[Openvas-commits] r1271 - trunk/openvas-plugins/scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Tue Sep 2 07:37:56 CEST 2008


Author: chandra
Date: 2008-09-02 07:37:55 +0200 (Tue, 02 Sep 2008)
New Revision: 1271

Modified:
   trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl
   trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl
   trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl
   trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl
   trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl
   trunk/openvas-plugins/scripts/secpod_ssh_sys_info.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl
   trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl
Log:
Updated the dependent plugins for changes in secpod_ssh_sys_info.nasl

Modified: trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl	2008-09-01 19:59:25 UTC (rev 1270)
+++ trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl	2008-09-02 05:37:55 UTC (rev 1271)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/08
 #
-#  Revision: 1.1 
+#  Revision: 1.2 
 #
 #  Log: schandan
 #  Issue #0095
@@ -28,7 +28,7 @@
  script_bugtraq_id(30532);
  script_cve_id("CVE-2008-3459");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.1 $");
+ script_version("$Revision: 1.2 $");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"OpenVPN Client Remote Code Execution Vulnerability");
@@ -71,24 +71,24 @@
 
  script_description(english:desc["english"]);
  script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname");
+ script_require_keys("ssh/login/uname");
  exit(0);
 }
 
 
  include("ssh_func.inc");
  
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
         exit(0);
  }
 
 
- foreach item (get_kb_list("Host/*/rpm-list"))
+ foreach item (get_kb_list("ssh/*/rpms"))
  {
-        if("openvpn-" >< item)
+        if("openvpn~" >< item)
         {
 		# Grep for openvpn 2.1-beta14 to 2.1-rc8
-                if(egrep(pattern:"^openvpn-2.1-.*(beta14|rc[0-8])($|[^0-9])",
+                if(egrep(pattern:"^openvpn~2.1~.*(beta14|rc[0-8])($|[^0-9])",
 			 string:item)){
                         security_hole(0);
                 }

Modified: trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl	2008-09-01 19:59:25 UTC (rev 1270)
+++ trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl	2008-09-02 05:37:55 UTC (rev 1271)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/21
 #
-#  Revision: 1.1 
+#  Revision: 1.2 
 #
 #  Log: schandan
 #  Issue #0136
@@ -26,7 +26,7 @@
 {
  script_id(900037);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.1 $");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"General");
  script_name(english:"Opera Version Detection for Linux");
@@ -38,24 +38,24 @@
  Risk factor : Informational";
  script_description(english:desc["english"]);
  script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname"); 
+ script_require_keys("ssh/login/uname"); 
  exit(0);
 }
 
 
  include("ssh_func.inc");
 
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
       	 exit(0);
  }
 
- rpmLists = get_kb_list("Host/*/rpm-list");
+ rpmLists = get_kb_list("ssh/*/rpms");
  foreach rpmList (rpmLists)
  {
-	opera = egrep(pattern:"opera-", string:rpmList);
+	opera = egrep(pattern:"opera~", string:rpmList);
 	if(opera)
 	{
-		operaVer = split(opera, sep:"-", keep:0);
+		operaVer = split(opera, sep:"~", keep:0);
 		set_kb_item(name:"Opera/Linux/Version", value:operaVer[1]);
 	 	exit(0);	
  	}

Modified: trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl	2008-09-01 19:59:25 UTC (rev 1270)
+++ trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl	2008-09-02 05:37:55 UTC (rev 1271)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/07/11
 #
-#  Revision: 1.2 
+#  Revision: 1.3 
 #
 #  Log: schandan
 #  Issue #0032 
@@ -29,7 +29,7 @@
  script_bugtraq_id(29956);
  script_cve_id("CVE-2008-2927");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.2 $");
+ script_version("Revision: 1.3 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Pidgin MSN SLP Message Integer Overflow Vulnerabilities (Linux)");
@@ -51,7 +51,7 @@
  Impact Level : SYSTEM
  
  Affected Software/OS:
- - Pidgin Version prior to 2.4.3 on Linux (All).
+        Pidgin Version prior to 2.4.3 on Linux (All).
  
