[Openvas-commits] r1337 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri Sep 12 13:22:40 CEST 2008
Author: chandra
Date: 2008-09-12 13:22:38 +0200 (Fri, 12 Sep 2008)
New Revision: 1337
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gather-package-list.nasl
trunk/openvas-plugins/scripts/http_keepalive.inc
trunk/openvas-plugins/scripts/misc_func.inc
trunk/openvas-plugins/scripts/pirelli_router_default_password.nasl
trunk/openvas-plugins/scripts/remote-detect-filemaker.nasl
trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl
trunk/openvas-plugins/scripts/remote-detect-sybase-easerver.nasl
trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl
trunk/openvas-plugins/scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl
trunk/openvas-plugins/scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl
trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl
trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl
trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl
trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl
trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl
trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl
trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl
trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl
trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl
trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl
trunk/openvas-plugins/scripts/telnet_func.inc
Log:
Update gather-package-list with \n char, modified secpod plugins to reflect as per new gather-package, Merged certain .inc files as per the GPL 2006 release and resolved script parse errors
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/ChangeLog 2008-09-12 11:22:38 UTC (rev 1337)
@@ -1,3 +1,35 @@
+2008-09-11 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gather-package-list.nasl:
+ Modified to include \n character in all 'rpm -qa'
+ queries
+
+ * scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl,
+ scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl,
+ scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl,
+ scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl,
+ scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl,
+ scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl,
+ scripts/remote-detect-sybase-easerver-mgmt.nasl,
+ scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl,
+ scripts/secpod_opera_detection_linux_900037.nasl,
+ scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl,
+ scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl,
+ scripts/secpod_python_mult_vuln_lin_900106.nasl,
+ scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl,
+ scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl:
+ Updated as per the new gather-package-list.nasl
+
+ * scripts/pirelli_router_default_password.nasl,
+ scripts/remote-detect-filemaker.nasl,
+ scripts/remote-detect-sybase-easerver.nasl:
+ Corrected script parse errors
+
+ * scripts/telnet_func.inc,
+ scripts/http_keepalive.inc,
+ scripts/misc_func.inc:
+ Merged with the GPL 2006 release scripts, that included fixes and
+ new functions.
+
2008-09-12 Michael Wiegand <michael.wiegand at intevation.de>
* scripts/gather-package-list.nasl: Merged functionality from -sigkeyid
Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gather-package-list.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/gather-package-list.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -24,7 +24,7 @@
if(description)
{
script_id(50282);
- script_version("$");
+ script_version("1.1");
name["english"] = "Determine OS and list of installed packages via SSH login";
script_name(english:name["english"]);
@@ -55,7 +55,7 @@
# The script code starts here
#
cmdline = 0;
-include("ss_ssh_func.inc");
+include("ssh_func.inc");
port = get_kb_item("Services/ssh");
if(!port) {
@@ -74,84 +74,84 @@
rls = ssh_cmd(socket:sock, cmd:"cat /etc/redhat-release");
if("Red Hat Linux release 7.3" >< rls) {
set_kb_item(name: "ssh/login/release", value: "RH7.3");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Red Hat Linux release 8.0 (Psyche)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "RH8.0");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Red Hat Linux release 9 (Shrike)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "RH9");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora Core release 1 (Yarrow)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC1");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora Core release 2 (Tettnang)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC2");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora Core release 3 (Heidelberg)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC3");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora Core release 4 (Stentz)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC4");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora Core release 5 (Bordeaux)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC5");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora Core release 6 (Zod)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC6");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora release 7 (Moonshine)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC7");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora release 8 (Werewolf)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC8");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Fedora release 9 (Sulphur)" >< rls) {
set_kb_item(name: "ssh/login/release", value: "FC9");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
@@ -194,91 +194,91 @@
if("Mandriva Linux release 2008.1" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_2008.1");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandriva Linux release 2008.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_2008.0");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandriva Linux release 2007.1" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_2007.1");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandriva Linux release 2007.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_2007.0");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandriva Linux release 2006.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_2006.0");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandrakelinux release 10.2" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_10.2");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandrakelinux release 10.1" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_10.1");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandrake Linux release 10.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_10.0");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandrake Linux release 9.2" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_9.2");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandrake Linux release 9.1" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_9.1");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandrake Linux release 8.1" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_8.1");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandrake Linux release 8.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_8.0");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Mandrake Linux release 7.2" >< rls) {
