[Openvas-commits] r1353 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed Sep 17 04:23:17 CEST 2008


Author: reinke
Date: 2008-09-17 04:23:15 +0200 (Wed, 17 Sep 2008)
New Revision: 1353

Added:
   trunk/openvas-plugins/scripts/deb_1627_2.nasl
   trunk/openvas-plugins/scripts/deb_1632_1.nasl
   trunk/openvas-plugins/scripts/deb_1633_1.nasl
   trunk/openvas-plugins/scripts/deb_1634_1.nasl
   trunk/openvas-plugins/scripts/deb_1635_1.nasl
   trunk/openvas-plugins/scripts/deb_1636_1.nasl
   trunk/openvas-plugins/scripts/deb_1637_1.nasl
   trunk/openvas-plugins/scripts/freebsd_clamav15.nasl
   trunk/openvas-plugins/scripts/freebsd_horde-base.nasl
   trunk/openvas-plugins/scripts/freebsd_mysql-server14.nasl
   trunk/openvas-plugins/scripts/freebsd_neon28.nasl
   trunk/openvas-plugins/scripts/freebsd_python24.nasl
   trunk/openvas-plugins/scripts/freebsd_rubygem-rails2.nasl
   trunk/openvas-plugins/scripts/freebsd_twiki1.nasl
   trunk/openvas-plugins/scripts/freebsd_wordpress7.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
New scripts added

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/ChangeLog	2008-09-17 02:23:15 UTC (rev 1353)
@@ -1,3 +1,12 @@
+2008-09-16  Thomas Reinke <reinke at securityspace.com>
+	* deb_1627_2.nasl deb_1632_1.nasl deb_1633_1.nasl
+	  deb_1634_1.nasl deb_1635_1.nasl deb_1636_1.nasl
+	  deb_1637_1.nasl freebsd_clamav15.nasl freebsd_horde-base.nasl
+	  freebsd_mysql-server14.nasl freebsd_neon28.nasl
+	  freebsd_python24.nasl freebsd_rubygem-rails2.nasl
+	  freebsd_twiki1.nasl freebsd_wordpress7.nasl
+	  New scripts
+
 2008-09-15 Tim Brown <timb at nth-dimension.org.uk>
 
 	* scripts/ike-scan.nasl: Fixes typo in previous fix.

Added: trunk/openvas-plugins/scripts/deb_1627_2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1627_2.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/deb_1627_2.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,120 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1627-2 (opensc)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61590);
+ script_cve_id("CVE-2008-2235");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1627-2 (opensc)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to opensc
+announced via advisory DSA 1627-2.
+
+The previous security update for opensc had a too strict check for
+vulnerable smart cards. It could flag cards as safe even though they may
+be affected. This update corrects that problem. We advise users of the
+smart cards concerned to re-check their card after updating the package,
+following the procedure outlined in the original advisory text below.
+
+Chaskiel M Grundman discovered that opensc, a library and utilities to
+handle smart cards, would initialise smart cards with the Siemens CardOS M4
+card operating system without proper access rights. This allowed everyone
+to change the card's PIN.
+
+With this bug anyone can change a user PIN without having the PIN or PUK
+or the superusers PIN or PUK. However it can not be used to figure out the
+PIN. If the PIN on your card is still the same you always had, there's a
+reasonable chance that this vulnerability has not been exploited.
+
+This vulnerability affects only smart cards and USB crypto tokens based on
+Siemens CardOS M4, and within that group only those that were initialised
+with OpenSC. Users of other smart cards and USB crypto tokens, or cards
+that have been initialised with some software other than OpenSC, are not
+affected.
+
+After upgrading the package, running
+pkcs15-tool -T
+will show you whether the card is fine or vulnerable. If the card is
+vulnerable, you need to update the security setting using:
+pkcs15-tool -T -U
+
+For the stable distribution (etch), this problem has been fixed in
+version 0.11.1-2etch2.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 0.11.4-5.