  Fix : Upgrade to Pidgin Version 2.4.3,
  http://www.pidgin.im/download/
@@ -64,28 +64,29 @@
  Risk factor : Medium";
  script_description(english:desc["english"]);
  script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname");
+ script_require_keys("ssh/login/uname");
  exit(0);
 }
 
 
  include("ssh_func.inc");
 
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
         exit(0);
  }
 
- foreach item (get_kb_list("Host/*/rpm-list"))
+ foreach item (get_kb_list("ssh/*/rpms"))
  {
-	if("pidgin-" >< item)
-	{
-		if(egrep(pattern:"^pidgin-([01]\..*|2\.([0-3](\..*)?|" +
-				 "4(\.[0-2])?))($|[^.0-9])", string:item)){
-                	security_warning(0);
-        	}
-		exit(0);
- 	}
- }
+       if("pidgin~" >< item)
+        {
+		if(egrep(pattern:"^pidgin~([01]\..*|2\.([0-3](\..*)?|" +
+                                 "4(\.[0-2])?))($|[^.0-9])", string:item))
+		{
+                        security_warning(0);
+                	exit(0);
+		}
+        } 
+ } 
 
  sock = ssh_login_or_reuse_connection();
  if(!sock){

Modified: trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl	2008-09-01 19:59:25 UTC (rev 1270)
+++ trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl	2008-09-02 05:37:55 UTC (rev 1271)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/06
 #
-#  Revision: 1.1 
+#  Revision: 1.2 
 #
 #  Log: schandan
 #  Issue #0089
@@ -28,7 +28,7 @@
  script_id(900022);
  script_bugtraq_id(30553);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.1 $");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability (Linux)");
@@ -61,26 +61,27 @@
 
  script_description(english:desc["english"]);
  script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname");
+ script_require_keys("ssh/login/uname");
  exit(0);
 }
 
 
  include("ssh_func.inc");
 
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
         exit(0);
  }
 
- foreach item (get_kb_list("Host/*/rpm-list"))
+ foreach item (get_kb_list("ssh/*/rpms"))
  {
-	if("pidgin-" >< item)
+	if("pidgin~" >< item)
 	{
-		if(egrep(pattern:"^pidgin-([01]\..*|2\.([0-3](\..*)?|" +
-				 "4(\.[0-3])?))($|[^.0-9])", string:item)){
+		if(egrep(pattern:"^pidgin~([01]\..*|2\.([0-3](\..*)?|" +
+				 "4(\.[0-3])?))($|[^.0-9])", string:item))
+		{
                 	security_warning(0);
-        	}
-		exit(0);
+			exit(0);
+		}
  	}
  }
 

Modified: trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl	2008-09-01 19:59:25 UTC (rev 1270)
+++ trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl	2008-09-02 05:37:55 UTC (rev 1271)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/05
 #
-#  Revision: 1.2
+#  Revision: 1.3
 #
 #  Log: ssharath
 #  Issue #0091
@@ -30,7 +30,7 @@
  script_cve_id("CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142",
 		"CVE-2008-3143","CVE-2008-3144");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.2 $");
+ script_version("Revision: 1.3 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Python Multiple Vulnerabilities (Linux)");
@@ -71,22 +71,22 @@
  Risk factor : Medium";
  script_description(english:desc["english"]);
  script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname");
+ script_require_keys("ssh/login/uname");
  exit(0);
 }
 
 
  include("ssh_func.inc");
 
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
         exit(0);
  }
 
- foreach item (get_kb_list("Host/*/rpm-list"))
+ foreach item (get_kb_list("ssh/*/rpms"))
  {
         if("python" >< item)
         {
-                if(egrep(pattern:"python-.*-([01]\..*|2\.([0-4]\..*|5\.[0-2]))[^.0-9]",
+                if(egrep(pattern:"python-.*~([01]\..*|2\.([0-4]\..*|5\.[0-2]))[^.0-9]",
 			 string:item)){
                         security_warning(0); 
                 }