set_kb_item(name: "ssh/login/release", value: "MNDK_7.2");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
@@ -292,14 +292,14 @@
#CentOS release 3.4 (final)
if("CentOS release 4" >< rls) {
set_kb_item(name: "ssh/login/release", value: "CENTOS4");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 4"));
exit(0);
}
if("CentOS release 3" >< rls) {
set_kb_item(name: "ssh/login/release", value: "CENTOS3");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running CentOS release 3"));
exit(0);
@@ -369,14 +369,14 @@
rls = ssh_cmd(socket:sock, cmd:"cat /etc/conectiva-release");
if("Conectiva Linux 9" >< rls) {
set_kb_item(name: "ssh/login/release", value: "CL9");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value:buf);
security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 9"));
exit(0);
}
if("Conectiva Linux 10" >< rls) {
set_kb_item(name: "ssh/login/release", value: "CL10");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value:buf);
security_note(port:port, data:string("We are able to login and detect that you are running Conectiva Linux 10"));
exit(0);
@@ -402,42 +402,42 @@
rls = ssh_cmd(socket:sock, cmd:"cat /etc/turbolinux-release");
if("Turbolinux Server 7.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "TLS7");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value:buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Turbolinux Workstation 7.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "TLWS7");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value:buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Turbolinux Server 8.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "TLS8");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value:buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Turbolinux Workstation 8.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "TLWS8");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value:buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Turbolinux Desktop 10.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "TLDT10");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value:buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
}
if("Turbolinux Server 10.0" >< rls) {
set_kb_item(name: "ssh/login/release", value: "TLS10");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value:buf);
security_note(port:port, data:string("We are able to login and detect that you are running ", rls));
exit(0);
@@ -586,7 +586,7 @@
ver = eregmatch(pattern:"VERSION = ([0-9\.]+)", string:rls);
if( isnull(ver) ) ver[1] = " ";
set_kb_item(name: "ssh/login/release", value: "SUSE"+ver[1]);
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running SuSE Linux "+ver[1]));
exit(0);
@@ -598,7 +598,7 @@
if("Trustix Secure Linux release 3.0.5"><rls ||
"Trustix Secure Linux release 3.0.5"><rls2) {
set_kb_item(name: "ssh/login/release", value: "TSL3.0.5");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0.5"));
exit(0);
@@ -606,7 +606,7 @@
if("Trustix Secure Linux release 3.0"><rls ||
"Trustix Secure Linux release 3.0"><rls2) {
set_kb_item(name: "ssh/login/release", value: "TSL3.0");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running Trustix 3.0"));
exit(0);
@@ -614,7 +614,7 @@
if("Trustix Secure Linux release 2.2"><rls ||
"Trustix Secure Linux release 2.2"><rls2) {
set_kb_item(name: "ssh/login/release", value: "TSL2.2");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.2"));
exit(0);
@@ -622,7 +622,7 @@
if("Trustix Secure Linux release 2.1"><rls ||
"Trustix Secure Linux release 2.1"><rls2) {
set_kb_item(name: "ssh/login/release", value: "TSL2.1");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.1"));
exit(0);
@@ -630,7 +630,7 @@
if("Trustix Secure Linux release 2.0"><rls ||
"Trustix Secure Linux release 2.0"><rls2) {
set_kb_item(name: "ssh/login/release", value: "TSL2.0");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running Trustix 2.0"));
exit(0);
@@ -638,7 +638,7 @@
if("Trustix Secure Linux release 1.5"><rls ||
"Trustix Secure Linux release 1.5"><rls2) {
set_kb_item(name: "ssh/login/release", value: "TSL1.5");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.5"));
exit(0);
@@ -646,7 +646,7 @@
if("Trustix Secure Linux release 1.2"><rls ||
"Trustix Secure Linux release 1.2"><rls2) {
set_kb_item(name: "ssh/login/release", value: "TSL1.2");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.2"));
exit(0);
@@ -654,7 +654,7 @@
if("Trustix Secure Linux release 1.1"><rls ||
"Trustix Secure Linux release 1.1"><rls2) {
set_kb_item(name: "ssh/login/release", value: "TSL1.1");
- buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};'");
+ buf = ssh_cmd(socket:sock, cmd:"/bin/rpm -qa --qf '%{NAME}~%{VERSION}~%{RELEASE};\n'");
set_kb_item(name: "ssh/login/rpms", value: ";" + buf);
security_note(port:port, data:string("We are able to login and detect that you are running Trustix 1.1"));
exit(0);
Modified: trunk/openvas-plugins/scripts/http_keepalive.inc
===================================================================
--- trunk/openvas-plugins/scripts/http_keepalive.inc 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/http_keepalive.inc 2008-09-12 11:22:38 UTC (rev 1337)
@@ -28,10 +28,11 @@
#
function http_keepalive_check_connection(headers)
{
+ local_var tmp;
tmp = egrep(pattern:"^Connection: [Cc]lose", string:headers);
if(tmp)
{
- http_close_socket(__ka_socket);
+ if ( __ka_socket ) http_close_socket(__ka_socket);
__ka_socket = http_open_socket(__ka_port);
}
}
@@ -119,7 +120,7 @@
if("Content-Length" >< headers)
{
tmp = egrep(string:headers, pattern:"^Content-Length: *[0-9]+");
- if ( tmp ) length = int(ereg_replace(string:tmp, pattern:"^Content-Length: *([0-9]*)", replace:"\1"));
+ if ( tmp ) length = int(ereg_replace(string:tmp, pattern:"^Content-Length: *([0-9]*) *", replace:"\1"));
}
@@ -135,7 +136,9 @@
length = 1048576;
killme = 1;
}
- body = strcat(body, recv(socket:__ka_socket, length:length+2, min:length+2));
+ body = strcat(body, recv(socket:__ka_socket, length:length, min:length));
+ # "\r\n"
+ recv (socket:__ka_socket, length:2, min:2);
if (strlen(body) > 1048576) killme = 1;
