[Openvas-commits] r1466 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Sep 29 16:48:07 CEST 2008
Author: chandra
Date: 2008-09-29 16:48:05 +0200 (Mon, 29 Sep 2008)
New Revision: 1466
Added:
trunk/openvas-plugins/scripts/gb_ms08-031.nasl
trunk/openvas-plugins/scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl
trunk/openvas-plugins/scripts/secpod_ie_supersede.inc
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_vmware_prdts_detect_win.nasl
trunk/openvas-plugins/scripts/gb_vmware_prdts_prv_esc_vuln.nasl
Log:
Added new plugins and fixed issues
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2008-09-29 13:30:07 UTC (rev 1465)
+++ trunk/openvas-plugins/ChangeLog 2008-09-29 14:48:05 UTC (rev 1466)
@@ -1,3 +1,13 @@
+2008-09-29 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gb_vmware_prdts_prv_esc_vuln.nasl,
+ scripts/gb_vmware_prdts_detect_win.nasl:
+ Updated to fix the issues and included a new CVE
+
+ * scripts/gb_ms08-031.nasl,
+ scripts/secpod_ie_supersede.inc,
+ scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl:
+ Added new plugins
+
2008-09-28 Thomas Reinke <reinke at securityspace.com>
* corrected freebsd scripts variable error introduced
when converting from proprietary function names to
Added: trunk/openvas-plugins/scripts/gb_ms08-031.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms08-031.nasl 2008-09-29 13:30:07 UTC (rev 1465)
+++ trunk/openvas-plugins/scripts/gb_ms08-031.nasl 2008-09-29 14:48:05 UTC (rev 1466)
@@ -0,0 +1,294 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms08-031.nasl 0289 29 11:44:09Z sep $
+#
+# Cumulative Security Update for Internet Explorer (950759)
+#
+# Authors:
+# Veerendra GG <veerendragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800103);
+ script_version("$Revision: 1.1 $");
+ script_cve_id("CVE-2008-1442","CVE-2008-1544");
+ script_bugtraq_id(28379, 29556);
+ script_xref(name:"CB-A", value:"08-0096");
+ script_name(english:"Cumulative Security Update for Internet Explorer (950759)");
+ desc["english"] = "
+
+ Overview : This host has Microsoft Internet Explorer installed, which is
+ prone to HTTP request splitting/smuggling and HTML Objects Memory Corruption
+ Vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to,
+ - a memory corruption error while processing a Web page that contains certain
+ unexpected method calls to HTML objects.
+ - failure of setRequestHeader method of the XMLHttpRequest object to block
+ dangerous HTTP request headers when certain 8-bit character sequences are
+ appended to a header name.
+
+ Impact:
+ Successful exploitation allow remote attackers to execute arbitrary
+ code by tricking user into visiting a specially crafted web page and to read
+ data from a Web page in another domain in Internet Explorer. Attackers can
+ use above issues to poison web caches, steal credentials, launch cross-site
+ scripting, HTML-injection, and session-hijacking attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft Internet Explorer 5.01 & 6 SP1 for Microsoft Windows 2000
+ Microsoft Internet Explorer 6 for Microsoft Windows 2003 and XP
+ Microsoft Internet Explorer 7 for Microsoft Windows 2003 and XP
+
+ Fix:
+ Run Windows Update and update the listed hotfixes or download and
+ update mentioned hotfixes in the advisory from the below link.
