[Openvas-commits] r1337 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Fri Sep 12 13:22:40 CEST 2008


Author: chandra
Date: 2008-09-12 13:22:38 +0200 (Fri, 12 Sep 2008)
New Revision: 1337

Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/gather-package-list.nasl
   trunk/openvas-plugins/scripts/http_keepalive.inc
   trunk/openvas-plugins/scripts/misc_func.inc
   trunk/openvas-plugins/scripts/pirelli_router_default_password.nasl
   trunk/openvas-plugins/scripts/remote-detect-filemaker.nasl
   trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl
   trunk/openvas-plugins/scripts/remote-detect-sybase-easerver.nasl
   trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl
   trunk/openvas-plugins/scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl
   trunk/openvas-plugins/scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl
   trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl
   trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl
   trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl
   trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl
   trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl
   trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl
   trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl
   trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl
   trunk/openvas-plugins/scripts/telnet_func.inc
Log:
Update gather-package-list with \n char, modified secpod plugins to reflect as per new gather-package, Merged certain .inc files as per the GPL 2006 release and resolved script parse errors

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/ChangeLog	2008-09-12 11:22:38 UTC (rev 1337)
@@ -1,3 +1,35 @@
+2008-09-11 Chandrashekhar B <bchandra at secpod.com>
+         * scripts/gather-package-list.nasl:
+          Modified to include \n character in all 'rpm -qa'
+          queries
+ 
+        * scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl,
+          scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl,
+          scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl,
+          scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl,
+          scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl,
+          scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl,
+          scripts/remote-detect-sybase-easerver-mgmt.nasl,
+          scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl,
+          scripts/secpod_opera_detection_linux_900037.nasl,
+          scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl,
+          scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl,
+          scripts/secpod_python_mult_vuln_lin_900106.nasl,
+          scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl,
+          scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl:
+          Updated as per the new gather-package-list.nasl
+ 
+        * scripts/pirelli_router_default_password.nasl,
+          scripts/remote-detect-filemaker.nasl,
+          scripts/remote-detect-sybase-easerver.nasl:
+          Corrected script parse errors
+ 
+        * scripts/telnet_func.inc,
+          scripts/http_keepalive.inc,
+          scripts/misc_func.inc:
+          Merged with the GPL 2006 release scripts, that included fixes and
+          new functions.
+
 2008-09-12  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* scripts/gather-package-list.nasl: Merged functionality from -sigkeyid

Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gather-package-list.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/gather-package-list.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -24,7 +24,7 @@
 if(description)
 {
  script_id(50282);
- script_version("$");
+ script_version("1.1");
 
  name["english"] = "Determine OS and list of installed packages via SSH login";
  script_name(english:name["english"]);
@@ -55,7 +55,7 @@
 # The script code starts here
 #
 cmdline = 0;
-include("ss_ssh_func.inc");
+include("ssh_func.inc");
 
 port = get_kb_item("Services/ssh");
 if(!port) {
@@ -74,84 +74,84 @@
 rls = ssh_cmd(socket:sock, cmd:"cat /etc/redhat-release");
 if("Red Hat Linux release 7.3" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "RH7.3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Red Hat Linux release 8.0 (Psyche)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "RH8.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Red Hat Linux release 9 (Shrike)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "RH9");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora Core release 1 (Yarrow)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora Core release 2 (Tettnang)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora Core release 3 (Heidelberg)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora Core release 4 (Stentz)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC4");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora Core release 5 (Bordeaux)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC5");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora Core release 6 (Zod)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC6");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora release 7 (Moonshine)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC7");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora release 8 (Werewolf)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC8");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Fedora release 9 (Sulphur)" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "FC9");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
@@ -194,91 +194,91 @@
 