if(length == 0 || killme){
@@ -160,7 +163,7 @@
# the next request won't mix up the replies.
#display("ERROR - Keep Alive, but no length!!!\n", __ka_last_request);
- body = recv(socket:__ka_socket, length:16384);
+ body = recv(socket:__ka_socket, length:16384, min:0);
if (body =~ '<html>' && body !~ '</html>') # case insensitive
{
repeat
@@ -190,11 +193,14 @@
if(__ka_socket)
{
http_close_socket(__ka_socket);
+ __ka_socket = 0;
}
}
+if ( 0 ) on_exit();
+
#----------------------------------------------------------------------#
@@ -203,10 +209,14 @@
# host on port <port>, and returns the result, or NULL if no connection
# could be established.
#
-function http_keepalive_send_recv(port, data, bodyonly)
+function http_keepalive_send_recv(port, data, bodyonly, embedded, fetch404)
{
local_var id, n, ret, headers;
+ local_var soc, r, body;
+
+ if ( ! embedded && get_kb_item("Services/www/" + port + "/embedded") ) return NULL;
+
if (debug_level > 1)
display("http_keepalive_send_recv(port: ", port, ", data: ", data, ", bodyonly: ", bodyonly, ")\n");
@@ -218,7 +228,6 @@
if(__ka_enabled == 0)
{
- local_var soc, r, body;
soc = http_open_socket(port);
if(!soc)return NULL;
if (send(socket:soc, data:data) <= 0)
@@ -226,8 +235,14 @@
http_close_socket(soc);
return NULL;
}
- headers = http_recv_headers2(soc);
- if(headers) body = http_recv_body(socket:soc, headers:headers, length:0);
+ headers = http_recv_headers2(socket:soc);
+ # If the headers are not HTTP compliant, just return right away
+ if ( headers && !ereg(pattern:"^HTTP/.* [0-9]+", string:headers) )
+ return headers;
+
+ if(headers && ( !ereg(pattern:"^HTTP/.* 404", string:headers) || fetch404 == TRUE ) )
+ body = http_recv_body(socket:soc, headers:headers, length:0);
+
http_close_socket(soc);
if(bodyonly) return(body);
else return(strcat(headers, '\r\n', body));
@@ -247,7 +262,7 @@
__ka_last_request = data;
n = send(socket:__ka_socket, data:data);
if (n >= strlen(data))
- headers = http_recv_headers2(__ka_socket);
+ headers = http_recv_headers2(socket:__ka_socket);
if (! headers)
{
http_close_socket(__ka_socket);
@@ -259,7 +274,7 @@
__ka_socket = NULL;
return NULL;
}
- headers = http_recv_headers2(__ka_socket);
+ headers = http_recv_headers2(socket:__ka_socket);
}
return http_keepalive_recv_body(headers: headers, bodyonly:bodyonly);
@@ -270,28 +285,14 @@
#
# Same as check_win_dir_trav(), but with KA support
#
-function check_win_dir_trav_ka(port, url, quickcheck)
+function check_win_dir_trav_ka(port, url)
{
local_var soc, req, cod, buf;
- #display("check_win_dir_trav(port=", port, ", url=", url, ", quickcheck=", quickcheck, ")\n");
-
req = http_get(item:url, port:port);
buf = http_keepalive_send_recv(port:port, data:req);
-# if (quickcheck)
-# {
-# if (ereg(pattern:"^HTTP/.* 200 ", string:buf)) return (1);
-# return (0);
-# }
-
- if ( ("ECHO" >< buf) || ("RESET" >!< buf && ("SET " >< buf)) ||
- ("export" >< buf) || ("EXPORT" >< buf) ||
- ("doskey" >< buf) || ("DOSKEY" >< buf) ||
- ("[boot loader]" >< buf) || ("[fonts]" >< buf) ||
- ("[extensions]" >< buf) || ("[mci extensions]" >< buf) ||
- ("[files]" >< buf) || ("[Mail]" >< buf) ||
- ("[operating systems]" >< buf) )
+ if ( "; for 16-bit app support" >< buf )
{
return(1);
}
@@ -301,17 +302,14 @@
#
#
#
-function is_cgi_installed_ka(item, port)
+function is_cgi_installed_ka(item, port, embedded)
{
local_var r, no404, dir, slash, dirs, banner;
+ if ( ! embedded && get_kb_item("Services/www/" + port + "/embedded") ) return 0;
+ if ( get_kb_item("Settings/disable_cgi_scanning") ) return 0;
- #
- # Some embedded web servers can not have arbitrary CGIs
- #
banner = get_http_banner(port:port);
- if ( egrep(pattern:"^Server: (CUPS|MiniServ|AppleShareIP|Embedded HTTPD|IP_SHARER|Ipswitch-IMail|MACOS_Personal_Websharing|NetCache appliance|ZyXEL-RomPager|cisco-IOS|u-Server)", string:banner ) )
- return NULL;
if(item[0] != "/")
{
@@ -365,7 +363,7 @@
if (r =~ "^HTTP/1\.[01] +30[0-9] .*")
{
- v = eregmatch(pattern: "\r\nLocation: *([^ \t\r\n]+)[ \t]*[\r\n]+",
+ v = eregmatch(pattern: '\r\nLocation: *([^ \t\r\n]+)[ \t]*[\r\n]+',
string: r, icase: 1);
if (isnull(v)) return NULL; # Big problem
l = v[1];
