[Openvas-commits] r2985 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Apr 2 08:15:34 CEST 2009
Author: chandra
Date: 2009-04-02 08:15:32 +0200 (Thu, 02 Apr 2009)
New Revision: 2985
Added:
trunk/openvas-plugins/scripts/gb_7zip_archive_handling_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_7zip_archive_handling_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl
trunk/openvas-plugins/scripts/gb_7zip_detect_win.nasl
trunk/openvas-plugins/scripts/gb_expressionengine_detect.nasl
trunk/openvas-plugins/scripts/gb_expressionengine_xss_vuln.nasl
trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_detect.nasl
trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_dos_vuln.nasl
trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl
trunk/openvas-plugins/scripts/gb_nullftp_server_site_cmd_exec_vuln.nasl
trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl
trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_win.nasl
trunk/openvas-plugins/scripts/secpod_pplive_code_exe_vuln.nasl
trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl
Modified:
trunk/openvas-plugins/ChangeLog
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/ChangeLog 2009-04-02 06:15:32 UTC (rev 2985)
@@ -1,3 +1,21 @@
+2009-04-02 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gb_justsystems_ichitaro_prdts_detect.nasl,
+ scripts/gb_openssl_mult_vuln_win.nasl,
+ scripts/gb_7zip_archive_handling_vuln_win.nasl,
+ scripts/gb_nullftp_server_detect.nasl,
+ scripts/gb_7zip_detect_win.nasl,
+ scripts/secpod_pplive_code_exe_vuln.nasl,
+ scripts/gb_expressionengine_detect.nasl,
+ scripts/gb_openssl_mult_vuln_lin.nasl,
+ scripts/gb_7zip_archive_handling_vuln_lin.nasl,
+ scripts/gb_openssl_detect_win.nasl,
+ scripts/gb_7zip_detect_lin.nasl,
+ scripts/gb_nullftp_server_site_cmd_exec_vuln.nasl,
+ scripts/secpod_pplive_detect.nasl,
+ scripts/gb_expressionengine_xss_vuln.nasl,
+ scripts/gb_justsystems_ichitaro_prdts_dos_vuln.nasl:
+ Added new plugins
+
2009-04-01 christian Eric Edjenguele <christian.edjenguele at owasp.org>
* script/remote-detect-WindowsSharepointServices.nasl:
Added: trunk/openvas-plugins/scripts/gb_7zip_archive_handling_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_7zip_archive_handling_vuln_lin.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_7zip_archive_handling_vuln_lin.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,84 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_7zip_archive_handling_vuln_lin.nasl 1303 2009-04-01 13:00:29Z apr $
+#
+# 7-Zip Unspecified Archive Handling Vulnerability (Linux)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800256);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-6536");
+ script_bugtraq_id(28285);
+ script_name(english:"7-Zip Unspecified Archive Handling Vulnerability (Linux)");
+ desc["english"] = "
+
+ Overview: This host is installed with 7zip and is prone to Unspecified
+ vulnerability.
+
+ Vulnerability Insight:
+ This flaw occurs due to memory corruption while handling malformed archives.
+
+ Impact:
+ Successful exploitation will let the attacker execute arbitrary code in the
+ affected system and cause denial of service.
+
+ Affected Software/OS:
+ 7zip version prior to 4.57 on Linux
+
+ Fix:
+ Upgrade to 7zip version 4.57
+ http://www.7-zip.org
+
+ References:
+ http://secunia.com/advisories/29434
+ http://www.vupen.com/english/advisories/2008/0914/references
+ http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.4
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of 7zip (Linux)");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Denial of Service");
+ script_dependencies("gb_7zip_detect_lin.nasl");
+ script_require_keys("7zip/Lin/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+zipVer = get_kb_item("7zip/Lin/Ver");
+if(!zipVer){
+ exit(0);
+}
+
+# Grep for 7zip version prior to 4.57
+if(version_is_less(version:zipVer, test_version:"4.57")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_7zip_archive_handling_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_7zip_archive_handling_vuln_win.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_7zip_archive_handling_vuln_win.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_7zip_archive_handling_vuln_win.nasl 1303 2009-04-01 21:20:29Z apr $
+#
+# 7-Zip Unspecified Archive Handling Vulnerability (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800261);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-6536");
+ script_bugtraq_id(28285);
+ script_name(english:"7-Zip Unspecified Archive Handling Vulnerability (Win)");
+ desc["english"] = "
+
+ Overview: This host is installed with 7zip and is prone to Unspecified
+ vulnerability.