+ http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
+
+ References:
+ http://secunia.com/advisories/30575
+ http://secunia.com/advisories/29453
+ http://www.frsirt.com/english/advisories/2008/0980
+ http://www.frsirt.com/english/advisories/2008/1778
+ http://www.microsoft.com/technet/security/bulletin/ms08-031.mspx
+
+ CVSS Score :
+ CVSS Base Score : 8.3 (AV:N/AC:M/Au:NR/C:P/I:P/A:C)
+ CVSS Temporal Score : 6.1
+ Risk factor : High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Internet Explorer");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Windows");
+ script_dependencies("secpod_reg_enum.nasl");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("secpod_smb_func.inc");
+include("secpod_ie_supersede.inc");
+
+# Check the hotfix applicability to each OS
+if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){
+ exit(0);
+}
+
+
+function Get_FileVersion()
+{
+ sysFile = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+ item:"Install Path");
+ if(!sysFile){
+ exit(0);
+ }
+
+ sysFile += "\mshtml.dll";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sysFile);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:sysFile);
+
+ soc = open_sock_tcp(port);
+ if(!soc){
+ exit(0);
+ }
+
+ r = smb_session_request(soc:soc, remote:name);
+ if(!r)
+ {
+ close(soc);
+ exit(0);
+ }
+
+ prot = smb_neg_prot(soc:soc);
+ if(!prot)
+ {
+ close(soc);
+ exit(0);
+ }
+
+ r = smb_session_setup(soc:soc, login:login, password:pass,
+ domain:domain, prot:prot);
+ if(!r)
+ {
+ close(soc);
+ exit(0);
+ }
+
+ uid = session_extract_uid(reply:r);
+ r = smb_tconx(soc:soc, name:name, uid:uid, share:share);
+
+ tid = tconx_extract_tid(reply:r);
+ if(!tid)
+ {
+ close(soc);
+ exit(0);
+ }
+
+ fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);
+ if(!fid)
+ {
+ close(soc);
+ exit(0);
+ }
+
+ v = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid, verstr:"prod",
+ offset:2000000);
+ close(soc);
+ return v;
+}
+
+ieVer = registry_get_sz(key:"SOFTWARE\Microsoft\Internet Explorer",
+ item:"Version");
+if(!ieVer){
+ ieVer = registry_get_sz(item:"IE",
+ key:"SOFTWARE\Microsoft\Internet Explorer\Version Vector");
+}
+
+if(!ieVer){
+ exit(0);
+}
+
+# Supersede check for MS08-045 and later
+if(ie_latest_hotfix_update(bulletin:"MS08-031")){
+ exit(0);
+}
+
+# MS08-031 Hotfix check
+if(hotfix_missing(name:"950759") == 0){
+ exit(0);
+}
+
+vers = Get_FileVersion();
+if(vers == NULL){
+ exit(0);
+}
+
+if(hotfix_check_sp(win2k:5) > 0)
+{
+ # Check for IE version 5
+ if(ereg(pattern:"^5\..*", string:ieVer))
+ {
+ if(ereg(pattern:"(5\.00\.(([0-2]?[0-9]?[0-9]?[0-9]|3?([0-7][0-9][0-9]" +
+ "|8([0-5][0-9]|6[0-3])))(\..*)|3864\.(0?[0-9]?[0-9]?" +
+ "[0-9]|1[0-7][0-9][0-9])))$", string:vers)){
+ security_hole(get_kb_item("SMB/transport"));
+ }
+ exit(0);
+ }
+
+ # Check for IE version 6
+ if(ereg(pattern:"^6\..*", string:ieVer))
+ {
+ if(ereg(pattern:"(6\.00\.(([01]?[0-9]?[0-9]?[0-9]|2([0-7][0-9][0-9]" +
+ "))(\..*)|2800\.(0?[0-9]?[0-9]?[0-9]|1([0-5][0-9]" +
+ "[0-9]|6(0[0-9]|10)))))$", string:vers)){
+ security_hole(get_kb_item("SMB/transport"));
+ }
+ exit(0);
+ }
+}
+
+if(hotfix_check_sp(xp:4) > 0)
+{
+ SP = get_kb_item("SMB/WinXP/ServicePack");
+ #Check for IE version 6
+ if(ereg(pattern:"^6\..*", string:ieVer))
+ {
+ if("Service Pack 2" >< SP)
+ {
+ if(ereg(pattern:"(6\.00\.(([01]?[0-9]?[0-9]?[0-9]|2([0-8][0-9]" +
+ "[0-9]))(\..*)|2900\.([0-2]?[0-9]?[0-9]?[0-9]|3(" +
+ "[0-2][0-9][0-9]|3([0-4][0-9]|5[0-3])))))$",
+ string:vers)){
+ security_hole(get_kb_item("SMB/transport"));
+ }
+ exit(0);
+ }
+ if("Service Pack 3" >< SP)
+ {
+ if(ereg(pattern:"(6\.00\.(([01]?[0-9?[0-9]?[0-9]|2[0-8][0-9][0-9]" +
+ ")(\..*)|2900\.([0-4]?[0-9]?[0-9]?[0-9]|5([0-4]" +
+ "[0-9][0-9]|5([0-7][0-9]|8[0-2])))))$",
+ string:vers)){
+ security_hole(get_kb_item("SMB/transport"));
+ }