@@ -384,3 +382,91 @@
# Loop?
return NULL;
}
+
+
+
+function http_get_cache(port, item)
+{
+ local_var req, res;
+
+ res = get_kb_item("Cache/" + port + "/URL_" + item );
+ if ( res ) return res;
+
+ req = http_get(port:port, item:item);
+ res = http_keepalive_send_recv(port:port, data:req, embedded:TRUE);
+ if ( ! res ) return NULL;
+
+ if ( defined_func("replace_kb_item") )
+ replace_kb_item(name:"Cache/" + port + "/URL_" + item, value:res);
+ else
+ set_kb_item(name:"Cache/" + port + "/URL_" + item, value:res);
+
+ return res;
+}
+
+
+
+function http_check_remote_code (default_port, extra_dirs, unique_dir, check_request, extra_check, check_result, command, description, port, embedded)
+{
+ local_var list, req, txt_result, txt_desc, extra, dir, buf;
+ if ( get_kb_item("Settings/disable_cgi_scanning") ) exit(0);
+
+ if (unique_dir)
+ list = make_list (unique_dir);
+ else
+ {
+ if (!isnull(extra_dirs))
+ list = make_list (cgi_dirs(), extra_dirs);
+ else
+ list = make_list (cgi_dirs());
+ }
+
+ if ( ! port )
+ {
+ if (default_port)
+ port = get_http_port(default:default_port);
+ else
+ port = get_http_port(default:80);
+ }
+
+ if ( ! embedded && get_kb_item("Services/www/" + port + "/embedded") ) exit(0);
+ if (!get_port_state(port))
+ exit (0);
+
+
+ foreach dir (list)
+ {
+ req = string(dir, check_request);
+ req = http_get(item:req, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req);
+ if (buf == NULL)
+ exit(0);
+
+ txt_result = egrep(pattern:check_result, string:buf);
+ if (extra_check)
+ {
+ extra = 0;
+ if (egrep (pattern:extra_check, string:buf))
+ extra = 1;
+ }
+ else
+ extra = 1;
+
+ if (txt_result && extra)
+ {
+ txt_desc = description +
+"
+
+Plugin output :
+
+It was possible to execute the command '" + command + "' on the remote host,
+which produces the following output :
+
+"
+ + txt_result;
+
+ security_hole (port:port, data:txt_desc);
+ exit (0);
+ }
+ }
+}
Modified: trunk/openvas-plugins/scripts/misc_func.inc
===================================================================
--- trunk/openvas-plugins/scripts/misc_func.inc 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/misc_func.inc 2008-09-12 11:22:38 UTC (rev 1337)
@@ -17,16 +17,19 @@
if (! ipproto) ipproto = "tcp";
if (! service_is_unknown(port:port, ipproto: ipproto))
{
- if (debug_level) display("service is already known on port ", ipproto, ":", port, "\n");
+ if (debug_level) display(get_host_ip(), ": service is already known on port ", ipproto, ":", port, "\n");
#return(0);
}
- k = strcat("Known/", ipproto, "/", port);
- replace_or_set_kb_item(name: k, value: proto);
- if (ipproto == "tcp") k = strcat("Services/", proto);
- else k = strcat("Services/", ipproto, "/", proto);
- set_kb_item(name: k, value: port);
- if (debug_level) display("register_service: port=", port, ", proto=", proto, "\n");
+ if ( ipproto != "unknown" )
+ {
+ k = strcat("Known/", ipproto, "/", port);
+ replace_or_set_kb_item(name: k, value: proto);
+ if (ipproto == "tcp") k = strcat("Services/", proto);
+ else k = strcat("Services/", ipproto, "/", proto);
+ set_kb_item(name: k, value: port);
+ }
+ if (debug_level) display(get_host_ip(), ": register_service: port=", port, ", proto=", proto, "\n");
}
# This function may fork!
@@ -55,6 +58,35 @@
return TRUE;
}
+function verify_service(port, ipproto, proto)
+{
+ local_var k, p;
+ # Remember: no KB yet in command line mode!
+ if (! ipproto) ipproto = "tcp";
+ k = strcat("Known/", ipproto, "/", port);
+ p = get_kb_list(k);
+ foreach k (p)
+ if (k == proto)
+ return TRUE;
+ return FALSE;
+}
+
+# This function may fork
+function get_port_for_service(default, ipproto, proto)
+{
+ local_var k, p;
+ # Remember: no KB yet in command line mode!