+
+ Vulnerability Insight:
+ This flaw occurs due to memory corruption while handling malformed archives.
+
+ Impact:
+ Successful exploitation will let the attacker execute arbitrary code in the
+ affected system and cause denial of service.
+
+ Affected Software/OS:
+ 7zip version prior to 4.57 on Windows.
+
+ Fix:
+ Upgrade to 7zip version 4.57
+ http://www.7-zip.org
+
+ References:
+ http://secunia.com/advisories/29434
+ http://www.vupen.com/english/advisories/2008/0914/references
+ http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.4
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of 7zip");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Denial of Service");
+ script_dependencies("gb_7zip_detect_win.nasl");
+ script_require_keys("7zip/Win/Ver");
+ exit(0);
+}
+
+include("version_func.inc");
+
+version = get_kb_item("7zip/Win/Ver");
+if(!version){
+ exit(0);
+}
+
+# Grep for 7zip version prior to 4.57
+if(version_is_less(version:version, test_version:"4.57")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,68 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_7zip_detect_lin.nasl 1303 2009-04-01 10:40:24Z apr $
+#
+# 7zip Version Detection (Linux)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800255);
+ script_version("Revision: 1.0 ");
+ script_name(english:"7zip Version Detection (Linux)");
+ desc["english"] = "
+ Overview : This script finds the installed version of 7zip and saves the
+ result in KB.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of 7zip");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"General");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+paths = find_file(file_name:"7za", file_path:"/", useregex:TRUE,
+ regexpar:"$", sock:sock);
+foreach zipBin (paths)
+{
+ zipVer = get_bin_version(full_prog_name:chomp(zipBin), sock:sock,
+ version_argv:"version",
+ ver_pattern:"p7zip Version ([0-9]\.[0-9][0-9]?)");
+ if(zipVer[1] != NULL)
+ {
+ set_kb_item(name:"7zip/Lin/Ver", value:zipVer[1]);
+ ssh_close_connection();
+ exit(0);
+ }
+}
+ssh_close_connection();
Property changes on: trunk/openvas-plugins/scripts/gb_7zip_detect_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_7zip_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_7zip_detect_win.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_7zip_detect_win.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,66 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_7zip_detect_win.nasl 1303 2009-04-01 20:40:24Z apr $
+#
+# 7zip Version Detection (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http//intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800260);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"7zip Version Detection (Win)");
+ desc["english"] = "
+ Overview : This script finds the installed 7zip version and saves the
+ result in KB item.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set Version of 7zip in KB for Windows");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"General");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\7-Zip\";
+name = registry_get_sz(key:key, item:"DisplayName");
+if("7-Zip" >< name)
+{
+ string = eregmatch(pattern:"([0-9]\.[0-9][0-9]?)", string:name);
+ if(string[0] != NULL)
+ {
+ set_kb_item(name:"7zip/Win/Ver", value:string[0]);
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_7zip_detect_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_expressionengine_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_expressionengine_detect.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_expressionengine_detect.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,74 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_expressionengine_detect.nasl 1263 2009-04-01 17:33:29Z apr $
+#
+# ExpressionEngine CMS Version Detection
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800262);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"ExpressionEngine CMS Version Detection");
+ desc["english"] = "
+
+ Overview: The script detects the version of ExpressionEngine CMS and sets
+ the result in KB.
