[Openvas-commits] r1648 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Oct 30 06:53:05 CET 2008
Author: chandra
Date: 2008-10-30 06:53:04 +0100 (Thu, 30 Oct 2008)
New Revision: 1648
Added:
trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_lin.nasl
trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_win.nasl
trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl
trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-10-29 13:53:11 UTC (rev 1647)
+++ trunk/openvas-plugins/ChangeLog 2008-10-30 05:53:04 UTC (rev 1648)
@@ -1,3 +1,13 @@
+2008-10-30 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gb_opera_info_disc_n_code_exec_lin.nasl,
+ scripts/gb_opera_info_disc_n_code_exec_win.nasl,
+ scripts/gb_opera_mult_vuln_oct08_lin.nasl,
+ scripts/gb_opera_mult_vuln_oct08_win.nasl:
+ Added new plugins
+
+ * scripts/secpod_opera_detection_linux_900037.nasl:
+ Modified the detection logic
+
2008-10-29 Chandrashekhar B <bchandra at secpod.com>
* scripts/secpod_realvnc_remote_code_exe_vuln_win_900162.nasl,
scripts/secpod_trendmicro_officescan_cgiparsing_bof_vuln_900164.nasl,
Added: trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_lin.nasl 2008-10-29 13:53:11 UTC (rev 1647)
+++ trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_lin.nasl 2008-10-30 05:53:04 UTC (rev 1648)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_opera_info_disc_n_code_exec_lin.nasl 386 2008-10-29 14:41:10Z oct $
+#
+# Opera Remote Code Execution and Information Disclosure Vulnerabilities (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800047);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-4694", "CVE-2008-4695");
+ script_name(english:"Opera Remote Code Execution and Information Disclosure Vulnerabilities (Linux)");
+ desc["english"] = "
+
+ Overview: The host is installed with Opera Web Browser and is prone to
+ remote code execution and information disclosure Vulnerabilities.
+
+ Vulnerability Insight:
+ Flaws are due to,
+ - an error in Opera.dll, that fails to anchor identifier (optional argument)
+ - an unknown error predicting the cache pathname of a cached Java
+ applet and then launching this applet from the cache.
+
+ Impact: Successful remote attack could inject arbitrary code, launch
+ cross site attacks, information disclosure and can even steal related DB
+ (DataBase) contents.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Opera version prior to 9.60 on Linux.
+
+ Fix: Upgrade to Opera 9.60 or later
+ http://www.opera.com/download/
+
+ References:
+ http://www.opera.com/support/search/view/901/
+ http://www.opera.com/support/search/view/902/
+
+ CVSS Score:
+ CVSS Base Score : 8.8 (AV:N/AC:M/Au:NR/C:C/I:C/A:N)
+ CVSS Temporal Score : 6.5
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Opera Web Browser");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("secpod_opera_detection_linux_900037.nasl");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+operaVer = get_kb_item("Opera/Linux/Version");
+if(!operaVer){
+ exit(0);
+}
+
+if(version_is_less(version:operaVer, test_version:"9.60")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_win.nasl 2008-10-29 13:53:11 UTC (rev 1647)
+++ trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_win.nasl 2008-10-30 05:53:04 UTC (rev 1648)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_opera_info_disc_n_code_exec_win.nasl 386 2008-10-29 14:47:50Z oct $
+#
+# Opera Remote Code Execution and Information Disclosure Vulnerabilities (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800046);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-4694", "CVE-2008-4695");
+ script_name(english:"Opera Remote Code Execution and Information Disclosure Vulnerabilities (Win)");
+ desc["english"] = "
+
+ Overview: The host is installed with Opera Web Browser and is prone to
+ remote code execution and information disclosure Vulnerabilities.
+
+ Vulnerability Insight:
+ Flaws are due to,
+ - an error in Opera.dll, that fails to anchor identifier (optional argument)
+ - an unknown error in predicting the cache pathname of a cached Java
+ applet and then launching this applet from the cache.
+
+ Impact: Successful remote attack could inject arbitrary code, launch
+ cross site attacks, information disclosure and can even steal related DB
+ (DataBase) contents.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Opera version prior to 9.60 on Windows.
