[Openvas-commits] r1558 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Oct 16 18:25:34 CEST 2008
Author: chandra
Date: 2008-10-16 18:25:33 +0200 (Thu, 16 Oct 2008)
New Revision: 1558
Added:
trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl
trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_apache_tomcat_sec_bypass_vuln.nasl
trunk/openvas-plugins/scripts/gb_sun_java_web_porxy_svr_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_sun_java_web_porxy_svr_vuln_win.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/version_func.inc
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-10-16 13:10:58 UTC (rev 1557)
+++ trunk/openvas-plugins/ChangeLog 2008-10-16 16:25:33 UTC (rev 1558)
@@ -1,4 +1,36 @@
+2008-10-16 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gb_adobe_flash_player_detect_win.nasl,
+ scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl,
+ scripts/gb_sun_java_web_porxy_svr_vuln_lin.nasl,
+ scripts/gb_apache_tomcat_sec_bypass_vuln.nasl,
+ scripts/gb_adobe_flash_player_sec_bypass_vuln_win.nasl,
+ scripts/gb_sun_java_web_porxy_svr_vuln_win.nasl:
+ Added new plugins
+
+ * scripts/version_func.inc:
+ Added a function to check for range of versions
+
2008-10-15 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/secpod_ms08-056_900047.nasl,
+ scripts/secpod_ms08-060_900050.nasl,
+ scripts/secpod_ms08-062_900052.nasl,
+ scripts/secpod_ms08-064_900225.nasl,
+ scripts/secpod_ms08-065_900224.nasl,
+ scripts/secpod_ms08-066_900223.nasl,
+ scripts/secpod_ms08-059_900049.nasl,
+ scripts/secpod_ms08-057_900048.nasl,
+ scripts/secpod_ms08-061_900051.nasl,
+ scripts/secpod_ms08-058_900054.nasl,
+ scripts/secpod_ms08-063_900053.nasl:
+ Added new plugins for MS bulletins - Oct 08
+
+ * scripts/secpod_smb_func.inc:
+ Updated with new file version function
+
+ * scripts/secpod_office_products_version_900032.nasl:
+ Set version info in the KB item for all Office products
+
+2008-10-15 Chandrashekhar B <bchandra at secpod.com>
* scripts/secpod_rhinosoft_serv-u_dir_trav_and_dos_vuln_900149.nasl:
Description cannot have double quote string, changed to signle quote
Added: trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl 2008-10-16 13:10:58 UTC (rev 1557)
+++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl 2008-10-16 16:25:33 UTC (rev 1558)
@@ -0,0 +1,66 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_flash_player_detect_win.nasl 320 2008-10-16 17:19:29Z oct $
+#
+# Adobe Flash Player Version Detection (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800029);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"Adobe Flash Player Version Detection (Win)");
+ desc["english"] = "
+ Overview: This script detects the version from registry/file and sets the
+ Adobe Flash Player version in the KB.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of Adobe Flash Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"General");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+flashVer = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+ "\Uninstall\Adobe Flash Player Plugin",
+ item:"DisplayVersion");
+if(!flashVer){
+ flashVer = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+ "\Uninstall\Adobe Flash Player Activex",
+ item:"DisplayVersion");
+}
+
+if(flashVer){
+ set_kb_item(name:"AdobeFlashPlayer/Win/Ver", value:flashVer);
+}
Added: trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl 2008-10-16 13:10:58 UTC (rev 1557)
+++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_lin.nasl 2008-10-16 16:25:33 UTC (rev 1558)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_flash_player_sec_bypass_vuln_lin.nasl 320 2008-10-16 17:35:20Z oct $
+#
+# Adobe Flash Player Multiple Security Bypass Vulnerabilities (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800028);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2007-6243", "CVE-2008-3873", "CVE-2007-4324",
+ "CVE-2008-4401", "CVE-2008-4503");
+ script_bugtraq_id(31117);
+ script_name(english:"Adobe Flash Player Multiple Security Bypass Vulnerabilities (Linux)");
+ desc["english"] = "
+ Overview: This host has Adobe Flash Player installed and is prone to
+ multiple security bypass vulnerabilities.
+
+ Vulnerability Insight: The flaws are due to,
+ - a design error in the application allows access to the system's
+ camera and microphone by tricking the user into clicking Flash Player
+ access control dialogs disguised as normal graphical elements.
+ - FileReference.browse() and FileReference.download() methods can be
+ called without user interaction and can potentially be used
+ to trick a user into downloading or uploading files.
