output in the "asynchronous network - error" case. */ - if (from_server_end > initial_start) - { - logf ("<= %.*s\n", - from_server_end - initial_start, - from_server + initial_start); + /* This check prevents output in the "asynchronous network + error" case. */ + if (from_server_end > initial_start) + { + logf ("<= %.*s\n", + from_server_end - initial_start, + from_server + initial_start); #if TRACE_TEXT - tracef ("<= server \"%.*s\"\n", - from_server_end - initial_start, - from_server + initial_start); + tracef ("<= server \"%.*s\"\n", + from_server_end - initial_start, + from_server + initial_start); #else - tracef ("<= server %i bytes\n", - from_server_end - initial_start); + tracef ("<= server %i bytes\n", + from_server_end - initial_start); #endif - } + } #endif /* TRACE || LOG */ continue_stalled_server_input: - switch (process_omp_server_input ()) + switch (process_omp_server_input ()) { case 0: /* Processed all input. */ server_input_stalled = FALSE; @@ -2184,10 +2184,10 @@ #if OVAS_SSL if (count == GNUTLS_E_AGAIN) { - /* Wrote as much as possible, either return to - `select' or re-attempt to process leftover - server input. */ - to_client_ok = FALSE; + /* Wrote as much as possible, either return to + `select' or re-attempt to process leftover + server input. */ + to_client_ok = FALSE; goto end_client_fd_write; } if (count == GNUTLS_E_INTERRUPTED) @@ -2201,10 +2201,10 @@ #else if (errno == EAGAIN) { - /* Wrote as much as possible, either return to - `select' or re-attempt to process leftover - server input. */ - to_client_ok = FALSE; + /* Wrote as much as possible, either return to + `select' or re-attempt to process leftover + server input. */ + to_client_ok = FALSE; } if (errno == EINTR) /* Interrupted, try write again. */ @@ -2221,28 +2221,28 @@ } tracef ("=> client done\n"); to_client_start = to_client_end = 0; - /* For stalled server input processing. Flag that it is OK - to try write to the server again after re-attempting to - process any leftover server or client input. */ - to_client_ok = TRUE; + /* For stalled server input processing. Flag that it is OK + to try write to the server again after re-attempting to + process any leftover server or client input. */ + to_client_ok = TRUE; end_client_fd_write: - if (client_input_stalled) - /* A previous process_omp_client_input was stalled by a - full to_client buffer. Jump back to process the - remaining client input now that some of the to_client - buffer may have been written. */ - goto continue_stalled_client_input; + if (client_input_stalled) + /* A previous process_omp_client_input was stalled by a + full to_client buffer. Jump back to process the + remaining client input now that some of the to_client + buffer may have been written. */ + goto continue_stalled_client_input; - if (server_input_stalled) - /* A previous process_omp_server_input was stalled by a - full to_client buffer. Jump back to process the - remaining server input now that some of the to_client - buffer may have been written. + if (server_input_stalled) + /* A previous process_omp_server_input was stalled by a + full to_client buffer. Jump back to process the + remaining server input now that some of the to_client + buffer may have been written. If this is missed because client processing is also stalled, it will be done after the client processing. */ - goto continue_stalled_server_input; + goto continue_stalled_server_input; } } /* while (1) */ @@ -2848,11 +2848,11 @@ if (manager_address_string) { if (!inet_aton (manager_address_string, &manager_address.sin_addr)) - { - fprintf (stderr, "Failed to create manager address %s.\n", - manager_address_string); - exit (EXIT_FAILURE); - } + { + fprintf (stderr, "Failed to create manager address %s.\n", + manager_address_string); + exit (EXIT_FAILURE); + } } else manager_address.sin_addr.s_addr = INADDR_ANY; From scm-commit at wald.intevation.org Thu Dec 11 08:18:45 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 11 Dec 2008 08:18:45 +0100 (CET) Subject: [Openvas-commits] r1970 - trunk/doc/website Message-ID: <20081211071845.644034077C@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-11 08:18:44 +0100 (Thu, 11 Dec 2008) New Revision: 1970 Modified: trunk/doc/website/openvas.css Log: Change IMG style in CSS to display large images correctly on lower resolutions as suggested by Matthew Mundell. Modified: trunk/doc/website/openvas.css =================================================================== --- trunk/doc/website/openvas.css 2008-12-10 21:59:49 UTC (rev 1969) +++ trunk/doc/website/openvas.css 2008-12-11 07:18:44 UTC (rev 1970) @@ -81,6 +81,7 @@ IMG { border: none; + max-width: 100%; } .right { From scm-commit at wald.intevation.org Thu Dec 11 10:23:01 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 11 Dec 2008 10:23:01 +0100 (CET) Subject: [Openvas-commits] r1971 - trunk/doc/website Message-ID: <20081211092301.9695140769@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-11 10:23:01 +0100 (Thu, 11 Dec 2008) New Revision: 1971 Modified: trunk/doc/website/index.htm4 trunk/doc/website/openvas-client.htm4 trunk/doc/website/openvas-nvt-feed.htm4 trunk/doc/website/openvas-server.htm4 Log: * Updated plugin count. * Updated client description. * Updated server description. Modified: trunk/doc/website/index.htm4 =================================================================== --- trunk/doc/website/index.htm4 2008-12-11 07:18:44 UTC (rev 1970) +++ trunk/doc/website/index.htm4 2008-12-11 09:23:01 UTC (rev 1971) @@ -43,7 +43,7 @@ <img src="pix/OpenVAS-Structure.png" alt="The OpenVAS structure"> <p> -<b>Status:</b> (as of December 9th, 2008) +<b>Status:</b> (as of December 11th, 2008) </p> <ul> <li>All necessary cleanups (due to the fork from Nessus) @@ -51,7 +51,7 @@ The current set of released modules allows the execution of scans using a secure connection between client and server. <li>The <a href="openvas-nvt-feed.html">OpenVAS NVT Feed</a> service offers more -than 5,000 signed scripts. +than 6,000 signed scripts. <li>Several NVTs inherited from Nessus are still broken because they depend on a non-free component. <li>The upcoming 2.0 release is approaching fast. The first release candidate Modified: trunk/doc/website/openvas-client.htm4 =================================================================== --- trunk/doc/website/openvas-client.htm4 2008-12-11 07:18:44 UTC (rev 1970) +++ trunk/doc/website/openvas-client.htm4 2008-12-11 09:23:01 UTC (rev 1971) @@ -31,19 +31,19 @@ <a href="pix/openvasclient-screenshot.png"><img class="right" src="pix/openvasclient-screenshot-small.png" alt="Screenshot of OpenVAS-Client Main Dialog"></a> <p> -OpenVAS-Client is a terminal and GUI client application -for both OpenVAS and Nessus. It implements the Nessus Transfer Protocol (NTP). -The GUI is implemented using GTK+ 2.4 and allows for managing -network vulnerability scan sessions. +OpenVAS-Client is a terminal and GUI client application for OpenVAS. It +implements the OpenVAS Transfer Protocol (OTP) which has superseded the Nessus +Transfer Protocol (NTP) in OpenVAS. The GUI is implemented using GTK+ 2.4 and +allows you to control an OpenVAS server, to conduct network vulnerability scans +and to manage the results of your scans. </p> <p> -OpenVAS-Client is a successor of NessusClient 1.X. The fork happened -with NessusClient CVS HEAD 20070704. The reason was that the original -authors of NessusClient -decided to stop active development for this (GTK-based) -NessusClient in favor of a newly written QT-based version -released as proprietary software. +OpenVAS-Client is a successor of NessusClient 1.X. The fork happened with +NessusClient CVS HEAD 20070704. The reason was that the original authors of +NessusClient decided to stop active development for this (GTK-based) +NessusClient in favor of a newly written QT-based version released as +proprietary software. </p> <p> @@ -53,17 +53,17 @@ <h3>Supported Languages</h3> <p> -(status of 2.0-beta1, 2008-09-29) +(status of 2.0-rc1, 2008-12-11) </p> <ul> <li>English: 100% -<li>German: 99% -<li>Spanish: 99% -<li>French: 99% -<li>Swedish: 88% -<li>Hebrew: 79% -<li>Croatian: 42% +<li>German: 100% +<li>Spanish: 87% +<li>French: 87% +<li>Swedish: 76% +<li>Hebrew: 69% +<li>Croatian: 37% </ul> <h2>Installing OpenVAS-Client</h2> Modified: trunk/doc/website/openvas-nvt-feed.htm4 =================================================================== --- trunk/doc/website/openvas-nvt-feed.htm4 2008-12-11 07:18:44 UTC (rev 1970) +++ trunk/doc/website/openvas-nvt-feed.htm4 2008-12-11 09:23:01 UTC (rev 1971) @@ -31,8 +31,8 @@ <p> The OpenVAS project offers a public feed of Network Vulnerability Tests (NVTs). Starting from September 10th, 2008, the feed contains all NASL -plugins available in the OpenVAS source code repository and now contains close -to 5000 plugins. It contains only <a href="trusted-nvts.html">signed files</a>. +plugins available in the OpenVAS source code repository and now contains more +than 6000 plugins. It contains only <a href="trusted-nvts.html">signed files</a>. </p> <p> Modified: trunk/doc/website/openvas-server.htm4 =================================================================== --- trunk/doc/website/openvas-server.htm4 2008-12-11 07:18:44 UTC (rev 1970) +++ trunk/doc/website/openvas-server.htm4 2008-12-11 09:23:01 UTC (rev 1971) @@ -44,7 +44,7 @@ </p> <p> -OpenVAS server is a forked development of Nessus 2.2. The fork happened +OpenVAS-Server is a forked development of Nessus 2.2. The fork happened because the major development (Nessus 3) changed to a proprietary license model and the development of Nessus 2.2.x is practically closed for third party contributors. @@ -52,10 +52,10 @@ transparent and open development style. </p> -<h2>Installing OpenVAS Server</h2> +<h2>Installing OpenVAS-Server</h2> <p> -<b>Recommended:</b> Once you installed OpenVAS Server, you should +<b>Recommended:</b> Once you installed OpenVAS-Server, you should <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-announce" >subscribe to the openvas-announce mailing list</a>. It is a low-traffic list which helps you to follow all OpenVAS news and @@ -63,12 +63,12 @@ </p> <p> -<b>ALSO NOTE:</b> This documentation for OpenVAS-Server is still in an early -stage and might not cover all issues regarding server installation and -configuration. You should be able to install OpenVAS-Server if -you have ever worked with the "<code>configure; make; make install</code>" -mechanism. If you have trouble installing OpenVAS-Server, you are welcome to -join the <a +More information on <a +href="/compendium/installing-and-configuring-openvas-server.html">installing</a> +and <a href="/compendium/configuring-openvas-server.html">configuring</a> +OpenVAS-Server is available from the <a +href="/compendium/openvas-compendium.html">OpenVAS Compendium</a>. If you have +trouble installing OpenVAS-Server, you are welcome to join the <a href="http://lists.wald.intevation.org/mailman/listinfo/openvas-discuss">openvas mailing list</a> and ask for support there. </p> From scm-commit at wald.intevation.org Thu Dec 11 13:12:44 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 11 Dec 2008 13:12:44 +0100 (CET) Subject: [Openvas-commits] r1972 - in branches/openvas-client-1-0: . nessus nessus/prefs_dialog Message-ID: <20081211121244.6395A4077B@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-11 13:12:43 +0100 (Thu, 11 Dec 2008) New Revision: 1972 Modified: branches/openvas-client-1-0/ChangeLog branches/openvas-client-1-0/nessus/nessus.c branches/openvas-client-1-0/nessus/prefs_dialog/prefs_dialog_prefs.c Log: Made some changes which keep an 1.0 series client from requesting OTP/1.0 as the transfer protocol when in fact it does not implement OTP correctly. This fixes bug #846 (http://bugs.openvas.org/846). * nessus/prefs_dialog/prefs_dialog_prefs.c (prefs_dialog_prefs): Do not add OTP option to the protocol dropdown; force NTP to be selected even if the preferences are set otherwise. * nessus/nessus.c (connect_to_nessusd): Use PROTO_NAME (NTP) when connecting to the server. Modified: branches/openvas-client-1-0/ChangeLog =================================================================== --- branches/openvas-client-1-0/ChangeLog 2008-12-11 09:23:01 UTC (rev 1971) +++ branches/openvas-client-1-0/ChangeLog 2008-12-11 12:12:43 UTC (rev 1972) @@ -1,3 +1,16 @@ +2008-12-11 