Modified: trunk/openvas-plugins/scripts/secpod_ssh_sys_info.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ssh_sys_info.nasl	2008-09-01 19:59:25 UTC (rev 1270)
+++ trunk/openvas-plugins/scripts/secpod_ssh_sys_info.nasl	2008-09-02 05:37:55 UTC (rev 1271)
@@ -6,10 +6,14 @@
 #
 #  Date Written: 2008/07/22
 #
-#  Revision: 1.1
+#  Revision: 1.2
 #
 #  Log: schandan
 #  Issue #
+#  Added "\n" at the end to all rpm packages before KB set.
+#  (It is done to support Regex match in proper way).
+#
+#  CHANGES: Jaime Blasco from AlienVault VRT
 #  ------------------------------------------------------------------------
 #  This program was written by SecPod and is licensed under the GNU GPL
 #  license. Please refer to the below link for details,
@@ -20,13 +24,14 @@
 #  information found in this header with any distribution you make of this
 #  Program.
 #  ------------------------------------------------------------------------
-##############################################################################
+###########################################################################
 
+
 if(description)
 {
  script_id(900014);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.1 $");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_name(english:"SSH System Security Information");
  script_family(english:"General");
@@ -34,10 +39,10 @@
  desc["english"] = "
  Overview :  This script will retrieve system information on the target
  host with OS Name, Version and all installed packages.
- 
+
  Risk factor : Informational";
 
- script_description(english:desc["english"]); 
+ script_description(english:desc["english"]);
  script_dependencies("find_service.nes", "secpod_ssh_credentials.nasl");
  script_require_ports(22, "Services/ssh");
  exit(0);
@@ -49,161 +54,682 @@
 
  port = get_kb_item("Services/ssh");
  if(!port){
-	port = 22;
+        port = 22;
  }
 
  sock = ssh_login_or_reuse_connection();
  if(!sock)
  {
-	report = "Unable to logon into the remote host";
-	security_note(port:port, data:report);
-	exit(0);
+        report = "Unable to logon into the remote host";
+        security_note(port:port, data:report);
+        exit(0);
  }
  else
  {
-	report = "Able to logon into the remote host with given credentials. SSH Local checks is enabled.";
-	security_note(port:port, data:report);
+        report = "Able to logon into the remote host with given credentials. SSH Local checks is enabled.";
+        security_note(port:port, data:report);
  }
 
- buf = ssh_cmd(socket:sock,cmd:"uname -a");
- if(buf){
-	set_kb_item(name:"Host/uname", value:buf);
- }
- else 
- {
+ 
+ #From gather-package-list.nasl (OpenVAs)
+ # OpenVAS Vulnerability Test
+# $Id$
+# Description: Gather installed packages/rpms/etc for local security checks
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License Version 2
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+#
+
+
+ # First command: Grab uname -a of the remote system
+uname = ssh_cmd(socket:sock, cmd:"uname -a");
+if(uname){
+	set_kb_item(name: "ssh/login/uname", value:uname);
+} else 
+{
+	report = "Unable to execute uname cmd";
+	security_note(port:port, data:report);
 	ssh_close_connection();
 	exit(0);
- }
+}
 
- if("Linux" >< buf)
- {
- 	######################################################################
- 	# 			RedHat and Fedora (All)
- 	######################################################################
-  	buf = ssh_cmd(socket:sock, cmd:"cat /etc/redhat-release");
-   	if(("Red Hat" >< buf) || ("Fedora" >< buf))
-	{
-   		set_kb_item(name:"Host/RedHat/release", value:buf);
-   		buf = ssh_cmd(socket:sock, timeout:120, cmd:"/bin/rpm -qa " +
-			      "--qf '%{NAME}-%{VERSION}-%{RELEASE}\n'");
-   		if(buf){
-			set_kb_item(name:"Host/RedHat/rpm-list", value:buf);
-   		}
-		ssh_close_connection();
-   		exit(0);
-	}
+ security_note(port:port, data:uname);
+# Ok...let's first check if this is a RedHat/Fedora Core/Mandrake release
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/redhat-release");
+if("Red Hat Linux release 7.3" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "RH7.3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Red Hat Linux release 8.0 (Psyche)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "RH8.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Red Hat Linux release 9 (Shrike)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "RH9");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 1 (Yarrow)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 2 (Tettnang)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 3 (Heidelberg)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 4 (Stentz)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC4");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 5 (Bordeaux)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC5");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora Core release 6 (Zod)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC6");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora release 7 (Moonshine)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC7");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora release 8 (Werewolf)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC8");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Fedora release 9 (Sulphur)" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "FC9");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
 