+
+ Impact: Successful attack could allow malicious people to bypass certain
+ security restrictions or manipulate certain data.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Adobe Flash Player 9.x - 9.0.124.0 on Linux
+
+ Fix: Upgrade to Adobe Flash Player 10.0.12.36
+ http://www.adobe.com/downloads/
+
+ References:
+ http://secunia.com/advisories/32163/
+ http://www.adobe.com/support/security/bulletins/apsb08-18.html
+ http://www.adobe.com/support/security/advisories/apsa08-08.html
+ http://blogs.adobe.com/psirt/2008/10/clickjacking_security_advisory.html
+
+ CVSS Score:
+ CVSS Base Score : 5.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:N)
+ CVSS Temporal Score : 4.3
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Adobe Flash Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+flashName = find_file(file_name:"plugins/libflashplayer.so", file_path:"/",
+ useregex:TRUE, regexpar:"$", sock:sock);
+foreach binary_flashName (flashName)
+{
+ # Grep for versions 9.0.124.0 and prior
+ flashVer = ssh_cmd(socket:sock, timeout:60,
+ cmd:"grep -irE 'LNX ([0-8]\,.*|9,0,([01]?[0-9]?[0-9]|" +
+ "1[01][0-9]|12[0-4]),0)' " +
+ chomp(binary_flashName));
+
+ if(flashVer =~ "Binary file .* matches")
+ {
+ security_warning(0);
+ ssh_close_connection();
+ exit(0);
+ }
+}
+ssh_close_connection();
Added: trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_win.nasl 2008-10-16 13:10:58 UTC (rev 1557)
+++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_sec_bypass_vuln_win.nasl 2008-10-16 16:25:33 UTC (rev 1558)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_flash_player_sec_bypass_vuln_win.nasl 320 2008-10-16 15:06:02Z oct $
+#
+# Adobe Flash Player Multiple Security Bypass Vulnerabilities (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800027);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2007-6243", "CVE-2008-3873", "CVE-2007-4324",
+ "CVE-2008-4401", "CVE-2008-4503");
+ script_bugtraq_id(31117);
+ script_name(english:"Adobe Flash Player Multiple Security Bypass Vulnerabilities (Win)");
+ desc["english"] = "
+ Overview: This host has Adobe Flash Player installed and is prone to
+ multiple security bypass vulnerabilities.
+
+ Vulnerability Insight: The flaws are due to,
+ - a design error in the application allows access to the system's
+ camera and microphone by tricking the user into clicking Flash Player
+ access control dialogs disguised as normal graphical elements.
+ - FileReference.browse() and FileReference.download() methods can be
+ called without user interaction and can potentially be used
+ to trick a user into downloading or uploading files.
+
+ Impact: Successful attack could allow malicious people to bypass certain
+ security restrictions or manipulate certain data.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Adobe Flash Player 9.x - 9.0.124.0 on Windows.
+
+ Fix: Upgrade to Adobe Flash Player 10.0.12.36,
+ http://www.adobe.com/downloads/
+
+ References:
+ http://secunia.com/advisories/32163/
+ http://www.adobe.com/support/security/bulletins/apsb08-18.html
+ http://www.adobe.com/support/security/advisories/apsa08-08.html
+ http://blogs.adobe.com/psirt/2008/10/clickjacking_security_advisory.html
+
+ CVSS Score:
+ CVSS Base Score : 5.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:N)
+ CVSS Temporal Score : 4.3
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Adobe Flash Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Grep for versions 9.0.124.0 and prior
+if(version_in_range(version:get_kb_item("AdobeFlashPlayer/Win/Ver"),
+ test_version:"9.0", test_version2:"9.0.124.0")){
+ security_warning(0);
+}
Added: trunk/openvas-plugins/scripts/gb_apache_tomcat_sec_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apache_tomcat_sec_bypass_vuln.nasl 2008-10-16 13:10:58 UTC (rev 1557)
+++ trunk/openvas-plugins/scripts/gb_apache_tomcat_sec_bypass_vuln.nasl 2008-10-16 16:25:33 UTC (rev 1558)
@@ -0,0 +1,101 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_apache_tomcat_sec_bypass_vuln.nasl 319 2008-10-14 16:40:40Z oct $
+#
+# Apache Tomcat RemoteFilterValve Security Bypass Vulnerability
+#
+# Authors: Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800024);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-3271");
+ script_bugtraq_id(31698);
+ script_name(english:"Apache Tomcat RemoteFilterValve Security Bypass Vulnerability");
+ desc["english"] = "
+
+ Overview: Apache Tomcat Server is running on this host and that is prone to
+ security bypass vulnerability.