Michael Wiegand <michael.wiegand at intevation.de> + + Made some changes which keep an 1.0 series client from requesting + OTP/1.0 as the transfer protocol when in fact it does not implement OTP + correctly. This fixes bug #846 (http://bugs.openvas.org/846). + + * nessus/prefs_dialog/prefs_dialog_prefs.c (prefs_dialog_prefs): Do not + add OTP option to the protocol dropdown; force NTP to be selected even + if the preferences are set otherwise. + + * nessus/nessus.c (connect_to_nessusd): Use PROTO_NAME (NTP) when + connecting to the server. + 2008-09-23 Michael Wiegand <michael.wiegand at intevation.de> Backport from trunk (SVN 1395): Added French translation provided by Modified: branches/openvas-client-1-0/nessus/nessus.c =================================================================== --- branches/openvas-client-1-0/nessus/nessus.c 2008-12-11 09:23:01 UTC (rev 1971) +++ branches/openvas-client-1-0/nessus/nessus.c 2008-12-11 12:12:43 UTC (rev 1972) @@ -343,8 +343,7 @@ /* Initialize the array with a string that will be big enough */ char proto[] = PROTO_NAME "md5_caching"; - if (snprintf(proto, sizeof(proto), - prefs_get_int(context, "protocol_version") ? PROTO_NAME_OTP : PROTO_NAME, + if (snprintf(proto, sizeof(proto), PROTO_NAME, prefs_get_int(Global, "cache_plugin_information") ? "md5_caching":"") >= sizeof(proto)) return "programming error: proto_name buffer too small"; Modified: branches/openvas-client-1-0/nessus/prefs_dialog/prefs_dialog_prefs.c =================================================================== --- branches/openvas-client-1-0/nessus/prefs_dialog/prefs_dialog_prefs.c 2008-12-11 09:23:01 UTC (rev 1971) +++ branches/openvas-client-1-0/nessus/prefs_dialog/prefs_dialog_prefs.c 2008-12-11 12:12:43 UTC (rev 1972) @@ -142,9 +142,7 @@ gtk_table_attach_defaults(GTK_TABLE(table), protocol_combobox, 1, 2, 1, 2); gtk_combo_box_append_text(GTK_COMBO_BOX(protocol_combobox), _("NTP 1.2")); - gtk_combo_box_append_text(GTK_COMBO_BOX(protocol_combobox), - _("OTP 1.0")); - gtk_combo_box_set_active(GTK_COMBO_BOX(protocol_combobox), prefs_get_int(Global, "protocol_version")); + gtk_combo_box_set_active(GTK_COMBO_BOX(protocol_combobox), 0); frame = gtk_frame_new(_("Plugin Cache")); gtk_widget_show(frame); From scm-commit at wald.intevation.org Thu Dec 11 15:44:47 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 11 Dec 2008 15:44:47 +0100 (CET) Subject: [Openvas-commits] r1973 - in trunk/openvas-manager: . src Message-ID: <20081211144447.3208640788@pyrosoma.intevation.org> Author: mattm Date: 2008-12-11 15:44:44 +0100 (Thu, 11 Dec 2008) New Revision: 1973 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/CMakeLists.txt Log: Sort out paths for passing in a prefix. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2008-12-11 12:12:43 UTC (rev 1972) +++ trunk/openvas-manager/CMakeLists.txt 2008-12-11 14:44:44 UTC (rev 1973) @@ -30,15 +30,14 @@ ## Variables -set (OPENVAS_LIB_INSTALL_DIR "/home/mattm/lib/") -set (OPENVAS_HEADER_INSTALL_DIR "/home/mattm/include/") -set (OPENVAS_SERVER_CERTIFICATE "/var/lib/openvas/CA/servercert.pem") -set (OPENVAS_SERVER_KEY "/var/lib/openvas/private/CA/serverkey.pem") -set (OPENVAS_CA_CERTIFICATE "/var/lib/openvas/CA/cacert.pem") +set (OPENVAS_LIB_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/lib/") +set (OPENVAS_HEADER_INSTALL_DIR "${CMAKE_INSTALL_PREFIX}/include/") +set (OPENVAS_SERVER_CERTIFICATE "${CMAKE_INSTALL_PREFIX}/var/lib/openvas/CA/servercert.pem") +set (OPENVAS_SERVER_KEY "${CMAKE_INSTALL_PREFIX}/var/lib/openvas/private/CA/serverkey.pem") +set (OPENVAS_CA_CERTIFICATE "${CMAKE_INSTALL_PREFIX}/var/lib/openvas/CA/cacert.pem") set (CMAKE_BUILD Debug) set (CMAKE_VERBOSE_MAKEFILE ON) -#set (CMAKE_INSTALL_PREFIX "/home/mattm/") message ("-- Install prefix: ${CMAKE_INSTALL_PREFIX}") Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-11 12:12:43 UTC (rev 1972) +++ trunk/openvas-manager/ChangeLog 2008-12-11 14:44:44 UTC (rev 1973) @@ -1,3 +1,9 @@ +2008-12-11 Matthew Mundell <matt at mundell.ukfsn.org> + + * CMakeLists.txt: Prefix paths in variables with CMAKE_INSTALL_PREFIX. + + * src/CMakeLists.txt: Drop hard coded include paths. + 2008-12-10 Matthew Mundell <matt at mundell.ukfsn.org> * openvasmd.c: Convert tabs to spaces. Modified: trunk/openvas-manager/src/CMakeLists.txt =================================================================== --- trunk/openvas-manager/src/CMakeLists.txt 2008-12-11 12:12:43 UTC (rev 1972) +++ trunk/openvas-manager/src/CMakeLists.txt 2008-12-11 14:44:44 UTC (rev 1973) @@ -24,9 +24,6 @@ ## Program -include_directories (/usr/include/) -include_directories (/usr/local/include/) - add_executable (openvasmd openvasmd.c) exec_program (libopenvas-config From scm-commit at wald.intevation.org Thu Dec 11 15:58:18 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 11 Dec 2008 15:58:18 +0100 (CET) Subject: [Openvas-commits] r1974 - in trunk/openvas-manager: . src Message-ID: <20081211145818.A200940785@pyrosoma.intevation.org> Author: mattm Date: 2008-12-11 15:58:17 +0100 (Thu, 11 Dec 2008) New Revision: 1974 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/CMakeLists.txt trunk/openvas-manager/src/openvasmd.c Log: Standardise log file location. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-11 14:44:44 UTC (rev 1973) +++ trunk/openvas-manager/ChangeLog 2008-12-11 14:58:17 UTC (rev 1974) @@ -1,5 +1,12 @@ 2008-12-11 Matthew Mundell <matt at mundell.ukfsn.org> + * src/CMakeLists.txt: Pass CMAKE_INSTALL_PREFIX to openvasmd.c. + + * src/openvasmd.c (PREFIX): New definition. + (LOG_FILE): Standardise path. + +2008-12-11 Matthew Mundell <matt at mundell.ukfsn.org> + * CMakeLists.txt: Prefix paths in variables with CMAKE_INSTALL_PREFIX. * src/CMakeLists.txt: Drop hard coded include paths. Modified: trunk/openvas-manager/src/CMakeLists.txt =================================================================== --- trunk/openvas-manager/src/CMakeLists.txt 2008-12-11 14:44:44 UTC (rev 1973) +++ trunk/openvas-manager/src/CMakeLists.txt 2008-12-11 14:58:17 UTC (rev 1974) @@ -46,6 +46,7 @@ endif (OPENVASMD_VERSION) add_definitions (-DOPENVAS_OS_NAME=\\\"${CMAKE_SYSTEM}\\\") +add_definitions (-DPREFIX=\\\"${CMAKE_INSTALL_PREFIX}\\\") if (OPENVAS_SERVER_CERTIFICATE) add_definitions (-DSERVERCERT=\\\"${OPENVAS_SERVER_CERTIFICATE}\\\") Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2008-12-11 14:44:44 UTC (rev 1973) +++ trunk/openvas-manager/src/openvasmd.c 2008-12-11 14:58:17 UTC (rev 1974) @@ -73,6 +73,11 @@ #include <openvas/network.h> #include <openvas/plugutils.h> +/** Installation prefix. */ +#ifndef PREFIX +#define PREFIX "" +#endif + /** The name of this program. * \todo Use `program_invocation[_short]_name'? */ #define PROGNAME "openvasmd" @@ -130,7 +135,7 @@ #define LOG 1 /** Name of log file. */ -#define LOG_FILE "/tmp/openvasmd.log" +#define LOG_FILE PREFIX "/var/log/openvas/openvasmd.log" /** Trace flag. 0 to turn off all tracing messages. */ #define TRACE 1 From scm-commit at wald.intevation.org Thu Dec 11 18:28:30 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 11 Dec 2008 18:28:30 +0100 (CET) Subject: [Openvas-commits] r1975 - in trunk/openvas-manager: . src Message-ID: <20081211172830.923E54077C@pyrosoma.intevation.org> Author: mattm Date: 2008-12-11 18:28:29 +0100 (Thu, 11 Dec 2008) New Revision: 1975 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/openvasmd.c Log: Replace use of asprintf with g_strdup_printf. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-11 14:58:17 UTC (rev 1974) +++ trunk/openvas-manager/ChangeLog 2008-12-11 17:28:29 UTC (rev 1975) @@ -1,10 +1,8 @@ 2008-12-11 Matthew Mundell <matt at mundell.ukfsn.org> - * src/CMakeLists.txt: Pass CMAKE_INSTALL_PREFIX to openvasmd.c. + * src/openvasmd.c (process_omp_client_input): Replace use of asprintf + with g_strdup_printf. - * src/openvasmd.c (PREFIX): New definition. - (LOG_FILE): Standardise path. - 2008-12-11 Matthew Mundell <matt at mundell.ukfsn.org> * CMakeLists.txt: Prefix paths in variables with CMAKE_INSTALL_PREFIX. Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2008-12-11 14:58:17 UTC (rev 1974) +++ trunk/openvas-manager/src/openvasmd.c 2008-12-11 17:28:29 UTC (rev 1975) @@ -50,9 +50,6 @@ * \htmlinclude openvasmd.html */ -// FIX for asprintf -#define _GNU_SOURCE - #include <arpa/inet.h> #include <assert.h> #include <errno.h> @@ -1230,15 +1227,14 @@ { if (index->name) { - char* line; - if (asprintf (&line, "%u %s %c . . . . .\n", - index->id, - index->name, - index->running ? 'R' : 'N') - == -1) - goto out_of_memory; + gchar* line = g_strdup_printf ("%u %s %c . . . . .\n", + index->id, + index->name, + index->running ? 'R' : 'N'); + if (line == NULL) goto out_of_memory; + // FIX free line if RESPOND fails RESPOND (line); - free (line); + g_free (line); } index++; } From scm-commit at wald.intevation.org Thu Dec 11 21:05:41 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 11 Dec 2008 21:05:41 +0100 (CET) Subject: [Openvas-commits] r1976 - in trunk/openvas-manager: . src Message-ID: <20081211200541.C5FE24079C@pyrosoma.intevation.org> Author: mattm Date: 2008-12-11 21:05:41 +0100 (Thu, 11 Dec 2008) New Revision: 1976 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/openvasmd.c Log: Bring code documentation up to date. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2008-12-11 17:28:29 UTC (rev 1975) +++ trunk/openvas-manager/ChangeLog 2008-12-11 20:05:41 UTC (rev 1976) @@ -1,5 +1,9 @@ 2008-12-11 Matthew Mundell <matt at mundell.ukfsn.org> + * src/openvasmd.c: Bring code documentation up to date. + +2008-12-11 Matthew Mundell <matt at mundell.ukfsn.org> + * src/openvasmd.c (process_omp_client_input): Replace use of asprintf with g_strdup_printf. Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2008-12-11 17:28:29 UTC (rev 1975) +++ trunk/openvas-manager/src/openvasmd.c 2008-12-11 20:05:41 UTC (rev 1976) @@ -208,6 +208,7 @@ /** File descriptor set mask: selecting on server write. */ #define FD_SERVER_WRITE 8 +/** The type of the return value from \ref read_protocol. */ typedef enum { PROTOCOL_OTP, @@ -216,26 +217,58 @@ PROTOCOL_FAIL } protocol_read_t; +/** Buffer of input from the client. */ char from_client[BUFFER_SIZE]; +/** Buffer of input from the server. */ char from_server[BUFFER_SIZE]; +/** Buffer of output to the client. */ +char to_client[BUFFER_SIZE]; +/** Buffer of output to the server. */ char to_server[BUFFER_SIZE]; -char to_client[BUFFER_SIZE]; -// FIX just make pntrs? -int from_client_end = 0, from_server_end = 0; -int from_client_start = 0, from_server_start = 0; -int to_server_start = 0, to_server_end = 0; -int to_client_start = 0, to_client_end = 0; +// FIX just make these pntrs? +/** The start of the data in the \ref from_client buffer. */ +int from_client_start = 0; +/** The start of the data in the \ref from_server buffer. */ +int from_server_start = 0; +/** The end of the data in the \ref from_client buffer. */ +int from_client_end = 0; +/** The end of the data in the \ref from_server buffer. */ +int from_server_end = 0; +/** The start of the data in the \ref to_client buffer. */ +int to_client_start = 0; +/** The start of the data in the \ref to_server buffer. */ +int to_server_start = 0; +/** The end of the data in the \ref to_client buffer. */ +int to_client_end = 0; +/** The end of the data in the \ref to_server buffer. */ +int to_server_end = 0; + +/** Client login name, from OMP LOGIN. */ char* login = NULL; + +/** Client credentials, from OMP LOGIN. */ char* credentials = NULL; +/** Record of server initialisation state. */ int server_initialising = 0; /* Helper functions. */ -/** Return \ref string moved past any spaces, replacing with a terminating - NULL the first of any contiguos spaces at or before \ref end. */ +/** "Strip" spaces from either end of a string. + * + * Return the string moved past any spaces, replacing the first of any + * contiguous spaces at or before the end of the string with a terminating + * NULL. + * + * This is for use when the string points into one of the static buffers. + * + * @param[in,out] string The string to strip. + * @param[in] end Pointer to the end of the string. + * + * \return A new pointer into the string. + */ char* strip_space (char* string, char* end) { @@ -249,7 +282,12 @@ return string; } -/** Free \ref array. */ +/** Free a GPtrArray. + * + * Wrapper for g_ptr_array_free; passed to