+ exit(0);
+ }
+ }
+
+ # Check for IE version 7
+ if(ereg(pattern:"^7\..*", string:ieVer))
+ {
+ if(ereg(pattern:"(7\.00\.([0-5]?[0-9]?[0-9]?[0-9]\..*|6000\.(0?[0-9]?" +
+ "[0-9]?[0-9]?[0-9]|1([0-5][0-9][0-9][0-9]|6([0-5]" +
+ "[0-9][0-9]|6([0-6][0-9]|7[0-3]))))))$",
+ string:vers)){
+ security_hole(get_kb_item("SMB/transport"));
+ }
+ exit(0);
+ }
+}
+
+if(hotfix_check_sp(win2003:3) > 0)
+{
+ SP = get_kb_item("SMB/Win2003/ServicePack");
+ #Check for IE version 6
+ if(ereg(pattern:"^6\..*", string:ieVer))
+ {
+ if("Service Pack 2" >< SP)
+ {
+ if(ereg(pattern:"(6\.00\.(([0-2]?[0-9]?[0-9][0-9]|3([0-6][0-9][0-9]" +
+ "|7[0-8][0-9]))(\..*)|3790\.([0-3]?[0-9]?[0-9]?[0-9]" +
+ "|4([01][0-9][0-9]|2([0-6][0-9]|7[0-4])))))$",
+ string:vers)){
+ security_hole(get_kb_item("SMB/transport"));
+ }
+ exit(0);
+ }
+ if("Service Pack 1" >< SP)
+ {
+ if(ereg(pattern:"(6\.00\.(([0-2]?[0-9]?[0-9]?[0-9]|3([0-6][0-9]" +
+ "[0-9]|7[0-8][0-9]))(\..*)|3790\.([0-2]?[0-9]?" +
+ "[0-9]?[0-9]|3(0[0-9][0-9]|1([01][0-9]|2[0-2]" +
+ ")))))$", string:vers)){
+ security_hole(get_kb_item("SMB/transport"));
+ }
+ exit(0);
+ }
+ }
+
+ #Check for IE version 7
+ if(ereg(pattern:"^7\..*", string:ieVer))
+ {
+ if(ereg(pattern:"(7\.00\.([0-5]?[0-9]?[0-9]?[0-9]\..*|6000\.(0?[0-9]?" +
+ "[0-9]?[0-9]?[0-9]|1([0-5][0-9][0-9][0-9]|6([0-5]" +
+ "[0-9][0-9]|6([0-6][0-9]|7[0-3]))))))$",
+ string:vers)){
+ security_hole(get_kb_item("SMB/transport"));
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ms08-031.nasl
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/openvas-plugins/scripts/gb_vmware_prdts_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_prdts_detect_win.nasl 2008-09-29 13:30:07 UTC (rev 1465)
+++ trunk/openvas-plugins/scripts/gb_vmware_prdts_detect_win.nasl 2008-09-29 14:48:05 UTC (rev 1466)
@@ -105,11 +105,6 @@
vmware = split(vmVer, sep:".", keep:0);
vmwareVer = vmware[0] + "." + vmware[1] + "." + vmware[2];
- # Check for strange vmware workstation versions
- if(vmwareBuild == "19175" && vmwareVer == "5.5.0"){
- vmwareVer = "5.5.1";
- }
-
if(vmPath)
{
share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:vmPath);
@@ -117,6 +112,8 @@
string:vmPath + "vmware.exe");
file2 = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
string:vmPath + "vmplayer.exe");
+ file3 = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1",
+ string:vmPath + "vmware-authd.exe");
soc = open_sock_tcp(port);
if(!soc){
@@ -157,14 +154,25 @@
fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file2);
if(!fid)
{
- close(soc);
- exit(0);
+ fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file3);
+ if(!fid)
+ {
+ close(soc);
+ exit(0);
+ }
}
}
- vmwareBuild = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid, verstr:"build-");
+ vmwareBuild = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid, offset:290000,
+ verstr:"build-");
close(soc);
}
+
+ # Check for strange vmware workstation versions
+ if(vmwareBuild == "19175" && vmwareVer == "5.5.0"){
+ vmwareVer = "5.5.1";
+ }
+
product = ereg_replace(pattern:"SOFTWARE\\VMWare, Inc.\\VMWare (.*)",
string:vmKey, replace:"\1", icase:TRUE);
Modified: trunk/openvas-plugins/scripts/gb_vmware_prdts_prv_esc_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_prdts_prv_esc_vuln.nasl 2008-09-29 13:30:07 UTC (rev 1465)
+++ trunk/openvas-plugins/scripts/gb_vmware_prdts_prv_esc_vuln.nasl 2008-09-29 14:48:05 UTC (rev 1466)
@@ -27,7 +27,8 @@
{
script_id(800006);
script_version("$Revision: 1.1 $");
- script_cve_id("CVE-2008-0967");
+ script_cve_id("CVE-2008-0967", "CVE-2008-2100");
+ script_bugtraq_id(29552);
script_xref(name:"CB-A", value:"08-0093");
script_name(english:"VMware Product(s) Local Privilege Escalation Vulnerability");
desc["english"] = "
@@ -39,11 +40,16 @@
Issue is due to local exploitation of an untrusted library path in
vmware-authd.