+
+ Vulnerability Insight:
+ Flaw in the application is due to the synchronisation problem when checking
+ IP addresses. This could allow user from a non permitted IP address to gain
+ access to a context that is protected with a valve that extends
+ RemoteFilterValve including the standard RemoteAddrValve and RemoteHostValve
+ implementations.
+
+ Impact: Successful attempt could lead to remote code execution and attacker
+ can gain access to context of the filtered value.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Apache Tomcat version 4.1.x - 4.1.31, and 5.5.0
+
+ Fix: Upgrade to Apache Tomcat version 4.1.32, or 5.5.1, or later,
+ http://archive.apache.org/dist/tomcat/
+
+ References:
+ http://tomcat.apache.org/security-4.html
+ http://tomcat.apache.org/security-5.html
+ https://issues.apache.org/bugzilla/show_bug.cgi?id=25835
+
+ CVSS Score:
+ CVSS Base Score : 5.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:N)
+ CVSS Temporal Score : 4.3
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Apache Tomcat");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"CGI abuses");
+ script_require_ports("Services/www", 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("version_func.inc");
+
+port = get_http_port(default:8080);
+if(!port){
+ port = 8080;
+}
+sndReq = http_get(item:string("/index.jsp"), port:port);
+rcvRes = http_keepalive_send_recv(port:port, data:sndReq, bodyonly:1);
+if(rcvRes == NULL){
+ exit(0);
+}
+
+if(egrep(pattern:"<title>Apache Tomcat", string:rcvRes))
+{
+ rcvRes = eregmatch(pattern:"Apache Tomcat\/([0-9.]+)", string:rcvRes);
+ if(rcvRes == NULL){
+ exit(0);
+ }
+ # Apache Tomcat 4.1.0 - 4.1.31, and 5.5.0
+ if(version_in_range(version:rcvRes[1], test_version:"4.1", test_version2:"4.1.31") ||
+ version_is_equal(version:rcvRes[1], test_version:"5.5.0")){
+ security_warning(port);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_apache_tomcat_sec_bypass_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_sun_java_web_porxy_svr_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sun_java_web_porxy_svr_vuln_lin.nasl 2008-10-16 13:10:58 UTC (rev 1557)
+++ trunk/openvas-plugins/scripts/gb_sun_java_web_porxy_svr_vuln_lin.nasl 2008-10-16 16:25:33 UTC (rev 1558)
@@ -0,0 +1,126 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_sun_java_web_porxy_svr_vuln_lin.nasl 337 2008-10-16 13:17:21Z oct $
+#
+# Sun Java System Web Proxy Server Two Vulnerabilities (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800026);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-4541");
+ script_bugtraq_id(31691);
+ script_name(english:"Sun Java System Web Proxy Server Two Vulnerabilities (Linux)");
+ desc["english"] = "
+ Overview: This host has Sun Java Web Proxy Server running, which is prone
+ to heap buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ The flaw exist due to a boundary error in the FTP subsystem and in processing
+ HTTP headers. This issue resides within the code responsible for handling HTTP
+ GET requests.
+
+ Impact:
+ Successful exploitation could allow execution of arbitrary code in the context
+ of the server, and failed attacks may cause denial-of-service condition.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Sun Java System Web Proxy Server versions prior to 4.0.8 on all running platform.
+
+ Fix: Update to version 4.0.8 or apply patches.
+ http://www.sun.com/software/products/web_proxy/get_it.jsp
+
+ NOTE: Ignore this message if patch is applied already.
