From scm-commit at wald.intevation.org Tue Dec 1 08:21:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 08:21:34 +0100 (CET) Subject: [Openvas-commits] r6021 - in trunk/openvas-administrator: . src Message-ID: <20091201072134.61352861F2C7@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-01 08:21:32 +0100 (Tue, 01 Dec 2009) New Revision: 6021 Modified: trunk/openvas-administrator/CMakeLists.txt trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/src/CMakeLists.txt trunk/openvas-administrator/src/admin.c trunk/openvas-administrator/src/oap.c trunk/openvas-administrator/src/openvasad.c Log: Improving feed synchronization support. * CMakeLists.txt: Set OPENVAS_SYNC_SCRIPT_DIR. * src/CMakeLists.txt: Expose OPENVAS_SYNC_SCRIPT_DIR. * src/openvasad.c (main): Use openvas-nvt-sync as default synchronization script if no script is specified on the command line. * src/oap.c (oap_xml_handle_end_element): Reworked describe_feed response, now includes the feed name. * src/admin.c: Removed superfluous newlines. Modified: trunk/openvas-administrator/CMakeLists.txt =================================================================== --- trunk/openvas-administrator/CMakeLists.txt 2009-11-30 15:34:08 UTC (rev 6020) +++ trunk/openvas-administrator/CMakeLists.txt 2009-12-01 07:21:32 UTC (rev 6021) @@ -136,6 +136,7 @@ set (OPENVAS_LIB_INSTALL_DIR "${LIBDIR}") set (OPENVAS_HEADER_INSTALL_DIR "${INCLUDEDIR}") +set (OPENVAS_SYNC_SCRIPT_DIR "${SBINDIR}") set (OPENVAS_SERVER_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/servercert.pem") set (OPENVAS_SERVER_KEY "${OPENVAS_STATE_DIR}/private/CA/serverkey.pem") set (OPENVAS_CA_CERTIFICATE "${OPENVAS_STATE_DIR}/CA/cacert.pem") Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2009-11-30 15:34:08 UTC (rev 6020) +++ trunk/openvas-administrator/ChangeLog 2009-12-01 07:21:32 UTC (rev 6021) @@ -1,3 +1,19 @@ +2009-12-01 Michael Wiegand + + Improving feed synchronization support. + + * CMakeLists.txt: Set OPENVAS_SYNC_SCRIPT_DIR. + + * src/CMakeLists.txt: Expose OPENVAS_SYNC_SCRIPT_DIR. + + * src/openvasad.c (main): Use openvas-nvt-sync as default + synchronization script if no script is specified on the command line. + + * src/oap.c (oap_xml_handle_end_element): Reworked describe_feed + response, now includes the feed name. + + * src/admin.c: Removed superfluous newlines. + 2009-11-30 Michael Wiegand Adding initial support for synchronization with an NVT feed. Modified: trunk/openvas-administrator/src/CMakeLists.txt =================================================================== --- trunk/openvas-administrator/src/CMakeLists.txt 2009-11-30 15:34:08 UTC (rev 6020) +++ trunk/openvas-administrator/src/CMakeLists.txt 2009-12-01 07:21:32 UTC (rev 6021) @@ -94,6 +94,10 @@ add_definitions (-DOPENVAS_SYSCONF_DIR=\\\"${OPENVAS_SYSCONF_DIR}\\\") endif (OPENVAS_SYSCONF_DIR) +if (OPENVAS_SYNC_SCRIPT_DIR) + add_definitions (-DOPENVAS_SYNC_SCRIPT_DIR=\\\"${OPENVAS_SYNC_SCRIPT_DIR}\\\") +endif (OPENVAS_SYNC_SCRIPT_DIR) + add_definitions (-DOPENVAS_OS_NAME=\\\"${CMAKE_SYSTEM}\\\") add_definitions (-DPREFIX=\\\"${CMAKE_INSTALL_PREFIX}\\\") Modified: trunk/openvas-administrator/src/admin.c =================================================================== --- trunk/openvas-administrator/src/admin.c 2009-11-30 15:34:08 UTC (rev 6020) +++ trunk/openvas-administrator/src/admin.c 2009-12-01 07:21:32 UTC (rev 6021) @@ -735,7 +735,6 @@ return TRUE; } - /** * @brief Retrieves the identification string of an NVT synchronization * script, with basic validation. @@ -825,7 +824,6 @@ return TRUE; } - /** * @brief Retrieves the description of an NVT synchronization * script, with basic validation. @@ -893,7 +891,6 @@ return TRUE; } - /** * @brief Calls a NVT synchronization script to synchronize the local NVT * collection. Modified: trunk/openvas-administrator/src/oap.c =================================================================== --- trunk/openvas-administrator/src/oap.c 2009-11-30 15:34:08 UTC (rev 6020) +++ trunk/openvas-administrator/src/oap.c 2009-12-01 07:21:32 UTC (rev 6021) @@ -1004,16 +1004,24 @@ case CLIENT_DESCRIBE_FEED: { gchar *feed_description = NULL; + gchar *feed_identification = NULL; if (openvas_get_sync_script_description (sync_script, - &feed_description)) + &feed_description) && + openvas_get_sync_script_identification (sync_script, + &feed_identification)) { + gchar **ident = g_strsplit (feed_identification, "|", 6); SEND_TO_CLIENT_OR_FAIL (""); - SEND_TO_CLIENT_OR_FAIL (feed_description); + SEND_TO_CLIENT_OR_FAIL (""); + SENDF_TO_CLIENT_OR_FAIL ("%s", ident[3]); + SENDF_TO_CLIENT_OR_FAIL ("%s", feed_description); + SEND_TO_CLIENT_OR_FAIL (""); SEND_TO_CLIENT_OR_FAIL (""); - set_client_state (CLIENT_AUTHENTIC); + g_strfreev (ident); g_free (feed_description); + g_free (feed_identification); } else { Modified: trunk/openvas-administrator/src/openvasad.c =================================================================== --- trunk/openvas-administrator/src/openvasad.c 2009-11-30 15:34:08 UTC (rev 6020) +++ trunk/openvas-administrator/src/openvasad.c 2009-12-01 07:21:32 UTC (rev 6021) @@ -785,10 +785,8 @@ if (sync_script == NULL) { - g_critical ("%s: no synchronization script supplied!\n", - __FUNCTION__); - free_log_configuration (log_config); - exit (EXIT_FAILURE); + tracef (" sync_script not set, setting to default\n"); + sync_script = OPENVAS_SYNC_SCRIPT_DIR "/openvas-nvt-sync"; } tracef (" Using %s as the synchronization script\n", sync_script); From scm-commit at wald.intevation.org Tue Dec 1 12:01:41 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 12:01:41 +0100 (CET) Subject: [Openvas-commits] r6022 - in trunk/openvas-plugins: . scripts Message-ID: <20091201110141.E417C865F49C@pyrosoma.intevation.org> Author: mime Date: 2009-12-01 12:01:39 +0100 (Tue, 01 Dec 2009) New Revision: 6022 Added: trunk/openvas-plugins/scripts/PowerPhlogger_37150.nasl trunk/openvas-plugins/scripts/PowerPhlogger_detect.nasl trunk/openvas-plugins/scripts/asterisk_37153.nasl trunk/openvas-plugins/scripts/cacti_37137.nasl trunk/openvas-plugins/scripts/cups_37048.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-01 07:21:32 UTC (rev 6021) +++ trunk/openvas-plugins/ChangeLog 2009-12-01 11:01:39 UTC (rev 6022) @@ -1,3 +1,12 @@ +2009-12-01 Michael Meyer + + * scripts/asterisk_37153.nasl, + scripts/PowerPhlogger_detect.nasl, + scripts/cacti_37137.nasl, + scripts/cups_37048.nasl, + scripts/PowerPhlogger_37150.nasl: + Added new plugins. + 2009-11-30 Chandrashekhar B * scripts/secpod_frontaccounting_detect.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-01 07:21:32 UTC (rev 6021) +++ trunk/openvas-plugins/cve_current.txt 2009-12-01 11:01:39 UTC (rev 6022) @@ -316,3 +316,7 @@ CVE-2009-4073 SecPod svn L CVE-2009-4071 SecPod svn L CVE-2009-4072 SecPod svn L +CVE-2009-4055 Greenbone svn R +37137 Greenbone svn R +37048 Greenbone svn R +37150 Greenbone svn R Added: trunk/openvas-plugins/scripts/PowerPhlogger_37150.nasl =================================================================== --- trunk/openvas-plugins/scripts/PowerPhlogger_37150.nasl 2009-12-01 07:21:32 UTC (rev 6021) +++ trunk/openvas-plugins/scripts/PowerPhlogger_37150.nasl 2009-12-01 11:01:39 UTC (rev 6022) @@ -0,0 +1,90 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Power Phlogger Cross-site Scripting Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100368); + script_bugtraq_id(37150); + script_version ("1.0-$Revision$"); + + script_name("Power Phlogger Cross-site Scripting Vulnerability"); + +desc = "Overview: +Power Phlogger is prone to a cross-site scripting vulnerability +because the application fails to properly sanitize user- +supplied input. + +Attackers can exploit this issue to steal cookie-based authentication +credentials or to control how the site is rendered