[Openvas-commits] r3145 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Apr 20 14:33:24 CEST 2009 

Author: chandra
Date: 2009-04-20 14:33:23 +0200 (Mon, 20 Apr 2009)
New Revision: 3145

Added:
   trunk/openvas-plugins/scripts/gb_phpmyadmin_mult_vuln_apr09.nasl
   trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_lin.nasl
   trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_win.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-04-20 12:10:07 UTC (rev 3144)
+++ trunk/openvas-plugins/ChangeLog	2009-04-20 12:33:23 UTC (rev 3145)
@@ -1,3 +1,9 @@
+2009-04-20 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_phpmyadmin_mult_vuln_apr09.nasl,
+	scripts/gb_wireshark_mult_vuln_apr09_lin.nasl,
+	scripts/gb_wireshark_mult_vuln_apr09_win.nasl:
+	Added new plugins
+
 2009-04-20  Michael Wiegand <michael.wiegand at intevation.de>
 
 	* packaging/debian/control: Moved rsync from Recommends to Depends since

Added: trunk/openvas-plugins/scripts/gb_phpmyadmin_mult_vuln_apr09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_phpmyadmin_mult_vuln_apr09.nasl	2009-04-20 12:10:07 UTC (rev 3144)
+++ trunk/openvas-plugins/scripts/gb_phpmyadmin_mult_vuln_apr09.nasl	2009-04-20 12:33:23 UTC (rev 3145)
@@ -0,0 +1,115 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_phpmyadmin_mult_vuln_apr09.nasl 1270 2009-04-02 16:50:29Z apr $
+#
+# phpMyAdmin Multiple Vulnerabilities
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800381);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1148", "CVE-2009-1149", "CVE-2009-1150", "CVE-2009-1151");
+  script_bugtraq_id(34251, 34253, 34236);
+  script_name(english:"phpMyAdmin Multiple Vulnerabilities");
+  desc["english"] = "
+
+  Overview: This host is running phpMyAdmin and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to,
+  - BLOB streaming feature in 'bs_disp_as_mime_type.php' causes CRLF Injection
+    which lets the attacker inject arbitrary data in the HTTP headers through
+    the 'c_type' and 'file_type' parameters.
+  - XSS Vulnerability in 'display_export.lib.php' as its not sanitizing the
+    'pma_db_filename_template' parameter.
+  - Static code injection vulnerability in 'setup.php' which can be used to
+    inject PHP Codes.
+  - Filename 'bs_disp_as_mime_type.php' which is not sanitizing user supplied
+    inputs in the filename variable which causes directory traversal attacks.
+
+  Impact:
+  Successful exploitation will let the attacker cause XSS, Directory Traversal
+  attacks or can injection malicious PHP Codes to gain sensitive information
+  about the remote host.
+
+  Affected Software/OS:
+  phpMyAdmin version 2.11.x to 2.11.9.4 and 3.0.x to 3.1.3
+
+  Fix:
+  Upgrade to version 2.11.9.5 or 3.1.3.1
+  http://www.phpmyadmin.net/home_page/downloads.php
+
+  Workaround:
+  Update the existing PHP files from the below SVN Revisions.
+  http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12301
+  http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12302
+  http://phpmyadmin.svn.sourceforge.net/viewvc/phpmyadmin?view=rev&revision=12303
+
+  *****
+  Note: Igone the warning, if already replaced according to the fixed svn
+        revision numbers.
+  *****
+
+  References:
+  http://secunia.com/advisories/34430
+  http://www.phpmyadmin.net/home_page/security/PMASA-2009-1.php
+  http://www.phpmyadmin.net/home_page/security/PMASA-2009-2.php
+  http://www.phpmyadmin.net/home_page/security/PMASA-2009-3.php
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.5
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of phpMyAdmin");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("secpod_phpmyadmin_detect_900129.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+pmaPort = get_kb_item("Services/www");
+if(!pmaPort){
+  pmaPort = 80;
+}
+
+pmaVer = get_kb_item("www/" + pmaPort + "/phpMyAdmin");
+if(!pmaVer){
+  exit(0);
+}
+
+pmaVer = eregmatch(pattern:"^(.+) under (/.*)$", string:pmaVer);
+if(pmaVer[1])
+{
+  if(version_in_range(version:pmaVer[1], test_version:"2.11", test_version2:"2.11.9.4")||
+     version_in_range(version:pmaVer[1], test_version:"3.0", test_version2:"3.1.3")){