g_hash_table_new_full. + * + * @param[in] array A pointer to a GPtrArray. + */ void free_g_ptr_array (gpointer array) { @@ -259,16 +297,19 @@ /* Server state. */ +/** Structure of information about the server. */ typedef struct { - char* plugins_md5; - GHashTable* plugins_dependencies; - GHashTable* preferences; - GPtrArray* rules; + char* plugins_md5; /**< MD5 sum over all tests. */ + GHashTable* plugins_dependencies; /**< Dependencies between plugins. */ + GHashTable* preferences; /**< Server preference. */ + GPtrArray* rules; /**< Server rules. */ } server_t; +/** Information about the server. */ server_t server; +/** Possible states of the server. */ typedef enum { SERVER_DONE, @@ -282,19 +323,23 @@ SERVER_TOP } server_state_t; +/** The state of the server. */ server_state_t server_state = SERVER_TOP; /* Server preferences. */ +/** The current server preference, during reading of server preferences. */ char* current_server_preference = NULL; +/** Free any server preferences. */ void maybe_free_server_preferences () { if (server.preferences) g_hash_table_destroy (server.preferences); } +/** Create the server preferences. */ void make_server_preferences () { @@ -304,6 +349,14 @@ g_free); } +/** Add a preference to the server preferences. + * + * Both parameters are used directly (versus copying), and are freed when + * the preferences are freed. + * + * @param[in] preference The preference. + * @param[in] value The value of the preference. + */ void add_server_preference (char* preference, char* value) { @@ -313,9 +366,13 @@ /* Server plugin dependencies. */ +/** The current server plugin, during reading of server plugin dependencies. */ char* current_server_plugin_dependency_name = NULL; + +/** The plugins required by the current server plugin. */ GPtrArray* current_server_plugin_dependency_dependencies = NULL; +/** Free any server plugins dependencies. */ void maybe_free_server_plugins_dependencies () { @@ -326,6 +383,7 @@ } } +/** Make the server plugins dependencies. */ void make_server_plugins_dependencies () { @@ -336,6 +394,11 @@ free_g_ptr_array); } +/** Add a plugin to the server dependencies. + * + * @param[in] name The name of the plugin. + * @param[in] dependencies The plugins required by the plugin. + */ void add_server_plugins_dependency (char* name, GPtrArray* dependencies) { @@ -344,6 +407,10 @@ g_hash_table_insert (server.plugins_dependencies, name, dependencies); } +/** Set the current plugin. + * + * @param[in] name The name of the plugin. + */ void make_current_server_plugin_dependency (char* name) { @@ -353,6 +420,10 @@ current_server_plugin_dependency_dependencies = g_ptr_array_new (); } +/** Append a requirement to the current plugin. + * + * @param[in] dependency The name of the required plugin. + */ void append_to_current_server_plugin_dependency (char* dependency) { @@ -361,6 +432,7 @@ g_ptr_array_add (current_server_plugin_dependency_dependencies, dependency); } +/** Free any current server plugin dependency information. */ void maybe_free_current_server_plugin_dependency () { @@ -370,6 +442,7 @@ g_ptr_array_free (current_server_plugin_dependency_dependencies, TRUE); } +/** Add the current plugin to the server dependencies. */ void finish_current_server_plugin_dependency () { @@ -384,12 +457,18 @@ /* Server rules. */ +/** Free a server rule. + * + * @param[in] rule The server rule. + * @param[in] dummy Dummy parameter, to please g_ptr_array_foreach. + */ void free_rule (void* rule, void* dummy) { free (rule); } +/** Free any server rules. */ void maybe_free_server_rules () { @@ -400,12 +479,20 @@ } } +/** Create the server rules. */ void make_server_rules () { server.rules = g_ptr_array_new (); } +/** Add a rule to the server rules. + * + * The rule is used directly (versus using a copy) and is freed with the + * other server rules. + * + * @param[in] rule The rule. + */ void add_server_rule (char* rule) { @@ -416,26 +503,36 @@ /* Tasks. */ +/** A task. */ typedef struct { - unsigned int id; - char* name; /* NULL if free. */ - unsigned int time; - char* comment; - char* description; - int description_length; - int description_size; - short running; + unsigned int id; /**< Unique ID */ + char* name; /**< Name. NULL if free. */ + unsigned int time; /**< Repetition period, in seconds. */ + char* comment; /**< Comment associated with task. */ + char* description; /**< Description. */ + int description_length; /**< Length of description. */ + int description_size; /**< Actual size allocated for description. */ + short running; /**< Flag: 0 initially, 1 if running. */ } task_t; +/** Reallocation increment for the tasks array. */ #define TASKS_INCREMENT 1024 + +/** Current client task during OMP NEW_TASK or MODIFY_TASK. */ task_t* current_client_task = NULL; -task_t* current_server_task = NULL; + +/** The array of all defined tasks. */ task_t* tasks = NULL; + +/** The size of the \ref tasks array. */ unsigned int tasks_size = 0; + +/** The number of the defined tasks. */ unsigned int num_tasks = 0; #if TRACE +/** Print the server tasks. */ void print_tasks () { @@ -458,6 +555,7 @@ } #endif +/** Grow the array of tasks. */ int grow_tasks () { @@ -479,6 +577,7 @@ return 0; } +/** Free all tasks and the array of tasks. */ void free_tasks () { @@ -505,6 +604,17 @@ tasks = NULL; } +/** Make a task. + * + * The char* parameters name and comment are used directly and freed + * when the task is freed. + * + * @param[in] name The name of the task. + * @param[in] time The period of the task, in seconds. + * @param[in] comment A comment associated the task. + * + * \return A pointer to the new task or NULL when out of memory. + */ task_t* make_task (char* name, unsigned int time, char* comment) { @@ -536,6 +646,12 @@ goto retry; } +/** Find a task. + * + * @param[in] id A task identifier. + * + * \return A pointer to the task with the given ID. + */ task_t* find_task (unsigned int id) { @@ -548,6 +664,16 @@ return NULL; } +/** Modify a task. + * + * The char* parameters are used directly and freed when the task is + * freed. + * + * @param[in] task A pointer to a task. + * @param[in] name The new name for the task. + * @param[in] time The new period for the task, in seconds. + * @param[in] comment A new comment associcated with the task. + */ void modify_task (task_t* task, char* name, unsigned int time, char* comment) { @@ -559,6 +685,10 @@ task->description_length = 0; } +/** Send a message to the server. + * + * @param[in] msg The message, a string. + */ #define TO_SERVER(msg) \ do \ { \ @@ -570,6 +700,12 @@ } \ while (0) +/** Start a task. + * + * @param task A pointer to the task. + * + * \return 0 on success, -1 if out of space in \ref to_server buffer. + */ int start_task (task_t* task) { @@ -609,8 +745,15 @@ return -1; } +/** Reallocation increment for a task description. */ #define DESCRIPTION_INCREMENT 4096 +/** Increase the memory allocated for a task description. + * + * @param task A pointer to the task. + * + * \return 0 on success, -1 if out of memory. + */ int grow_description (task_t* task) { @@ -622,6 +765,14 @@ return 0; } +/** Add a line to a task description. + * + * The line memory is used directly, and freed with the task. + * + * @param[in] task A pointer to the task. + * @param[in] line The line. + * @param[in] line_length The length of the line. + */ int add_task_description_line (task_t* task, char* line, int line_length) { @@ -961,6 +1112,10 @@ /* OpenVAS Management Protocol (OMP). */ +/** Send a response message to the client. + * + * @param[in] msg The message, a string. + */ #define RESPOND(msg) \ do \ { \ From scm-commit at wald.intevation.org Fri Dec 12 09:46:28 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 12 Dec 2008 09:46:28 +0100 (CET) Subject: [Openvas-commits] r1977 - trunk/doc/website Message-ID: <20081212084628.A4FBC407A5@pyrosoma.intevation.org> Author: mwiegand Date: 2008-12-12 09:46:28 +0100 (Fri, 12 Dec 2008) New Revision: 1977 Modified: trunk/doc/website/roadmap.htm4 Log: Fixed broken link in roadmap. Modified: trunk/doc/website/roadmap.htm4 =================================================================== --- trunk/doc/website/roadmap.htm4 2008-12-11 20:05:41 UTC (rev 1976) +++ trunk/doc/website/roadmap.htm4 2008-12-12 08:46:28 UTC (rev 1977) @@ -31,7 +31,7 @@ <p> This is the current (December 2008) status of the roadmap for OpenVAS. More detailed information on upcoming changes and current efforts can be found on the -<a href="openvas-crs.htm4">Change Requests page</a>. +<a href="openvas-crs.html">Change Requests page</a>. <p> <h3>December 2008: Release OpenVAS 2.0.0</h3> From scm-commit at wald.intevation.org Fri Dec 12 13:36:19 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 12 Dec 2008 13:36:19 +0100 (CET) Subject: [Openvas-commits] r1978 - in trunk/openvas-client: . nessus nessus/prefs_dialog po src/gui src/openvas-lib Message-ID: <20081212123619.4588D4073A@pyrosoma.intevation.org> Author: felix Date: 2008-12-12 13:36:17 +0100 (Fri, 12 Dec 2008) New Revision: 1978 Added: trunk/openvas-client/src/gui/ssh_keys_dialog.c trunk/openvas-client/src/gui/ssh_keys_dialog.h trunk/openvas-client/src/openvas-lib/openvas_ssh_login.c trunk/openvas-client/src/openvas-lib/openvas_ssh_login.h Modified: trunk/openvas-client/MANIFEST trunk/openvas-client/nessus/comm.c trunk/openvas-client/nessus/comm.h trunk/openvas-client/nessus/context.c trunk/openvas-client/nessus/context.h trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c trunk/openvas-client/po/POTFILES trunk/openvas-client/src/gui/Makefile Log: Infrastructure for second step for CR #20 (ssh key management in client) (http://www.openvas.net/openvas-cr-20.html). Only in GUI, not feature- complete. * src/openvas-lib/openvas_ssh_login.h, src/openvas-lib/openvas_ssh_login.c : New file, handles login information (in mem, storing, loading), can create public and private keys. * src/gui/ssh_keys_dialog.h, src/gui/ssh_keys_dialog.c : New file, shows GUI to add and manage ssh login information. * Makefile, src/gui/Makefile : Added targets for new files. * MANIFEST : Added new files. * po/POTFILES : Added ssh_keys_dialog.c and comm.h. * nessus/comm.h : Changed credentials symbol (preferenc types have 9 char contraint), added NO_SSH_LOGIN_SELECTED define. * nessus/prefs_dialog/prefs_dialog.c : Comments improved. * nessus/prefs_dialog/prefs_dialog.c (get_plugin_radio_pref) : extracted method. * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_apply_plugin_prefs) : use of extracted method, build up combobox for ssh_logins. * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c : Comments improved. * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c (pprefs_add_sshcredentials, add_key_to_combobox_cb) : Fill combobox with values from sshlogin hash table of Global context * nessus/prefs_dialog/prefs_dialog_prefs.c (ssh_management_button_cb, prefs_dialog_prefs ) : Added and hooked up button to show key management * nessus/context.c (context_pickup_sshkeys) : Added includes, pick up keys via openvas_ssh_login_file_read and only if Global context. * nessus/context.c (check_is_file, check_exists, check_is_dir) : Commented. * nessus/context.h : Replaced list for ssh key infos by hashtable. * nessus/comm.c (gui_comm_send_preferences) : Added support for new preference type (gui only). Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/MANIFEST 2008-12-12 12:36:17 UTC (rev 1978) @@ -203,6 +203,8 @@ src/gui/about_dlg.h src/gui/error_dlg.c src/gui/error_dlg.h +src/gui/ssh_keys_dialog.c +src/gui/ssh_keys_dialog.h src/gui/slad_install.h src/gui/slad_install.c src/gui/treeview_support.h @@ -213,6 +215,8 @@ src/openvas-lib/openvas_certificates.h src/openvas-lib/openvas_certificate_file.h src/openvas-lib/openvas_certificate_file.c +src/openvas-lib/openvas_ssh_login.c +src/openvas-lib/openvas_ssh_login.h src/README src/xpm/logo_bsi_de.xpm src/xpm/logo_bsi.xpm Modified: trunk/openvas-client/nessus/comm.c =================================================================== --- trunk/openvas-client/nessus/comm.c 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/nessus/comm.c 2008-12-12 12:36:17 UTC (rev 1978) @@ -46,6 +46,7 @@ #include "globals.h" #include "error_dlg.h" #include "openvas_certificates.h" +#include "openvas_ssh_login.h" #include "plugin_cache.h" #ifndef MIN @@ -760,6 +761,36 @@ { files_to_send = g_slist_prepend(files_to_send, value); } + + if(!strcmp(type, PREF_SSH_CREDENTIALS)) + { + if(strcmp(value, NO_SSH_LOGIN_SELECTED ) == 0) + { + network_printf(context->socket, "%s[%s]:%s <|> %s\n", plugs->name, type, name, "NO_SSH_KEY"); + } + else + { + openvas_ssh_login* selected_login = + g_hash_table_lookup(Global->sshkeys, value); + if(selected_login != NULL) + { + char* valuestring = openvas_ssh_login_prefstring(selected_login); + network_printf(context->socket, "%s[%s]:%s <|> %s\n", plugs->name, type, name, valuestring); + efree(&valuestring); + // Add the pub and private key to list of files to send + files_to_send = g_slist_prepend(files_to_send, + selected_login->public_key_path); + files_to_send = g_slist_prepend(files_to_send, + selected_login->private_key_path); + } + else + { + network_printf(context->socket, "%s[%s]:%s <|> %s\n", plugs->name, type, name, "NO_SSH_KEY"); + } + } + + } + plugin_prefs = plugin_prefs->next; } plugs = plugs->next; Modified: trunk/openvas-client/nessus/comm.h =================================================================== --- trunk/openvas-client/nessus/comm.h 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/nessus/comm.h 2008-12-12 12:36:17 UTC (rev 1978) @@ -36,7 +36,8 @@ #define PREF_RADIO "radio" #define PREF_PASSWORD "password" #define PREF_FILE "file" -#define PREF_SSH_CREDENTIALS "sshcredentials" +#define PREF_SSH_CREDENTIALS "sshlogin" +#define NO_SSH_LOGIN_SELECTED _("Select SSH Login") #include "context.h" Modified: trunk/openvas-client/nessus/context.c =================================================================== --- trunk/openvas-client/nessus/context.c 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/nessus/context.c 2008-12-12 12:36:17 UTC (rev 1978) @@ -27,6 +27,7 @@ #include "plugin_cache.h" #include "comm.h" #include "openvas_certificate_file.h" +#include "openvas_ssh_login.h" #ifdef USE_GTK #include <gtk/gtk.h> @@ -251,33 +252,22 @@ /** - * Adds all filenames from the directory sshdir (usually contex/scope/.ssh) - * to the contexts sshkeys list. + * Load all ssh login information from the directory sshdir + * (usually contex/scope/.ssh) to the contexts sshkeys hashtable. * @param context The context that shall get the sshkey filenames added. * @param sshdir Directory to scan for files. */ static void context_pickup_sshkeys(struct context* context, const char* sshdir) { - GDir* dir; - dir = g_dir_open(sshdir, 0, NULL); - // Add all (non directory) file names to list - if(dir != NULL) - { - gchar* file; - while( (file = (gchar*) g_dir_read_name(dir)) ) - { - char* dir_check = g_build_filename(sshdir, file, NULL); - - if(!check_is_dir(dir_check)) - context->sshkeys = g_slist_prepend(context->sshkeys, estrdup(file)); - - efree(&dir_check); - } + char* loginsfile = g_build_filename(sshdir, ".logins", NULL); + GHashTable* loginfos = openvas_ssh_login_file_read(loginsfile); + efree(&loginsfile); - g_dir_close(dir); - } - // else we could not open the directory + if(context->sshkeys != NULL) + g_hash_table_destroy(context->sshkeys); + + context->sshkeys = loginfos; } /** @@ -312,7 +302,9 @@ found and "no hit" */ if(check_is_dir(path) && strcmp(file, ".ssh") == 0) { - context_pickup_sshkeys(context, path); + // Just the global context respects .ssh subfolders + if( context->type == CONTEXT_GLOBAL) + context_pickup_sshkeys(context, path); } else if(context->type < CONTEXT_REPORT && check_is_dir(path)) { @@ -777,10 +769,11 @@ /** - * replacements for g_file_test which is unreliable on windows + * Replacement for g_file_test which is unreliable on windows * if nessus and gtk are compiled with a different libc. * * FIXME: handle symbolic links + * @return 1 if file exists, 0 otherwise. */ int check_exists(name) @@ -794,6 +787,11 @@ return 1; } +/** + * Replacement for g_file_test which is unreliable on windows + * if nessus and gtk are compiled with a different libc. + * FIXME: handle symbolic links + */ int check_is_file(name) const char *name; @@ -806,6 +804,13 @@ return(S_ISREG(sb.st_mode)); } +/** + * Replacement for g_file_test which is unreliable on windows + * if nessus and gtk are compiled with a different libc. + * + * FIXME: handle symbolic links + * @return 0 if parameter is directory, 1 if it is not (or does not exist). + */ int check_is_dir(name) const char *name; Modified: trunk/openvas-client/nessus/context.h =================================================================== --- trunk/openvas-client/nessus/context.h 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/nessus/context.h 2008-12-12 12:36:17 UTC (rev 1978) @@ -78,8 +78,8 @@ #endif /** Maps openvas_certificate* (value) to their fingerprints (key). */ GHashTable* signer_fp_certificates; - /** List of the names of ssh public key files in scope/.ssh subfolder */ - GSList* sshkeys; + /** Maps names of ssh public key information bundles to openvas_ssh_logins */ + GHashTable* sshkeys; /* Reports may have plugin information too. They can be quite large, * so we avoid loading them.*/ /** Indicates whether the plugin information has been loaded. */ Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2008-12-12 12:36:17 UTC (rev 1978) @@ -86,7 +86,7 @@ static void prefs_dialog_set_tooltips(struct arglist *); /** - * launch the users manual pdf document with the configure + * Launch the users manual pdf document with the configured * pdf viewer. */ void @@ -105,9 +105,8 @@ "share\\doc\\openvas-manual"); #endif /* CYGWIN */ - /* the pdf file is covered by gettext to allow - * speficication of translation in the respective po - * files rather than in the source code. */ + /* PDF file path. String is covered by gettext to allow speficication of + * translation in the respective po files rather than in the source code. */ char * fname = _("users-manual.pdf"); char * path = g_build_filename(dir, fname, NULL); @@ -116,7 +115,7 @@ } /** - * Save the current global settings to ~/.nessusrc + * Save the current global settings to ~/.openvasrc . */ void save_global_settings(menuitem, ctrls) @@ -132,7 +131,7 @@ } /** - * Toggle Toolbar on/off + * Toggle Toolbar on/off. */ void toggle_toolbar(menuitem, ctrls) @@ -154,7 +153,7 @@ } /** - * Toggle Message-Log on/off + * Toggle Message-Log on/off. */ void toggle_msglog(menuitem, ctrls) @@ -302,7 +301,8 @@ } /** - * Draws the preferences dialog of the OpenVAS client + * Draws the preferences dialog of the OpenVAS client. + * Also init and draw the OpenVAS client. */ void prefs_dialog_setup(context) @@ -1401,8 +1401,47 @@ } } +/** + * Creates a string from plugin preference radiobuttons. + * @param list Value of arg_get_value(pref->value, "RADIOBUTTONS) + * @param pref The plugin preference + * @returns Plugin preference string for a radiobutton selection. + */ +static char* get_plugin_radio_pref(GSList* list, struct arglist* pref) +{ + char* value = NULL; + /* First pass: find the active entry */ + while (list) + { + GtkWidget *button = list->data; + if (GTK_TOGGLE_BUTTON(button)->active) + { + value = estrdup(gtk_object_get_data(GTK_OBJECT(button), "name")); + break; + } + list = list->next; + } + /* Second pass: find all other entries and append them separated with ";" */ + list = arg_get_value(pref->value, "RADIOBUTTONS"); + while (list) + { + GtkWidget *button = list->data; + + if (! GTK_TOGGLE_BUTTON(button)->active) + { + char * v = gtk_object_get_data(GTK_OBJECT(button), "name"); + value = (char *) erealloc((void *)value, (size_t) (strlen(value) + strlen(";") + strlen(v) + 1)); + strcat(value, ";"); + strcat(value, v); + } + list = list->next; + } + return value; +} + /** + * Applies the input from the plugins preferences widgets to the arglists. * XXX Warning: * saves to context->plugins and context->scanners, * NOT to context->prefs["PLUGINS_PREFS"] @@ -1448,45 +1487,27 @@ } else if(!strcmp(type, PREF_RADIO)) { - GSList *list = NULL; - char * value = NULL; + GSList *list = NULL; + char * value = NULL; - list = arg_get_value(pref->value, "RADIOBUTTONS"); + list = arg_get_value(pref->value, "RADIOBUTTONS"); - if (list) - { - /* First pass: find the active entry */ - while (list) - { - GtkWidget *button = list->data; - - if (GTK_TOGGLE_BUTTON(button)->active) + if (list) { - value = estrdup(gtk_object_get_data(GTK_OBJECT(button), "name")); - break; + value = get_plugin_radio_pref(list, pref); } - list = list->next; - } - /* Second pass: find all other entries and append - * them separated with ";" */ - list = arg_get_value(pref->value, "RADIOBUTTONS"); - while (list) + if(value) + arg_set_value(pref->value, "value", strlen(value), value); + } + else if (!strcmp(type, PREF_SSH_CREDENTIALS)) { - GtkWidget *button = list->data; - - if (! GTK_TOGGLE_BUTTON(button)->active) + GtkWidget* combobox = arg_get_value(pref->value, "COMBOBOX"); + if(combobox) { - char * v = gtk_object_get_data(GTK_OBJECT(button), "name"); - value = (char *) erealloc((void *)value, (size_t) (strlen(value) + strlen(";") + strlen(v) + 1)); - strcat(value, ";"); - strcat(value, v); + char* selkey = gtk_combo_box_get_active_text(GTK_COMBO_BOX(combobox)); + arg_set_value(pref->value, "value", strlen(selkey), estrdup(selkey)); } - list = list->next; } - } - if(value) - arg_set_value(pref->value, "value", strlen(value), value); - } } pref = pref->next; } Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_plugins_prefs.c 2008-12-12 12:36:17 UTC (rev 1978) @@ -40,7 +40,6 @@ #include "nessus_i18n.h" - static GtkWidget * pprefs_add_notebook_page(struct arglist *, char *, int); static void pprefs_add_entry(struct arglist *, struct arglist *, char *, GtkWidget*); static void pprefs_add_password(struct arglist *, struct arglist *, char *, GtkWidget*); @@ -128,6 +127,8 @@ /** * Fill the plugin preferences (and credentials) pages with the corresponding * widgets and values. + * Widgets are added dynamically, based on the plugin preference type, e.g. + * for a PREF_CHECKBOX pprefs_add_checkbox() is called. * @param context The context to use. * @param ctrls Arglist holding the notebook page widgets. * @param plugins Plugin list. @@ -156,7 +157,7 @@ { notebook_vbox = pprefs_add_notebook_page(ctrls, plugs->name, 1); } - + // For each preference of this plugin, add the widget. while(prefs && prefs->next) { char *type, *value; @@ -422,7 +423,19 @@ return value; } + /** + * Callback to add a key from a GHashTable to a Combobox. + * @param key Will be added to combobox. + * @param value --ignored-- (callback) + */ +static void +add_key_to_combobox_cb(char* key, gpointer value, GtkWidget* combobox) +{ + gtk_combo_box_append_text(GTK_COMBO_BOX(combobox), key); +} + +/** * Function to add a "ssh-credentials combo box" to select a ssh key. */ static void @@ -433,7 +446,6 @@ GtkWidget* text; GtkWidget* hbox; char *name = pref->name; - GSList* list_iter = NULL; value = get_pref_value(pref, pprefs, value); @@ -446,19 +458,15 @@ gtk_widget_show(text); combobox = gtk_combo_box_new_text (); - gtk_combo_box_append_text (GTK_COMBO_BOX(combobox), _("No SSH Key selected")); - // Add file names (e.g. of future context->sshkeys) to combo box - list_iter = NULL; + gtk_combo_box_append_text (GTK_COMBO_BOX(combobox), NO_SSH_LOGIN_SELECTED); - while(list_iter != NULL) - { - gtk_combo_box_append_text(GTK_COMBO_BOX(combobox), (char*) list_iter->data); - list_iter = list_iter->next; - } + // Add all the known accounts to combobox + g_hash_table_foreach(Global->sshkeys, (GHFunc) add_key_to_combobox_cb, combobox); gtk_combo_box_set_active(GTK_COMBO_BOX(combobox), 0); gtk_box_pack_end(GTK_BOX(hbox), combobox, TRUE, TRUE, 5); gtk_widget_show(combobox); + arg_add_value(pref->value, "COMBOBOX", ARG_PTR, -1, combobox); } static void Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c 2008-12-12 12:36:17 UTC (rev 1978) @@ -25,8 +25,18 @@ #include "nessus_i18n.h" #include "context.h" #include "preferences.h" +#include "ssh_keys_dialog.h" /** + * Callback function for the button to open SSH Key Management. + * Calls openvas_ssh_keys_ui or so + */ +static void ssh_management_button_cb(GtkWidget* super, struct arglist* ctrls ) +{ + ssh_keys_dialog_show(); +} + +/** * Build and run the preferences Dialog. In case of finishing the * dialog with OK, store the changed preferences data. * @param menuitem Not required here, but mandatory since function is connected @@ -55,6 +65,7 @@ GtkWidget * entry_url_nessus; GtkWidget * entry_url_cve; GtkWidget * entry_url_bid; + GtkWidget * ssh_management_button; /* GtkTooltips * tooltips = GTK_TOOLTIPS(arg_get_value(ctrls, "TOOLTIPS")); */ @@ -265,13 +276,26 @@ prefs_get_string(Global, "url_bid")); gtk_table_attach_defaults(GTK_TABLE(table), entry_url_bid, 1, 2, 2, 3); - + /* SSH Key Management */ + frame = gtk_frame_new(_("SSH Key Management")); + gtk_widget_show(frame); + gtk_box_pack_start_defaults(GTK_BOX(vbox), frame); + + ssh_management_button = gtk_button_new_with_label(_("Open SSH Key Management")); + gtk_widget_show(ssh_management_button); + gtk_container_add (GTK_CONTAINER (frame), ssh_management_button); + + g_signal_connect(GTK_OBJECT(ssh_management_button), "clicked", + (GtkSignalFunc) ssh_management_button_cb, + (void*) ctrls); + /* frame = gtk_frame_new(_("Debug")); gtk_widget_show(frame); gtk_box_pack_start_defaults(GTK_BOX(vbox), frame); */ + /* Run the dialog and store values if OK was pressed. */ switch (gtk_dialog_run(GTK_DIALOG(dialog))) { case GTK_RESPONSE_OK: Modified: trunk/openvas-client/po/POTFILES =================================================================== --- trunk/openvas-client/po/POTFILES 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/po/POTFILES 2008-12-12 12:36:17 UTC (rev 1978) @@ -2,6 +2,8 @@ src/gui/about_dlg.c src/gui/error_dlg.c src/gui/slad_install.c +src/gui/ssh_keys_dialog.c +nessus/comm.h nessus/comm.c nessus/context.c nessus/backend.c @@ -36,4 +38,4 @@ nessus/prefs_dialog/prefs_scope_tree.c nessus/prefs_dialog/prefs_options.c nessus/prefs_dialog/prefs_plugins.c -nessus/prefs_dialog/prefs_target.c +nessus/prefs_dialog/prefs_target.c \ No newline at end of file Modified: trunk/openvas-client/src/gui/Makefile =================================================================== --- trunk/openvas-client/src/gui/Makefile 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/src/gui/Makefile 2008-12-12 12:36:17 UTC (rev 1978) @@ -36,7 +36,7 @@ include ../../nessus.tmpl GTKLIBS= $(GTKCONFIG_LIBS) -INCLUDE = ${include} $(GTKCONFIG_CFLAGS) -I../../nessus -I.. +INCLUDE = ${include} $(GTKCONFIG_CFLAGS) -I../../nessus -I.. -I../../nessus/prefs_dialog -I../openvas-lib NESSUS_INCLUDE=`sh ./cflags` CFLAGS+=-Wall @@ -48,7 +48,7 @@ LDFLAGS+=-mwindows endif -OBJS=about_dlg.o error_dlg.o slad_install.o treeview_support.o +OBJS=about_dlg.o error_dlg.o slad_install.o ssh_keys_dialog.o treeview_support.o all : cflags $(OBJS) @@ -69,6 +69,9 @@ slad_install.o : cflags slad_install.c $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c slad_install.c +ssh_keys_dialog.o : cflags ssh_keys_dialog.c + $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ssh_keys_dialog.c + treeview_support.o : cflags treeview_support.c $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c treeview_support.c Added: trunk/openvas-client/src/gui/ssh_keys_dialog.c =================================================================== --- trunk/openvas-client/src/gui/ssh_keys_dialog.c 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/src/gui/ssh_keys_dialog.c 2008-12-12 12:36:17 UTC (rev 1978) @@ -0,0 +1,422 @@ +/* OpenVAS-Client + * $Id$ + * Description: The ssh key management dialog. + * + * Authors: + * Felix Wolfsteller <felix.wolfsteller at intevation.de> + * + * Copyright: + * Copyright (C) 2008 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +#include <includes.h> +#include "nessus_i18n.h" + +#ifdef USE_GTK +#include <gtk/gtk.h> +#include "error_dlg.h" +#include "listnotebook.h" +#include "openvas_ssh_login.h" +#include "preferences.h" +#include "ssh_keys_dialog.h" + +/** + * Chars used with g_strcanon to produce valid file paths. + */ +#define LEGAL_FILENAME_CHARS "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVXYZ1234567890_./" + +/** + * Fills a ssh_login_form with values of a openvas_ssh_login struct and sets + * text fields (gtk_entries) to be non-editable. + * @param form The initialized ssh_login_form. + * @param loginfo The openvas_ssh_login struct to take values from. + */ +static void +ssh_login_form_fill(ssh_login_form* form, openvas_ssh_login* loginfo) +{ + gtk_entry_set_text(GTK_ENTRY(form->name), loginfo->name); + gtk_entry_set_text(GTK_ENTRY(form->username), loginfo->username); + gtk_entry_set_text(GTK_ENTRY(form->userpassword), loginfo->userpassword); + gtk_entry_set_text(GTK_ENTRY(form->public_key_path), loginfo->public_key_path); + gtk_entry_set_text(GTK_ENTRY(form->private_key_path), loginfo->private_key_path); + gtk_entry_set_text(GTK_ENTRY(form->comment), loginfo->comment); + gtk_entry_set_text(GTK_ENTRY(form->ssh_key_passphrase), loginfo->ssh_key_passphrase); + + gtk_entry_set_editable(GTK_ENTRY(form->name), FALSE); + gtk_entry_set_editable(GTK_ENTRY(form->username), FALSE); + gtk_entry_set_editable(GTK_ENTRY(form->userpassword), FALSE); + gtk_entry_set_editable(GTK_ENTRY(form->public_key_path), FALSE); + gtk_entry_set_editable(GTK_ENTRY(form->private_key_path), FALSE); + gtk_entry_set_editable(GTK_ENTRY(form->comment), FALSE); + gtk_entry_set_editable(GTK_ENTRY(form->ssh_key_passphrase), FALSE); +} + + +/** + * Fills filenames into the two filename entries in a ssh_login_form. + * The filenames are generated from the name of the ssh_login account. + * This function is a callback function for the entry holding this name and + * called at each key stroke + * @param entry Gtk Entry (callback). + * @param form ssh_login for of which the filename entries shall be filled. + */ +static void +name_typed_in_cb(GtkEntry *entry, ssh_login_form* form) +{ + const char* name = gtk_entry_get_text(entry); + + char* home = prefs_get_nessushome(); + int lenhomesshname = strlen(home) + strlen("/.openvas") + strlen("/.ssh/") + strlen(name); + + char* pubkey_path = emalloc( lenhomesshname + 1); + char* privkey_path = emalloc( lenhomesshname + strlen(".p8") + 1); + + sprintf(pubkey_path, "%s/.openvas/.ssh/%s", home, name); + sprintf(privkey_path, "%s/.openvas/.ssh/%s.p8", home, name); + + // Instead of using g_strcanon, g_build_filename () could be used. + gtk_entry_set_text(GTK_ENTRY(form->public_key_path), + g_strcanon( pubkey_path, LEGAL_FILENAME_CHARS, '_')); + gtk_entry_set_text(GTK_ENTRY(form->private_key_path), + g_strcanon( privkey_path, LEGAL_FILENAME_CHARS, '_')); +} + + +/** + * Initializes a ssh_login_form, that is a gtk_box with labels, text entries and + * buttons, reflecting data of a openvas_ssh_login. + * This is the only way to initialize a ssh_login_form. + * Values of an openvas_ssh_login can be inserted quickly, calling + * ssh_login_form_fill. + * Similarly, the an openvas_ssh_login can be created using this values by + * calling ssh_login_form_produce_login. + * Before trying to create keypairs for this openvas_ssh_login, the input should + * be validated (ssh_login_form_validated). + * + * @return Fresh ssh_login_form. + */ +static ssh_login_form* +ssh_login_form_create() +{ + GtkWidget* label; + GtkWidget* table; + + ssh_login_form* form = emalloc (sizeof(ssh_login_form)); + + /* Init dynamical content */ + form->box = gtk_vbox_new(TRUE, 5); + + form->name = gtk_entry_new(); + gtk_entry_set_text(GTK_ENTRY(form->name), ""); + + form->username = gtk_entry_new(); + gtk_entry_set_text(GTK_ENTRY(form->username), ""); + + form->userpassword = gtk_entry_new(); + gtk_entry_set_visibility(GTK_ENTRY(form->userpassword), FALSE); + gtk_entry_set_text(GTK_ENTRY(form->userpassword), ""); + + form->public_key_path = gtk_entry_new(); + gtk_entry_set_text(GTK_ENTRY(form->public_key_path), ""); + + form->private_key_path = gtk_entry_new(); + gtk_entry_set_text(GTK_ENTRY(form->private_key_path), ""); + + form->ssh_key_passphrase= gtk_entry_new(); + gtk_entry_set_visibility(GTK_ENTRY(form->ssh_key_passphrase), FALSE); + gtk_entry_set_text(GTK_ENTRY(form->ssh_key_passphrase), ""); + + form->comment = gtk_entry_new(); + gtk_entry_set_text(GTK_ENTRY(form->comment), ""); + + /* Setup layouting table */ + int row = 1; + int col = 1; + table = gtk_table_new(7, 2, FALSE); + gtk_box_pack_start(GTK_BOX(form->box), table, FALSE, FALSE, 5); + + /* Start packing */ + label = gtk_label_new(_("Account name:")); + gtk_table_attach_defaults(GTK_TABLE(table), label, col, col+1, row, row+1); + col++; + gtk_table_attach_defaults(GTK_TABLE(table), form->name, col, col+1, row, row+1); + g_signal_connect(GTK_OBJECT(form->name), "changed", (GtkSignalFunc) name_typed_in_cb, form); + + row++; + col = 1; + label = gtk_label_new(_("SSH login name:")); + gtk_table_attach_defaults(GTK_TABLE(table), label, col, col+1, row, row+1); + col++; + gtk_table_attach_defaults(GTK_TABLE(table), form->username, col, col+1, row, row+1); + + row++; + col = 1; + label = gtk_label_new(_("SSH password (unsafe!):")); + gtk_table_attach_defaults(GTK_TABLE(table), label, col, col+1, row, row+1); + col++; + gtk_table_attach_defaults(GTK_TABLE(table), form->userpassword, col, col+1, row, row+1); + + row++; + col = 1; + label = gtk_label_new(_("SSH public key:")); + gtk_table_attach_defaults(GTK_TABLE(table), label, col, col+1, row, row+1); + col++; + gtk_table_attach_defaults(GTK_TABLE(table), form->public_key_path, col, col+1, row, row+1); + col++; + + row++; + col = 1; + label = gtk_label_new(_("SSH private key:")); + gtk_table_attach_defaults(GTK_TABLE(table), label, col, col+1, row, row+1); + col++; + gtk_table_attach_defaults(GTK_TABLE(table), form->private_key_path, col, col+1, row, row+1); + col++; + + row++; + col = 1; + label = gtk_label_new(_("SSH key passphrase:")); + gtk_table_attach_defaults(GTK_TABLE(table), label, col, col+1, row, row+1); + col++; + gtk_table_attach_defaults(GTK_TABLE(table), form->ssh_key_passphrase, col, col+1, row, row+1); + + row++; + col = 1; + label = gtk_label_new(_("Comment:")); + gtk_table_attach_defaults(GTK_TABLE(table), label, col, col+1, row, row+1); + col++; + gtk_table_attach_defaults(GTK_TABLE(table), form->comment, col, col+1, row, row+1); + + return form; +} + + +/** + * Validates the input of entries in a ssh_login_form. + * @param form Form to be checked. + * @return FALSE if something should be corrected (shows info message what), + * TRUE if values seem ok. + */ +static gboolean +ssh_login_form_validated(ssh_login_form* form) +{ + // Following strings belong to the gtk widgets, do not touch them + const char* passphrase = gtk_entry_get_text(GTK_ENTRY(form->ssh_key_passphrase)); + const char* comment = gtk_entry_get_text(GTK_ENTRY(form->comment)); + const char* uname = gtk_entry_get_text(GTK_ENTRY(form->username)); + const char* name = gtk_entry_get_text(GTK_ENTRY(form->name)); + + // Validate from top to bottom (in gui) + if(strlen(name) < 4){ + show_info(_("Please provide a better name.")); + return FALSE; + } + + if(strlen(uname) < 4) + { + show_info(_("Please provide a longer username.")); + return FALSE; + } + + if(strlen(passphrase) < 5){ + show_info(_("Please provide a passphrase with more then 5 characters.")); + return FALSE; + } + + if(strlen(comment) < 4) + { + show_info(_("Please provide a better comment for public key.")); + return FALSE; + } + + if(strstr(comment," ") == 0) + { + show_info(_("Comment must not contain spaces.")); + return FALSE; + } + + return TRUE; +} + + +/** + * Initializes a openvas_ssh_login with the values of a ssh_login_form. + * @param form The ssh_login_form to take values from. + * @return A fresh openvas_ssh_login, filled with the values of a ssh_login_form. + */ +static openvas_ssh_login* +ssh_login_form_produce_login(ssh_login_form* form) +{ + // Following strings belong to the gtk widgets, do not touch them + const char* pubkey_file = gtk_entry_get_text(GTK_ENTRY(form->public_key_path)); + const char* privkey_file = gtk_entry_get_text(GTK_ENTRY(form->private_key_path)); + const char* passphrase = gtk_entry_get_text(GTK_ENTRY(form->ssh_key_passphrase)); + const char* comment = gtk_entry_get_text(GTK_ENTRY(form->comment)); + const char* uname = gtk_entry_get_text(GTK_ENTRY(form->username)); + const char* upass = gtk_entry_get_text(GTK_ENTRY(form->userpassword)); + const char* name = gtk_entry_get_text(GTK_ENTRY(form->name)); + + openvas_ssh_login* loginfo = openvas_ssh_login_new(estrdup(name), estrdup(pubkey_file), + estrdup(privkey_file), estrdup(passphrase), + estrdup(comment), estrdup(uname), estrdup(upass)); + return loginfo; +} + + +/** + * Creates a ssh_login_form from an openvas_ssh_login and adds it as a page to + * a Listnotebook. + * @param _ignored --ignored-- (might be non-NULL if used as callback). + * @param login Login to create