to the user. + +Power Phlogger 2.2.5 is vulnerable; other versions may also be +affected. + +References: +http://www.securityfocus.com/bid/37150 +http://www.websecurity.com.ua/1845 +http://www.phpee.com/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine the PowerPhlogger version"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("PowerPhlogger_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/PowerPhlogger")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_equal(version: vers, test_version: "2.2.5") || + version_is_equal(version: vers, test_version: "2.2.2.a") || + version_is_equal(version: vers, test_version: "2.2.1") || + version_is_equal(version: vers, test_version: "2.0.9")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/PowerPhlogger_37150.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/PowerPhlogger_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/PowerPhlogger_detect.nasl 2009-12-01 07:21:32 UTC (rev 6021) +++ trunk/openvas-plugins/scripts/PowerPhlogger_detect.nasl 2009-12-01 11:01:39 UTC (rev 6022) @@ -0,0 +1,110 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# PowerPhlogger Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running PowerPhlogger, a complete counter hosting tool. +It lets you offer counter service to others from your site. + +See also: +http://pphlogger.phpee.com/ + +Risk factor : None"; + +if (description) +{ + script_id(100367); + script_version ("1.0-$Revision$"); + script_name("PowerPhlogger Detection"); + script_description(desc); + script_summary("Checks for the presence of PowerPhlogger"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/weblogger","/pphlogger","/counter",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "POWER PHLOGGER [0-9.]+ - phpee.com", string: buf, icase: TRUE) || + egrep(pattern: 'content="Power Phlogger', string: buf, icase: TRUE) ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + ### try to get version + version = eregmatch(string: buf, pattern: "POWER PHLOGGER ([0-9.]+)",icase:FALSE); + + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + + set_kb_item(name: string("www/", port, "/PowerPhlogger"), value: string(vers," under ",install)); + + info = string("None\n\nPowerPhlogger Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); + Property changes on: trunk/openvas-plugins/scripts/PowerPhlogger_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/asterisk_37153.nasl =================================================================== --- trunk/openvas-plugins/scripts/asterisk_37153.nasl 2009-12-01 07:21:32 UTC (rev 6021) +++ trunk/openvas-plugins/scripts/asterisk_37153.nasl 2009-12-01 11:01:39 UTC (rev 6022) @@ -0,0 +1,80 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100366); + script_bugtraq_id(37153); + script_cve_id("CVE-2009-4055"); + script_version ("1.0-$Revision$"); + + script_name("Asterisk RTP Comfort Noise Processing Remote Denial of Service Vulnerability"); + +desc = "Overview: +Asterisk is prone to a remote denial-of-service vulnerability because +it fails to properly handle malformed RTP comfort noise data. + +Successful exploits can crash the application, resulting in denial-of- +service conditions for legitimate users. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/37153 +http://www.asterisk.org/ +http://downloads.asterisk.org/pub/security/AST-2009-010.html + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine the Asterisk version"); + script_category(ACT_GATHER_INFO); + script_family("General"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("secpod_asterisk_detect.nasl"); + script_require_keys("Services/udp/sip"); + exit(0); +} + +include("version_func.inc"); + +asterisk_port = get_kb_item("Services/udp/sip"); +if(!asterisk_port)exit(0); +if(!get_udp_port_state(asterisk_port))exit(0); + +asteriskVer = get_kb_item("Asterisk-PBX/Ver"); +if(!asteriskVer){ + exit(0); +} + +if(version_in_range(version:asteriskVer, test_version:"1.6.1", test_version2:"1.6.1.10") || + version_in_range(version:asteriskVer, test_version:"1.4.27", test_version2:"1.4.27.0") || + version_in_range(version:asteriskVer, test_version:"1.2", test_version2:"1.2.36")) { + security_warning(port:asterisk_port, proto:"udp"); +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/asterisk_37153.