[Openvas-commits] r1601 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Oct 22 15:17:55 CEST 2008 

Author: chandra
Date: 2008-10-22 15:17:54 +0200 (Wed, 22 Oct 2008)
New Revision: 1601

Added:
   trunk/openvas-plugins/scripts/gb_kernel_sctp_prot_violation_dos_vuln.nasl
   trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl
   trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-10-22 09:28:08 UTC (rev 1600)
+++ trunk/openvas-plugins/ChangeLog	2008-10-22 13:17:54 UTC (rev 1601)
@@ -1,3 +1,9 @@
+2008-10-22 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl,
+	  scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl,
+	  scripts/gb_kernel_sctp_prot_violation_dos_vuln.nasl:
+	  Added new plugins
+
 2008-10-21 Chandrashekhar B <bchandra at secod.com>
 	* scripts/gb_adobe_flash_player_detect_lin.nasl,
 	  scripts/gb_hp_sim_unauth_access_vuln_lin.nasl,

Added: trunk/openvas-plugins/scripts/gb_kernel_sctp_prot_violation_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_kernel_sctp_prot_violation_dos_vuln.nasl	2008-10-22 09:28:08 UTC (rev 1600)
+++ trunk/openvas-plugins/scripts/gb_kernel_sctp_prot_violation_dos_vuln.nasl	2008-10-22 13:17:54 UTC (rev 1601)
@@ -0,0 +1,94 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_kernel_sctp_prot_violation_dos_vuln.nasl 362 2008-10-22 12:47:15Z oct $
+#
+# Linux Kernel Stream Control Transmission Protocol Violation Vulnerability
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800036);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-4618");
+  script_bugtraq_id(31848);
+  script_name(english:"Linux Kernel Stream Control Transmission Protocol Violation Vulnerability");
+  desc["english"] = "
+
+  Overview: This host has Linux Kernel Stream Control Transmission Protocol
+  (SCTP) implementation and is prone to Protocol Violation Vulnerability.
+
+  Vulnerability Insight:
+  The issue is with the parameter 'sctp_paramhdr' in sctp_sf_violation_paramlen,
+  sctp_sf_abort_violation, and sctp_make_abort_violation functions of sm.h,
+  sm_make_chunk.c, and sm_statefunc.c files, which has invalid length and
+  incorrect data types in function calls.
+
+  Impact: Successful attacks will result in denial of service via kernel related
+  vectors.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Linux kernel version before 2.6.27 on all Linux Platforms.
+
+  Fix: Upgrade to Linux kernel 2.6.27, or
+  Apply the available patch from below link,
+  http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git;a=commit;h=ba0166708ef4da7eeb61dd92bbba4d5a749d6561
+
+  *****
+  NOTE : Ignore this warning if patch is already applied.
+  *****
+
+  References:
+  http://www.openwall.com/lists/oss-security/2008/10/06/1
+  http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.27
+
+  CVSS Score:
+    CVSS Base Score     : 7.8 (AV:N/AC:L/Au:NR/C:N/I:N/A:C)
+    CVSS Temporal Score : 5.8
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Kernel");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+kernelVer = get_bin_version(full_prog_name:"uname", version_argv:"-r",
+                            ver_pattern:"[0-9.]+", sock:sock);
+if(kernelVer)
+{
+  if(version_is_less(version:kernelVer[0], test_version:"2.6.27")){
+    security_warning(port);
+  }
+}
+ssh_close_connection();