- 	######################################################################
- 	# 				  SuSE
- 	######################################################################
-  	buf = ssh_cmd(socket:sock, cmd:"cat /etc/SuSE-release");
-  	if("SuSE Linux" >< buf)
-  	{
-        	version = ereg_replace(pattern:"SuSE Linux ([0-9]\.[0-9]) .*",
-                	               string:egrep(string:buf, pattern:"SuSE"),
-				       replace:"\1");
-        	set_kb_item(name:"Host/SuSE/release", value:"SUSE" + version);
-        	buf = ssh_cmd(socket:sock, timeout:60, cmd:"rpm -qa --qf " +
-			      "'%{NAME}-%{VERSION}-%{RELEASE}\n'", timeout:60);
-        	if(buf){
-        		set_kb_item(name:"Host/SuSE/rpm-list", value:buf);
-		}
-        	ssh_close_connection();
-        	exit(0);
-  	} 
-  
- 	#######################################################################
- 	# 				 Gentoo
- 	#######################################################################
- 	buf = ssh_cmd(socket:sock, cmd:"cat /etc/gentoo-release");
- 	if("Gentoo" >< buf)
-  	{
-        	version = ereg_replace(pattern:"Gentoo Base System version ([0-9]\.[0-9]) .*",
-                	               string:egrep(string:buf, pattern:"Gentoo"),
-				       replace:"\1");
-        	set_kb_item(name:"Host/Gentoo/release", value: version);
-        	buf = ssh_cmd(socket: sock, timeout:60,
-			      cmd:'egrep "ARCH=" /etc/make.profile/make.defaults');
-        	buf = ereg_replace(string:buf, pattern:'ARCH="(.*)"', replace: "\1");
+# Red Hat Enterprise Linux ES release 2.1 (Panama)
+# Red Hat Enterprise Linux AS release 3 (Taroon Update 1)
+# Red Hat Enterprise Linux AS release 3 (Taroon Update 2)
+# Red Hat Enterprise Linux AS release 3 (Taroon Update 3)
+# Red Hat Enterprise Linux Desktop release 3.90
 
-		if(buf){
-                	set_kb_item(name: "Host/Gentoo/arch", value: buf);
-        	}
+if(egrep(pattern:"Red Hat Enterprise.*release 2\.1", string:rls)) {
+    set_kb_item(name: "ssh/login/release", value: "RHENT_2.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if(egrep(pattern:"Red Hat Enterprise.*release 3 ", string:rls)) {
+    set_kb_item(name: "ssh/login/release", value: "RHENT_3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if(egrep(pattern:"Red Hat Enterprise.*release 4 ", string:rls)) {
+    set_kb_item(name: "ssh/login/release", value: "RHENT_4");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if(egrep(pattern:"Red Hat Enterprise.*release 5 ", string:rls)) {
+    set_kb_item(name: "ssh/login/release", value: "RHENT_5");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
 
-	        buf = ssh_cmd(socket:sock, timeout:60, cmd:'find /var/db/pkg/ " +
-			      "-mount -mindepth 2 -maxdepth 2 -printf "%P\\n"');
-        	if(buf){
-			set_kb_item(name:"Host/Gentoo/qpkg-list", value:buf);
-        	}
-        	ssh_close_connection();
-        	exit(0);
-	}
+if("Mandriva Linux release 2008.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2008.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandriva Linux release 2008.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2008.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandriva Linux release 2007.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2007.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandriva Linux release 2007.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2007.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandriva Linux release 2006.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_2006.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrakelinux release 10.2" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_10.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrakelinux release 10.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_10.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 10.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_10.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 9.2" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_9.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 9.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_9.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 8.1" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_8.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 8.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_8.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Mandrake Linux release 7.2" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "MNDK_7.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
 