+    security_hole(pmaPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_phpmyadmin_mult_vuln_apr09.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_lin.nasl	2009-04-20 12:10:07 UTC (rev 3144)
+++ trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_lin.nasl	2009-04-20 12:33:23 UTC (rev 3145)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_wireshark_mult_vuln_apr09_lin.nasl 1705 2009-04-16 17:09:24Z apr $
+#
+# Wireshark Multiple Unspecified Vulnerability - Apr09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800397);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1210", "CVE-2009-1267", "CVE-2009-1268", "CVE-2009-1269");
+  script_bugtraq_id(34291, 34457);
+  script_name(english:"Wireshark Multiple Unspecified Vulnerability - Apr09 (Linux)");
+  desc["english"] = "
+
+  Overview: This host is installed with Wireshark and is prone to multiple
+  unspecified vulnerability.
+
+  Vulnerability Insight:
+  - Error exists while processing PN-DCP packet with format string specifiers
+    in PROFINET/DCP (PN-DCP) dissector.
+  - Error in Lightweight Directory Access Protocol (LDAP) dissector when
+    processing unknown attack vectors.
+  - Error in Check Point High-Availability Protocol (CPHAP) when processing
+    crafted FWHA_MY_STATE packet.
+  - An error exists while processing malformed Tektronix .rf5 file.
+
+  Impact:
+  Successful exploitation could result in denial of serivce condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Wireshark version 0.9.6 to 1.0.6 on Linux
+
+  Fix: Upgrade to Wireshark 1.0.7
+  http://www.wireshark.org/download.html
+
+  References:
+  http://milw0rm.com/exploits/8308
+  http://secunia.com/advisories/34542
+  http://securitytracker.com/alerts/2009/Apr/1022027.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("gb_wireshark_detect_lin.nasl");
+  script_require_keys("Wireshark/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Linux/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Grep for Wireshark version prior to 1.0.7
+if(version_is_less(version:sharkVer, test_version:"1.0.7")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_win.nasl	2009-04-20 12:10:07 UTC (rev 3144)
+++ trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_win.nasl	2009-04-20 12:33:23 UTC (rev 3145)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_wireshark_mult_vuln_apr09_win.nasl 1705 2009-04-16 13:09:24Z apr $
+#
+# Wireshark Multiple Unspecified Vulnerability - Apr09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800396);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1210", "CVE-2009-1267", "CVE-2009-1268", "CVE-2009-1269");
+  script_bugtraq_id(34291, 34457);
+  script_name(english:"Wireshark Multiple Unspecified Vulnerability - Apr09 (Win)");
+  desc["english"] = "
+
+  Overview: This host is installed with Wireshark and is prone to multiple
+  unspecified vulnerability.
+
+  Vulnerability Insight:
+  - Error exists while processing PN-DCP packet with format string specifiers
+    in PROFINET/DCP (PN-DCP) dissector.
+  - Error in Lightweight Directory Access Protocol (LDAP) dissector when
+    processing unknown attack vectors.
+  - Error in Check Point High-Availability Protocol (CPHAP) when processing
+    crafted FWHA_MY_STATE packet.
+  - An error exists while processing malformed Tektronix .rf5 file.
+
+  Impact:
+  Successful exploitation could result in denial of serivce condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Wireshark version 0.9.6 to 1.0.6 on Windows
+
+  Fix: Upgrade to Wireshark 1.0.7
+  http://www.wireshark.org/download.html
+
+  References:
+  http://milw0rm.com/exploits/8308
+  http://secunia.com/advisories/34542
+  http://securitytracker.com/alerts/2009/Apr/1022027.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_require_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Win/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Grep for Wireshark version prior to 1.0.7
+if(version_is_less(version:sharkVer, test_version:"1.0.7")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_wireshark_mult_vuln_apr09_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

More information about the Openvas-commits mailing list