[Openvas-commits] r1480 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed Oct 1 17:01:17 CEST 2008
Author: chandra
Date: 2008-10-01 17:01:16 +0200 (Wed, 01 Oct 2008)
New Revision: 1480
Added:
trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-10-01 14:12:13 UTC (rev 1479)
+++ trunk/openvas-plugins/ChangeLog 2008-10-01 15:01:16 UTC (rev 1480)
@@ -1,4 +1,10 @@
2008-10-01 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gb_adobe_prdts_code_exec_vuln_win.nasl,
+ scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl,
+ scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl:
+ Added new plugins
+
+2008-10-01 Chandrashekhar B <bchandra at secpod.com>
* scripts/ssh_get_info.nasl:
Changed the name as it conflicts with gather-package-list.nasl
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl 2008-10-01 14:12:13 UTC (rev 1479)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl 2008-10-01 15:01:16 UTC (rev 1480)
@@ -0,0 +1,114 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_code_exec_vuln_win.nasl 298 2008-10-01 13:17:18Z oct $
+#
+# Adobe Reader/Acrobat JavaScript Method Handling Vulnerability
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800106);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-2641");
+ script_bugtraq_id(29908);
+ script_xref(name:"CB-A", value:"08-0105");
+ script_name(english:"Adobe Reader/Acrobat JavaScript Method Handling Vulnerability");
+ desc["english"] = "
+
+ Overview : This host has Adobe Reader/Acrobat installed, which is/are prone
+ to Remote Code Execution Vulnerabilities.
+
+ Vulnerability Insight:
+ The flaw is caused due to an input validation error in a JavaScript method,
+ which could allow attackers to execute arbitrary code by tricking a user
+ into opening a specially crafted PDF document.
+
+ Impact:
+ Successful exploitation allows remote attackers to execute arbitrary code
+ or an attacker could take complete control of an affected system or cause
+ a denial of service condition.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Adobe Reader version 7.0.9 and prior - Windows(All)
+ Adobe Reader versions 8.0 through 8.1.2 - Windows(All)
+ Adobe Acrobat Professional version 7.0.9 and prior - Windows(All)
+ Adobe Acrobat Professional versions 8.0 through 8.1.2 - Windows(All)
+
+ Fix:
+ Apply Security Update mentioned in the advisory from the below link,
+ http://www.adobe.com/support/security/bulletins/apsb08-15.html
+
+ References:
+ http://secunia.com/advisories/30832
+ http://www.frsirt.com/english/advisories/2008/1906/products
+ http://www.adobe.com/support/security/bulletins/apsb08-15.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Adobe Reader/Acrobat");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Denial of Service");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\Adobe")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+keys = registry_enum_keys(key:key);
+
+foreach item (keys)
+{
+ adobeName = registry_get_sz(item:"DisplayName", key:key +item);
+
+ if("Adobe Reader" >< adobeName || "Adobe Acrobat" >< adobeName)
+ {
+ adobeVer = registry_get_sz(item:"DisplayVersion", key:key + item);
+ if(!adobeVer){
+ exit(0);
+ }
+
+ if(adobeVer =~ "^(7\.0(\.[0-9])?|(8\.0(\..*)?|8\.1(\.[0-2])?))$")
+ {
+ security_hole(0);
+ exit(0);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_code_exec_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl 2008-10-01 14:12:13 UTC (rev 1479)
+++ trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl 2008-10-01 15:01:16 UTC (rev 1480)
@@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_openoffice_rtl_allocateMemory_bof_vuln_lin.nasl 0295 2008-10-01 11:35:10:16Z oct $
+#
+# OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability (Linux)
+#
+# Authors: Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800010);
+ script_version("$Revision: 1.1 $");
+ script_cve_id("CVE-2008-2152");
+ script_bugtraq_id(29622);
+ script_xref(name:"CB-A", value:"08-0095");
+ script_name(english:"OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability (Linux)");
+ desc["english"] = "
+
+ Overview : The host has OpenOffice installed which is prone to heap based
+ buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ The flaw is in alloc_global.c file in which rtl_allocateMemory function
+ rounding up allocation requests to be aligned on a 8 byte boundary without
+ checking the rounding results in an integer overflow condition.
