[Openvas-commits] r1666 - trunk/openvas-plugins/scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Nov 5 13:21:04 CET 2008
Author: chandra
Date: 2008-11-05 13:21:04 +0100 (Wed, 05 Nov 2008)
New Revision: 1666
Added:
trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_lin.nasl
trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_win.nasl
trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_win.nasl
Log:
Added new plugins
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_lin.nasl 2008-11-05 10:06:12 UTC (rev 1665)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_lin.nasl 2008-11-05 12:21:04 UTC (rev 1666)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_vuln_nov08_lin.nasl 428 2008-11-05 11:22:46Z oct $
+#
+# Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800051);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-2992", "CVE-2008-2549", "CVE-2008-4812",
+ "CVE-2008-4813", "CVE-2008-4817", "CVE-2008-4816",
+ "CVE-2008-4814", "CVE-2008-4815");
+ script_bugtraq_id(30035, 32100);
+ script_name(english:"Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Linux)");
+ desc["english"] = "
+
+ Overview: This host has Adobe Reader/Acrobat installed, which is/are prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are due to,
+ - a boundary error when parsing format strings containing a floating point
+ specifier in the util.printf() Javascript function.
+ - improper parsing of type 1 fonts.
+ - bounds checking not being performed after allocating an area of memory.
+
+ Impact:
+ Successful exploitation allows remote attackers to execute arbitrary code
+ to cause a stack based overflow via a specially crafted PDF, and could
+ also take complete control of the affected system and cause the application
+ to crash.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Adobe Reader/Acrobat versions 8.1.2 and prior - Linux(All)
+
+ Fix:
+ Upgrade to 8.1.3 or higher versions,
+ http://www.adobe.com/products/
+
+ References:
+ http://www.adobe.com/support/security/bulletins/apsb08-19.html
+ http://www.coresecurity.com/content/adobe-reader-buffer-overflow
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Adobe Reader/Acrobat");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("gb_adobe_prdts_detect_lin.nasl");
+ exit(0);
+}
+
+
+adobeVer = get_kb_item("Adobe/Reader/Linux/Version");
+if(!adobeVer){
+ exit(0);
+}
+
+if(adobeVer =~ "^(7.*|8\.0(\..*)?|8\.1(\.[0-2](_.*)?)?)$"){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_win.nasl 2008-11-05 10:06:12 UTC (rev 1665)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_win.nasl 2008-11-05 12:21:04 UTC (rev 1666)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_vuln_nov08_win.nasl 428 2008-11-05 11:03:58Z nov $
+#
+# Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800050);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-2992", "CVE-2008-2549", "CVE-2008-4812",
+ "CVE-2008-4813", "CVE-2008-4817", "CVE-2008-4816",
+ "CVE-2008-4814", "CVE-2008-4815");
+ script_bugtraq_id(30035, 32100);
+ script_name(english:"Adobe Reader/Acrobat Multiple Vulnerabilities - Nov08 (Win)");
+ desc["english"] = "
+
+ Overview: This host has Adobe Reader/Acrobat installed, which is/are prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are due to,
+ - a boundary error when parsing format strings containing a floating point
+ specifier in the util.printf() Javascript function.
+ - improper parsing of type 1 fonts.
+ - bounds checking not being performed after allocating an area of memory.
+
+ Impact:
+ Successful exploitation allows remote attackers to execute arbitrary code
+ to cause a stack based overflow via a specially crafted PDF, and could
+ also take complete control of the affected system and cause the application
+ to crash.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Adobe Reader versions 8.1.2 and prior - Windows(All)
+ Adobe Acrobat Professional versions 8.1.2 and prior - Windows(All)
+
+ Upgrade to 8.1.3 or higher versions,
+ http://www.adobe.com/products/
+
+ References:
+ http://www.adobe.com/support/security/bulletins/apsb08-19.html
+ http://www.coresecurity.com/content/adobe-reader-buffer-overflow
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Adobe Reader/Acrobat");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\Adobe")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+keys = registry_enum_keys(key:key);
+
+foreach item (keys)
+{
+ adobeName = registry_get_sz(item:"DisplayName", key:key +item);
+
+ if("Adobe Reader" >< adobeName || "Adobe Acrobat" >< adobeName)
+ {
+ adobeVer = registry_get_sz(item:"DisplayVersion", key:key + item);
+ if(!adobeVer){
+ exit(0);
+ }
+
+ if(adobeVer =~ "^(7.*|8\.0(\..*)?|8\.1(\.[0-2])?)$"){
+ security_hole(0);
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_nov08_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_lin.nasl 2008-11-05 10:06:12 UTC (rev 1665)
+++ trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_lin.nasl 2008-11-05 12:21:04 UTC (rev 1666)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_sun_java_ws_code_exec_vuln_lin.nasl 425 2008-11-04 17:50:20Z nov $
+#
+# Sun Java Web Start Remote Command Execution Vulnerability (Linux)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800127);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-4910");
+ script_bugtraq_id(31916);
+ script_name(english:"Sun Java Web Start Remote Command Execution Vulnerability (Linux)");
+ desc["english"] = "
+ Overview: This host is running Sun Java Web Start and is prone to Remote
+ Command Execution Vulnerability.