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/cacti_37137.nasl =================================================================== --- trunk/openvas-plugins/scripts/cacti_37137.nasl 2009-12-01 07:21:32 UTC (rev 6021) +++ trunk/openvas-plugins/scripts/cacti_37137.nasl 2009-12-01 11:01:39 UTC (rev 6022) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100365); + script_bugtraq_id(37137); + script_cve_id("CVE-2009-4112"); + script_version ("1.0-$Revision$"); + + script_name("Cacti 'Linux - Get Memory Usage' Remote Command Execution Vulnerability"); + +desc = "Overview: +Cacti is prone to a remote command-execution vulnerability because the +software fails to adequately sanitize user-supplied input. + +Successful attacks can compromise the affected software and possibly +the computer. + +References: +http://www.securityfocus.com/bid/37137 +http://archives.neohapsis.com/archives/fulldisclosure/2009-11/0292.html +http://cacti.net/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine the cacti version"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("cacti_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if(!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/cacti")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_less(version: vers, test_version: "0.8.7e")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/cacti_37137.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/cups_37048.nasl =================================================================== --- trunk/openvas-plugins/scripts/cups_37048.nasl 2009-12-01 07:21:32 UTC (rev 6021) +++ trunk/openvas-plugins/scripts/cups_37048.nasl 2009-12-01 11:01:39 UTC (rev 6022) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# CUPS File Descriptors Handling Remote Denial Of Service Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100369); + script_bugtraq_id(37048); + script_cve_id("CVE-2009-3553"); + script_version ("1.0-$Revision$"); + + script_name("CUPS File Descriptors Handling Remote Denial Of Service Vulnerability"); + +desc = "Overview: +CUPS is prone to a denial-of-service vulnerability. + +A remote attacker can exploit this issue to crash the affected +application, denying service to legitimate users. + +This issue affects CUPS 1.3.7; other versions may be vulnerable as +well. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/37048 +http://www.cups.org +https://bugzilla.redhat.com/show_bug.cgi?id=530111 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if CUPS version is 1.3.7"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("secpod_cups_detect.nasl"); + script_require_ports("Services/www", 631); + exit(0); +} + +include("http_func.inc"); +include("version_func.inc"); + +cupsPort = get_http_port(default:631); +if(!cupsPort){ + exit(0); +} + +cupsVer = get_kb_item("www/"+ cupsPort + "/CUPS"); +if(!cupsVer){ + exit(0); +} + +if(cupsVer != NULL) +{ + # Check for CUPS version < 1.4.2 + if(version_is_equal(version:cupsVer, test_version:"1.3.7")){ + security_warning(cupsPort); + } +} Property changes on: trunk/openvas-plugins/scripts/cups_37048.