a form from. + * @param listnotebook Listnotebook to add the page to. + */ +static void +ssh_keys_dialog_add_key(char* _ignored, openvas_ssh_login* login, + GtkWidget* listnotebook) +{ + ssh_login_form* form = ssh_login_form_create(); + ssh_login_form_fill(form, login); + listnotebook_add_page(listnotebook, form->box, login->name, NULL); + gtk_widget_show_all(listnotebook); +} + + +/** + * Prompts the user for information about a new ssh login. + * (Shows a dialog with an editable ssh_login_form). + * The listnotebook parameter is passed on to the dialog. + * If creation of a ssh keypair was successfull, information about the + * openvas_ssh_login will be added to the notebook. + * @param parent --ignored-- (might be non-NULL if used as callback). + * @param notebook Listnotebook to add a page to if ssh keypair generation was + * successfull. + */ +static void +ssh_keys_dialog_prompt_new(GtkWidget* parent, GtkWidget* notebook) +{ + GtkWidget* dialog; + GtkWidget* content_area; + ssh_login_form* form; + form = ssh_login_form_create(); + + dialog = gtk_dialog_new_with_buttons(_("OpenVAS SSH Key Management"), + NULL, + GTK_DIALOG_MODAL + | GTK_DIALOG_DESTROY_WITH_PARENT, + GTK_STOCK_OK, + GTK_RESPONSE_OK, + GTK_STOCK_CANCEL, + GTK_RESPONSE_CANCEL, + NULL); + + content_area = GTK_DIALOG(dialog)->vbox; + gtk_container_add (GTK_CONTAINER (content_area), form->box ); + + gtk_window_set_default_size(GTK_WINDOW(dialog), 640, 240); + gtk_widget_show_all(dialog); + + gint result = gtk_dialog_run (GTK_DIALOG (dialog)); + while (result == GTK_RESPONSE_OK && ssh_login_form_validated(form) == FALSE ) + result = gtk_dialog_run(GTK_DIALOG(dialog)); + switch (result) + { + case GTK_RESPONSE_OK: + { + // Check entries + openvas_ssh_login* loginfo = ssh_login_form_produce_login(form); + if( openvas_ssh_login_create(loginfo) == FALSE) + { + //Error should have been shown by openvas_ssh_login_create function + break; + } + + if(Global->sshkeys == NULL) + Global->sshkeys = g_hash_table_new_full(g_str_hash, g_str_equal, NULL, + (GDestroyNotify) openvas_ssh_login_free); + g_hash_table_insert(Global->sshkeys, loginfo->name, loginfo); + + char* loginsfile = g_build_filename(prefs_get_nessushome(), ".openvas", ".logins", NULL); + openvas_ssh_login_file_write(Global->sshkeys, loginsfile); + efree(&loginsfile); + + ssh_keys_dialog_add_key(NULL, loginfo, notebook); + break; + } + default: + // do nothing since dialog was cancelled or closed + break; + } + gtk_widget_destroy(dialog); +} + + +/** + * Shows the SSH Key Management Dialog. + */ +void +ssh_keys_dialog_show() +{ + GtkWidget* win; + GtkWidget* separator; + GtkWidget* content_area; + GtkWidget* key_notebook; + + win = gtk_dialog_new_with_buttons(_("OpenVAS SSH Key Management"), + NULL, + GTK_DIALOG_MODAL + | GTK_DIALOG_DESTROY_WITH_PARENT, + GTK_STOCK_CLOSE, + GTK_RESPONSE_ACCEPT, + NULL); + g_signal_connect_swapped (win, + "response", + G_CALLBACK (gtk_widget_destroy), + win); + + content_area = GTK_DIALOG(win)->vbox; + + key_notebook = listnotebook_new(TRUE, TRUE); + + // For each key, add a notebookpage + g_hash_table_foreach(Global->sshkeys, (GHFunc) ssh_keys_dialog_add_key, key_notebook); + + // Add listnotebook with keys + gtk_container_add (GTK_CONTAINER (content_area), key_notebook); + gtk_widget_show(key_notebook); + + // Add a separator + separator = gtk_hseparator_new(); + gtk_container_add (GTK_CONTAINER (content_area), separator); + + /* Add action buttons */ + GtkWidget* button_new = gtk_button_new_with_label(_("Create a new keypair")); + gtk_container_add (GTK_CONTAINER (content_area), button_new); + g_signal_connect(button_new, "clicked", (GtkSignalFunc) ssh_keys_dialog_prompt_new, key_notebook); + + gtk_window_set_default_size(GTK_WINDOW(win), 640, 240); + gtk_widget_show_all(win); +} +#endif /* USE_GTK */ Added: trunk/openvas-client/src/gui/ssh_keys_dialog.h =================================================================== --- trunk/openvas-client/src/gui/ssh_keys_dialog.h 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/src/gui/ssh_keys_dialog.h 2008-12-12 12:36:17 UTC (rev 1978) @@ -0,0 +1,57 @@ +/* OpenVAS-Client + * $Id$ + * Description: Header file for the ssh keys dialog. + * + * Authors: + * Felix Wolfsteller <felix.wolfsteller at intevation.de> + * + * Copyright: + * Copyright (C) 2008 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +#ifndef SSH_KEYS_DLG_H__ +#define SSH_KEYS_DLG_H__ +#include <gtk/gtk.h> + +/** + * Widgets to display or input ssh login information. + * @see Initialization with ssh_login_form_create. + */ +typedef struct { + GtkWidget* name; + GtkWidget* box; + GtkWidget* username; + GtkWidget* userpassword; + GtkWidget* public_key_path; + GtkWidget* private_key_path; + GtkWidget* ssh_key_passphrase; + GtkWidget* comment; +} ssh_login_form; + +void ssh_keys_dialog_show(); + +#endif Added: trunk/openvas-client/src/openvas-lib/openvas_ssh_login.c =================================================================== --- trunk/openvas-client/src/openvas-lib/openvas_ssh_login.c 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/src/openvas-lib/openvas_ssh_login.c 2008-12-12 12:36:17 UTC (rev 1978) @@ -0,0 +1,452 @@ +/* OpenVAS-Client + * $Id$ + * Description: SSH Key management. + * + * Authors: + * Felix Wolfsteller <felix.wolfsteller at intevation.de> + * + * Copyright: + * Copyright (C) 2008 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +#include "openvas_ssh_login.h" +#include "nessus_i18n.h" +#include "error_dlg.h" +#include <glib/gstdio.h> + +#define KEY_SSHLOGIN_USERNAME "username" +#define KEY_SSHLOGIN_USERPASS "userpwd" +#define KEY_SSHLOGIN_PUBKEY_FILE "pubkey_file" +#define KEY_SSHLOGIN_PRIVKEY_FILE "privkey_file" +#define KEY_SSHLOGIN_COMMENT "comment" +#define KEY_SSHLOGIN_PASSPHRASE "passphrase" + +/** + * Ensures the existance of a directory by creating it if it does not exist. + * ATTENTION: can only create "one more sublevel"! + * @param directory Path of directory to check or create. + * @return TRUE if directory exists or was successfully created, FALSE otherwise. + */ +static gboolean ensure_dir(char* directory) +{ + //Should be moved together with file functions defined in context.h/c + // to an own module e.g. file_check.c + if(check_is_dir(directory) == 1) + return TRUE; + // Glib >= 2.8 defines g_mkdir_with_parents + if(g_mkdir(directory, 0700) == 0) + return TRUE; + else + return FALSE; +} + +/** + * Forks and creates a key for local checks by calling + * "openssl pkcs8 -topk8 -v2 des3 -in filepath -passin pass:passphrase -out + * filepath.p8 -passout pass:passphrase" + * The key is placed in a Context- specific directory. + * @param name Name of the key (part of filename) (will be freed). + * @param passphrase The passphrase for the key (will be freed), must be longer + * than 4 characters (+nul). + * @return TRUE if successfull, FALSE otherwise. + */ +static +gboolean openvas_ssh_privkey_create(char* pubkey_file, char* privkey_file, + char* passphrase_pub, char* passphrase_priv) +{ + gchar* stdout = NULL; + gchar* stderr = NULL; + GError* err = NULL; + gint exit_status; + char* dir; + + /* Sanity-check essential parameters */ + if(!passphrase_pub || !passphrase_priv) + { + show_error(_("Error creating private key file:\nPlease provide all information.")); + return FALSE; + } + + /* Sanity check files */ + if(check_exists(pubkey_file) != 1) + { + show_error(_("Error creating private key file:\nPublic key %s not found."), pubkey_file); + return FALSE; + } + if(check_exists(privkey_file) != 0 ) + { + show_error(_("Error creating private key file:\nFile already exists.")); + return FALSE; + } + dir = g_path_get_dirname(privkey_file); + if(ensure_dir(dir) != TRUE) + { + show_error(_("Error creating private key file:\nfolder %s not accessible."), dir); + efree(&dir); + return FALSE; + } + efree(&dir); + + /* Fire openssl */ + const char* command = g_strconcat("openssl pkcs8 -topk8 -v2 des3 -in ", pubkey_file, + " -passin pass:", passphrase_pub, " -out ", + privkey_file, " -passout pass:", + passphrase_priv, NULL); + + if(g_spawn_command_line_sync(command, &stdout, &stderr, &exit_status, &err) == FALSE + || exit_status != 0 ) + { + show_error(_("Error creating private key file.\nFor further information consult your shell.")); + printf("Error creating private key file."); + printf("\tSpawned openssl process returned with %d.\n", exit_status); + printf("\t\t stdout: %s", stdout); + printf("\t\t stderr: %s", stderr); + return FALSE; + } + + return TRUE; +} + +/** + * Forks and creates a key for local checks by calling + * "ssh-keygen -t rsa -f filepath -C comment -P passhprase -q" + * A directory will be created if it does not exist. + * @param comment Comment to use (will be freed). + * @param passphrase The passphrase for the key (will be freed), must be longer + * than 4 characters (+nul). + * @param filepath Path to file of public key. + * @return TRUE if successfull, FALSE otherwise. + */ +static +gboolean openvas_ssh_pubkey_create(char* comment, char* passphrase, + char* filepath) +{ + gchar* stdout = NULL; + gchar* stderr = NULL; + GError* err = NULL; + gint exit_status; + char* dir; + + /* Sanity-check essential parameters */ + if( !comment || strlen(comment) == 0 ) + { + show_error(_("Error creating public key file:\ncomment has to be set.")); + return FALSE; + } + if(!passphrase || strlen(passphrase) < 5) + { + show_error(_("Error creating public key file:\npassword must be longer than 4 characters.")); + return FALSE; + } + /* Sanity check files */ + dir = g_path_get_dirname(filepath); + if(ensure_dir(dir) != TRUE) + { + show_error(_("Error creating public key file:\n%s is not accessable."), filepath); + efree(&dir); + return FALSE; + } + efree(&dir); + if(check_exists(filepath) == 1) + { + show_error(_("Error creating public key file:\n%s already exists."), filepath); + return FALSE; + } + + /* Fire ssh-keygen */ + const char* command = g_strconcat("ssh-keygen -t rsa -f ", filepath, " -C ", + comment, " -P ", passphrase, NULL); + + if(g_spawn_command_line_sync(command, &stdout, &stderr, &exit_status, &err) == FALSE + || exit_status != 0 ) + { + show_error(_("Error creating public key file.\nFor further information consult your shell.")); + printf("Error creating public key file.\n"); + printf("\tSpawned key-gen process returned with %d.\n", exit_status); + printf("\t\t stdout: %s", stdout); + printf("\t\t stderr: %s", stderr); + return FALSE; + } + return TRUE; +} + + +/** + * Initializes a openvas_ssh_login. + * Key and Info files have to be created separately. + * @return A fresh openvas_ssh_login. + */ +openvas_ssh_login* openvas_ssh_login_new(char* name, char* pubkey_file, char* privkey_file, + char* passphrase, char* comment, + char* uname, char* upass) +{ + openvas_ssh_login* loginfo = emalloc(sizeof(openvas_ssh_login)); + loginfo->name = name; + loginfo->username = uname; + loginfo->userpassword = upass; + loginfo->public_key_path = pubkey_file; + loginfo->private_key_path = privkey_file; + loginfo->ssh_key_passphrase = passphrase; + loginfo->comment = comment; + + return loginfo; +} + + +/** + * Frees data associated with a openvas_ssh_login. + * @param loginfo openvas_ssh_login to free. + */ +void openvas_ssh_login_free(openvas_ssh_login* loginfo) +{ + if(loginfo == NULL) + return; + if(loginfo->name) + efree(&loginfo->name); + if(loginfo->username) + efree(&loginfo->username); + if(loginfo->userpassword) + efree(&loginfo->userpassword); + if(loginfo->public_key_path) + efree(&loginfo->public_key_path); + if(loginfo->private_key_path) + efree(&loginfo->private_key_path); + if(loginfo->ssh_key_passphrase) + efree(&loginfo->ssh_key_passphrase); + if(loginfo->comment) + efree(&loginfo->comment); + efree(&loginfo); +} + + +/** + * Creates the public and private key files. + * @param loginfo. + * @return TRUE if things went good, FALSE if things went bad. + */ +gboolean openvas_ssh_login_create(openvas_ssh_login* loginfo) +{ + /* Create pubkey */ + gboolean success = openvas_ssh_pubkey_create(loginfo->comment, + loginfo->ssh_key_passphrase, + loginfo->public_key_path); + + /* Eventually report failure */ + if(success == FALSE) + return FALSE; + + /* Create private key */ + success = openvas_ssh_privkey_create(loginfo->public_key_path, + loginfo->private_key_path, + loginfo->ssh_key_passphrase, + loginfo->ssh_key_passphrase); + return