Added: trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl	2008-10-22 09:28:08 UTC (rev 1600)
+++ trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl	2008-10-22 13:17:54 UTC (rev 1601)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vlc_media_player_ty_bof_vuln_lin.nasl 0370 2008-10-22 11:20:50Z oct $
+#
+# VLC Media Player TY Processing BOF Vulnerability (Linux)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800117);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-4654");
+  script_bugtraq_id(31813);
+  script_name(english:"VLC Media Player TY Processing BOF Vulnerability (Linux)");
+  desc["english"] = "
+
+  Overview: This host is installed with VLC Media Player and is prone to
+  Buffer Overflow Vulnerability.
+  
+  Vulnerability Insight:
+  The flaw is caused due to a boundary error while parsing the header of an
+  invalid TY file.
+
+  Impact: Successful exploitation allows attackers to execute arbitrary code
+  by tricking a user into opening a specially crafted TY file or can even
+  crash an affected application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  VLC media player 0.9.0 through 0.9.4 on Linux (Any).
+
+  Fix: Upgrade to Version 0.9.5, or
+  Apply the available patch from below link,
+  http://git.videolan.org/?p=vlc.git;a=commitdiff;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133#patch1
+
+  *****
+  NOTE: Ignore this warning if above mentioned patch is already applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/32339/
+  http://www.videolan.org/security/sa0809.html
+  http://www.trapkit.de/advisories/TKADV2008-010.txt
+  http://www.frsirt.com/english/advisories/2008/2856
+
+  CVSS Score:
+    CVSS Base Score     : 8.3 (AV:N/AC:M/Au:NR/C:P/I:P/A:C)
+    CVSS Temporal Score : 6.5
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of VLC Media Player");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+vlcBinPath = find_bin(prog_name:"vlc", sock:sock);
+
+foreach binPath (vlcBinPath)
+{
+  vlcVer = get_bin_version(full_prog_name:chomp(binPath), version_argv:"--version",
+                           ver_pattern:"ersion ([0-9.]+[a-z]?)", sock:sock);
+  if(vlcVer)
+  {
+    # Check for VLC Media Player Version 0.9.0 - 0.9.4
+    if(version_in_range(version:vlcVer[1],
+                        test_version:"0.9.0", test_version2:"0.9.4")){
+      security_hole(0);
+    }
+    ssh_close_connection();
+    exit(0);
+  }
+}
+ssh_close_connection();


Property changes on: trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl	2008-10-22 09:28:08 UTC (rev 1600)
+++ trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl	2008-10-22 13:17:54 UTC (rev 1601)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vlc_media_player_ty_bof_vuln_win.nasl 0370 2008-10-22 10:22:02Z oct $
+#
+# VLC Media Player TY Processing Buffer Overflow Vulnerability (Win)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800116);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-4654");
+  script_bugtraq_id(31813);
+  script_name(english:"VLC Media Player TY Processing Buffer Overflow Vulnerability (Win)");
+  desc["english"] = "
+
+  Overview: This host is installed with VLC Media Player and is prone to
+  Buffer Overflow Vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to a boundary error while parsing the header of an
+  invalid TY file.
+
+  Impact: Successful exploitation allows attackers to execute arbitrary code
+  by tricking a user into opening a specially crafted TY file or can even
+  crash an affected application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  VLC media player 0.9.0 through 0.9.4 on Windows (Any).
+
+  Fix: Upgrade to Version 0.9.5, or
+  Apply the available patch from below link,
+  http://git.videolan.org/?p=vlc.git;a=commitdiff;h=26d92b87bba99b5ea2e17b7eaa39c462d65e9133#patch1
+
+  *****
+  NOTE: Ignore this warning if above mentioned patch is already applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/32339/
+  http://www.videolan.org/security/sa0809.html
+  http://www.trapkit.de/advisories/TKADV2008-010.txt
+  http://www.frsirt.com/english/advisories/2008/2856
+
+  CVSS Score:
+    CVSS Base Score     : 8.3 (AV:N/AC:M/Au:NR/C:P/I:P/A:C)
+    CVSS Temporal Score : 6.5
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of VLC Media Player");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+vlcVer = registry_get_sz(item:"Version", key:"SOFTWARE\VideoLAN\VLC");
+if(!vlcVer){
+  exit(0);
+}
+
+# Check for VLC Media Player Version 0.9.0 to 0.9.4
+if(version_in_range(version:vlcVer,
+                    test_version:"0.9.0", test_version2:"0.9.4")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_vlc_media_player_ty_bof_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

More information about the Openvas-commits mailing list