 if("Mandriva Linux release 2008.1" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_2008.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandriva Linux release 2008.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_2008.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandriva Linux release 2007.1" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_2007.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandriva Linux release 2007.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_2007.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandriva Linux release 2006.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_2006.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandrakelinux release 10.2" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_10.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandrakelinux release 10.1" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_10.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandrake Linux release 10.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_10.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandrake Linux release 9.2" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_9.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandrake Linux release 9.1" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_9.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandrake Linux release 8.1" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_8.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandrake Linux release 8.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_8.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Mandrake Linux release 7.2" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "MNDK_7.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
@@ -292,14 +292,14 @@
 #CentOS release 3.4 (final)
 if("CentOS release 4" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "CENTOS4");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 4"));
     exit(0);
 }
 if("CentOS release 3" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "CENTOS3");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 3"));
     exit(0);
@@ -369,14 +369,14 @@
 rls = ssh_cmd(socket:sock, cmd:"cat /etc/conectiva-release");
 if("Conectiva Linux 9" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "CL9");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value:buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 9"));
     exit(0);
 }
 if("Conectiva Linux 10" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "CL10");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value:buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 10"));
     exit(0);
@@ -402,42 +402,42 @@
 rls = ssh_cmd(socket:sock, cmd:"cat /etc/turbolinux-release");
 if("Turbolinux Server 7.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "TLS7");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value:buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Turbolinux Workstation 7.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "TLWS7");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value:buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Turbolinux Server 8.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "TLS8");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value:buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Turbolinux Workstation 8.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "TLWS8");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value:buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Turbolinux Desktop 10.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "TLDT10");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value:buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
 }
 if("Turbolinux Server 10.0" >< rls) {
     set_kb_item(name: "ssh/login/release", value: "TLS10");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value:buf);
     security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
     exit(0);
@@ -586,7 +586,7 @@
     ver = eregmatch(pattern:"VERSION = ([0-9\.]+)", string:rls);
     if( isnull(ver) ) ver[1] = " ";
     set_kb_item(name: "ssh/login/release", value: "SUSE"+ver[1]);
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux "+ver[1]));
     exit(0);
@@ -598,7 +598,7 @@
 if("Trustix Secure Linux release 3.0.5"><rls ||
        "Trustix Secure Linux release 3.0.5"><rls2) {
     set_kb_item(name: "ssh/login/release", value: "TSL3.0.5");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0.5"));
     exit(0);
@@ -606,7 +606,7 @@
 if("Trustix Secure Linux release 3.0"><rls ||
        "Trustix Secure Linux release 3.0"><rls2) {
     set_kb_item(name: "ssh/login/release", value: "TSL3.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0"));
     exit(0);
@@ -614,7 +614,7 @@
 if("Trustix Secure Linux release 2.2"><rls ||
        "Trustix Secure Linux release 2.2"><rls2) {
     set_kb_item(name: "ssh/login/release", value: "TSL2.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.2"));
     exit(0);
@@ -622,7 +622,7 @@
 if("Trustix Secure Linux release 2.1"><rls ||
        "Trustix Secure Linux release 2.1"><rls2) {
     set_kb_item(name: "ssh/login/release", value: "TSL2.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.1"));
     exit(0);
@@ -630,7 +630,7 @@
 if("Trustix Secure Linux release 2.0"><rls ||
        "Trustix Secure Linux release 2.0"><rls2) {
     set_kb_item(name: "ssh/login/release", value: "TSL2.0");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.0"));
     exit(0);
@@ -638,7 +638,7 @@
 if("Trustix Secure Linux release 1.5"><rls ||
        "Trustix Secure Linux release 1.5"><rls2) {
     set_kb_item(name: "ssh/login/release", value: "TSL1.5");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.5"));
     exit(0);
@@ -646,7 +646,7 @@
 if("Trustix Secure Linux release 1.2"><rls ||
        "Trustix Secure Linux release 1.2"><rls2) {
     set_kb_item(name: "ssh/login/release", value: "TSL1.2");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.2"));
     exit(0);
@@ -654,7 +654,7 @@
 if("Trustix Secure Linux release 1.1"><rls ||
        "Trustix Secure Linux release 1.1"><rls2) {
     set_kb_item(name: "ssh/login/release", value: "TSL1.1");
-    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+    buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
     set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
     security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.1"));
     exit(0);

Modified: trunk/openvas-plugins/scripts/http_keepalive.inc
===================================================================
--- trunk/openvas-plugins/scripts/http_keepalive.inc	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/http_keepalive.inc	2008-09-12 11:22:38 UTC (rev 1337)
@@ -28,10 +28,11 @@
 #
 function http_keepalive_check_connection(headers)
 {
+ local_var tmp;
  tmp = egrep(pattern:"^Connection: [Cc]lose", string:headers);
  if(tmp)
  {
-     http_close_socket(__ka_socket);
+     if ( __ka_socket ) http_close_socket(__ka_socket);
      __ka_socket = http_open_socket(__ka_port);
  }
 }
@@ -119,7 +120,7 @@
   if("Content-Length" >< headers)
   {
     tmp = egrep(string:headers, pattern:"^Content-Length: *[0-9]+");
-    if ( tmp ) length = int(ereg_replace(string:tmp, pattern:"^Content-Length: *([0-9]*)", replace:"\1"));
+    if ( tmp ) length = int(ereg_replace(string:tmp, pattern:"^Content-Length: *([0-9]*) *", replace:"\1"));
   }
 
 
@@ -135,7 +136,9 @@
    	length = 1048576;
 	killme = 1;
 	}
-   body  = strcat(body, recv(socket:__ka_socket, length:length+2, min:length+2));
+   body  = strcat(body, recv(socket:__ka_socket, length:length, min:length));
+   # "\r\n"
+   recv (socket:__ka_socket, length:2, min:2);
    if (strlen(body) > 1048576) killme = 1;
 
    if(length == 0 || killme){
@@ -160,7 +163,7 @@
 	# the next request won't mix up the replies.
 