+ if (! ipproto) ipproto = "tcp";
+ if (ipproto == "tcp") k = strcat("Services/", proto);
+ else k = strcat("Services/", ipproto, "/", proto);
+ p = get_kb_item(k);
+ if (p) return p;
+ k = strcat("Known/", ipproto, "/", default);
+ p = get_kb_item(k);
+ if (p == proto) return default;
+ exit(0);
+}
+
function set_mysql_version(port, version)
{
local_var sb;
@@ -64,51 +96,38 @@
function get_mysql_version(port)
{
- local_var sb, vers, soc, result, MySQL_version, end_found;
+ local_var sb;
sb = string("mysql/version/", port);
- vers = get_kb_item(sb);
- if (vers) return(vers);
- else { # Get it on the fly.
- if ( ! get_port_state(port) ) return NULL;
- soc = open_sock_tcp(port);
- if(!soc) return(NULL);
- result = recv(socket:soc, length:1000);
- close(soc);
- if(strlen(result) < 6)return(NULL);
- if("is not allowed" >< result)return(NULL);
- if("is blocked" >< result) return(NULL);
- MySQL_version = "";
- if ((result[1] == raw_string(0x00)) && (result[2] == raw_string(0x00)) &&
- (result[3] == raw_string(0x00)) && ((ord(result[4]) > 8) && (ord(result[4]) < 12))){
- end_found = FALSE;
- for (i = 0; end_found == FALSE ; i = i + 1) {
- if (result[5+i] == raw_string(0x00)) {
- end_found = TRUE;
- } else {
- MySQL_version = string(MySQL_version, result[5+i]);
- }
- }
- set_mysql_version(port:port, version:MySQL_version);
- return(MySQL_version);
- }
- }
- return(NULL);
+ return get_kb_item(sb);
}
function get_unknown_banner(port, ipproto, dontfetch)
{
- local_var sb, banner, soc, req, tcp, p;
+ local_var sb, sbH, banner, soc, req, tcp, p, bannerHex;
if (! ipproto) ipproto = "tcp";
- tcp = ipproto == 'tcp';
+ if ( ipproto == "tcp" )
+ tcp = 1;
+ else
+ tcp = 0;
+
if (tcp)
- sb = strcat("unknown/banner/", port);
+ {
+ sb = strcat("unknown/banner/", port);
+ sbH = strcat("unknown/bannerHex/", port);
+ }
else
- sb = strcat("unknown/banner/", ipproto, "/", port);
+ {
+ sb = strcat("unknown/banner/", ipproto, "/", port);
+ sbH = strcat("unknown/bannerHex/", ipproto, "/", port);
+ }
+ banner = get_kb_item(sbH);
+ if (banner) return hex2raw(s: banner);
+ banner = get_kb_item(banner);
+ if (banner) return banner;
- banner = get_kb_item(sb);
- if (banner) return(banner);
-
+ banner = get_kb_item("BannerHex/"+port);
+ if (banner) return(hex2raw(s: banner));
banner = get_kb_item("Banner/"+port);
if (banner) return(banner);
@@ -118,9 +137,15 @@
foreach p (make_list("spontaneous", "get_http", "help"))
{
banner = get_kb_item("FindService/"+ipproto+"/"+port+"/"+p);
- if (banner) return(banner);
+ bannerHex = get_kb_item("FindService/"+ipproto+"/"+port+"/"+p+"Hex");
+ if ( banner && bannerHex )
+ {
+ if (strlen(bannerHex) > 2 * strlen(banner))
+ return hex2raw(s: bannerHex);
+ else
+ return(banner);
+ }
}
-
if (dontfetch) return(NULL);
if (! get_port_state(port)) return (NULL);
if (! tcp) return (NULL);
@@ -133,7 +158,11 @@
banner = recv(socket:soc, length:2048);
close(soc);
if (banner)
+ {
replace_or_set_kb_item(name: sb, value: banner);
+ if ('\0' >< sb)
+ replace_or_set_kb_item(name: sbH, value: hexstr(banner));
+ }
return(banner);
}
@@ -145,6 +174,14 @@
else
sb = strcat('unknown/banner/', ipproto, '/', port);
set_kb_item(name: sb, value: banner);
+ if ('\0' >< banner)
+ {
+ if (! ipproto || ipproto == 'tcp')
+ sb = string("unknown/bannerHex/", port);
+ else
+ sb = strcat('unknown/bannerHex/', ipproto, '/', port);
+ set_kb_item(name: sb, value: hexstr(banner));
+ }
}
#
@@ -322,7 +359,11 @@
s = chomp(s); # remove trailing blanks, CR, LF...