+
+ Risk Factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set the KB for the Version of ExpressionEngine CMS");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"General");
+ script_dependencies("http_version.nasl");
+ script_require_ports("Services/www", 80, 8080);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+httpPort = get_kb_item("Services/www");
+if(!httpPort){
+ exit(0);
+}
+
+# Possible directory checks for ExpressionEngine Installed Location
+foreach dir (make_list("/", "/system", "/cms/system", cgi_dirs()))
+{
+ sndReq = http_get(item:string(dir, "/index.php"), port:httpPort);
+ rcvRes = http_keepalive_send_recv(port:httpPort, data:sndReq);
+ if("ExpressionEngine" >< rcvRes)
+ {
+ cmsVer = eregmatch(pattern:"ExpressionEngine Core ([0-9]\.[0-9.]+)", string:rcvRes);
+ if(cmsVer[1] == NULL){
+ cmsVer = eregmatch(pattern:"v ([0-9]\.[0-9.]+)", string:rcvRes);
+ }
+ if(cmsVer[1] != NULL){
+ set_kb_item(name:"www/" + httpPort + "/ExpEngine", value:cmsVer[1]);
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_expressionengine_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_expressionengine_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_expressionengine_xss_vuln.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_expressionengine_xss_vuln.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,92 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_expressionengine_xss_vuln.nasl 1263 2009-04-01 19:10:34Z apr $
+#
+# ExpressionEngine CMS Cross Site Scripting Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800263);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1070");
+ script_bugtraq_id(34193);
+ script_name(english:"ExpressionEngine CMS Cross Site Scripting Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ This host is running ExpressionEngine CMS and is prone to Cross Site
+ Scripting vulnerability.
+
+ Vulnerability Insight:
+ Inadequate validation of user supplied input to the system/index.php script
+ leads to cross site attacks.
+
+ Impact:
+ Successful exploitation will allow remote attackers to inject arbitrary HTML
+ codes in an image by tricking the user to view a malicious profile page.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ ExpresssionEngine versions prior to 1.6.7 on all platforms.
+
+ Fix:
+ Update ExpressionEngine to version 1.6.7
+ http://expressionengine.com
+
+ References:
+ http://secunia.com/advisories/34379
+ http://xforce.iss.net/xforce/xfdb/49359
+ http://www.securityfocus.com/archive/1/archive/1/502045/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+ CVSS Temporal Score : 3.4
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check version of ExpressionEngine CMS");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Web application abuses");
+ script_dependencies("gb_expressionengine_detect.nasl");
+ script_require_ports("Services/www", 80, 8080);
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+httpPort = get_http_port(default:80);
+if(!httpPort){
+ exit(0);
+}
+
+expressionVer = get_kb_item("www/" + httpPort + "/ExpEngine");
+if(expressionVer == NULL){
+ exit(0);
+}
+
+if(version_is_less(version:expressionVer, test_version:"1.6.7")){
+ security_warning(httpPort);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_expressionengine_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_detect.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_detect.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_justsystems_ichitaro_prdts_detect.nasl 1144 2009-04-01 13:51:44Z apr $
+#
+# JustSystems Ichitaro Product(s) Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800542);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"JustSystems Ichitaro Product(s) Version Detection");
+ desc["english"] ="
+
+ Overview : This script finds the installed product version of Ichitaro
+ and Ichitaro viewer and sets the result in KB.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of JustSystems Ichitaro Products");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"General");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\Justsystem")){
+ exit(0);
+}
+
+viewerPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
+ "\App Paths\TAROVIEW.EXE", item:"Path");
+if(viewerPath)
+{
+ path = viewerPath + "\TAROVIEW.EXE";
+ share = ereg_replace(pattern:"([A-Za-z]):.*", replace:"\1$", string:path);
+ file = ereg_replace(pattern:"[A-Za-z]:(.*)", replace:"\1", string:path);
+ viewerVer = GetVer(file:file, share:share);
+
+ if(viewerVer != NULL){
+ set_kb_item(name:"Ichitaro/Viewer/Ver", value:viewerVer);
+ }
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ appName = registry_get_sz(key:key + item, item:"DisplayName");
+ if("ATOK" >< appName)
+ {
+ appVer = eregmatch(pattern:"ATOK ([0-9.]+)", string:appName);
+ if(appVer[1] != NULL){
+ set_kb_item(name:"Ichitaro/Ver", value:appVer[1]);
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_dos_vuln.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_dos_vuln.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_justsystems_ichitaro_prdts_dos_vuln.nasl 1144 2009-04-01 17:55:26Z apr $
+#
+# JustSystems Ichitaro Products Denial Of Service Vulnerability.
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800544);
+ script_version("$Revision: 1.1 $");
+ script_cve_id("CVE-2009-1054");
+ script_bugtraq_id(34138);
+ script_name(english:"JustSystems Ichitaro Products Denial Of Service Vulnerability");
+ desc["english"] = "
+
+ Overview: This host has JustSystems Ichitaro product(s) installed and
+ is prone to denial of service vulnerability.