+
+We recommend that you upgrade your opensc package and check your card(s)
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201627-2
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1627-2 (opensc)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"opensc", ver:"0.11.1-2etch2", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"mozilla-opensc", ver:"0.11.1-2etch2", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libopensc2-dbg", ver:"0.11.1-2etch2", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libopensc2-dev", ver:"0.11.1-2etch2", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libopensc2", ver:"0.11.1-2etch2", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/deb_1632_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1632_1.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/deb_1632_1.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,98 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1632-1 (tiff)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61589);
+ script_cve_id("CVE-2008-2327");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1632-1 (tiff)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to tiff
+announced via advisory DSA 1632-1.
+
+Drew Yao discovered that libTIFF, a library for handling the Tagged Image
+File Format, is vulnerable to a programming error allowing malformed
+tiff files to lead to a crash or execution of arbitrary code.
+
+For the stable distribution (etch), this problem has been fixed in
+version 3.8.2-7+etch1.
+
+For the testing distribution (lenny), this problem has been fixed in
+version 3.8.2-10+lenny1.
+
+The unstable distribution (sid) will be fixed soon.
+
+We recommend that you upgrade your tiff package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201632-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1632-1 (tiff)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"libtiff4", ver:"3.8.2-7+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libtiff4-dev", ver:"3.8.2-7+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libtiffxx0c2", ver:"3.8.2-7+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libtiff-opengl", ver:"3.8.2-7+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libtiff-tools", ver:"3.8.2-7+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/deb_1633_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1633_1.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/deb_1633_1.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,85 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1633-1 (slash)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61591);
+ script_cve_id("CVE-2008-2231", "CVE-2008-2553");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1633-1 (slash)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to slash
+announced via advisory DSA 1633-1.
+
+It has been discovered that Slash, the Slashdot Like Automated
+Storytelling Homepage suffers from two vulnerabilities related to
+insufficient input sanitation, leading to execution of SQL commands
+(CVE-2008-2231) and cross-site scripting (CVE-2008-2553).
+
+For the stable distribution (etch), these problems have been fixed in
+version 2.2.6-8etch1.
+
+In the unstable distribution (sid), the slash package is currently
+uninstallable and will be removed soon.
+
+We recommend that you upgrade your slash package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201633-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1633-1 (slash)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"slash", ver:"2.2.6-8etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/deb_1634_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1634_1.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/deb_1634_1.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,96 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1634-1 (wordnet)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61592);
+ script_cve_id("CVE-2008-2149");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1634-1 (wordnet)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to wordnet
+announced via advisory DSA 1634-1.
+
+Rob Holland discovered several programming errors in WordNet, an
+electronic lexical database of the English language. These flaws could
+allow arbitrary code execution when used with untrusted input, for
+example when WordNet is in use as a back end for a web application.
+
+For the stable distribution (etch), these problems have been fixed in
+version 1:2.1-4+etch1.
+
+For the testing distribution (lenny), these problems have been fixed in
+version 1:3.0-11+lenny1.
+
+For the unstable distribution (sid), these problems will be fixed soon.
+
+We recommend that you upgrade your wordnet package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201634-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1634-1 (wordnet)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"wordnet-sense-index", ver:"2.1-4+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"wordnet-base", ver:"2.1-4+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"wordnet-dev", ver:"2.1-4+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"wordnet", ver:"2.1-4+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/deb_1635_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1635_1.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/deb_1635_1.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,109 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1635-1 (freetype)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61593);
+ script_cve_id("CVE-2008-1806", "CVE-2008-1807", "CVE-2008-1808");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1635-1 (freetype)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to freetype
+announced via advisory DSA 1635-1.
+
+Several local vulnerabilities have been discovered in freetype,
+a FreeType 2 font engine, which could allow the execution of arbitrary
+code.
+
+The Common Vulnerabilities and Exposures project identifies the
+following problems:
+
+CVE-2008-1806
+An integer overflow allows context-dependent attackers to execute
+arbitrary code via a crafted set of values within the Private
+dictionary table in a Printer Font Binary (PFB) file.
+
+CVE-2008-1807
+The handling of an invalid number of axes field in the PFB file could
+trigger the freeing of aribtrary memory locations, leading to
+memory corruption.