l = strlen(s);
- if (l % 2) display("hex2raw: odd string: ", s, "\n");
+ if (l % 2) {
+ display("hex2raw: odd string: ", s, "\n");
+ l --;
+ }
+ s = tolower(s);
for(i=0;i<l;i+=2)
{
if(ord(s[i]) >= ord("0") && ord(s[i]) <= ord("9"))
@@ -345,18 +386,21 @@
local_var k, name, a;
svc = tolower(svc);
- k = strcat(svc, "/banner/", port);
- set_kb_item(name: k, value: banner);
+ if (! isnull(banner))
+ {
+ k = strcat(svc, "/banner/", port);
+ set_kb_item(name: k, value: banner);
+ }
register_service(port: port, proto: svc);
if (svc == 'www') name = 'web server';
else if (svc == 'proxy') name = 'web proxy';
- else if (svc == 'hylafax-ftp' || svc == 'hylafax') name = 'HylaFax server';
+ else if (svc == 'hylafax-ftp' || svc == 'hylafax') name = 'HylaFAX server';
else if (svc == 'agobot.fo') name = 'Agobot.fo backdoor';
else if (svc == 'unknown_irc_bot') name = 'IRC bot';
else if (svc == 'auth') name = 'identd';
else name = toupper(svc) +' server';
a = tolower(name[0]);
- if (a == 'a' || a == 'e' || a == 'i' || a == 'o' || a == 'h') a = 'An ';
+ if (a == 'a' || a == 'e' || a == 'i' || a == 'o') a = 'An ';
else a = 'A ';
security_note(port: port, data: a + name + ' is running on this port');
}
@@ -367,7 +411,7 @@
function base64_decode(str)
{
- local_var len, i, j, k, ret, base64, b64;
+ local_var len, i, j, k, ret, base64, b64, a,b,c,o;
len = strlen(str);
ret = "";
@@ -414,6 +458,8 @@
function pow2(x)
{
+ local_var __ret;
+
__ret = 1;
while(x)
{
@@ -425,6 +471,8 @@
function base64(str)
{
+ local_var len, i, ret, char_count, _bits, val, cnt, mul;
+
len = strlen(str);
i = 0;
ret = "";
@@ -520,7 +568,7 @@
{
local_var v, u;
if (! defined_func("mktime")) return NULL; # We could write it in NASL...
- v = eregmatch(string: date, pattern: "\$Date: 2005/05/07 11:16:57 $");
+ v = eregmatch(string: date, pattern: ".Date: ([0-9]+)/([01][0-9])/([0-3][0-9]) ([0-2][0-9]):([0-6][0-9]):([0-6][0-9]) \$");
if (isnull(v)) return;
u = mktime(year: v[1], mon: v[2], mday: v[3], hour: v[3], min: v[5], sec: v[6]);
return u;
Modified: trunk/openvas-plugins/scripts/pirelli_router_default_password.nasl
===================================================================
--- trunk/openvas-plugins/scripts/pirelli_router_default_password.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/pirelli_router_default_password.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -34,8 +34,8 @@
}
include("default_account.inc");
+#include("telnet_func.inc");
-
port = 23;
if(get_port_state(port))
{
Modified: trunk/openvas-plugins/scripts/remote-detect-filemaker.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-filemaker.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/remote-detect-filemaker.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -51,7 +51,7 @@
script_copyright(english:"This script is Written by Christian Eric Edjenguele <christian.edjenguele at owasp.org> and released under GPL v2 or later");
family["english"] = "Service detection";
script_family(english:family["english"]);
-script_require_port(5003);
+script_require_ports(5003);
exit(0);
}
Modified: trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -53,7 +53,7 @@
family["english"] = "Service detection";
script_family(english:family["english"]);
script_dependencies("find_service.nes", "sybase_easerver_detect.nasl");
-script_require_port("Services/www");
+script_require_ports("Services/www");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/remote-detect-sybase-easerver.nasl
===================================================================
--- trunk/openvas-plugins/scripts/remote-detect-sybase-easerver.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/remote-detect-sybase-easerver.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -53,7 +53,7 @@
family["english"] = "Service detection";
script_family(english:family["english"]);
script_dependencies("find_service.nes");
-script_require_port("Services/www");
+script_require_ports("Services/www");
exit(0);
Modified: trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_clamav_invalid_mem_access_dos_vuln_900117.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/09/05
#
-# Revision: 1.1
+# Revision: 1.2
#
# Log: ssharath
# Issue #0164
@@ -29,7 +29,7 @@
script_bugtraq_id(30994);
script_cve_id("CVE-2008-1389");
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Denial of Service");
script_name(english:"ClamAV Invalid Memory Access Denial Of Service Vulnerability");
@@ -64,7 +64,7 @@
Risk factor : High";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_novell_edir_mult_vuln_linux_900210.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/09/01
#
-# Revision: 1.1
+# Revision: 1.2
#
# Log: veerendragg
# Issue #0159
@@ -28,7 +28,7 @@
script_id(900210);
script_bugtraq_id(30947);
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"Novell eDirectory Multiple Vulnerabilities (Linux)");
