[Openvas-commits] r1604 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri Oct 24 09:48:41 CEST 2008
Author: chandra
Date: 2008-10-24 09:48:39 +0200 (Fri, 24 Oct 2008)
New Revision: 1604
Added:
trunk/openvas-plugins/scripts/secpod_ms08-067_900055.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new plugin for a critical vulnerability
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-10-23 12:38:18 UTC (rev 1603)
+++ trunk/openvas-plugins/ChangeLog 2008-10-24 07:48:39 UTC (rev 1604)
@@ -1,3 +1,7 @@
+2008-10-24 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/secpod_ms08-067_900055.nasl:
+ Added plugin for a critical vulnerability
+
2008-10-23 Chandrashekhar B <bchandra at secpod.com>
* scripts/gb_astrospace_sql_inj_vuln.nasl:
Added new plugin
Added: trunk/openvas-plugins/scripts/secpod_ms08-067_900055.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms08-067_900055.nasl 2008-10-23 12:38:18 UTC (rev 1603)
+++ trunk/openvas-plugins/scripts/secpod_ms08-067_900055.nasl 2008-10-24 07:48:39 UTC (rev 1604)
@@ -0,0 +1,163 @@
+##############################################################################
+#
+# Server Service Could Allow Remote Code Execution Vulnerability (958644)
+#
+# Copyright: SecPod
+#
+# Date Written: 2008/10/24
+#
+# Revision: 1.0
+#
+# Log: schandan
+# Issue #0385
+# ------------------------------------------------------------------------
+# This program was written by SecPod and is licensed under the GNU GPL
+# license. Please refer to the below link for details,
+# http://www.gnu.org/licenses/gpl.html
+# This header contains information regarding licensing terms under the GPL,
+# and information regarding obtaining source code from the Author.
+# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
+# information found in this header with any distribution you make of this
+# Program.
+# ------------------------------------------------------------------------
+##############################################################################
+
+
+if(description)
+{
+ script_id(900055);
+ script_bugtraq_id(31874);
+ script_cve_id("CVE-2008-4250");
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version("Revision: 1.0 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Windows");
+ script_name(english:"Server Service Could Allow Remote Code Execution Vulnerability (958644)");
+ script_summary(english:"Check for Hotfix and version of Server Service");
+ desc["english"] = "
+ MS08-067
+
+ Overview: This host has critical security update missing according to
+ Microsoft Bulletin MS08-067.
+
+ Vulnerability Insight:
+ Flaw is due to an error in the Server Service, that does not properly
+ handle specially crafted RPC requests.
+
+ Impact: Successful exploitation could allow remote attackers to take
+ complete control of an affected system.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Microsoft Windows 2K Service Pack 4 and prior.
+ Microsoft Windows XP Service Pack 3 and prior.
+ Microsoft Windows 2003 Service Pack 2 and prior.
+
+ Fix: Run Windows Update and update the listed hotfixes or download
+ and update mentioned hotfixes in the advisory from the below link,
+ http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
+
+ References:
+ http://www.microsoft.com/technet/security/bulletin/ms08-067.mspx
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_dependencies("secpod_reg_enum.nasl");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("secpod_smb_func.inc");
+
+if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){
+ exit(0);
+}
+
+# Check Hotfix Missing 958644 (MS08-067)
+if(hotfix_missing(name:"958644") == 0){
+ exit(0);
+}
+
+sysPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+ item:"Install Path");
+if(!sysPath){
+ exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sysPath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:sysPath + "\Netapi32.dll");
+
+dllVer = GetVer(file:file, share:share);
+if(!dllVer){
+ exit(0);
+}
+
+# Windows 2K
+if(hotfix_check_sp(win2k:5) > 0)
+{
+ # Grep for Srv.sys version < 5.0.2195.7203
+ if(egrep(pattern:"^5\.0\.2195\.([0-6]?[0-9]?[0-9]?[0-9]|7([01][0-9][0-9]|" +
+ "20[0-2]))$", string:dllVer)){
+ security_hole(0);
+ }
+ exit(0);
+}
+
+# Windows XP
+if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ if("Service Pack 2" >< SP)
+ {
+ # Grep for Srv.sys < 5.1.2600.3462
+ if(egrep(pattern:"^5\.1\.2600\.([0-2]?[0-9]?[0-9]?[0-9]|3([0-3][0-9][0-9]|" +
+ "4([0-5][0-9]|6[01])))$", string:dllVer)){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ else if("Service Pack 3" >< SP)
+ {
+ # Grep for Srv.sys < 5.1.2600.5694
+ if(egrep(pattern:"^5\.1\.2600\.([0-4]?[0-9]?[0-9]?[0-9]|5([0-5][0-9][0-9]|" +
+ "6([0-8][0-9]|9[0-3])))$", string:dllVer)){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
+
+# Windows 2003
+if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ if("Service Pack 1" >< SP)
+ {
+ # Grep for Srv.sys version < 5.2.3790.3229
+ if(egrep(pattern:"^5\.2\.3790\.([0-2]?[0-9]?[0-9]?[0-9]|3[01][0-9][0-9]|" +
+ "32([01][0-9]|2[0-8]))$",
+ string:dllVer)){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ else if("Service Pack 2" >< SP)
+ {
+ # Grep for Srv.sys version < 5.2.3790.4392
+ if(egrep(pattern:"^5\.2\.3790\.([0-3]?[0-9]?[0-9]?[0-9]|4([0-2][0-9][0-9]|" +
+ "3([0-8][0-9]|9[01])))$", string:dllVer)){
+ security_hole(0);
+ }
+ exit(0);
+ }
+ security_hole(0);
+}
More information about the Openvas-commits
mailing list