- 	#######################################################################
- 	#                               Debian
- 	#######################################################################
-	buf = ssh_cmd(socket:sock, cmd:"cat /etc/debian_version");
- 	if(buf)
- 	{
- 		if(buf !~ '^[0-9.]+[ \t\r\n]*$')
-    		{
-      			ssh_close_connection();
-      			exit(0);
-    		}
+# Ok...also using /etc/redhat-release is CentOS...let's try them now
+# We'll stay with major release # checking unless we find out we need to do
+# otherwise.
+#CentOS release 4.0 (Final)
+#CentOS release 4.1 (Final)
+#CentOS release 3.4 (final)
+if("CentOS release 4" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "CENTOS4");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 4"));
+    exit(0);
+}
+if("CentOS release 3" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "CENTOS3");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 3"));
+    exit(0);
+}
 
-    		set_kb_item(name:"Host/Debian/release", value: chomp(buf));
-    		buf = ssh_cmd(socket:sock, timeout:60, cmd:'COLUMNS=160 dpkg -l');
-		if(buf){
-      			set_kb_item(name:"Host/Debian/dpkg-l", value:buf);
-    		}
-		ssh_close_connection();
-		exit(0);
- 	}
- }
+# Hmmm...is it Ubuntu?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/lsb-release");
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=4.10"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU4.1");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 4.10"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=5.04"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU5.04");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 5.04"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=5.10"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU5.10");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 5.10"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=6.06"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU6.06 LTS");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 6.06"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=6.10"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU6.10");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 6.10"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=7.04"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU7.04");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 7.04"));
+    exit(0);
+}
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=7.10"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU7.10");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 7.10") + string(get_kb_list("ssh/login/release")));
+    exit(0);
+}
 
- ##############################################################################
- #				 MacOS
- ##############################################################################
- else if("Darwin" >< buf )
- {
-  	OS = ereg_replace(pattern:"^.*Darwin Kernel Version ([0-9]+\.[0-9]" +
-		                  "+\.[0-9]+):.*$", string:buf, replace:"\1");
-  	num = split(OS, sep:".", keep:FALSE);
-  	version = "Mac OS X 10." + string(int(num[0]) - 4) + "." + int(num[1]);
+if("DISTRIB_ID=Ubuntu"><rls && "DISTRIB_RELEASE=8.04"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "UBUNTU8.04");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Ubuntu 8.04"));
+    exit(0);
+}
 
-        buf = ssh_cmd(socket:sock,
-                cmd:"test -f /private/etc/sysctl-macosxserver.conf && cat /private/etc/sysctl-macosxserver.conf");
+# How about Conectiva Linux?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/conectiva-release");
+if("Conectiva Linux 9" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "CL9");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 9"));
+    exit(0);
+}
+if("Conectiva Linux 10" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "CL10");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 10"));
+    exit(0);
+}
 