- Impact : Successful exploitation could result in arbitrary code execution on
- linux based host system by an unprivileged user.
+ VMware VIX API (Application Program Interface) fails to adequately bounds
+ check user supplied input before copying it to insufficient size buffer.
- Local access is required in order to execute the set-uid vmware-authd.
+ Impact : Successful exploitation could result in arbitrary code execution
+ on linux based host system by an unprivileged user and can also crash the
+ application.
+ Local access is required in order to execute the set-uid vmware-authd and
+ Also, vix.inGuest.enable configuration must be set.
+
Impact Level : System
Affected Software/OS:
@@ -68,8 +74,8 @@
http://www.vmware.com/security/advisories/VMSA-2008-0009.html
CVSS Score:
- CVSS Base Score : 4.1 (AV:L/AC:M/Au:SI/C:P/I:P/A:P)
- CVSS Temporal Score : 3.0
+ CVSS Base Score : 6.0 (AV:N/AC:M/Au:SI/C:P/I:P/A:P)
+ CVSS Temporal Score : 4.4
Risk factor : Medium";
script_description(english:desc["english"]);
Added: trunk/openvas-plugins/scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl 2008-09-29 13:30:07 UTC (rev 1465)
+++ trunk/openvas-plugins/scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl 2008-09-29 14:48:05 UTC (rev 1466)
@@ -0,0 +1,141 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_vmware_prdts_vix_api_mult_vuln.nasl 0290 2008-09-29 10:37:44Z sep $
+#
+# VMware VIX API Multiple Buffer Overflow Vulnerabilities (Win)
+#
+# Authors:
+# Chandan S <schandan at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2008 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800007);
+ script_version("$Revision: 1.1 $");
+ script_cve_id("CVE-2008-2100");
+ script_bugtraq_id(29552);
+ script_xref(name:"CB-A", value:"08-0093:");
+ script_name(english:"VMware VIX API Multiple Buffer Overflow Vulnerabilities (Win)");
+ desc["english"] = "
+
+ Overview : The host is installed with VMWare product(s) that are vulnerable
+ to multiple buffer overflow.
+
+ Vulnerability Insight:
+ VMware VIX API (Application Program Interface) fails to adequately bounds
+ check user supplied input before copying it to insufficient size buffer.
+
+ Impact : Successful exploitation allow attackers to execute arbitrary code
+ on the affected system and local user can obtain elevated privileges on the
+ target system.
+
+ Successful exploitation requires that the vix.inGuest.enable configuration
+ value is enabled.
+
+ Impact Level : System
+
+ Affected Software/OS:
+ VMware Player 1.x - before 1.0.7 build 91707 on Windows
+ VMware Player 2.x - before 2.0.4 build 93057 on Windows
+ VMware Server 1.x - before 1.0.6 build 91891 on Windows
+ VMware Workstation 5.x - before 5.5.7 build 91707 on Windows
+ VMware Workstation 6.x - before 6.0.4 build 93057 on Windows
+ VMware ACE 2.x - before 2.0.4 build 93057 on Windows
+
+ Fix:
+ Upgrade VMware Product(s) to below version,
+ VMware Player 1.0.7 build 91707 or 2.0.4 build 93057 or later
+ www.vmware.com/download/player/
+
+ VMware Server 1.0.6 build 91891 or later
+ www.vmware.com/download/server/
+
+ VMware Workstation 5.5.7 build 91707 or 6.0.4 build 93057 or later
+ www.vmware.com/download/ws/
+
+ VMware ACE 2.0.4 build 93057
+ http://www.vmware.com/download/ace/
+
+ References:
+ http://secunia.com/advisories/30556
+ http://www.vmware.com/security/advisories/VMSA-2008-0009.html
+
+ CVSS Score:
+ CVSS Base Score : 6.0 (AV:N/AC:M/Au:SI/C:P/I:P/A:P)
+ CVSS Temporal Score : 4.4
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of VMware Products");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2008 Intevation GmbH");
+ script_family(english:"Misc.");
+ script_dependencies("gb_vmware_prdts_detect_win.nasl");
+ exit(0);
+}
+
+
+if(!get_kb_item("VMware/Win/Installed")){ # Is VMWare installed?