+
+CVE-2008-1808
+Multiple off-by-one errors allowed the execution of arbitrary code
+via malformed tables in PFB files, or invalid SHC instructions in
+TTF files.
+
+
+For the stable distribution (etch), these problems have been fixed in version
+2.2.1-5+etch3.
+
+For the unstable distribution (sid), these problems have been fixed in
+version 2.3.6-1.
+
+We recommend that you upgrade your freetype package.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201635-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1635-1 (freetype)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"freetype2-demos", ver:"2.2.1-5+etch3", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libfreetype6-dev", ver:"2.2.1-5+etch3", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"libfreetype6", ver:"2.2.1-5+etch3", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/deb_1636_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1636_1.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/deb_1636_1.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,323 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1636-1 (linux-2.6.24)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61594);
+ script_cve_id("CVE-2008-3272", "CVE-2008-3275", "CVE-2008-3276", "CVE-2008-3526", "CVE-2008-3534", "CVE-2008-3535", "CVE-2008-3792", "CVE-2008-3915");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1636-1 (linux-2.6.24)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to linux-2.6.24
+announced via advisory DSA 1636-1.
+
+For details on the issues addressed with this update,
+please visit the referenced advisories.
+
+For the stable distribution (etch), these problems have been fixed in
+version 2.6.24-6~etchnhalf.5.
+
+We recommend that you upgrade your linux-2.6.24 packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201636-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1636-1 (linux-2.6.24)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"linux-tree-2.6.24", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-doc-2.6.24", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-source-2.6.24", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-patch-debian-2.6.24", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-manual-2.6.24", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-support-2.6.24-etchnhalf.1", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-generic", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-common", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-alpha-legacy", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-legacy", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-alpha", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-generic", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-alpha-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-amd64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-amd64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-amd64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-ixp4xx", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-footbridge", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-iop32x", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-ixp4xx", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-footbridge", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-arm", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-iop32x", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-hppa", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-parisc64-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-parisc64-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-686", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-686-bigmem", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-686-bigmem", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-686", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-i386", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-486", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-486", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-ia64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-itanium", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-mckinley", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-itanium", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-mckinley", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sb1a-bcm91480b", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-r5k-ip32", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-r4k-ip22", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-r4k-ip22", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-r5k-ip32", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-4kc-malta", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-5kc-malta", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sb1-bcm91250a", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-5kc-malta", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-mips", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sb1-bcm91250a", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sb1a-bcm91480b", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-4kc-malta", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-r5k-cobalt", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-mipsel", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-r5k-cobalt", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-powerpc", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-powerpc", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-powerpc-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-powerpc-miboot", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-powerpc64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-powerpc-miboot", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-powerpc-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-powerpc64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-powerpc", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-s390", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-s390x", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-s390x", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-s390", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-s390-tape", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-s390", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sparc64-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sparc64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-sparc64", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-headers-2.6.24-etchnhalf.1-all-sparc", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"linux-image-2.6.24-etchnhalf.1-sparc64-smp", ver:"2.6.24-6~etchnhalf.5", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/deb_1637_1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/deb_1637_1.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/deb_1637_1.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,113 @@
+# OpenVAS Vulnerability Test
+# $Id$
+# Description: Auto-generated from advisory DSA 1637-1 (git-core)
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisory, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61595);
+ script_cve_id("CVE-2008-3546");
+ script_version ("$");
+ name["english"] = "Debian Security Advisory DSA 1637-1 (git-core)";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to git-core
+announced via advisory DSA 1637-1.
+
+Multiple vulnerabilities have been identified in git-core, the core of
+the git distributed revision control system.  Improper path length
+limitations in git's diff and grep functions, in combination with
+maliciously crafted repositories or changes, could enable a stack
+buffer overflow and potentially the execution of arbitrary code.
+
+The Common Vulnerabilities and Exposures project identifies this
+vulnerabilitiy as CVE-2008-3546.
+
+For the stable distribution (etch), this problem has been fixed in
+version 1.4.4.4-2.1+etch1.
+
+For the unstable distribution (sid), this problem has been fixed in
+version 1.5.6.5-1.