  	#display("ERROR - Keep Alive, but no length!!!\n", __ka_last_request);
-	body = recv(socket:__ka_socket, length:16384);
+	body = recv(socket:__ka_socket, length:16384, min:0);
         if (body =~ '<html>' && body !~ '</html>')	# case insensitive
         {
          repeat
@@ -190,11 +193,14 @@
   if(__ka_socket)
   {
     http_close_socket(__ka_socket);
+    __ka_socket = 0;
   }
 }
 
 
+if ( 0 ) on_exit();
 
+
 #----------------------------------------------------------------------#
 
 
@@ -203,10 +209,14 @@
 # host on port <port>, and returns the result, or NULL if no connection
 # could be established.
 #
-function http_keepalive_send_recv(port, data, bodyonly)
+function http_keepalive_send_recv(port, data, bodyonly, embedded, fetch404)
 {
   local_var id, n, ret, headers;
+  local_var soc, r, body;
 
+  
+  if ( ! embedded && get_kb_item("Services/www/" + port + "/embedded") ) return NULL;
+
   if (debug_level > 1) 
    display("http_keepalive_send_recv(port: ", port, ", data: ", data, ", bodyonly: ", bodyonly, ")\n");
 
@@ -218,7 +228,6 @@
 
   if(__ka_enabled == 0)
   {
-    local_var soc, r, body;
     soc = http_open_socket(port);
     if(!soc)return NULL;
     if (send(socket:soc, data:data) <= 0)
@@ -226,8 +235,14 @@
       http_close_socket(soc);
       return NULL;
     }
-    headers = http_recv_headers2(soc);
-    if(headers) body = http_recv_body(socket:soc, headers:headers, length:0);
+    headers = http_recv_headers2(socket:soc);
+    # If the headers are not HTTP compliant, just return right away
+    if ( headers && !ereg(pattern:"^HTTP/.* [0-9]+", string:headers) )
+       return headers;
+ 
+    if(headers && ( !ereg(pattern:"^HTTP/.* 404", string:headers) || fetch404 == TRUE ) ) 
+    	body = http_recv_body(socket:soc, headers:headers, length:0);
+
     http_close_socket(soc);
     if(bodyonly) return(body);
     else return(strcat(headers, '\r\n', body));
@@ -247,7 +262,7 @@
   __ka_last_request = data;
   n = send(socket:__ka_socket, data:data);
   if (n >= strlen(data))
-    headers = http_recv_headers2(__ka_socket);
+    headers = http_recv_headers2(socket:__ka_socket);
   if (! headers)
   {
     http_close_socket(__ka_socket);
@@ -259,7 +274,7 @@
       __ka_socket = NULL;
       return NULL;
     }
-    headers = http_recv_headers2(__ka_socket);
+    headers = http_recv_headers2(socket:__ka_socket);
   }
 
   return  http_keepalive_recv_body(headers: headers, bodyonly:bodyonly);
@@ -270,28 +285,14 @@
 #
 # Same as check_win_dir_trav(), but with KA support
 #
-function check_win_dir_trav_ka(port, url, quickcheck)
+function check_win_dir_trav_ka(port, url)
 {
   local_var	soc, req, cod, buf;
-  #display("check_win_dir_trav(port=", port, ", url=", url, ", quickcheck=", quickcheck, ")\n");
 
-
   req = http_get(item:url, port:port);
   buf = http_keepalive_send_recv(port:port, data:req);
 
-#  if (quickcheck)
-#  {
-#    if (ereg(pattern:"^HTTP/.* 200 ", string:buf)) return (1);
-#    return (0);
-#  }
-
-  if ( ("ECHO" >< buf)          || ("RESET" >!< buf && ("SET " >< buf))  ||
-       ("export" >< buf)        || ("EXPORT" >< buf)           ||
-       ("doskey" >< buf)        || ("DOSKEY" >< buf)           ||
-       ("[boot loader]" >< buf) || ("[fonts]" >< buf)          ||
-       ("[extensions]" >< buf)  || ("[mci extensions]" >< buf) ||
-       ("[files]" >< buf)       || ("[Mail]" >< buf)           ||
-       ("[operating systems]" >< buf)              )
+  if ( "; for 16-bit app support" >< buf )
   {
     return(1);
   }
@@ -301,17 +302,14 @@
 #
 #
 #
-function is_cgi_installed_ka(item, port)
+function is_cgi_installed_ka(item, port, embedded)
 {
  local_var r, no404, dir, slash, dirs, banner;
 
+ if ( ! embedded && get_kb_item("Services/www/" + port + "/embedded") ) return 0;
+ if ( get_kb_item("Settings/disable_cgi_scanning") )  return 0;
 