+ exit(0);
+}
+
+# VMware Player
+vmplayerVer = get_kb_item("VMware/Player/Win/Ver");
+if(vmplayerVer)
+{
+ if(ereg(pattern:"^(1\.0(\.[0-6])?|2\.0(\.[0-3])?)$",
+ string:vmplayerVer)){
+ security_warning(0);
+ }
+ exit(0);
+}
+
+# VMware Server
+vmserverVer = get_kb_item("VMware/Server/Win/Ver");
+if(vmserverVer)
+{
+ if(ereg(pattern:"^1\.0(\.[0-5])?$", string:vmserverVer)){
+ security_warning(0);
+ }
+ exit(0);
+}
+
+# VMware Workstation
+vmworkstnVer = get_kb_item("VMware/Workstation/Win/Ver");
+if(vmworkstnVer)
+{
+ if(ereg(pattern:"^(5\.([0-4](\..*)?|5(\.[0-6])?)|6\.0(\.[0-3])?)$",
+ string:vmworkstnVer)){
+ security_warning(0);
+ }
+ exit(0);
+}
+
+# VMware ACE
+vmaceVer = get_kb_item("VMware/ACE/Win/Ver");
+if(!vmaceVer){
+ vmaceVer = get_kb_item("VMware/ACE\Dormant/Win/Ver");
+}
+
+if(vmaceVer)
+{
+ if(ereg(pattern:"^2\.0(\.[0-3])?$", string:vmaceVer)){
+ security_warning(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_vmware_prdts_vix_api_mult_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_ie_supersede.inc
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ie_supersede.inc 2008-09-29 13:30:07 UTC (rev 1465)
+++ trunk/openvas-plugins/scripts/secpod_ie_supersede.inc 2008-09-29 14:48:05 UTC (rev 1466)
@@ -0,0 +1,51 @@
+##############################################################################
+#
+# Internet Explorer Hotfix Supersede check function
+#
+# Copyright: SecPod
+#
+# Date Written: 2008/09/29
+#
+# Revision: 1.0
+#
+# Log: schandan
+# Issue #0289
+# ------------------------------------------------------------------------
+# This program was written by SecPod and is licensed under the GNU GPL
+# license. Please refer to the below link for details,
+# http://www.gnu.org/licenses/gpl.html
+# This header contains information regarding licensing terms under the GPL,
+# and information regarding obtaining source code from the Author.
+# Consequently, pursuant to section 3(c) of the GPL, you must accompany the
+# information found in this header with any distribution you make of this
+# Program.
+# ------------------------------------------------------------------------
+##############################################################################
+
+
+msBulletin = make_list("MS02-005", "MS02-015", "MS02-023", "MS02-047", "MS02-066", "MS02-068", "MS03-004", "MS03-015", "MS03-020", "MS03-032", "MS03-040", "MS03-048", "MS04-004", "MS04-025", "MS04-038", "MS04-040", "MS05-014", "MS05-020", "MS05-025", "MS05-038", "MS05-052", "MS05-054", "MS06-004", "MS06-013", "MS06-021", "MS06-042", "MS06-067", "MS06-072", "MS07-016", "MS07-027", "MS07-033", "MS07-045", "MS07-057", "MS07-069", "MS08-010", "MS08-024", "MS08-031", "MS08-045");
+
+msHotfix = make_list("316059", "319182", "321232", "323759", "328970", "324929", "810847", "813489", "818529", "822925", "828750", "824145", "832894", "867801", "834707", "889293", "867282", "890923", "883939", "896727", "896688", "905915", "910620", "912812", "916281", "918899", "922760", "925454", "928090", "931768", "933566", "937143", "939653", "942615", "944533", "947864", "950759", "953838");
+
+
+function ie_latest_hotfix_update(bulletin)
+{
+ found = FALSE;
+
+ for(i=0; i>=0; i++)
+ {
+ if(isnull(msBulletin[i])){
+ break;
+ }
+ else if(bulletin < msBulletin[i])
+ {
+ tmp = hotfix_missing(name:msHotfix[i]);
+ if(tmp == 0)
+ found = TRUE;
+ }
+ if(found){
+ break;
+ }
+ }
+ return found;
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ie_supersede.inc
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list