+
+ References:
+ http://secunia.com/advisories/32227
+ http://xforce.iss.net/xforce/xfdb/45782
+ http://www.frsirt.com/english/advisories/2008/2781
+ http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1
+ http://sunsolve.sun.com/search/document.do?assetkey=1-66-242986-1
+
+ CVSS Score:
+ CVSS Base Score : 8.5 (AV:N/AC:M/Au:SI/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.3
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Sun Java Webproxy Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_require_ports("Services/www", 8081);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+sunPort = get_http_port(default:8081);
+if(!port){
+ sunPort = 8081;
+}
+
+if(!get_port_state(sunPort)){
+ exit(0);
+}
+
+banner = get_http_banner(port:sunPort);
+if(!banner){
+ exit(0);
+}
+
+if(banner =~ "Server: Sun-Java-System-Web-Proxy-Server/[0-3]\.0")
+{
+ security_hole(sunPort);
+ exit(0);
+}
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+if(banner =~ "Server: Sun-Java-System-Web-Proxy-Server/4\.0")
+{
+ sunName = find_file(file_name:"proxy-admserv/start", file_path:"/",
+ useregex:TRUE, regexpar:"$", sock:sock);
+ foreach binary_sunName (sunName)
+ {
+ binary_name = chomp(binary_sunName);
+ sunVer = get_bin_version(full_prog_name:binary_name, version_argv:"-version", sock:sock,
+ ver_pattern:"Web Proxy Server ([0-9.]+)");
+ if(sunVer)
+ { # Grep for versions prior to 4.0.8
+ if(version_in_range(version:sunVer[1], test_version:"4.0", test_version2:"4.0.7")){
+ security_hole(sunPort);
+ }
+ ssh_close_connection();
+ exit(0);
+ }
+ }
+}
+ssh_close_connection();
Added: trunk/openvas-plugins/scripts/gb_sun_java_web_porxy_svr_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_sun_java_web_porxy_svr_vuln_win.nasl 2008-10-16 13:10:58 UTC (rev 1557)
+++ trunk/openvas-plugins/scripts/gb_sun_java_web_porxy_svr_vuln_win.nasl 2008-10-16 16:25:33 UTC (rev 1558)
@@ -0,0 +1,120 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_sun_java_web_porxy_svr_vuln_win.nasl 337 2008-10-16 12:12:32Z oct $
+#
+# Sun Java System Web Proxy Server Vulnerabilities (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800025);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-4541");
+ script_bugtraq_id(31691);
+ script_name(english:"Sun Java System Web Proxy Server Vulnerabilities (Win)");
+ desc["english"] = "
+ Overview: This host has Sun Java Web Proxy Server running, which is prone
+ to heap buffer overflow vulnerability.
+
+ Vulnerability Insight:
+ The flaw exists due to a boundary error in the FTP subsystem and in processing
+ HTTP headers. This issue resides within the code responsible for handling
+ HTTP GET requests.
+
+ Impact:
+ Successful exploitation could allow execution of arbitrary code in the context
+ of the server, and failed attacks may cause denial-of-service condition.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Sun Java System Web Proxy Server versions prior to 4.0.8 on all running platform.
+
+ Fix: Update to version 4.0.8 or apply patches.
+ http://www.sun.com/software/products/web_proxy/get_it.jsp
+
+ NOTE: Ignore this message if patch is applied already.
+
+ References:
+ http://secunia.com/advisories/32227
+ http://xforce.iss.net/xforce/xfdb/45782
+ http://www.frsirt.com/english/advisories/2008/2781
+ http://web.nvd.nist.gov/view/vuln/detail?execution=e3s1
+ http://sunsolve.sun.com/search/document.do?assetkey=1-66-242986-1
+
+ CVSS Score :
+ CVSS Base Score : 8.5 (AV:N/AC:M/Au:SI/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.3
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Sun Java Webproxy Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_ports("Services/www", 8081);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("http_func.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+sunPort = get_http_port(default:8081);
+if(!port){
+ sunPort = 8081;
+}
+
+if(!get_port_state(sunPort)){
+ exit(0);
+}
+
+banner = get_http_banner(port:sunPort);
+if(!banner){
+ exit(0);
+}
+if(banner =~ "Server: Sun-Java-System-Web-Proxy-Server/[0-3]\.0")
+{
+ security_hole(sunPort);
+ exit(0);
+}
+
+if(banner =~ "Server: Sun-Java-System-Web-Proxy-Server/4\.0")
+{
+ proxyVer = registry_enum_keys(key:"SOFTWARE\Sun Microsystems\ProxyServer");
+ if(proxyVer == NULL){
+ exit(0);
+ }
+
+ # Grep for versions prior to 4.0.8
+ if(version_in_range(version:proxyVer[0], test_version:"4.0", test_version2:"4.0.7")){
+ security_hole(sunPort);
+ }
+}
Modified: trunk/openvas-plugins/scripts/version_func.inc
===================================================================
--- trunk/openvas-plugins/scripts/version_func.inc 2008-10-16 13:10:58 UTC (rev 1557)
+++ trunk/openvas-plugins/scripts/version_func.inc 2008-10-16 16:25:33 UTC (rev 1558)
@@ -193,3 +193,10 @@
if(version_is_less(version:test_version, test_version:version) ) return (1);
return (0);
}
+
+function version_in_range(version, test_version, test_version2){
+ if(version_is_greater_equal(version:version, test_version:test_version)){
+ if(version_is_less_equal(version:version, test_version:test_version2)) return (1);
+ }
+ return (0);
+}
More information about the Openvas-commits
mailing list