+
+ Fix: Upgrade to Opera 9.60 or later
+ http://www.opera.com/download/
+
+ References:
+ http://www.opera.com/support/search/view/901/
+ http://www.opera.com/support/search/view/902/
+
+ CVSS Score:
+ CVSS Base Score : 8.8 (AV:N/AC:M/Au:NR/C:C/I:C/A:N)
+ CVSS Temporal Score : 6.5
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Opera Web Browser");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("secpod_opera_detection_win_900036.nasl");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+operaVer = get_kb_item("Opera/Win/Version");
+if(!operaVer){
+ exit(0);
+}
+
+if(version_is_less(version:operaVer, test_version:"9.60")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_opera_info_disc_n_code_exec_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl 2008-10-29 13:53:11 UTC (rev 1647)
+++ trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl 2008-10-30 05:53:04 UTC (rev 1648)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_opera_mult_vuln_oct08_lin.nasl 386 2008-10-29 18:35:35Z oct $
+#
+# Opera Web Browser Multiple XSS Vulnerability (Linux)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800045);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-4696", "CVE-2008-4697",
+ "CVE-2008-4698", "CVE-2008-4725");
+ script_bugtraq_id(31842, 31869);
+ script_name(english:"Opera Web Browser Multiple XSS Vulnerability (Linux)");
+ desc["english"] = "
+
+ Overview: The host is installed with Opera Web Browser and is prone to
+ multiple Cross Site Scripting (XSS) Vulnerability.
+
+ Vulnerability Insight:
+ Flaws are due to,
+ - the URL of visited pages are not properly sanitised by the History Search
+ functionality before being used.
+ - an error in the implementation of the Fast Forward feature.
+ - an error while blocking scripts during a news feed preview.
+
+ Impact: Successful remote attack could inject arbitrary code, launch
+ cross site attacks, information disclosure and can even steal related DB
+ (DataBase) contents.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Opera version prior to 9.61 on Linux.
+
+ Fix: Upgrade to Opera 9.61
+ http://www.opera.com/download/
+
+ References:
+ http://www.opera.com/support/search/view/903/
+ http://www.opera.com/support/search/view/904/
+ http://www.opera.com/support/search/view/905/
+
+ CVSS Score:
+ CVSS Base Score : 8.8 (AV:N/AC:M/Au:NR/C:C/I:C/A:N)
+ CVSS Temporal Score : 6.5
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Opera Web Browser");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("secpod_opera_detection_linux_900037.nasl");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+operaVer = get_kb_item("Opera/Linux/Version");
+if(!operaVer){
+ exit(0);
+}
+
+if(version_is_less(version:operaVer, test_version:"9.61")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl 2008-10-29 13:53:11 UTC (rev 1647)
+++ trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl 2008-10-30 05:53:04 UTC (rev 1648)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_opera_mult_vuln_oct08_win.nasl 386 2008-10-29 14:35:35Z oct $
+#
+# Opera Web Browser Multiple XSS Vulnerability (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800044);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-4696","CVE-2008-4697",
+ "CVE-2008-4698", "CVE-2008-4725");
+ script_bugtraq_id(31842, 31869);
+ script_name(english:"Opera Web Browser Multiple XSS Vulnerability (Win)");
+ desc["english"] = "
+
+ Overview: The host is installed with Opera web browser and is prone to
+ multiple Cross Site Scripting (XSS) Vulnerability.
+
+ Vulnerability Insight:
+ Flaws are due to,
+ - the URL of visited pages are not properly sanitised by the History Search
+ functionality before being used.
+ - an error in the implementation of the Fast Forward feature.
+ - an error while blocking scripts during a news feed preview.
+
+ Impact: Successful remote attack could inject arbitrary code, launch
+ cross site attacks, information disclosure and can even steal related DB
+ (DataBase) contents.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Opera version prior to 9.61 on Windows.