+
+We recommend that you upgrade your git-core packages.
+
+Solution:
+https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201637-1
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "Debian Security Advisory DSA 1637-1 (git-core)";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "Debian Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/packages");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-deb.inc");
+vuln = 0;
+if(isdpkgvuln(pkg:"git-arch", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"git-cvs", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"git-email", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"gitweb", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"git-daemon-run", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"git-doc", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"git-svn", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"gitk", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+if(isdpkgvuln(pkg:"git-core", ver:"1.4.4.4-2.1+etch1", rls:"DEB4.0")) {
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_clamav15.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_clamav15.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/freebsd_clamav15.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,94 @@
+#
+#VID da5c4072-8082-11dd-9c8c-001c2514716c
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID da5c4072-8082-11dd-9c8c-001c2514716c
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61615);
+ script_cve_id("CVE-2008-1389");
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: clamav";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following packages are affected:
+   clamav
+   clamav-devel
+
+CVE-2008-1389
+libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows
+remote attackers to cause a denial of service (application crash) via
+a malformed CHM file, related to an 'invalid memory access.'
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089
+http://www.vuxml.org/freebsd/da5c4072-8082-11dd-9c8c-001c2514716c.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: clamav";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"clamav");
+if(!isnull(bver) && revcomp(a:bver, b:"0.94")<0) {
+    security_note(0, data:"Package clamav version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"clamav-devel");
+if(!isnull(bver) && ssvercheck(a:bver, b:"20080902")<0) {
+    security_note(0, data:"Package clamav-devel version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_horde-base.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_horde-base.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/freebsd_horde-base.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,83 @@
+#
+#VID 7d239578-7ff2-11dd-8de5-0030843d3802
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 7d239578-7ff2-11dd-8de5-0030843d3802
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61616);
+ script_cve_id("CVE-2008-3823", "CVE-2008-3824");
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: horde-base";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: horde-base
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://secunia.com/advisories/31842/
+http://lists.horde.org/archives/announce/2008/000429.html
+http://www.vuxml.org/freebsd/7d239578-7ff2-11dd-8de5-0030843d3802.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: horde-base";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"horde-base");
+if(!isnull(bver) && revcomp(a:bver, b:"3.2.2")<0) {
+    security_note(0, data:"Package horde-base version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_mysql-server14.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_mysql-server14.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/freebsd_mysql-server14.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,101 @@
+#
+#VID 388d9ee4-7f22-11dd-a66a-0019666436c2
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 388d9ee4-7f22-11dd-a66a-0019666436c2
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61618);
+ script_cve_id("CVE-2008-2079");
+ script_bugtraq_id(29106);
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: mysql-server";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: mysql-server
+
+CVE-2008-2079
+MySQL 4.1.x before 4.1.24, 5.0.x before 5.0.60, 5.1.x before 5.1.24,
+and 6.0.x before 6.0.5 allows local users to bypass certain privilege
+checks by calling CREATE TABLE on a MyISAM table with modified (1)
+DATA DIRECTORY or (2) INDEX DIRECTORY arguments that are within the
+MySQL home data directory, which can point to tables that are created
+in the future.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: mysql-server";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"mysql-server");
+if(!isnull(bver) && revcomp(a:bver, b:"6.0")>=0 && revcomp(a:bver, b:"6.0.5")<0) {
+    security_note(0, data:"Package mysql-server version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+if(!isnull(bver) && revcomp(a:bver, b:"5.1")>=0 && revcomp(a:bver, b:"5.1.24")<0) {