- #
- # Some embedded web servers can not have arbitrary CGIs
- #
  banner = get_http_banner(port:port);
- if ( egrep(pattern:"^Server: (CUPS|MiniServ|AppleShareIP|Embedded HTTPD|IP_SHARER|Ipswitch-IMail|MACOS_Personal_Websharing|NetCache appliance|ZyXEL-RomPager|cisco-IOS|u-Server)", string:banner ) )	
-	return NULL;
 
  if(item[0] != "/")
  {
@@ -365,7 +363,7 @@
 
     if (r =~ "^HTTP/1\.[01] +30[0-9] .*")
     {
-      v = eregmatch(pattern: "\r\nLocation: *([^ \t\r\n]+)[ \t]*[\r\n]+",
+      v = eregmatch(pattern: '\r\nLocation: *([^ \t\r\n]+)[ \t]*[\r\n]+',
 		string: r, icase: 1);
       if (isnull(v)) return NULL;	# Big problem
       l = v[1];
@@ -384,3 +382,91 @@
   # Loop?
   return NULL;
 }
+
+
+
+function http_get_cache(port, item)
+{
+ local_var req, res;
+
+ res = get_kb_item("Cache/" + port + "/URL_" + item );
+ if ( res ) return res;
+
+ req = http_get(port:port, item:item);
+ res = http_keepalive_send_recv(port:port, data:req, embedded:TRUE);
+ if ( ! res ) return NULL;
+
+ if ( defined_func("replace_kb_item") )
+	replace_kb_item(name:"Cache/" + port + "/URL_" + item, value:res);
+ else
+	set_kb_item(name:"Cache/" + port + "/URL_" + item, value:res);
+
+ return res;
+}
+
+
+
+function http_check_remote_code (default_port, extra_dirs, unique_dir, check_request, extra_check, check_result, command, description, port, embedded)
+{
+ local_var list, req, txt_result, txt_desc, extra, dir, buf;
+ if ( get_kb_item("Settings/disable_cgi_scanning") )  exit(0);
+
+ if (unique_dir)
+   list = make_list (unique_dir);
+ else
+ {
+  if (!isnull(extra_dirs))
+    list = make_list (cgi_dirs(), extra_dirs);
+  else
+    list = make_list (cgi_dirs());
+ }
+
+ if ( ! port )
+ {
+ if (default_port)
+   port = get_http_port(default:default_port);
+ else
+   port = get_http_port(default:80); 
+ }
+
+ if ( ! embedded && get_kb_item("Services/www/" + port + "/embedded") ) exit(0);
+ if (!get_port_state(port))
+   exit (0);
+
+
+ foreach dir (list)
+ {
+   req = string(dir, check_request);
+   req = http_get(item:req, port:port);
+   buf = http_keepalive_send_recv(port:port, data:req);
+   if (buf == NULL)
+     exit(0);
+
+   txt_result = egrep(pattern:check_result, string:buf);
+   if (extra_check)
+   {
+    extra = 0;
+    if (egrep (pattern:extra_check, string:buf))
+      extra = 1;
+   }
+   else
+     extra = 1;
+
+   if (txt_result && extra)
+   {
+    txt_desc = description + 
+"
+
+Plugin output :
+
+It was possible to execute the command '" + command + "' on the remote host,
+which produces the following output :
+
+"
+    + txt_result;
+
+    security_hole (port:port, data:txt_desc);
+    exit (0);
+   }
+ }
+}

Modified: trunk/openvas-plugins/scripts/misc_func.inc
===================================================================
--- trunk/openvas-plugins/scripts/misc_func.inc	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/misc_func.inc	2008-09-12 11:22:38 UTC (rev 1337)
@@ -17,16 +17,19 @@
   if (! ipproto) ipproto = "tcp";
   if (! service_is_unknown(port:port, ipproto: ipproto))
   {
-    if (debug_level) display("service is already known on port ", ipproto, ":", port, "\n");
+    if (debug_level) display(get_host_ip(), ": service is already known on port ", ipproto, ":", port, "\n");
     #return(0);
   }
    
-  k = strcat("Known/", ipproto, "/", port);
-  replace_or_set_kb_item(name: k, value: proto);
-  if (ipproto == "tcp") k = strcat("Services/", proto);
-  else k = strcat("Services/", ipproto, "/", proto);
-  set_kb_item(name: k, value: port);
-  if (debug_level) display("register_service: port=", port, ", proto=", proto, "\n");
+  if ( ipproto != "unknown" )
+  {
+   k = strcat("Known/", ipproto, "/", port);
+   replace_or_set_kb_item(name: k, value: proto);
+   if (ipproto == "tcp") k = strcat("Services/", proto);
+   else k = strcat("Services/", ipproto, "/", proto);
+   set_kb_item(name: k, value: port);
+  }
+   if (debug_level) display(get_host_ip(), ": register_service: port=", port, ", proto=", proto, "\n");
 }
 