+
+ Fix: Upgrade to Opera 9.61
+ http://www.opera.com/download/
+
+ References:
+ http://www.opera.com/support/search/view/903/
+ http://www.opera.com/support/search/view/904/
+ http://www.opera.com/support/search/view/905/
+
+ CVSS Score:
+ CVSS Base Score : 8.8 (AV:N/AC:M/Au:NR/C:C/I:C/A:N)
+ CVSS Temporal Score : 6.5
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Opera Web Browser");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("secpod_opera_detection_win_900036.nasl");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+operaVer = get_kb_item("Opera/Win/Version");
+if(!operaVer){
+ exit(0);
+}
+
+if(version_is_less(version:operaVer, test_version:"9.61")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_opera_mult_vuln_oct08_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl 2008-10-29 13:53:11 UTC (rev 1647)
+++ trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl 2008-10-30 05:53:04 UTC (rev 1648)
@@ -6,18 +6,18 @@
#
# Date Written: 2008/08/21
#
-# Revision: 1.3
+# Revision: 1.3
#
# Log: schandan
# Issue #0136
# ------------------------------------------------------------------------
-# This program was written by SecPod and is licensed under the GNU GPL
+# This program was written by SecPod and is licensed under the GNU GPL
# license. Please refer to the below link for details,
# http://www.gnu.org/licenses/gpl.html
-# This header contains information regarding licensing terms under the GPL,
-# and information regarding obtaining source code from the Author.
-# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
-# information found in this header with any distribution you make of this
+# This header contains information regarding licensing terms under the GPL,
+# and information regarding obtaining source code from the Author.
+# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
+# information found in this header with any distribution you make of this
# Program.
# ------------------------------------------------------------------------
##############################################################################
@@ -32,48 +32,53 @@
script_name(english:"Opera Version Detection for Linux");
script_summary(english:"Set File Version of Opera in KB");
desc["english"] ="
- Overview : This script finds the Opera Web browser installed version of
+ Overview : This script finds the Opera Web browser installed version on
Linux and saves the version in KB.
Risk factor : Informational";
script_description(english:desc["english"]);
- script_dependencies("gather-package-list.nasl");
- script_require_keys("ssh/login/uname");
exit(0);
}
- include("ssh_func.inc");
+include("version_func.inc");
- if("Linux" >!< get_kb_item("ssh/login/uname")){
- exit(0);
- }
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
- rpmLists = get_kb_list("ssh/*/rpms");
- foreach rpmList (rpmLists)
- {
- opera = egrep(pattern:"opera~", string:rpmList);
- if(opera)
- {
- operaVer = split(opera, sep:"~", keep:0);
- set_kb_item(name:"Opera/Linux/Version", value:operaVer[1]);
- exit(0);
- }
- }
+grep = find_bin(prog_name:"grep", sock:sock);
+grep = chomp(grep[0]);
- if(!opera)
- {
- sock = ssh_login_or_reuse_connection();
- if(sock)
- {
- operaVer = ssh_cmd(socket:sock, cmd:"opera -version", timeout:120);
- ssh_close_connection();
+garg[0] = "-o";
+garg[1] = "-m1";
+garg[2] = "-a";
+garg[3] = string("Opera [0-9]\\.[0-9]\\+");
- if(!operaVer){
- exit(0);
- }
+operaName = find_file(file_name:"opera", file_path:"/", useregex:TRUE,
+ regexpar:"$", sock:sock);
+foreach binaryName(operaName)
+{
+ binaryName = chomp(binaryName);
+ if(islocalhost())
+ {
+ garg[4] = binaryName;
+ arg = garg;
+ }
+ else
+ {
+ arg = garg[0] + " " + garg[1] + " " + garg[2] + " " + raw_string(0x22) +
+ garg[3] + raw_string(0x22) + " " + binaryName;
+ }
- operaVer = split(operaVer, sep:" ", keep:0);
- set_kb_item(name:"Opera/Linux/Version", value:operaVer[1]);
- }
- }
+ operaVer = get_bin_version(full_prog_name:grep, version_argv:arg,
+ ver_pattern:"Opera ([0-9]\.[0-9]+)", sock:sock);
+ if(operaVer)
+ {
+ set_kb_item(name:"Opera/Linux/Version", value:operaVer[1]);
+ ssh_close_connection();
+ exit(0);
+ }
+}
+ssh_close_connection();
More information about the Openvas-commits
mailing list