+    security_note(0, data:"Package mysql-server version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+if(!isnull(bver) && revcomp(a:bver, b:"5.0")>=0 && revcomp(a:bver, b:"5.0.67")<0) {
+    security_note(0, data:"Package mysql-server version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+if(!isnull(bver) && revcomp(a:bver, b:"4.1")>=0 && revcomp(a:bver, b:"5.0")<0) {
+    security_note(0, data:"Package mysql-server version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_neon28.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_neon28.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/freebsd_neon28.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,90 @@
+#
+#VID 755fa519-80a9-11dd-8de5-0030843d3802
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 755fa519-80a9-11dd-8de5-0030843d3802
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61614);
+ script_cve_id("CVE-2008-3746");
+ script_bugtraq_id(30710);
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: neon28";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: neon28
+
+CVE-2008-3746
+neon 0.28.0 through 0.28.2 allows remote servers to cause a denial of
+service (NULL pointer dereference and crash) via vectors related to
+Digest authentication, Digest domain parameter support, and the
+parse_domain function.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476571
+http://lists.manyfish.co.uk/pipermail/neon/2008-August/000040.html
+http://www.vuxml.org/freebsd/755fa519-80a9-11dd-8de5-0030843d3802.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: neon28";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"neon28");
+if(!isnull(bver) && revcomp(a:bver, b:"0.28.3")<0) {
+    security_note(0, data:"Package neon28 version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_python24.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_python24.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/freebsd_python24.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,128 @@
+#
+#VID 0dccaa28-7f3c-11dd-8de5-0030843d3802
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 0dccaa28-7f3c-11dd-8de5-0030843d3802
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61617);
+ script_cve_id("CVE-2008-2315", "CVE-2008-2316", "CVE-2008-3142", "CVE-2008-3144");
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: python24";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following packages are affected:
+   python24
+   python25
+   python23
+
+CVE-2008-2315
+Multiple integer overflows in Python 2.5.2 and earlier allow
+context-dependent attackers to have an unknown impact via vectors
+related to the (1) stringobject, (2) unicodeobject, (3) bufferobject,
+(4) longobject, (5) tupleobject, (6) stropmodule, (7) gcmodule, and
+(8) mmapmodule modules.
+CVE-2008-2316
+Integer overflow in _hashopenssl.c in the hashlib module in Python
+2.5.2 and earlier might allow context-dependent attackers to defeat
+cryptographic digests, related to 'partial hashlib hashing of data
+exceeding 4GB.'
+CVE-2008-3142
+Multiple buffer overflows in Python 2.5.2 and earlier on 32bit
+platforms allow context-dependent attackers to cause a denial of
+service (crash) or have unspecified other impact via a long string
+that leads to incorrect memory allocation during Unicode string
+processing, related to the unicode_resize function and the
+PyMem_RESIZE macro.
+CVE-2008-3144
+Multiple integer overflows in the PyOS_vsnprintf function in
+Python/mysnprintf.c in Python 2.5.2 and earlier allow
+context-dependent attackers to cause a denial of service (memory
+corruption) or have unspecified other impact via crafted input to
+string formatting operations.  NOTE: the handling of certain integer
+values is also affected by related integer underflows and an
+off-by-one error.
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://bugs.python.org/issue2620
+http://bugs.python.org/issue2588
+http://bugs.python.org/issue2589
+http://secunia.com/advisories/31305
+http://mail.python.org/pipermail/python-checkins/2008-July/072276.html
+http://mail.python.org/pipermail/python-checkins/2008-July/072174.html
+http://mail.python.org/pipermail/python-checkins/2008-June/070481.html
+http://www.vuxml.org/freebsd/0dccaa28-7f3c-11dd-8de5-0030843d3802.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: python24";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"python24");
+if(!isnull(bver) && revcomp(a:bver, b:"2.4.5_2")<0) {
+    security_note(0, data:"Package python24 version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"python25");
+if(!isnull(bver) && revcomp(a:bver, b:"2.5.2_3")<0) {
+    security_note(0, data:"Package python25 version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"python23");
+if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
+    security_note(0, data:"Package python23 version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_rubygem-rails2.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_rubygem-rails2.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/freebsd_rubygem-rails2.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,81 @@