+
+ Vulnerability Insight:
+ JustSystems products leads to a memory corruption while handling malformed
+ documents using Web PURAGUINBYUA.
+
+ Impact:
+ This issue is widely exploited by Trojan.Tarodrop.H, a Trojan horse that
+ drops several files on to the compromised system leading to arbitrary
+ code execution and also crashing of the application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ JustSystems Ichitaro 13, 2004 thruogh 2008,
+ JustSystems Ichitaro viewer 5.1.5.0 on Windows.
+
+ Fix: Apply the security patches.
+ http://www.justsystems.com/jp/info/js09001.html
+
+ *****
+ NOTE: Ignore this warning, if patch is applied already.
+ *****
+
+ References:
+ http://secunia.com/advisories/34405/
+ http://xforce.iss.net/xforce/xfdb/49280
+ http://www.symantec.com/business/security_response/writeup.jsp?docid=2009-031608-2424-99
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of Ichitaro Product(s)");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Denial of Service");
+ script_dependencies("gb_justsystems_ichitaro_prdts_detect.nasl");
+ script_require_keys("Ichitaro/Ver", "Ichitaro/Viewer/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Ichitaro 13, 2004 theough 2008
+ichitaroVer = get_kb_item("Ichitaro/Ver");
+if(ichitaroVer)
+{
+ if(version_in_range(version:ichitaroVer, test_version:"2004",
+ test_version2:"2008")||
+ ichitaroVer =~ "13")
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Check for Ichitaro viewer 5.1.5.0 => 19.0.1.0 and prior
+viewerVer = get_kb_item("Ichitaro/Viewer/Ver");
+if(viewerVer)
+{
+ if(version_is_less_equal(version:viewerVer, test_version:"19.0.1.0")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_justsystems_ichitaro_prdts_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,83 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_nullftp_server_detect.nasl 1268 2009-04-01 10:37:24Z apr $
+#
+# NULL FTP Server Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800545);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"NULL FTP Server Version Detection");
+ desc["english"] = "
+ Overview : This script finds the installed NULL FTP Server version
+ and saves the result in KB.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set Version of NULL FTP Server in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"FTP");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ appName = registry_get_sz(key:key + item, item:"DisplayName");
+ if("Null FTP Server" >< appName)
+ {
+ nullftpVer = eregmatch(pattern:"Null FTP Server ([0-9.]+)", string:appName);
+ nullftpVer = nullftpVer[1];
+ if(nullftpVer == NULL)
+ {
+ exePath = registry_get_sz(key:key + item, item:"InstallLocation");
+ if(!exePath){
+ exit(0);
+ }
+
+ exePath = exePath + "NullFtpServer.exe";
+ share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:exePath);
+ file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:exePath);
+
+ nullftpVer = GetVer(file:file, share:share);
+ }
+
+ # Set the Version in KB
+ if(nullftpVer != NULL){
+ set_kb_item(name:"NullFTP/Server/Ver", value:nullftpVer);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_nullftp_server_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_nullftp_server_site_cmd_exec_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_nullftp_server_site_cmd_exec_vuln.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_nullftp_server_site_cmd_exec_vuln.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_nullftp_server_site_cmd_exec_vuln.nasl 1268 2009-04-01 20:10:24Z apr $
+#
+# Null FTP Server SITE Command Execution Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800546);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2008-6534");
+ script_bugtraq_id(32656);
+ script_name(english:"Null FTP Server SITE Command Execution Vulnerability");
+ desc["english"] = "
+
+ Overview: This host has Null FTP Server installed and is prone to arbitrary
+ code execution vulnerability.
+
+ Vulnerability Insight:
+ An error is generated while handling custom SITE command containing shell
+ metacharacters such as & (ampersand) as a part of an argument.