+
+ Vulnerability Insight:
+ The flaw exist due to weakness in the BasicService showDocument method
+ which does not validate the inputs appropriately. This can be exploited
+ using a specially crafted Java Web Start application via file:\\ URL
+ argument to the showDocument method.
+
+ Impact: Successful exploitation allows remote code execution on the
+ client machines.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Sun J2SE 6.0 Update 10 and earlier.
+
+ Fix: No solution/patch is available as on 5th November, 2008. Information
+ regarding this issue will updated once the solution details are available.
+ For updates refer, http://java.sun.com/javase/downloads/index.jsp
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/46119
+ http://archives.neohapsis.com/archives/bugtraq/2008-10/0192.html
+
+ CVSS Score:
+ CVSS Base Score : 5.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:N)
+ CVSS Temporal Score : 5.2
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of Sun Java Web Start");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+jwsVer = get_bin_version(full_prog_name:"javaws", version_argv:"-version",
+ ver_pattern:"Java.* Web Start ([0-9._]+)", sock:sock);
+jwsVer = ereg_replace(pattern:"_", string:jwsVer[1], replace: ".");
+
+if(jwsVer)
+{
+ if(version_is_less_equal(version:jwsVer, test_version:"1.6.0.10")){
+ security_hole(0);
+ }
+}
+ssh_close_connection();
Added: trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_win.nasl 2008-11-05 10:06:12 UTC (rev 1665)
+++ trunk/openvas-plugins/scripts/gb_sun_java_ws_code_exec_vuln_win.nasl 2008-11-05 12:21:04 UTC (rev 1666)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_sun_java_ws_code_exec_vuln_win.nasl 425 2008-11-04 17:50:20Z nov $
+#
+# Sun Java Web Start Remote Command Execution Vulnerability (Win)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800126);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-4910");
+ script_bugtraq_id(31916);
+ script_name(english:"Sun Java Web Start Remote Command Execution Vulnerability (Win)");
+ desc["english"] = "
+ Overview: This host is running Sun Java Web Start and is prone to Remote
+ Command Execution Vulnerability.
+
+ Vulnerability Insight:
+ The flaw exist due to weakness in the BasicService showDocument method
+ which does not validate the inputs appropriately. This can be exploited
+ using a specially crafted Java Web Start application via file:\\ URL
+ argument to the showDocument method.
+
+ Impact: Successful exploitation allows remote code execution on the
+ client machines.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Sun J2SE 6.0 Update 10 and earlier.
+
+ Fix:
+ No solution or patch is available as on 5th November, 2008. Information
+ regarding this issue will updated once the solution details are available.
+ For updates refer, http://java.sun.com/javase/downloads/index.jsp
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/46119
+ http://archives.neohapsis.com/archives/bugtraq/2008-10/0192.html
+
+ CVSS Score:
+ CVSS Base Score : 5.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:N)
+ CVSS Temporal Score : 5.2
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of Sun Java Web Start");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+jwsVer = registry_get_sz(item:"CurrentVersion",
+ key:"SOFTWARE\JavaSoft\Java Web Start");
+jwsVer = ereg_replace(pattern:"_", string:jwsVer, replace: ".");
+
+if(jwsVer)
+{
+ if(version_is_less_equal(version:jwsVer, test_version:"1.6.0.10")){
+ security_hole(0);
+ }
+}
More information about the Openvas-commits
mailing list