-  	if(strlen(buf)){
-		version = version + " Server";
+# How about Turbolinux?
+# Turbolinux signatures:
+# release 6.0 WorkStation (Shiga)       -- Unsupported
+# TurboLinux release 6.1 Server (Naha)	-- Unsupported
+# Turbolinux Server 6.5 (Jupiter)       -- Unsupported
+# Turbolinux Server 7.0 (Esprit)
+# Turbolinux Workstation 7.0 (Monza)
+# Turbolinux Server 8.0 (Viper)
+# Turbolinux Workstation 8.0 (SilverStone)
+# Turbolinux Server 10.0 (Celica)
+# Turbolinux Desktop 10.0 (Suzuka)
+# -- Need:
+#- Turbolinux Appliance Server 1.0 Hosting Edition
+#- Turbolinux Appliance Server 1.0 Workgroup Edition
+#- Turbolinux Home
+#- Turbolinux 10 F...
+
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/turbolinux-release");
+if("Turbolinux Server 7.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLS7");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Workstation 7.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLWS7");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Server 8.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLS8");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Workstation 8.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLWS8");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Desktop 10.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLDT10");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux Server 10.0" >< rls) {
+    set_kb_item(name: "ssh/login/release", value: "TLS10");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
+    exit(0);
+}
+if("Turbolinux">< rls) {
+    security_note(port:port, data:string("We have detected you are running a version of Turbolinux currently not supported by SecuritySpace.  Please report the following banner to SecuritySpace: ", rls));
+    exit(0);
+}
+
+#How about FreeBSD?  If the uname line begins with "FreeBSD ", we have a match
+if(substr(uname, 0, 7)=="FreeBSD ") {
+    version=eregmatch(pattern:"^[^ ]+ [^ ]+ ([^ ]+)+",string:uname);
+    splitup = eregmatch(pattern:"([^-]+)-([^-]+)-p([0-9]+)", string:version[1]);
+    found = 0;
+    if(!isnull(splitup)) {
+	release = splitup[1];
+	patchlevel = splitup[3];
+	found = 1;
+    } else {
+	splitup = eregmatch(pattern:"([^-]+)-RELEASE", string:version[1]);
+	if(!isnull(splitup)) {
+	    release = splitup[1];
+	    patchlevel = "0";
+	    found = 1;
+	} else {
+	    splitup=eregmatch(pattern:"([^-]+)-SECURITY",string:version[1]);
+	    if(!isnull(splitup)) {
+		release = splitup[1];
+		security_note(port:port, data:string("We have detected you are running FreeBSD ", splitup[0], ". It also appears that you are using freebsd-update, a binary update tool for keeping your distribution up to date.  We will not be able to check your core distribution for vulnerabilities, but we will check your installed ports packages."));
+		found = 2;
+	    } else {
+		security_note(port:port, data:string("You appear to be running FreeBSD, but we do not recognize the output format of uname: ", uname, ". Local security checks will NOT be run."));
+	    }
 	}
- 	set_kb_item(name:"Host/MacOSX/Version", value:version);
+    }
+    if(found==1) {
+	set_kb_item(name: "ssh/login/freebsdrel", value: release);
+	set_kb_item(name: "ssh/login/freebsdpatchlevel", value: patchlevel);
+	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: ", patchlevel));
+    }
+    if(found==2) {
+	set_kb_item(name: "ssh/login/freebsdrel", value: release);
+	security_note(port:port, data:string("We are able to login and detect that you are running FreeBSD ", release, " Patch level: Unknown"));
+    }
+    if(found!=0) {
+	buf = ssh_cmd(socket:sock, cmd:"pkg_info");
+	set_kb_item(name: "ssh/login/freebsdpkg", value:buf);
+    }
+}
 
-        buf = ssh_cmd(socket:sock, cmd:"test -d /Library/Receipts && ls /Library/Receipts");
+# Hmmm...is it Debian?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/debian_version");
+if("2.2"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "DEB2.2");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Debian 2.2 (Potato)"));
+    exit(0);
+}
+if("3.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "DEB3.0");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Debian 3.0 (Woody)"));
+    exit(0);
+}
+if("3.1"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "DEB3.1");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Debian 3.1 (Sarge)"));
+    exit(0);
+}
+if("4.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "DEB4.0");
+    buf = ssh_cmd(socket:sock, cmd:"COLUMNS=200 dpkg -l");
+    set_kb_item(name: "ssh/login/packages", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Debian 4.0 (Etch)"));
+    exit(0);
+}
 