+
+ Impact:
+ Exploitation will result in buffer overflows via a specially crafted document
+ and allow remote unprivileged user who provides a OpenOffice.org document that
+ is opened by a local user to execute arbitrary commands on the system with the
+ privileges of the user running OpenOffice.org.
+
+ Impact Level : System
+
+ Affected Software/OS:
+ OpenOffice.org 2.x on Linux (Any).
+
+ Fix : Upgrade to OpenOffice 2.4.1
+ http://download.openoffice.org/index.html
+
+ References:
+ http://secunia.com/advisories/30599
+ http://www.openoffice.org/security/cves/CVE-2008-2152.html
+ http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of OpenOffice");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/uname");
+ exit(0);
+}
+
+
+if("Linux" >!< get_kb_item("ssh/login/uname")){
+ exit(0);
+}
+
+release = get_kb_item("ssh/login/release");
+foreach item (get_kb_list("ssh/*/rpms"))
+{
+ # Exit if advisory based local check is available as they perform complete
+ # rpm package comparision.
+ # FixMe: Advisory local check is yet to be released for Fedora
+ if((release =~ "FC(7|8|9)") && (item =~ "(O|o)pen(O|o)ffice.*")){
+ report = string("Fedora advisory based local check is available to " +
+ "verify if the package is\nup-to-date as per the vendor " +
+ "advisory.\nPlease run the Fedora Local Checks to confirm.");
+ security_note(data:report);
+ exit(0);
+ }
+
+ if(egrep(pattern:"^(O|o)pen(O|o)ffice.*?~([01]\..*|2\.([0-3][^0-9]" +
+ "|4(\.0)?[^.0-9]))", string:item))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl 2008-10-01 14:12:13 UTC (rev 1479)
+++ trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl 2008-10-01 15:01:16 UTC (rev 1480)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_openoffice_rtl_allocateMemory_bof_vuln_win.nasl 0295 2008-10-01 10:23:16Z oct $
+#
+# OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability
+#
+# Authors: Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800009);
+ script_version("$Revision: 1.1 $");
+ script_cve_id("CVE-2008-2152");
+ script_bugtraq_id(29622);
+ script_xref(name:"CB-A", value:"08-0095");
+ script_name(english:"OpenOffice rtl_allocateMemory Heap Based BOF Vulnerability");
+ desc["english"] = "
+
+ Overview: The host has OpenOffice installed which is prone to heap based
+ buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ The flaw is in alloc_global.c file in which rtl_allocateMemory function
+ rounding up allocation requests to be aligned on a 8 byte boundary without
+ checking the rounding results, in an integer overflow condition.
+
+ Impact:
+ Exploitation will result in buffer overflows via a specially crafted document
+ and allow remote unprivileged user who provides a OpenOffice.org document that
+ is opened by a local user to execute arbitrary commands on the system with the
+ privileges of the user running OpenOffice.org.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ OpenOffice.org 2.x on Windows (Any).
+
+ Fix : Upgrade to OpenOffice 2.4.1
+ http://download.openoffice.org/index.html
+
+ References:
+ http://secunia.com/advisories/30599
+ http://www.openoffice.org/security/cves/CVE-2008-2152.html
+ http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=714
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of OpenOffice");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+keys = registry_enum_keys(key);
+foreach item (keys)
+{
+ if("OpenOffice.org" >< registry_get_sz(key:key + item, item:"DisplayName"))
+ {
+ if((egrep(pattern:"^([01]\..*|2\.([0-3](\..*)?|4(\.([0-8]?[0-9]?" +
+ "[0-9]?[0-9]|9[0-2][0-9][0-9]|930[0-9]))?))$",
+ string:registry_get_sz(key:key + item, item:"DisplayVersion")))){
+ security_hole(0);
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_openoffice_rtl_allocatememory_bof_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list