success; +} + +/** + * Creates a string to be sent to the server as value for a SSH_LOGIN + * plugin preference. + * It follows the pattern: + * username|userpass|pubkeyfilepath|privkeyfilepath|passphrase . + * @param loginfo openvas_ssh_login that will be used to assemble the string. + * @return Freshly created string or NULL if loginfo == NULL. + */ +char* +openvas_ssh_login_prefstring(openvas_ssh_login* loginfo) +{ + if(loginfo != NULL) + return g_strjoin("|", loginfo->username, loginfo->userpassword, + loginfo->public_key_path, loginfo->private_key_path, + loginfo->ssh_key_passphrase, NULL); + else return NULL; +} + + +// ---------------- File store functions ------------------ + + +/** + * Callback for a g_hashtable_for_each. Adds entries to a GKeyFile. + */ +static void add_sshlogin_to_file(char* name, openvas_ssh_login* loginfo, + GKeyFile* key_file) +{ + if(name == NULL || key_file == NULL || loginfo == NULL) + return; + + g_key_file_set_string(key_file, loginfo->name, KEY_SSHLOGIN_USERNAME, + loginfo->username); + g_key_file_set_string(key_file, loginfo->name, KEY_SSHLOGIN_USERPASS, + loginfo->userpassword); + g_key_file_set_string(key_file, loginfo->name, KEY_SSHLOGIN_PUBKEY_FILE, + loginfo->public_key_path); + g_key_file_set_string(key_file, loginfo->name, KEY_SSHLOGIN_PRIVKEY_FILE, + loginfo->private_key_path); + g_key_file_set_string(key_file, loginfo->name, KEY_SSHLOGIN_COMMENT, + loginfo->comment); + g_key_file_set_string(key_file, loginfo->name, KEY_SSHLOGIN_PASSPHRASE, + loginfo->ssh_key_passphrase); +} + + +/** + * Writes information of all ssh logins found in a hashtable into a file. + * To load the information again, openvas_ssh_login_file_read can be used. + * @param ssh_logins Hashtable with pointers to openvas_ssh_login s as values. + * @param filename Path to file to wtite to. + * @return TRUE if file was written (success), FALSE if an error occured. + */ +gboolean openvas_ssh_login_file_write(GHashTable* ssh_logins, char* filename) +{ + GKeyFile* key_file = g_key_file_new(); + gchar* keyfile_data; + gsize data_length; + GError* err = NULL; + int fd; + + g_key_file_set_comment(key_file, NULL, NULL, + "This file was generated by OpenVAS and shall not be edited manually.", + &err); + if (err != NULL) + { + show_error(_("Error adding comment to key file: %s"), err->message); + g_error_free(err); + g_key_file_free(key_file); + return FALSE; + } + + // Add all ssh logins to GKeyFile. + if(ssh_logins != NULL) + { + g_hash_table_foreach(ssh_logins, (GHFunc) add_sshlogin_to_file, key_file); + } // (else file content is comment only) + + // Write GKeyFile to filesystem. + fd = open(filename, O_RDWR|O_CREAT|O_TRUNC, 0600); + if(!fd) + { + show_error(_("Error accessing ssh info file.")); + g_key_file_free(key_file); + return FALSE; + } + + keyfile_data = g_key_file_to_data(key_file, &data_length, &err); + if(err != NULL) + { + show_error(_("Error exporting ssh info file: %s"), err->message); + g_error_free(err); + g_key_file_free(key_file); + return FALSE; + } + + write(fd, keyfile_data, data_length); + close(fd); + + g_key_file_free(key_file); + + return TRUE; +} + + +/** + * Reads a ssh_login file and returns GHashTable with + * the names as keys and pointers to openvas_ssh_logins as values. + * openvas_ssh_logins are checked before being added to the hashtable: + * if the public and private key files do not exist, the openvas_ssh_login is + * not added. + * @param filename File to read from. + * @return GHashTable, keys are names of openvas_ssh_logins, who are values. + */ +GHashTable* openvas_ssh_login_file_read(char* filename) +{ + gchar** names; + gsize length; + GKeyFile* key_file = g_key_file_new(); + GError* err = NULL; + GHashTable* loginfos = g_hash_table_new_full(g_str_hash, g_str_equal, + NULL, (GDestroyNotify) openvas_ssh_login_free); + + g_key_file_load_from_file(key_file, filename, G_KEY_FILE_NONE, &err); + + if(err != NULL) + { + // No file found? Thats ok, return empty hashtable. + if(err->code == G_KEY_FILE_ERROR_NOT_FOUND || err->code == G_FILE_ERROR_NOENT) + { + g_key_file_free(key_file); + return loginfos; + } + + g_hash_table_destroy(loginfos); + show_error(_("Error loading sshlogin store %s: %s"), filename, + err->message); + g_key_file_free(key_file); + return NULL; + } + + names = g_key_file_get_groups(key_file, &length); + + // Read ssh login information from file and add entry to hashtable. + int i = 0; + for(i = 0; i < length; i++) + { + if(names[i] == NULL || names[i] == '\0') + continue; + // Init a openvas_ssh_login + char* name = names[i]; + char* username = g_key_file_get_string(key_file, names[i], + KEY_SSHLOGIN_USERNAME, &err); + char* userpass = g_key_file_get_string(key_file, names[i], + KEY_SSHLOGIN_USERPASS, &err); + char* pubkey = g_key_file_get_string(key_file, names[i], + KEY_SSHLOGIN_PUBKEY_FILE, &err); + char* privkey = g_key_file_get_string(key_file, names[i], + KEY_SSHLOGIN_PRIVKEY_FILE, &err); + char* comment = g_key_file_get_string(key_file, names[i], + KEY_SSHLOGIN_COMMENT, &err); + char* passphrase = g_key_file_get_string(key_file, names[i], + KEY_SSHLOGIN_PASSPHRASE, &err); + + openvas_ssh_login* loginfo = openvas_ssh_login_new(name, pubkey, privkey, + passphrase, comment, username, userpass); + + // Discard if error or files do not exist + if(err != NULL || check_exists(pubkey) == 0 || check_exists(privkey) == 0) + { + openvas_ssh_login_free(loginfo); + } + else + { + // Add to hash table otherwise + g_hash_table_insert(loginfos, loginfo->name, loginfo); + } + } + + g_key_file_free(key_file); + + return loginfos; +} Added: trunk/openvas-client/src/openvas-lib/openvas_ssh_login.h =================================================================== --- trunk/openvas-client/src/openvas-lib/openvas_ssh_login.h 2008-12-12 08:46:28 UTC (rev 1977) +++ trunk/openvas-client/src/openvas-lib/openvas_ssh_login.h 2008-12-12 12:36:17 UTC (rev 1978) @@ -0,0 +1,74 @@ +/* OpenVAS-Client + * $Id$ + * Description: SSH Key management. + * + * Authors: + * Felix Wolfsteller <felix.wolfsteller at intevation.de> + * + * Copyright: + * Copyright (C) 2008 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +#ifndef _OPENVAS_SSH_KEY_H +#define _OPENVAS_SSH_KEY_H + +#include <glib.h> +#include "context.h" + +/** + * SSH Login information struct. + */ +typedef struct { + char* name; + char* username; + char* userpassword; + char* public_key_path; + char* private_key_path; + char* ssh_key_passphrase; + char* comment; +} openvas_ssh_login; + +gboolean openvas_ssh_key_create(char* name, char* comment, char* passphrase, + struct context* context); + +openvas_ssh_login* openvas_ssh_login_new(char* name, char* pubkey_file, + char* privkey_file, char* passphrase, + char* comment, char* uname, char* upass); + + + +gboolean openvas_ssh_login_create(openvas_ssh_login* loginfo); + +void openvas_ssh_login_free(openvas_ssh_login* loginfo); + +GHashTable* openvas_ssh_login_file_read(char* filename); + +gboolean openvas_ssh_login_file_write(GHashTable* ssh_logins, char* filename); + +char* openvas_ssh_login_prefstring(openvas_ssh_login* loginfo); + +#endif From scm-commit at wald.intevation.org Fri Dec 12 13:41:31 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 12 Dec 2008 13:41:31 +0100 (CET) Subject: [Openvas-commits] r1979 - trunk/openvas-client Message-ID: <20081212124131.A6319407A9@pyrosoma.intevation.org> Author: felix Date: 2008-12-12 13:41:31 +0100 (Fri, 12 Dec 2008) New Revision: 1979 Modified: trunk/openvas-client/ChangeLog Log: Changelog entry of Rev 1978 (last) added. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-12 12:36:17 UTC (rev 1978) +++ trunk/openvas-client/ChangeLog 2008-12-12 12:41:31 UTC (rev 1979) @@ -1,3 +1,54 @@ +2008-12-12 Felix Wolfsteller <felix.wolfsteller at intevation.de> + + Infrastructure for second step for CR #20 (ssh key management in client) + (http://www.openvas.net/openvas-cr-20.html). Only in GUI, not feature- + complete. + + * src/openvas-lib/openvas_ssh_login.h, + src/openvas-lib/openvas_ssh_login.c : New file, handles login + information (in mem, storing, loading), can create public and private + keys. + + * src/gui/ssh_keys_dialog.h, src/gui/ssh_keys_dialog.c : New file, + shows GUI to add and manage ssh login information. + + * Makefile, src/gui/Makefile : Added targets for new files. + + * MANIFEST : Added new files. + + * po/POTFILES : Added ssh_keys_dialog.c and comm.h. + + * nessus/comm.h : Changed credentials symbol (preferenc types have 9 + char contraint), added NO_SSH_LOGIN_SELECTED define. + + * nessus/prefs_dialog/prefs_dialog.c : Comments improved. + + * nessus/prefs_dialog/prefs_dialog.c (get_plugin_radio_pref) : + extracted method. + + * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_apply_plugin_prefs) : + use of extracted method, build up combobox for ssh_logins. + + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c : Comments improved. + + * nessus/prefs_dialog/prefs_dialog_plugins_prefs.c + (pprefs_add_sshcredentials, add_key_to_combobox_cb) : Fill combobox with + values from sshlogin hash table of Global context + + * nessus/prefs_dialog/prefs_dialog_prefs.c (ssh_management_button_cb, + prefs_dialog_prefs ) : Added and hooked up button to show key management + + * nessus/context.c (context_pickup_sshkeys) : Added includes, pick up + keys via openvas_ssh_login_file_read and only if Global context. + + * nessus/context.c (check_is_file, check_exists, check_is_dir) : + Commented. + + * nessus/context.h : Replaced list for ssh key infos by hashtable. + + * nessus/comm.c (gui_comm_send_preferences) : Added support for new + preference type (gui only). + 2008-12-10 Michael Wiegand <michael.wiegand at intevation.de> * po/de.po: Fixed errors in German translation pointed out by Hans From scm-commit at wald.intevation.org Fri Dec 12 13:44:36 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 12 Dec 2008 13:44:36 +0100 (CET) Subject: [Openvas-commits] r1980 - in trunk/openvas-client: . nessus Message-ID: <20081212124436.1F74B407A9@pyrosoma.intevation.org> Author: felix Date: 2008-12-12 13:44:35 +0100 (Fri, 12 Dec 2008) New Revision: 1980 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/Makefile Log: Missing Makefile targets added (repairs pre-last commit). * nessus/Makefile : Added targets for new files. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-12 12:41:31 UTC (rev 1979) +++ trunk/openvas-client/ChangeLog 2008-12-12 12:44:35 UTC (rev 1980) @@ -1,5 +1,11 @@ 2008-12-12 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Missing Makefile targets added (repairs pre-last commit). + + * nessus/Makefile : Added targets for new files. + +2008-12-12 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Infrastructure for second step for CR #20 (ssh key management in client) (http://www.openvas.net/openvas-cr-20.html). Only in GUI, not feature- complete. Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2008-12-12 12:41:31 UTC (rev 1979) +++ trunk/openvas-client/nessus/Makefile 2008-12-12 12:44:35 UTC (rev 1980) @@ -62,6 +62,7 @@ dirutils.o \ openvas_certificates.o \ openvas_certificate_file.o \ + openvas_ssh_login.o \ sslui.o \ nessus.o @@ -69,7 +70,8 @@ prefs_dialog_prefs.o prefs_scan_assistant.o pdf_output.o readonly.o GUI_OBJS = ../src/gui/about_dlg.o \ - ../src/gui/slad_install.o ../src/gui/treeview_support.o + ../src/gui/slad_install.o ../src/gui/ssh_keys_dialog.o \ + ../src/gui/treeview_support.o all : cflags ${make_bindir}/$(NESSUSCLIENT) @@ -154,6 +156,10 @@ ../src/openvas-lib/openvas_certificates.h \ ../src/openvas-lib/openvas_certificates.c $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/openvas-lib/openvas_certificate_file.c + +openvas_ssh_login.o : cflags ../src/openvas-lib/openvas_ssh_login.c \ + ../src/openvas-lib/openvas_ssh_login.h + $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/openvas-lib/openvas_ssh_login.c error_dlg.o : cflags ../src/gui/error_dlg.c ../src/gui/error_dlg.h globals.