 # This function may fork!
@@ -55,6 +58,35 @@
   return TRUE;
 }
 
+function verify_service(port, ipproto, proto)
+{
+  local_var	k, p;
+  # Remember: no KB yet in command line mode!
+  if (! ipproto) ipproto = "tcp";
+  k = strcat("Known/", ipproto, "/", port);
+  p = get_kb_list(k);
+  foreach k (p)
+    if (k == proto)
+      return TRUE;
+  return FALSE;
+}
+
+# This function may fork
+function get_port_for_service(default, ipproto, proto)
+{
+  local_var	k, p;
+  # Remember: no KB yet in command line mode!
+  if (! ipproto) ipproto = "tcp";
+  if (ipproto == "tcp") k = strcat("Services/", proto);
+  else k = strcat("Services/", ipproto, "/", proto);
+  p = get_kb_item(k);
+  if (p) return p;
+  k = strcat("Known/", ipproto, "/", default);
+  p = get_kb_item(k);
+  if (p == proto) return default;
+  exit(0);
+}
+
 function set_mysql_version(port, version)
 {
   local_var	sb;
@@ -64,51 +96,38 @@
 
 function get_mysql_version(port)
 {
-  local_var	sb, vers, soc, result, MySQL_version, end_found;
+  local_var sb;
   sb = string("mysql/version/", port);
-  vers = get_kb_item(sb);
-  if (vers) return(vers);
-  else { # Get it on the fly.
-    if ( ! get_port_state(port) ) return NULL;
-    soc = open_sock_tcp(port);
-    if(!soc) return(NULL);
-    result = recv(socket:soc, length:1000);
-    close(soc);
-    if(strlen(result) < 6)return(NULL);
-    if("is not allowed" >< result)return(NULL);
-    if("is blocked" >< result) return(NULL);
-    MySQL_version = "";
-    if ((result[1] == raw_string(0x00)) && (result[2] == raw_string(0x00)) &&
-       (result[3] == raw_string(0x00)) && ((ord(result[4]) > 8) && (ord(result[4]) < 12))){
-      end_found = FALSE;
-      for (i = 0; end_found == FALSE ; i = i + 1) {
-        if (result[5+i] == raw_string(0x00)) {
-          end_found = TRUE;
-        } else {
-          MySQL_version = string(MySQL_version, result[5+i]);
-        }
-      }
-      set_mysql_version(port:port, version:MySQL_version);
-      return(MySQL_version);
-    }
-  }
-  return(NULL);
+  return  get_kb_item(sb);
 }
 
 function get_unknown_banner(port, ipproto, dontfetch)
 {
-  local_var	sb, banner, soc, req, tcp, p;
+  local_var	sb, sbH, banner, soc, req, tcp, p, bannerHex;
 
   if (! ipproto) ipproto = "tcp";
-  tcp = ipproto == 'tcp';
+  if ( ipproto == "tcp" )
+	tcp = 1;
+  else
+	tcp = 0;
+
   if (tcp)
-   sb = strcat("unknown/banner/", port);
+  {
+   sb  = strcat("unknown/banner/", port);
+   sbH = strcat("unknown/bannerHex/", port);
+  }
   else
-   sb = strcat("unknown/banner/", ipproto, "/", port);
+  {
+   sb  = strcat("unknown/banner/", ipproto, "/", port);
+   sbH = strcat("unknown/bannerHex/", ipproto, "/", port);
+  }
+  banner = get_kb_item(sbH);
+  if (banner) return hex2raw(s: banner);
+  banner = get_kb_item(banner);
+  if (banner) return banner;
 
-  banner = get_kb_item(sb);
-  if (banner) return(banner);
-
+  banner = get_kb_item("BannerHex/"+port);
+  if (banner) return(hex2raw(s: banner));
   banner = get_kb_item("Banner/"+port);
   if (banner) return(banner);
                                                                                 
@@ -118,9 +137,15 @@
   foreach p (make_list("spontaneous", "get_http", "help"))
   {
     banner = get_kb_item("FindService/"+ipproto+"/"+port+"/"+p);
-    if (banner) return(banner);
+    bannerHex = get_kb_item("FindService/"+ipproto+"/"+port+"/"+p+"Hex");
+    if ( banner && bannerHex )  
+    {
+    if (strlen(bannerHex) > 2 * strlen(banner))
+     return hex2raw(s: bannerHex);
+    else
+     return(banner);
+    }
   }
-
   if (dontfetch) return(NULL);
   if (! get_port_state(port)) return (NULL);
   if (! tcp) return (NULL);
@@ -133,7 +158,11 @@
   banner = recv(socket:soc, length:2048);
   close(soc);
   if (banner)
+  {
     replace_or_set_kb_item(name: sb, value: banner);
+    if ('\0' >< sb)
+     replace_or_set_kb_item(name: sbH, value: hexstr(banner));
+  }
   return(banner);
 }
 
@@ -145,6 +174,14 @@
   else
     sb = strcat('unknown/banner/', ipproto, '/', port);
   set_kb_item(name: sb, value: banner);
+  if ('\0' >< banner)
+  {
+    if (! ipproto || ipproto == 'tcp')
+      sb = string("unknown/bannerHex/", port);
+    else
+      sb = strcat('unknown/bannerHex/', ipproto, '/', port);
+    set_kb_item(name: sb, value: hexstr(banner));
+  }
 }
 