+
+ Impact:
+ Successful exploitation will let the attacker to execute arbitrary codes
+ in the context of the application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ NULL FTP Server Free and Pro version prior to 1.1.0.8 on Windows
+
+ Fix: Upgarde to the latest version 1.1.0.8 or later
+ http://www.vwsolutions.com/NullFTPServer/
+
+ References:
+ http://secunia.com/advisories/32999
+ http://www.milw0rm.com/exploits/7355
+ http://xforce.iss.net/xforce/xfdb/47099
+
+ CVSS Score:
+ CVSS Base Score : 7.1 (AV:N/AC:H/Au:SI/C:C/I:C/A:C)
+ CVSS Temporal Score : 5.6
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of NULL FTP Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"FTP");
+ script_dependencies("gb_nullftp_server_detect.nasl");
+ script_require_keys("NullFTP/Server/Ver");
+ exit(0);
+}
+
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+nullPort = get_kb_item("Services/ftp");
+if(!nullPort){
+ nullPort = 21;
+}
+
+if(get_port_state(nullPort))
+{
+ banner = get_ftp_banner(port:nullPort);
+ if("Null FTP Server" >!< banner){
+ exit(0);
+ }
+
+ ver = get_kb_item("NullFTP/Server/Ver");
+ if(!ver){
+ exit(0);
+ }
+
+ # Grep for version prior to 1.1.0.8
+ if(version_is_less(version:ver, test_version:"1.1.0.8")){
+ security_hole(nullPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_nullftp_server_site_cmd_exec_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,68 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_openssl_detect_win.nasl 1258 2009-04-01 14:30:24Z apr $
+#
+# OpenSSL Version Detection (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800527);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"OpenSSL Version Detection (Win)");
+ desc["english"] = "
+ Overview : This script finds the installed OpenSSL version and saves the
+ result in KB item.
+
+ Risk factor : Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set Version of OpenSSL in KB for Windows");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"General");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ name = registry_get_sz(key:key + item, item:"DisplayName");
+ if("OpenSSL" >< name)
+ {
+ ver = eregmatch(pattern:"([0-9]\.[0-9]\.[0-9.]+[a-z]?)", string:name);
+ if(ver[0] != NULL){
+ set_kb_item(name:"OpenSSL/Win/Ver", value:ver[0]);
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_openssl_detect_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_lin.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_lin.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_openssl_mult_vuln_lin.nasl 1258 2009-04-01 13:20:29Z apr $
+#
+# OpenSSL Multiple Vulnerabilities (Linux)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800259);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0590", "CVE-2009-0591", "CVE-2009-0789");
+ script_bugtraq_id(34256);
+ script_name(english:"OpenSSL Multiple Vulnerabilities (Linux)");
+ desc["english"] = "
+
+ Overview: This host is installed with OpenSSL and is prone to Multiple
+ Vulnerabilities.
+
+ Vulnerability Insight:
+ - error exists in the 'ASN1_STRING_print_ex()' function when printing
+ 'BMPString' or 'UniversalString' strings which causes invalid memory
+ access violation.
+ - 'CMS_verify' function incorrectly handles an error condition when
+ processing malformed signed attributes.
+ - error when processing malformed 'ASN1' structures which causes invalid
+ memory access violation.
+
+ Impact:
+ Successful exploitation will let the attacker cause memory access violation,
+ security bypass or can cause denial of service.
+
+ Affected Software/OS:
+ OpenSSL version prior to 0.9.8k on all running platform.
+
+ Fix:
+ Upgrade to OpenSSL version 0.9.8k
+ http://openssl.org
+
+ References:
+ http://secunia.com/advisories/34411
+ http://www.openssl.org/news/secadv_20090325.txt
+ http://securitytracker.com/alerts/2009/Mar/1021905.html
+
+ CVSS Score:
+ CVSS Base Score : 6.4 (AV:N/AC:L/Au:NR/C:N/I:P/A:P)
+ CVSS Temporal Score : 4.7
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of OpenSSL");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Denial of Service");
+ script_dependencies("gb_openssl_detect_lin.nasl");
+ script_require_keys("OpenSSL/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+opensslVer = get_kb_item("OpenSSL/Linux/Ver");
+if(!opensslVer){
+ exit(0);
+}
+
+# Grep for OpenSSL version prior to 0.9.8k
+if(version_is_less(version:opensslVer, test_version:"0.9.8k")){
+ security_warning(0);
+}
Added: trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_win.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_win.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_openssl_mult_vuln_win.nasl 1258 2009-04-01 13:20:29Z apr $
+#
+# OpenSSL Multiple Vulnerabilities (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800258);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0590", "CVE-2009-0591", "CVE-2009-0789");
+ script_bugtraq_id(34256);
+ script_name(english:"OpenSSL Multiple Vulnerabilities (Win)");
+ desc["english"] = "
+
+ Overview: This host is installed with OpenSSL and is prone to Multiple
+ Vulnerabilities.