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/gui/error_dlg.c From scm-commit at wald.intevation.org Fri Dec 12 13:50:28 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 12 Dec 2008 13:50:28 +0100 (CET) Subject: [Openvas-commits] r1981 - in trunk/openvas-client: . libnessus nessus nessus/prefs_dialog Message-ID: <20081212125028.E2B85407A9@pyrosoma.intevation.org> Author: felix Date: 2008-12-12 13:50:27 +0100 (Fri, 12 Dec 2008) New Revision: 1981 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/libnessus/arglists.c trunk/openvas-client/nessus/monitor_dialog.c trunk/openvas-client/nessus/nessus.c trunk/openvas-client/nessus/prefs_dialog/prefs_options.c Log: "Javadoc'ed" comments, documentation, some K&R headers collapsed, minimal style changes. * nessus/prefs_dialog/prefs_options.c : Header, style, comments. * nessus/monitor_dialog.c : Doc/Comments. * nessus/nessus.c : Doc/Comments. * libnessus/arglists.c : Doc/Comments. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-12 12:44:35 UTC (rev 1980) +++ trunk/openvas-client/ChangeLog 2008-12-12 12:50:27 UTC (rev 1981) @@ -1,5 +1,18 @@ 2008-12-12 Felix Wolfsteller <felix.wolfsteller at intevation.de> + "Javadoc'ed" comments, documentation, some K&R headers collapsed, + minimal style changes. + + * nessus/prefs_dialog/prefs_options.c : Header, style, comments. + + * nessus/monitor_dialog.c : Doc/Comments. + + * nessus/nessus.c : Doc/Comments. + + * libnessus/arglists.c : Doc/Comments. + +2008-12-12 Felix Wolfsteller <felix.wolfsteller at intevation.de> + Missing Makefile targets added (repairs pre-last commit). * nessus/Makefile : Added targets for new files. Modified: trunk/openvas-client/libnessus/arglists.c =================================================================== --- trunk/openvas-client/libnessus/arglists.c 2008-12-12 12:44:35 UTC (rev 1980) +++ trunk/openvas-client/libnessus/arglists.c 2008-12-12 12:50:27 UTC (rev 1981) @@ -23,11 +23,11 @@ #include <glib.h> -/* +#define HASH_MAX 2713 +/** * We use a hash of the argument name to speed up the lookups * when calling arg_get_value() */ -#define HASH_MAX 2713 static int mkhash_arglists(const char * name) { unsigned long h = 0; @@ -40,7 +40,7 @@ return h % HASH_MAX; } -/* +/** * name_cache : * * A lot of entries in our arglists have the same name. @@ -223,9 +223,11 @@ } -/* like arg_add_value but inserts the new element near the beginning +/** + * Like arg_add_value but inserts the new element near the beginning * instead of the end. This is much faster for long lists but leads to * a different order of the elements. + * @see arg_add_value */ ExtFunc void arg_add_value_at_head(struct arglist * arglst, const char * name, int type, Modified: trunk/openvas-client/nessus/monitor_dialog.c =================================================================== --- trunk/openvas-client/nessus/monitor_dialog.c 2008-12-12 12:44:35 UTC (rev 1980) +++ trunk/openvas-client/nessus/monitor_dialog.c 2008-12-12 12:50:27 UTC (rev 1981) @@ -101,7 +101,7 @@ -/* +/** * Function called when the UI is idle, which checks * whether the server sent us anything. We use this rather * than the traditional gdk input watcher, because it @@ -169,11 +169,8 @@ "CLIENT <|> STOP_ATTACK <|> %s <|> CLIENT\n", hostname); } -/* - * monitor_dialog_setup - * - * This function draws the window which will - * show the attack status +/** + * Draws the window which will show the attack status. */ void monitor_dialog_setup(char * victim, struct context * context) @@ -323,9 +320,7 @@ } } -/* - * monitor_list_update - * +/** * Updates the progress bars */ static void @@ -506,11 +501,8 @@ -/* - * monitor_add_host - * - * this function adds a new hostname and progress bar in - * the monitor window +/** + * Adds a new hostname and progress bar in the monitor window. */ void monitor_add_host(ctrls,hostname,port) @@ -653,14 +645,11 @@ } -/* - * monitor_stop_test - * +/** * This function will stop the connection between * nessusd and the client, and will report the results - * to the screen + * to the screen. */ - static int monitor_stop_whole_test_destroy(a,b,ctrls) void * a, * b; @@ -707,9 +696,7 @@ } -/* - * monitor_input_callback - * +/** * This function is called whenever there is new * data coming from the server. */ @@ -778,10 +765,8 @@ } } -/* - * monitor_stop_test - * - * this function stops one test +/** + * This function stops one test */ void monitor_stop_test(GtkWidget * w,struct context * context) Modified: trunk/openvas-client/nessus/nessus.c =================================================================== --- trunk/openvas-client/nessus/nessus.c 2008-12-12 12:44:35 UTC (rev 1980) +++ trunk/openvas-client/nessus/nessus.c 2008-12-12 12:50:27 UTC (rev 1981) @@ -81,9 +81,14 @@ * \mainpage * This documentation was automatically extracted using doxygen. * \section Introduction - * Documentation process has not even started. Participate at http://openvas.wald.intevation.org . + * Documentation process has not even started. Participate at <a href="http://openvas.wald.intevation.org">http://openvas.wald.intevation.org</a>. */ +/** + * \file + * Starting point for both the GUI and the CLI client. + */ + struct arglist * MainDialog; char * Alt_rcfile = NULL; struct plugin_filter Filter; @@ -96,7 +101,7 @@ void init_globals(); -/* +/** * Initialize I18N support, if possible */ static void @@ -141,7 +146,7 @@ #ifdef CLN_AUTH_SRV -/* +/** * split a line "var=value" into two components * returns 0 if = was not found, 1 if line looks like "var=", 2 if OK */ @@ -165,7 +170,7 @@ return q == line ? 1 : 2; } -/* +/** * Returns -1 if error, 0 if hash not found, 1 if found */ static int Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_options.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_options.c 2008-12-12 12:44:35 UTC (rev 1980) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_options.c 2008-12-12 12:50:27 UTC (rev 1981) @@ -35,14 +35,16 @@ #include "nessus_i18n.h" -/* +/** * Build a vbox element with a notebook for the configuration - * options subgroups. + * options subgroups (Currently General, Plugins, Credentials, Target Selection, + * Access Rules, Prefs., KB). + * @param context + * @param ctrls + * @return */ struct arglist * -prefs_dialog_options(context, ctrls) - struct context * context; - struct arglist * ctrls; +prefs_dialog_options(struct context * context, struct arglist * ctrls) { struct arglist * prefs_scan; struct arglist * prefs_plugins; @@ -53,7 +55,7 @@ struct arglist * prefs_kb; #endif GtkWidget * box; - GtkWidget *listnotebook; + GtkWidget * listnotebook; GtkTooltips * tooltips; tooltips = gtk_tooltips_new(); @@ -73,7 +75,6 @@ /* * Set up the pages of the notebook */ - prefs_scan = prefs_dialog_scan_opt(context); prefs_plugins = prefs_dialog_plugins(context); prefs_plugins_prefs = prefs_dialog_plugins_prefs(); @@ -111,7 +112,7 @@ /* The Plugin preferences page */ listnotebook_add_page(listnotebook, arg_get_value(prefs_plugins_prefs, "FRAME"), _("Prefs."), "nessus-prefs"); - + /* The Knowledge Base page */ #ifdef ENABLE_SAVE_KB listnotebook_add_page(listnotebook, arg_get_value(prefs_kb, "FRAME"), _("KB"), @@ -120,7 +121,6 @@ listnotebook_select_page(listnotebook, 0); - gtk_tooltips_enable(tooltips); return ctrls; From scm-commit at wald.intevation.org Fri Dec 12 14:19:33 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 12 Dec 2008 14:19:33 +0100 (CET) Subject: [Openvas-commits] r1982 - in trunk/openvas-client: . nessus Message-ID: <20081212131933.C57E54078B@pyrosoma.intevation.org> Author: felix Date: 2008-12-12 14:19:33 +0100 (Fri, 12 Dec 2008) New Revision: 1982 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/comm.c Log: * nessus/comm.c (cli_comm_send_preferences, gui_comm_send_preferences) : K&R header collapsed, documented. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2008-12-12 12:50:27 UTC (rev 1981) +++ trunk/openvas-client/ChangeLog 2008-12-12 13:19:33 UTC (rev 1982) @@ -1,5 +1,10 @@ 2008-12-12 Felix Wolfsteller <felix.wolfsteller at intevation.de> + * nessus/comm.c (cli_comm_send_preferences, gui_comm_send_preferences) : + K&R header collapsed, documented. + +2008-12-12 Felix Wolfsteller <felix.wolfsteller at intevation.de> + "Javadoc'ed" comments, documentation, some K&R headers collapsed, minimal style changes. Modified: trunk/openvas-client/nessus/comm.c =================================================================== --- trunk/openvas-client/nessus/comm.c 2008-12-12 12:50:27 UTC (rev 1981) +++ trunk/openvas-client/nessus/comm.c 2008-12-12 13:19:33 UTC (rev 1982) @@ -650,10 +650,13 @@ return 0; } - +/** + * Sends server and plugin preferences from the cli. + * @param context Context with plugin and server preferences hooked into. + * @return Always 0. + */ static int -cli_comm_send_preferences(context) - struct context *context; +cli_comm_send_preferences(struct context* context) { struct arglist *preferences = context->prefs; GSList *files_to_send = NULL; @@ -683,10 +686,13 @@ } - +/** + * Sends server and plugin preferences from the gui. + * @param context Context with plugin and server preferences hooked into. + * @return Always 0. + */ static int -gui_comm_send_preferences(context) - struct context *context; +gui_comm_send_preferences( struct context* context) { struct arglist *preferences = context->prefs; GSList* files_to_send = NULL; From scm-commit at wald.intevation.org Fri Dec 12 16:11:27 2008 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 12 Dec 2008 16:11:27 +0100 (CET) Subject: [Openvas-commits] r1983 - in trunk/openvas-plugins: . scripts Message-ID: <20081212151127.E66BE407A5@pyrosoma.intevation.org> Author: chandra Date: 2008-12-12 16:11:26 +0100 (Fri, 12 Dec 2008) New Revision: 1983 Added: trunk/openvas-plugins/scripts/gb_chm2pdf_insec_tmp_file_crtn_vuln.nasl trunk/openvas-plugins/scripts/gb_clamav_jpeg_file_remote_dos_vuln.nasl trunk/openvas-plugins/scripts/secpod_ms08-077.nasl trunk/openvas-plugins/scripts/secpod_ms_ie_mem_crptn_vuln.nasl trunk/openvas-plugins/scripts/secpod_ms_wordpad_mult_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2008-12-12 13:19:33 UTC (rev 1982) +++ trunk/openvas-plugins/ChangeLog 2008-12-12 15:11:26 UTC (rev 1983) @@ -1,3 +1,11 @@ +2008-12-12 Chandrashekhar B <bchandra at secpod.com> + * scripts/gb_clamav_jpeg_file_remote_dos_vuln.nasl, + scripts/secpod_ms_ie_mem_crptn_vuln.nasl, + scripts/secpod_ms_wordpad_mult_vuln.nasl, + scripts/gb_chm2pdf_insec_tmp_file_crtn_vuln.nasl, + scripts/secpod_ms08-077.nasl: + Added new plugins + 2008-12-10 Chandrashekhar B <bchandra at sepod.com> * scripts/secpod_tvp_taghandling_bof_vuln_900409.nasl, scripts/secpod_virtualbox_acquiredaemonlock_vuln_lin_900408.nasl, Added: trunk/openvas-plugins/scripts/gb_chm2pdf_insec_tmp_file_crtn_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_chm2pdf_insec_tmp_file_crtn_vuln.nasl 2008-12-12 13:19:33 UTC (rev 1982) +++ trunk/openvas-plugins/scripts/gb_chm2pdf_insec_tmp_file_crtn_vuln.nasl 2008-12-12 15:11:26 UTC (rev 1983) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_chm2pdf_insec_tmp_file_crtn_vuln.nasl 569 2008-12-09 10:16:16Z dec $ +# +# chm2pdf Insecure Temporary File Creation or DoS Vulnerability +# +# Authors: +# Sharath S <sharaths at secpod.com> +# +# Copyright: +# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800316); + script_version("$Revision: 1.0$"); + script_cve_id("CVE-2008-5298", "CVE-2008-5299"); + script_bugtraq_id(31735); + script_name(english:"chm2pdf Insecure Temporary File Creation or DoS Vulnerability"); + desc["english"] = " + + Overview: This host is installed with chm2pdf and is prone to Insecure + Temporary File Creation or Denial of Service Vulnerability. + + Vulnerability Insight: + The vulnerability is caused due to following, + - error in .chm file in /tmp/chm2pdf/orig and /tmp/chm2pdf/work temporary + directories. + - uses temporary files in directories with fixed names. + + Impact: + Successful exploitation will allow local users to delete arbitrary files + via symlink attack or corrupt sensitive files, which may also result in a + denial of service. + + Impact Level: Application + + Affected Software/OS: + chm2pdf version prior to 0.9.1 on Debian + + Fix: Upgrade to higher version or Apply patches from, + http://bugs.debian.org/cgi-bin/bugreport.cgi?msg=20;filename=chm2pdf_nmu.diff;att=1;bug=501959 + + ****** + NOTE: Please ignore this warning if already patch is applied. + ****** + + References: + http://secunia.com/advisories/32257/ + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=501959 + http://www.openwall.com/lists/oss-security/2008/12/01/5 + + CVSS Score: + CVSS Base Score : 6.9 (AV:L/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 5.1 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of chm2pdf"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C)