 #
@@ -322,7 +359,11 @@
 
  s = chomp(s);	# remove trailing blanks, CR, LF...
  l = strlen(s);
- if (l % 2) display("hex2raw: odd string: ", s, "\n");
+ if (l % 2) {
+	display("hex2raw: odd string: ", s, "\n");
+	l --;
+	}
+ s = tolower(s);
  for(i=0;i<l;i+=2)
  {
   if(ord(s[i]) >= ord("0") && ord(s[i]) <= ord("9"))
@@ -345,18 +386,21 @@
  local_var	k, name, a;
 
  svc = tolower(svc);
- k = strcat(svc, "/banner/", port);
- set_kb_item(name: k, value: banner);
+ if (! isnull(banner))
+ {
+  k = strcat(svc, "/banner/", port);
+  set_kb_item(name: k, value: banner);
+ }
  register_service(port: port, proto: svc);
  if (svc == 'www') name = 'web server';
  else if (svc == 'proxy') name = 'web proxy';
- else if (svc == 'hylafax-ftp' || svc == 'hylafax') name = 'HylaFax server';
+ else if (svc == 'hylafax-ftp' || svc == 'hylafax') name = 'HylaFAX server';
  else if (svc == 'agobot.fo') name = 'Agobot.fo backdoor';
  else if (svc == 'unknown_irc_bot') name = 'IRC bot';
  else if (svc == 'auth') name = 'identd';
  else name = toupper(svc) +' server';
  a = tolower(name[0]);
- if (a == 'a' || a == 'e' || a == 'i' || a == 'o' || a == 'h') a = 'An ';
+ if (a == 'a' || a == 'e' || a == 'i' || a == 'o') a = 'An ';
  else a = 'A ';
  security_note(port: port, data: a + name + ' is running on this port');
 }
@@ -367,7 +411,7 @@
 
 function base64_decode(str)
 {
- local_var len, i, j, k, ret, base64, b64;
+ local_var len, i, j, k, ret, base64, b64, a,b,c,o;
  len = strlen(str);
  ret = "";
 
@@ -414,6 +458,8 @@
 
 function pow2(x)
 {
+ local_var __ret;
+
  __ret = 1;
  while(x)
   {
@@ -425,6 +471,8 @@
 
 function base64(str)
 {
+ local_var len, i, ret, char_count, _bits, val, cnt, mul;
+
  len = strlen(str);
  i = 0;
  ret = "";
@@ -520,7 +568,7 @@
 {
   local_var v, u;
   if (! defined_func("mktime")) return NULL;	# We could write it in NASL...
-  v = eregmatch(string: date, pattern: "\$Date: 2005/05/07 11:16:57 $");
+  v = eregmatch(string: date, pattern: ".Date: ([0-9]+)/([01][0-9])/([0-3][0-9]) ([0-2][0-9]):([0-6][0-9]):([0-6][0-9]) \$");
   if (isnull(v)) return;
   u = mktime(year: v[1], mon: v[2], mday: v[3], hour: v[3], min: v[5], sec: v[6]);
   return u;

Modified: trunk/openvas-plugins/scripts/pirelli_router_default_password.nasl
===================================================================
--- trunk/openvas-plugins/scripts/pirelli_router_default_password.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/pirelli_router_default_password.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -34,8 +34,8 @@
 }
 
 include("default_account.inc");
+#include("telnet_func.inc");
 
-
 port = 23;
 if(get_port_state(port))
 {

Modified: trunk/openvas-plugins/scripts/remote-detect-filemaker.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-filemaker.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/remote-detect-filemaker.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -51,7 +51,7 @@
 script_copyright(english:"This script is Written by Christian Eric Edjenguele <christian.edjenguele at owasp.org> and released under GPL v2 or later");
 family["english"] = "Service detection";
 script_family(english:family["english"]);
-script_require_port(5003);
+script_require_ports(5003);
 
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -53,7 +53,7 @@
 family["english"] = "Service detection";
 script_family(english:family["english"]);
 script_dependencies("find_service.nes", "sybase_easerver_detect.nasl");
-script_require_port("Services/www");
+script_require_ports("Services/www");
 
 exit(0);
 }

Modified: trunk/openvas-plugins/scripts/remote-detect-sybase-easerver.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-sybase-easerver.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/remote-detect-sybase-easerver.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -53,7 +53,7 @@
 family["english"] = "Service detection";
 script_family(english:family["english"]);
 script_dependencies("find_service.nes");
-script_require_port("Services/www");
+script_require_ports("Services/www");
 
 
 exit(0);

Modified: trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/09/05
 #
-#  Revision: 1.1
+#  Revision: 1.2
 #
 #  Log: ssharath
 #  Issue #0164
@@ -29,7 +29,7 @@
  script_bugtraq_id(30994);
  script_cve_id("CVE-2008-1389");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Denial of Service");
  script_name(english:"ClamAV Invalid Memory Access Denial Of Service Vulnerability");
@@ -64,7 +64,7 @@
  Risk factor : High";
 