+
+ Vulnerability Insight:
+ - error exists in the 'ASN1_STRING_print_ex()' function when printing
+ 'BMPString' or 'UniversalString' strings which causes invalid memory
+ access violation.
+ - 'CMS_verify' function incorrectly handles an error condition when
+ processing malformed signed attributes.
+ - error when processing malformed 'ASN1' structures which causes invalid
+ memory access violation.
+
+ Impact:
+ Successful exploitation will let the attacker cause memory access violation,
+ security bypass or can cause denial of service.
+
+ Affected Software/OS:
+ OpenSSL version prior to 0.9.8k on all running platform.
+
+ Fix:
+ Upgrade to OpenSSL version 0.9.8k
+ http://openssl.org
+
+ References:
+ http://secunia.com/advisories/34411
+ http://www.openssl.org/news/secadv_20090325.txt
+ http://securitytracker.com/alerts/2009/Mar/1021905.html
+
+ CVSS Score:
+ CVSS Base Score : 6.4 (AV:N/AC:L/Au:NR/C:N/I:P/A:P)
+ CVSS Temporal Score : 4.7
+ Risk factor: Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of OpenSSL");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Denial of Service");
+ script_dependencies("gb_openssl_detect_win.nasl");
+ script_require_keys("OpenSSL/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+opensslVer = get_kb_item("OpenSSL/Win/Ver");
+if(!opensslVer){
+ exit(0);
+}
+
+# Grep for OpenSSL version prior to 0.9.8k
+if(version_is_less(version:opensslVer, test_version:"0.9.8k")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_openssl_mult_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_pplive_code_exe_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_pplive_code_exe_vuln.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/secpod_pplive_code_exe_vuln.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_pplive_code_exe_vuln.nasl 1207 2009-03-31 13:50:24Z mar $
+#
+# PPLive Multiple Argument Injection Vulnerabilities
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900536);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-1087");
+ script_bugtraq_id(34128);
+ script_name(english:"PPLive Multiple Argument Injection Vulnerabilities");
+ desc["english"] = "
+
+ Overview: This host has PPLive installed and is prone to multiple argument
+ injection vulnerabilities.
+
+ Vulnerability Insight:
+ Improper validation of user supplied input to the synacast://, Play://,
+ pplsv://, and ppvod:// URI handlers via a UNC share pathname in the
+ LoadModule argument leads to this injection attacks.
+
+ Impact:
+ By persuading a victim to click on a specially-crafted URI, attackers can
+ execute arbitrary script code by loading malicious files(dll) through the
+ UNC share pathname in the LoadModule argument.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ PPLive version 1.9.21 and prior on Windows.
+
+ Fix: No solution or patch is available as on 01st April, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.pplive.com/en/index.html
+
+ References:
+ http://secunia.com/advisories/34327
+ http://www.milw0rm.com/exploits/8215
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 8.4
+ Risk factor: Critical";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of PPLive");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"General");
+ script_dependencies("secpod_pplive_detect.nasl");
+ script_require_keys("PPLive/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ppliveVer = get_kb_item("PPLive/Ver");
+if(!ppliveVer){
+ exit(0);
+}
+
+# Check for PPLive version 1.9.21 and prior
+if(version_is_less_equal(version:ppliveVer, test_version:"1.9.21")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_pplive_code_exe_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl 2009-04-02 01:59:20 UTC (rev 2984)
+++ trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl 2009-04-02 06:15:32 UTC (rev 2985)
@@ -0,0 +1,68 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_pplive_detect.nasl 1207 2009-03-31 12:47:29Z mar $
+#
+# PPLive Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900535);
+ script_version("$Revision: 1.0 $");
+ script_name(english:"PPLive Version Detection");
+ desc["english"] = "
+ Overview: This script detects the installed version of PPLive and sets
+ the reuslt in KB.
+
+ Risk Factor: Informational";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Set KB for the version of PPLive");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 SecPod");
+ script_family(english:"General");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ ppliveName = registry_get_sz(key:key + item, item:"DisplayName");
+ if("PPLive" >< ppliveName)
+ {
+ ppliveVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(ppliveVer != NULL){
+ set_kb_item(name:"PPLive/Ver", value:ppliveVer);
+ }
+ exit(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_pplive_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list