@@ -71,7 +71,7 @@
Risk factor : High";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_openoffice_code_exec_vuln_lin_900043.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/08/29
#
-# Revision: 1.1
+# Revision: 1.2
#
# Log: schandan
# Issue #0154
@@ -28,7 +28,7 @@
script_bugtraq_id(30866);
script_cve_id("CVE-2008-3282");
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"OpenOffice rtl_allocateMemory() Remote Code Execution Vulnerability (Lin)");
@@ -64,7 +64,7 @@
Risk factor : High";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("Host/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_openvpn_client_code_exec_vuln_900024.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/08/08
#
-# Revision: 1.2
+# Revision: 1.3
#
# Log: schandan
# Issue #0095
@@ -28,7 +28,7 @@
script_bugtraq_id(30532);
script_cve_id("CVE-2008-3459");
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("$Revision: 1.2 $");
+ script_version("Revision: 1.3 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"OpenVPN Client Remote Code Execution Vulnerability");
@@ -70,7 +70,7 @@
Risk factor : Medium";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_opera_detection_linux_900037.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/08/21
#
-# Revision: 1.2
+# Revision: 1.3
#
# Log: schandan
# Issue #0136
@@ -26,7 +26,7 @@
{
script_id(900037);
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.2 ");
+ script_version("Revision: 1.3 ");
script_category(ACT_GATHER_INFO);
script_family(english:"General");
script_name(english:"Opera Version Detection for Linux");
@@ -37,7 +37,7 @@
Risk factor : Informational";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_aug08_lin_900039.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/08/21
#
-# Revision: 1.1
+# Revision: 1.2
#
# Log: schandan
# Issue #0136
@@ -27,7 +27,7 @@
script_id(900039);
script_bugtraq_id(30768);
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"Opera Web Browser Multiple Security Vulnerabilities Aug-08 (Linux)");
@@ -71,7 +71,7 @@
CVSS Temporal Score : 5.5
Risk factor : High";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl",
+ script_dependencies("gather-package-list.nasl",
"secpod_opera_detection_linux_900037.nasl");
script_require_keys("Host/uname");
exit(0);
Modified: trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_pidgin_intgr_overflow_lin_900009.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/07/11
#
-# Revision: 1.3
+# Revision: 1.4
#
# Log: schandan
# Issue #0032
@@ -29,7 +29,7 @@
script_bugtraq_id(29956);
script_cve_id("CVE-2008-2927");
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.3 ");
+ script_version("Revision: 1.4 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"Pidgin MSN SLP Message Integer Overflow Vulnerabilities (Linux)");
@@ -63,7 +63,7 @@
CVSS Temporal Score : 3.9
Risk factor : Medium";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_pidgin_ssl_sec_bypass_vuln_lin_900022.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/08/06
#
-# Revision: 1.2
+# Revision: 1.3
#
# Log: schandan
# Issue #0089
@@ -28,7 +28,7 @@
script_id(900022);
script_bugtraq_id(30553);
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.2 ");
+ script_version("Revision: 1.3 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"Pidgin NSS plugin SSL Certificate Validation Security Bypass Vulnerability (Linux)");
@@ -60,7 +60,7 @@
Risk factor : High";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_python_mult_vuln_lin_900106.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/08/05
#
-# Revision: 1.3
+# Revision: 1.4
#
# Log: ssharath
# Issue #0091
@@ -30,7 +30,7 @@
script_cve_id("CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142",
"CVE-2008-3143","CVE-2008-3144");
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.3 ");
+ script_version("Revision: 1.4 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"Python Multiple Vulnerabilities (Linux)");
@@ -70,7 +70,7 @@
CVSS Temporal Score : 5.0
Risk factor : Medium";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_july08_lin_900011.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/07/14
#
-# Revision: 1.3
+# Revision: 1.4
#
# Log: schandan
# Issue #0035
@@ -29,7 +29,7 @@
script_bugtraq_id(28485);
script_cve_id("CVE-2008-1561", "CVE-2008-1562", "CVE-2008-1563");
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.3 ");
+ script_version("Revision: 1.4 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"Wireshark Multiple Vulnerabilities - July08 (Linux)");
@@ -63,7 +63,7 @@
CVSS Temporal Score : 5.3
Risk factor : High";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_mult_vuln_sept08_lin_900213.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/09/09
#
-# Revision: 1.1
+# Revision: 1.2