+#
+#VID 8e8b8b94-7f1d-11dd-a66a-0019666436c2
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 8e8b8b94-7f1d-11dd-a66a-0019666436c2
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61619);
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: rubygem-rails";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: rubygem-rails
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://blog.innerewut.de/2008/6/16/why-you-should-upgrade-to-rails-2-1
+http://www.vuxml.org/freebsd/8e8b8b94-7f1d-11dd-a66a-0019666436c2.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: rubygem-rails";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"rubygem-rails");
+if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
+    security_note(0, data:"Package rubygem-rails version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_twiki1.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_twiki1.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/freebsd_twiki1.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,85 @@
+#
+#VID 9227dcaf-827f-11dd-9cd7-0050568452ac
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 9227dcaf-827f-11dd-9cd7-0050568452ac
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61613);
+ script_cve_id("CVE-2008-3195");
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: twiki";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following package is affected: twiki
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195
+http://www.kb.cert.org/vuls/id/362012
+https://inspectit.accessitgroup.com/threats/details.cgi?id=34031
+http://www.nessus.org/plugins/index.php?view=single&id=34031
+http://www.vuxml.org/freebsd/9227dcaf-827f-11dd-9cd7-0050568452ac.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: twiki";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"twiki");
+if(!isnull(bver) && revcomp(a:bver, b:"4.2.3")<0) {
+    security_note(0, data:"Package twiki version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/freebsd_wordpress7.nasl
===================================================================
--- trunk/openvas-plugins/scripts/freebsd_wordpress7.nasl	2008-09-16 14:15:28 UTC (rev 1352)
+++ trunk/openvas-plugins/scripts/freebsd_wordpress7.nasl	2008-09-17 02:23:15 UTC (rev 1353)
@@ -0,0 +1,101 @@
+#
+#VID 884fced7-7f1c-11dd-a66a-0019666436c2
+# OpenVAS Vulnerability Test
+# $
+# Description: Auto generated from VID 884fced7-7f1c-11dd-a66a-0019666436c2
+#
+# Authors:
+# Thomas Reinke <reinke at securityspace.com>
+#
+# Copyright:
+# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
+# Text descriptions are largely excerpted from the referenced
+# advisories, and are Copyright (c) the respective author(s)
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2,
+# as published by the Free Software Foundation
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+#
+
+if(description)
+{
+ script_id(61620);
+ script_bugtraq_id(31068);
+ script_version ("$");
+ name["english"] = "FreeBSD Ports: wordpress, de-wordpress";
+ script_name(english:name["english"]);
+
+ desc["english"] = "
+The remote host is missing an update to the system
+as announced in the referenced advisory.
+
+The following packages are affected:
+   wordpress
+   de-wordpress
+   wordpress-mu
+   zh-wordpress
+
+Solution:
+Update your system with the appropriate patches or
+software upgrades.
+
+http://wordpress.org/development/2008/09/wordpress-262/
+http://www.vuxml.org/freebsd/884fced7-7f1c-11dd-a66a-0019666436c2.html
+
+Risk factor : High";
+
+ script_description(english:desc["english"]);
+
+ summary["english"] = "FreeBSD Ports: wordpress, de-wordpress";
+ script_summary(english:summary["english"]);
+
+ script_category(ACT_GATHER_INFO);
+
+ script_copyright(english:"Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com");
+ family["english"] = "FreeBSD Local Security Checks";
+ script_family(english:family["english"]);
+ script_dependencies("gather-package-list.nasl");
+ script_require_keys("ssh/login/freebsdrel");
+ exit(0);
+}
+
+#
+# The script code starts here
+#
+
+include("revisions-lib.inc");
+include("pkg-lib-bsd.inc");
+vuln = 0;
+bver = portver(pkg:"wordpress");
+if(!isnull(bver) && revcomp(a:bver, b:"2.6.2")<0) {
+    security_note(0, data:"Package wordpress version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"de-wordpress");
+if(!isnull(bver) && revcomp(a:bver, b:"2.6.2")<0) {
+    security_note(0, data:"Package de-wordpress version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"wordpress-mu");
+if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
+    security_note(0, data:"Package wordpress-mu version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+bver = portver(pkg:"zh-wordpress");
+if(!isnull(bver) && revcomp(a:bver, b:"0")>0) {
+    security_note(0, data:"Package zh-wordpress version " + bver + " is installed which is known to be vulnerable.");
+    vuln = 1;
+}
+
+if(vuln) {
+    security_hole(0);
+}



More information about the Openvas-commits mailing list