[Openvas-commits] r1287 - trunk/openvas-plugins/scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Sep 5 16:50:46 CEST 2008 

Author: chandra
Date: 2008-09-05 16:50:44 +0200 (Fri, 05 Sep 2008)
New Revision: 1287

Added:
   trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl
   trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_dos_vuln_900211.nasl
Log:
Added new plugins

Added: trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl	2008-09-05 12:22:05 UTC (rev 1286)
+++ trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl	2008-09-05 14:50:44 UTC (rev 1287)
@@ -0,0 +1,106 @@
+##############################################################################
+#
+#  ClamAV Invalid Memory Access Denial Of Service Vulnerability 
+#
+#  Copyright: SecPod
+#
+#  Date Written: 2008/09/05
+#
+#  Revision: 1.1
+#
+#  Log: ssharath
+#  Issue #0164
+#  ------------------------------------------------------------------------
+#  This program was written by SecPod and is licensed under the GNU GPL 
+#  license. Please refer to the below link for details,
+#  http://www.gnu.org/licenses/gpl.html
+#  This header contains information regarding licensing terms under the GPL, 
+#  and information regarding obtaining source code from the Author. 
+#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
+#  information found in this header with any distribution you make of this 
+#  Program.
+#  ------------------------------------------------------------------------
+##############################################################################
+
+
+if(description)
+{
+ script_id(900117);
+ script_bugtraq_id(30994);
+ script_cve_id("CVE-2008-1389");
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Denial of Service");
+ script_name(english:"ClamAV Invalid Memory Access Denial Of Service Vulnerability");
+ script_summary(english:"Check for vulnerable version of ClamAV");
+ desc["english"] = "
+ Overview :  The host is running Clam AntiVirus, which is prone to denial of
+ service vulnerability.
+        
+ Vulnerability Insight :
+ 
+        The flaw exists due to an invalid memory access in chmunpack.c file,
+        when processing a malformed CHM file.
+
+        Impact: Successful remote exploitation will allow attackers to cause 
+        the application to crash.
+
+ Impact Level : Application
+ 
+ Affected Software/OS :
+        ClamAV versions prior to ClamAV 0.94 on all platform.
+
+ Fix : Upgrade to ClamAV version 0.94
+ http://www.clamav.net/download/sources
+ 
+ References :
+ http://www.frsirt.com/english/advisories/2008/2484
+ http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
+
+ CVSS Score :
+        CVSS Base Score     : 7.1 (AV:N/AC:M/Au:NR/C:N/I:N/A:C)
+        CVSS Temporal Score : 5.3
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_dependencies("secpod_ssh_sys_info.nasl");
+ script_require_keys("ssh/login/uname");
+ exit(0);
+}
+
+
+ include("ssh_func.inc");
+
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
+        exit(0);
+ }
+ 
+ foreach item (get_kb_list("ssh/*/rpms"))
+ {
+        if("clamav~" >< item)
+        {
+                if(egrep(pattern:"^clamav~0\.([0-8]?[0-9]|9[0-3])($|[^0-9])",
+                         string:item))
+		{
+                        security_warning(0); 
+		        exit(0);
+                }
+        }
+ }
+
+ sock = ssh_login_or_reuse_connection();
+ if(!sock){
+        exit(0);
+ }
+
+ clamVer = ssh_cmd(socket:sock, cmd:"clamav-config --version", timeout:timeout);
+ ssh_close_connection();
+
+ if(!clamVer){
+        exit(0);
+ }
+
+ if(egrep(pattern:"^0\.([0-8]?[0-9]|9[0-3])($|[^0-9])", string:clamVer)){
+        security_warning(port);
+ }

Added: trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_dos_vuln_900211.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_dos_vuln_900211.nasl	2008-09-05 12:22:05 UTC (rev 1286)
+++ trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_dos_vuln_900211.nasl	2008-09-05 14:50:44 UTC (rev 1287)
@@ -0,0 +1,92 @@
+##############################################################################
+#
+#  HP OpenView Network Node Manager Denial of Service Vulnerabilities
+#
+#  Copyright: SecPod
+#
+#  Date Written: 2008/09/05
+#
+#  Revision: 1.1
+#
+#  Log: veerendragg
+#  Issue #0167
+#  ------------------------------------------------------------------------
+#  This program was written by SecPod and is licensed under the GNU GPL 
+#  license. Please refer to the below link for details,
+#  http://www.gnu.org/licenses/gpl.html
+#  This header contains information regarding licensing terms under the GPL, 
+#  and information regarding obtaining source code from the Author. 
+#  Consequently, pursuant to section 3(c) of the GPL, you must accompany the 
+#  information found in this header with any distribution you make of this 
+#  Program.
+#  ------------------------------------------------------------------------
+##############################################################################
+
+
+if(description)
+{
+ script_id(900211);
+ script_bugtraq_id(30984);
+ script_cve_id("CVE-2008-3536", "CVE-2008-3537");
+ script_copyright(english:"Copyright (C) 2008 SecPod");
+ script_version("Revision: 1.1 ");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Denial of Service");
+ script_name(english:"HP OpenView Network Node Manager Denial of Service Vulnerabilities");
+ script_summary(english:"Check for version of HP OpenView Network Node Manager");
+ desc["english"] = "
+ Overview : This host is running HP OpenView Network Node Manager, which is
+ prone to Denial of Service vulnerabilities.
+
+ Vulnerability Insight :
+
+        Flaws are caused due to errors in ovalarmsrv program.
+
+        Impact : Successful exploitation can cause application to crash.
+
+ Impact Level : Application
+
+ Affected Software/OS :
+        HP OpenView Network Node Manager (OV NNM) v7.01, v7.51, v7.53.
+
+ Fix : Apply patches from,
+ http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01537275 
+
+ *****
+ NOTE : Ignore this warning, if above mentioned patch is already applied.
+ *****
+
+ References : http://secunia.com/advisories/31688/
+ http://www.frsirt.com/english/advisories/2008/2485
+ http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01537275 
+
+ CVSS Score :
+        CVSS Base Score     : 7.8 (AV:N/AC:L/Au:NR/C:N/I:N/A:C)
+        CVSS Temporal Score : 5.8
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ exit(0);
+}
+
+
+ include("http_func.inc");
+ include("http_keepalive.inc");
+
+ nnmPort = 7510;
+ if(get_port_state(nnmPort))
+ {
+        nnmReq = http_get(item:"/topology/home", port:nnmPort);
+        nnmRes = http_keepalive_send_recv(port:nnmPort, data:nnmReq);
+
+        if("Network Node Manager Home Base" >< nnmRes &&
+           egrep(pattern:"Copyright \(c\).* Hewlett-Packard", string:nnmRes) &&
+           ereg(pattern:"^HTTP/.* 200 OK", string:nnmRes))
+        {
+        	if(egrep(pattern:"NNM Release B\.07\.(01|51|53)[^0-9]",
+                         string:nnmRes)){
+                        security_hole(nnmPort);
+                }
+                exit(0);
+         }
+ }


Property changes on: trunk/openvas-plugins/scripts/secpod_hp_openview_nnm_dos_vuln_900211.nasl
___________________________________________________________________
Name: svn:executable
   + *

More information about the Openvas-commits mailing list