-  	if(buf){
-  		set_kb_item(name:"Host/MacOSX/packages", value:buf);
- 	}
- }
+# How about Slackware?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/slackware-version");
+if("Slackware 12.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK12.0");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 12.0"));
+    exit(0);
+}
+if("Slackware 11.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK11.0");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 11.0"));
+    exit(0);
+}
+if("Slackware 10.2"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK10.2");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.2"));
+    exit(0);
+}
+if("Slackware 10.1"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK10.1");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.1"));
+    exit(0);
+}
+if("Slackware 10.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK10.0");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 10.0"));
+    exit(0);
+}
+if("Slackware 9.1"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK9.1");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 9.1"));
+    exit(0);
+}
+if("Slackware 9.0"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK9.0");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 9.0"));
+    exit(0);
+}
+if("Slackware 8.1"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "SLK8.1");
+    buf = ssh_cmd(socket:sock, cmd:"ls /var/log/packages");
+    set_kb_item(name: "ssh/login/slackpack", value:buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Slackware 8.1"));
+    exit(0);
+}
+# How about SuSe?
+# SuSE Linux 9.x (i586)
+# SUSE LINUX 11.0
 
- ##############################################################################
- #				Solaris
- ##############################################################################
- else if(egrep(pattern:"SunOS.*", string:buf))
- {
- 	buf = ssh_cmd(socket:sock, cmd:"showrev -a", timeout:60);
- 	if(buf)
-	{
- 		set_kb_item(name:"Host/Solaris/showrev", value:buf);
+rls = toupper(ssh_cmd(socket:sock, cmd:"cat /etc/SuSE-release"));
+if("SUSE"><rls) {
+    ver = eregmatch(pattern:"VERSION = ([0-9\.]+)", string:rls);
+    if( isnull(ver) ) ver[1] = " ";
+    set_kb_item(name: "ssh/login/release", value: "SUSE"+ver[1]);
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux "+ver[1]));
+    exit(0);
+}
 
- 		buf = egrep(pattern:"^Release: ", string:buf);
- 		buf -= "Release: ";
- 		set_kb_item(name:"Host/Solaris/Version", value:buf);
+# How about Trustix?
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/release");
+rls2 = ssh_cmd(socket:sock, cmd:"cat /etc/trustix-release");
+if("Trustix Secure Linux release 3.0.5"><rls ||
+       "Trustix Secure Linux release 3.0.5"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL3.0.5");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0.5"));
+    exit(0);
+}
+if("Trustix Secure Linux release 3.0"><rls ||
+       "Trustix Secure Linux release 3.0"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL3.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0"));
+    exit(0);
+}
+if("Trustix Secure Linux release 2.2"><rls ||
+       "Trustix Secure Linux release 2.2"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL2.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.2"));
+    exit(0);
+}
+if("Trustix Secure Linux release 2.1"><rls ||
+       "Trustix Secure Linux release 2.1"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL2.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.1"));
+    exit(0);
+}
+if("Trustix Secure Linux release 2.0"><rls ||
+       "Trustix Secure Linux release 2.0"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL2.0");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.0"));
+    exit(0);
+}
+if("Trustix Secure Linux release 1.5"><rls ||
+       "Trustix Secure Linux release 1.5"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL1.5");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.5"));
+    exit(0);
+}
+if("Trustix Secure Linux release 1.2"><rls ||
+       "Trustix Secure Linux release 1.2"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL1.2");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.2"));
+    exit(0);
+}
+if("Trustix Secure Linux release 1.1"><rls ||
+       "Trustix Secure Linux release 1.1"><rls2) {
+    set_kb_item(name: "ssh/login/release", value: "TSL1.1");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
+    set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.1"));
+    exit(0);
+}
+# Missing Trustix e-2
 