#
# Log: veerendragg
# Issue #0172
@@ -49,13 +49,13 @@
script_bugtraq_id(31009);
script_cve_id("CVE-2008-3146", "CVE-2008-3932", "CVE-2008-3933");
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.2 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Denial of Service");
script_name(english:"Wireshark Multiple Vulnerabilities - Sept08 (Linux)");
script_summary(english:"Check for vulnerable version of Wireshark/Ethereal");
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_code_exe_dos_vuln_900111.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -70,7 +70,7 @@
CVSS Temporal Score : 5.3
Risk factor : High";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
+ script_dependencies("gather-package-list.nasl");
script_require_keys("ssh/login/uname");
exit(0);
}
Modified: trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/secpod_xine-lib_mult_vuln_aug08_900041.nasl 2008-09-12 11:22:38 UTC (rev 1337)
@@ -6,7 +6,7 @@
#
# Date Written: 2008/08/26
#
-# Revision: 1.1
+# Revision: 1.3
#
# Log: schandan
# Issue #0145
@@ -25,9 +25,9 @@
if(description)
{
- script_id(900111);
+ script_id(900041);
script_copyright(english:"Copyright (C) 2008 SecPod");
- script_version("Revision: 1.1 ");
+ script_version("Revision: 1.3 ");
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_name(english:"xine-lib Multiple Vulnerabilities (Aug-08)");
@@ -63,23 +63,23 @@
CVSS Temporal Score : 5.8
Risk factor : Medium";
script_description(english:desc["english"]);
- script_dependencies("secpod_ssh_sys_info.nasl");
- script_require_keys("Host/uname");
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/uname");
exit(0);
}
include("ssh_func.inc");
- if("Linux" >!< get_kb_item("Host/uname")){
+ if("Linux" >!< get_kb_item("ssh/login/uname")){
exit(0);
}
- foreach item (get_kb_list("Host/*/rpm-list"))
+ foreach item (get_kb_list("ssh/*/rpms"))
{
if("xine" >< item)
{
- if(egrep(pattern:"(libxine(1)?|xine-lib)-(0\..*|1\.(0\..*|" +
+ if(egrep(pattern:"(libxine(1)?|xine-lib)~(0\..*|1\.(0\..*|" +
"1(\.0?[0-9]|\.1[0-5])?))[^.0-9]", string:item))
{
security_warning(0);
Modified: trunk/openvas-plugins/scripts/telnet_func.inc
===================================================================
--- trunk/openvas-plugins/scripts/telnet_func.inc 2008-09-12 10:28:31 UTC (rev 1336)
+++ trunk/openvas-plugins/scripts/telnet_func.inc 2008-09-12 11:22:38 UTC (rev 1337)
@@ -3,6 +3,14 @@
# (C) 2002 Michel Arboi <arboi at alussinan.org>
# $Revision: 1.8 $
+OPT_WILL = 0xfb;
+OPT_WONT = 0xfc;
+OPT_DO = 0xfd;
+OPT_DONT = 0xfe;
+
+OPT_SUBOPT = 0xfa;
+OPT_ENDSUBOPT = 0xf0;
+
function get_telnet_banner(port)
{
local_var sb, banner, soc;
@@ -12,23 +20,68 @@
soc = open_sock_tcp(port);
if(!soc) return (0);
- banner = telnet_init(soc);
+ banner = telnet_negotiate(socket:soc);
close(soc);
if(strlen(banner)){
if ( defined_func("replace_kb_item") )
- replace_kb_item(name: sb, value: banner);
+ replace_kb_item(name: sb, value: str_replace(find:raw_string(0), replace:'', string:banner));
else
- set_kb_item(name: sb, value: banner);
+ set_kb_item(name: sb, value: str_replace(find:raw_string(0), replace:'', string:banner));
}
return(banner);
}
+
+function telnet_negotiate(socket)
+{
+ local_var opt, code, s, counter, counter2, buf, prev;
+
+ counter = 0;
+
+ while ( TRUE )
+ {
+ s = recv(socket:socket, length:1, timeout:3);
+ if ( !strlen(s) ) break;
+ if ( ord(s[0]) != 0xff) buf += s;
+ else {
+ counter ++;
+ s = recv(socket:socket, length:2);
+
+ if ( ord(s[0]) == OPT_DO ) send(socket:socket,data:raw_string(0xff, OPT_WONT) + s[1]);
+ if ( ord(s[0]) == OPT_WILL ) send(socket:socket,data:raw_string(0xff, OPT_DONT) + s[1]);
+ if ( ord(s[0]) == OPT_SUBOPT )
+ {
+ # The remote telnet server is autistic :/
+ prev = recv(socket:socket, length:1);
+ counter2 = 0;
+ while ( ord(prev) != 0xff && ord(s[0]) != OPT_ENDSUBOPT )
+ {
+ prev = s;
+ # No timeout - the answer is supposed to be cached
+ s = recv(socket:socket, length:1, timeout:0);
+ if ( ! strlen(s) ) return buf;
+ counter2++;
+ if ( counter2 >= 100 ) return buf;
+ }
+ }
+
+ # Not necessary and may introduce endless loops
+ #if ( ord(s[0]) == OPT_DONT ) send(socket:socket,data:raw_string(0xff, OPT_WONT) + s[1]);
+ #if ( ord(s[0]) == OPT_WONT ) send(socket:socket,data:raw_string(0xff, OPT_DONT) + s[1]);
+ }
+ if ( counter >= 100 || strlen(buf) >= 4096 ) break;
+ }
+
+
+ return buf;
+}
+
function set_telnet_banner(port, banner)
{
local_var sb;
sb = string("telnet/banner/", port);
if ( defined_func("replace_kb_item") )
- replace_kb_item(name: sb, value: banner);
+ replace_kb_item(name: sb, value: str_replace(find:raw_string(0), replace:'', string:banner));
else
- set_kb_item(name: sb, value: banner);
+ set_kb_item(name: sb, value: str_replace(find:raw_string(0), replace:'', string:banner));
}
More information about the Openvas-commits
mailing list