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/09/01
 #
-#  Revision: 1.1
+#  Revision: 1.2
 #
 #  Log: veerendragg
 #  Issue #0159
@@ -28,7 +28,7 @@
  script_id(900210);
  script_bugtraq_id(30947);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Novell eDirectory Multiple Vulnerabilities (Linux)");
@@ -71,7 +71,7 @@
  Risk factor : High";
 
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/29
 #
-#  Revision: 1.1
+#  Revision: 1.2
 #
 #  Log: schandan
 #  Issue #0154
@@ -28,7 +28,7 @@
  script_bugtraq_id(30866);
  script_cve_id("CVE-2008-3282");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"OpenOffice rtl_allocateMemory() Remote Code Execution Vulnerability (Lin)");
@@ -64,7 +64,7 @@
  Risk factor : High";
 
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("Host/uname"); 
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/08
 #
-#  Revision: 1.2 
+#  Revision: 1.3 
 #
 #  Log: schandan
 #  Issue #0095
@@ -28,7 +28,7 @@
  script_bugtraq_id(30532);
  script_cve_id("CVE-2008-3459");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.2 $");
+ script_version("Revision: 1.3 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"OpenVPN Client Remote Code Execution Vulnerability");
@@ -70,7 +70,7 @@
  Risk factor : Medium";
 
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/21
 #
-#  Revision: 1.2 
+#  Revision: 1.3 
 #
 #  Log: schandan
 #  Issue #0136
@@ -26,7 +26,7 @@
 {
  script_id(900037);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.2 ");
+ script_version("Revision: 1.3 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"General");
  script_name(english:"Opera Version Detection for Linux");
@@ -37,7 +37,7 @@
 
  Risk factor : Informational";
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname"); 
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/21
 #
-#  Revision: 1.1
+#  Revision: 1.2
 #
 #  Log: schandan
 #  Issue #0136
@@ -27,7 +27,7 @@
  script_id(900039);
  script_bugtraq_id(30768);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Opera Web Browser Multiple Security Vulnerabilities Aug-08 (Linux)");
@@ -71,7 +71,7 @@
         CVSS Temporal Score : 5.5
  Risk factor : High";
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl",
+ script_dependencies("gather-package-list.nasl",
                      "secpod_opera_detection_linux_900037.nasl");
  script_require_keys("Host/uname");
  exit(0);

Modified: trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/07/11
 #
-#  Revision: 1.3 
+#  Revision: 1.4 
 #
 #  Log: schandan
 #  Issue #0032 
@@ -29,7 +29,7 @@
  script_bugtraq_id(29956);
  script_cve_id("CVE-2008-2927");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.3 ");
+ script_version("Revision: 1.4 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Pidgin MSN SLP Message Integer Overflow Vulnerabilities (Linux)");
@@ -63,7 +63,7 @@
         CVSS Temporal Score : 3.9
  Risk factor : Medium";
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/06
 #
-#  Revision: 1.2 
+#  Revision: 1.3 
 #
 #  Log: schandan
 #  Issue #0089
@@ -28,7 +28,7 @@
  script_id(900022);
  script_bugtraq_id(30553);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.2 ");
+ script_version("Revision: 1.3 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability (Linux)");
@@ -60,7 +60,7 @@
  Risk factor : High";
 
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/05
 #
-#  Revision: 1.3
+#  Revision: 1.4
 #
 #  Log: ssharath
 #  Issue #0091
@@ -30,7 +30,7 @@
  script_cve_id("CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142",
 		"CVE-2008-3143","CVE-2008-3144");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.3 ");
+ script_version("Revision: 1.4 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Python Multiple Vulnerabilities (Linux)");
@@ -70,7 +70,7 @@
         CVSS Temporal Score : 5.0
  Risk factor : Medium";
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/07/14
 #
-#  Revision: 1.3 
+#  Revision: 1.4 
 #
 #  Log: schandan
 #  Issue #0035
@@ -29,7 +29,7 @@
  script_bugtraq_id(28485);
  script_cve_id("CVE-2008-1561", "CVE-2008-1562", "CVE-2008-1563");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.3 ");
+ script_version("Revision: 1.4 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"Wireshark Multiple Vulnerabilities - July08 (Linux)");
@@ -63,7 +63,7 @@
 	CVSS Temporal Score : 5.3
  Risk factor : High";
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/09/09
 #
-#  Revision: 1.1
+#  Revision: 1.2
 #
 #  Log: veerendragg
 #  Issue #0172
@@ -49,13 +49,13 @@
  script_bugtraq_id(31009);
  script_cve_id("CVE-2008-3146", "CVE-2008-3932", "CVE-2008-3933");
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Denial of Service");
  script_name(english:"Wireshark Multiple Vulnerabilities - Sept08 (Linux)");
  script_summary(english:"Check for vulnerable version of Wireshark/Ethereal");
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -70,7 +70,7 @@
         CVSS Temporal Score : 5.3
  Risk factor : High";
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
  script_require_keys("ssh/login/uname");
  exit(0);
 }

Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl	2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
 #
 #  Date Written: 2008/08/26
 #
-#  Revision: 1.1
+#  Revision: 1.3
 #
 #  Log: schandan
 #  Issue #0145
@@ -25,9 +25,9 @@
 
 if(description)
 {
- script_id(900111);
+ script_id(900041);
  script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.3 ");
  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");
  script_name(english:"xine-lib Multiple Vulnerabilities (Aug-08)");
@@ -63,23 +63,23 @@
         CVSS Temporal Score : 5.8 
  Risk factor : Medium";
  script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/uname");
  exit(0);
 }
 
 
  include("ssh_func.inc");
 
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
         exit(0);
  }
  
- foreach item (get_kb_list("Host/*/rpm-list"))
+ foreach item (get_kb_list("ssh/*/rpms"))
  {
         if("xine" >< item)
         {
-                if(egrep(pattern:"(libxine(1)?|xine-lib)-(0\..*|1\.(0\..*|" +
+                if(egrep(pattern:"(libxine(1)?|xine-lib)~(0\..*|1\.(0\..*|" +
 				 "1(\.0?[0-9]|\.1[0-5])?))[^.0-9]", string:item))
 		{
                         security_warning(0);

Modified: trunk/openvas-plugins/scripts/telnet_func.inc
===================================================================
--- trunk/openvas-plugins/scripts/telnet_func.inc	2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/telnet_func.inc	2008-09-12 11:22:38 UTC (rev 1337)
@@ -3,6 +3,14 @@
 # (C) 2002 Michel Arboi <arboi at alussinan.org>
 # $Revision: 1.8 $
 
+OPT_WILL 	= 0xfb;
+OPT_WONT 	= 0xfc;
+OPT_DO   	= 0xfd;
+OPT_DONT 	= 0xfe;
+
+OPT_SUBOPT 	= 0xfa;
+OPT_ENDSUBOPT 	= 0xf0;
+
 function get_telnet_banner(port)
 {
   local_var sb, banner, soc;
@@ -12,23 +20,68 @@
 
   soc = open_sock_tcp(port);
   if(!soc) return (0);
-  banner = telnet_init(soc);
+  banner = telnet_negotiate(socket:soc);
   close(soc);
   if(strlen(banner)){
 	if ( defined_func("replace_kb_item") )
-		replace_kb_item(name: sb, value: banner);
+		replace_kb_item(name: sb, value: str_replace(find:raw_string(0), replace:'', string:banner));
 	else
-		set_kb_item(name: sb, value: banner);
+		set_kb_item(name: sb, value: str_replace(find:raw_string(0), replace:'', string:banner));
 	}
   return(banner);
 }
 
+
+function telnet_negotiate(socket)
+{
+ local_var opt, code, s, counter, counter2, buf, prev;
+
+ counter = 0;
+
+ while ( TRUE )
+ {
+  s   = recv(socket:socket, length:1, timeout:3);
+  if ( !strlen(s) ) break;
+  if ( ord(s[0]) != 0xff) buf += s;
+  else {
+   counter ++;
+   s  = recv(socket:socket, length:2);
+
+   if ( ord(s[0]) == OPT_DO ) send(socket:socket,data:raw_string(0xff, OPT_WONT) + s[1]);
+   if ( ord(s[0]) == OPT_WILL ) send(socket:socket,data:raw_string(0xff, OPT_DONT) + s[1]);
+   if ( ord(s[0]) == OPT_SUBOPT )
+	{
+	 # The remote telnet server is autistic :/
+	 prev = recv(socket:socket, length:1);
+         counter2 = 0;
+	 while ( ord(prev) != 0xff && ord(s[0]) != OPT_ENDSUBOPT )
+	   {
+	    prev = s;
+ 	    # No timeout - the answer is supposed to be cached
+	    s    = recv(socket:socket, length:1, timeout:0);
+	    if ( ! strlen(s) ) return buf;
+	    counter2++;
+	    if ( counter2 >= 100 ) return buf;
+	   }
+	}
+  
+   # Not necessary and may introduce endless loops
+   #if ( ord(s[0]) == OPT_DONT ) send(socket:socket,data:raw_string(0xff, OPT_WONT) + s[1]);
+   #if ( ord(s[0]) == OPT_WONT ) send(socket:socket,data:raw_string(0xff, OPT_DONT) + s[1]);
+  }
+  if ( counter >= 100 || strlen(buf) >= 4096 ) break;
+ }
+
+ 
+ return buf;
+}
+
 function set_telnet_banner(port, banner)
 {
   local_var sb;
   sb = string("telnet/banner/", port);
   if ( defined_func("replace_kb_item") )
-  	replace_kb_item(name: sb, value: banner);
+	replace_kb_item(name: sb, value: str_replace(find:raw_string(0), replace:'', string:banner));
   else
-  	set_kb_item(name: sb, value: banner);
+	set_kb_item(name: sb, value: str_replace(find:raw_string(0), replace:'', string:banner));
 }



More information about the Openvas-commits mailing list