- 		buf = ssh_cmd(socket:sock, cmd:"/usr/bin/pkginfo", timeout:120);
-		if(buf){
-			set_kb_item(name:"Host/Solaris/pkginfo", value:buf);
-		}
-	}
- }
- ssh_close_connection();
+# How about Gentoo? Note, just check that its ANY gentoo release, since the
+# build # doesn't matter for purposes of checking package version numbers.
+rls = ssh_cmd(socket:sock, cmd:"cat /etc/gentoo-release");
+if("Gentoo"><rls) {
+    set_kb_item(name: "ssh/login/release", value: "GENTOO");
+    set_kb_item(name: "ssh/login/gentoo", value: "GENTOO");
+    buf = ssh_cmd(socket:sock, cmd:'find /var/db/pkg -mindepth 2 -maxdepth 2 -printf "%P\\n"');
+    set_kb_item(name: "ssh/login/pkg", value: buf);
+    security_note(port:port, data:string("We are able to login and detect that you are running Gentoo"));
+	
+    #AlienVault: Changed to work with qpkg.inc
+	
+    arch = ssh_cmd(cmd: 'egrep "ARCH=" /etc/make.profile/make.defaults');
+    if ( arch )
+    {
+     buf = ereg_replace(string: buf, pattern: 'ARCH="(.*)"', replace: "\1");
+     set_kb_item(name: "ssh/login/arch", value: buf);
+    }
+    exit(0);
+}
+
+#{ "NetBSD",     "????????????????",         },
+#{ "OpenBSD",    "????????????????",         },
+#{ "WhiteBox",   "????????????????",         },
+#{ "Linspire",   "????????????????",         },
+#{ "Desktop BSD","????????????????",         },
+#{ "PC-BSD",     "????????????????",         },
+#{ "FreeSBIE",   "????????????????",         },
+#{ "JDS",        "/etc/sun-release",         },
+#{ "Yellow Dog", "/etc/yellowdog-release",   },
+
+exit(0);
+

Modified: trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl	2008-09-01 19:59:25 UTC (rev 1270)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl	2008-09-02 05:37:55 UTC (rev 1271)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/07/14
 #
-#  Revision: 1.2 
+#  Revision: 1.3 
 #
 #  Log: schandan
 #  Issue #0035
@@ -29,7 +29,7 @@
  script_bugtraq_id(28485);
  script_cve_id("CVE-2008-1561", "CVE-2008-1562", "CVE-2008-1563");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.2 ");
+ script_version("Revision: 1.3 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Wireshark Multiple Vulnerabilities - July08 (Linux)");
@@ -64,18 +64,18 @@
  Risk factor : High";
  script_description(english:desc["english"]);
  script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname");
+ script_require_keys("ssh/login/uname");
  exit(0);
 }
 
 
  include("ssh_func.inc");
 
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
         exit(0);
  }
 
- foreach item (get_kb_list("Host/*/rpm-list"))
+ foreach item (get_kb_list("ssh/*/rpms"))
  {
         if("ethereal" >< item)
 	{
@@ -85,7 +85,7 @@
 
 	else if("wireshark" >< item)
 	{
-		if(egrep(pattern:"wireshark-(0\.99\.[1-9]|1\.0\.0)($|[^.0-9])",
+		if(egrep(pattern:"wireshark~(0\.99\.[1-9]|1\.0\.0)($|[^.0-9])",
 			 string:item))
                 {
                         security_hole(0);

Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl	2008-09-01 19:59:25 UTC (rev 1270)
+++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl	2008-09-02 05:37:55 UTC (rev 1271)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/18
 #
-#  Revision: 1.1
+#  Revision: 1.2
 #
 #  Log: ssharath
 #  Issue #0125
@@ -28,7 +28,7 @@
  script_id(900111);
  script_bugtraq_id(30698);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.1 $");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"xine-lib Multiple Vulnerabilities");
@@ -71,22 +71,22 @@
  Risk factor : High";
  script_description(english:desc["english"]);
  script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname");
+ script_require_keys("ssh/login/uname");
  exit(0);
 }
 
 
  include("ssh_func.inc");
 
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
         exit(0);
  }
  
- foreach item (get_kb_list("Host/*/rpm-list"))
+ foreach item (get_kb_list("ssh/*/rpms"))
  {
         if("xine" >< item)
         {
-                if(egrep(pattern:"(libxine(1)?|xine-lib)-(0\..*|1\.(0\..*|" +
+                if(egrep(pattern:"(libxine(1)?|xine-lib)~(0\..*|1\.(0\..*|" +
 				 "1(\.0?[0-9]|\.1[0-4])?))[^.0-9]", string:item))
 		{
                         security_hole(0);



More information about the Openvas-commits mailing list