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Tue Dec 1 12:49:56 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 12:49:56 +0100 (CET) Subject: [Openvas-commits] r6023 - in trunk/openvas-libraries: . misc nasl Message-ID: <20091201114956.0559B861F2E8@pyrosoma.intevation.org> Author: chandra Date: 2009-12-01 12:49:52 +0100 (Tue, 01 Dec 2009) New Revision: 6023 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/ids_send.c trunk/openvas-libraries/nasl/nasl_host.c Log: IPv6 enabling ids_send Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-01 11:01:39 UTC (rev 6022) +++ trunk/openvas-libraries/ChangeLog 2009-12-01 11:49:52 UTC (rev 6023) @@ -1,3 +1,11 @@ +2009-12-01 Chandrashekhar B + + * misc/ids_send.c (ids_open_sock_tcp): IPv6 enable. + (ids_send): IPv6 enable. + (injectv6): Added new. + + * nasl/nasl_host.c (nasl_this_host): Used proper variable name. + 2009-11-25 Michael Wiegand * nasl/nasl_cmd_exec.c (nasl_get_tmp_dir): Use the glib g_get_tmp_dir Modified: trunk/openvas-libraries/misc/ids_send.c =================================================================== --- trunk/openvas-libraries/misc/ids_send.c 2009-12-01 11:01:39 UTC (rev 6022) +++ trunk/openvas-libraries/misc/ids_send.c 2009-12-01 11:49:52 UTC (rev 6023) @@ -99,6 +99,21 @@ }; +struct ipv6_header{ + union { + struct ip6_hdrctl { + uint32_t ip6_un1_flow; /* 24 bits of flow-ID */ + uint16_t ip6_un1_plen; /* payload length */ + uint8_t ip6_un1_nxt; /* next header */ + uint8_t ip6_un1_hlim; /* hop limit */ + } ip6_un1; + uint8_t ip6_un2_vfc; /* 4 bits version, 4 bits priority */ + } ip6_ctlun; + struct in6_addr ip6_src; /* source address */ + struct in6_addr ip6_dst; /* destination address */ +} ; + + /* * our own definition of the tcp flags */ @@ -118,7 +133,6 @@ }; - /* * This function returns the TTL we should use when forging our own * IP packets. If , then @@ -387,7 +401,95 @@ close(soc); return 0; } - + + +static int injectv6(orig_packet, packet_len, method, flags, data, data_len) + char * orig_packet; + int packet_len; + int method; + int flags; + char * data; + int data_len; +{ + int soc; + char * packet; + struct ipv6_header * ip6, * old_ip6; + struct tcp_packet * tcp, * old_tcp; + int tot_len = sizeof(struct ipv6_header) + sizeof(struct tcp_packet) + data_len; + int i; + struct sockaddr_in6 sockaddr6; + + if(packet_len < sizeof(struct ipv6_header) + sizeof(struct tcp_packet)) + return -1; + + old_ip6 = (struct ipv6_header*)orig_packet; + old_tcp = (struct tcp_packet*)(orig_packet + 40); + + soc = socket(AF_INET6, SOCK_RAW, IPPROTO_RAW); + if(soc < 0) + return -1; + + packet = emalloc(tot_len); + + /* + * Copy data, if any + */ + for(i = 0; i < data_len; i++){ + packet[i+sizeof(struct ipv6_header)] = data[i]; + } + + ip6 = (struct ipv6_header*)packet; + tcp = (struct tcp_packet*)(packet + sizeof(struct ipv6_header)); + + /* + * for the sake of code shortness, we copy the header of the + * received packet into the packet we forge, and we'll change + * some stuff in it. + */ + memcpy(ip6, old_ip6, sizeof(struct ipv6_header)); + + ip6->ip6_ctlun.ip6_un1.ip6_un1_flow = old_ip6->ip6_ctlun.ip6_un1.ip6_un1_flow; + ip6->ip6_ctlun.ip6_un1.ip6_un1_plen = data_len; + ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt = old_ip6->ip6_ctlun.ip6_un1.ip6_un1_nxt; + ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim = which_ttl(method, old_ip6->ip6_ctlun.ip6_un1.ip6_un1_hlim); + memcpy(&ip6->ip6_src, &old_ip6->ip6_dst, sizeof(struct in6_addr)); + memcpy(&ip6->ip6_dst, &old_ip6->ip6_src, sizeof(struct in6_addr)); + + memcpy(tcp, old_tcp, sizeof(struct tcp_packet)); + tcp->th_flags = flags; + if((flags & TCP_FLAG_RST) && (method & OPENVAS_CNX_IDS_EVASION_FAKE_RST)) + tcp->th_ack = htonl(ntohl(old_tcp->th_seq) + 1); + else + tcp->th_ack = old_tcp->th_seq; + + tcp->th_seq = old_tcp->th_ack; + tcp->th_sport = old_tcp->th_dport; + tcp->th_dport = old_tcp->th_sport; + tcp->th_off = 5; + tcp->th_sum = 0; + if(method & OPENVAS_CNX_IDS_EVASION_SHORT_TTL) + tcp_cksum(packet, data_len); + else + tcp->th_sum = rand(); /* bad checksum - packet will be dropped */ + + + /* + * Sending the packet now + */ + bzero(&sockaddr6, sizeof(sockaddr6)); + sockaddr6.sin6_family = AF_INET6; + sockaddr6.sin6_addr = ip6->ip6_dst; + + if(sendto(soc, packet, tot_len, 0, (struct sockaddr*)&sockaddr6, sizeof(sockaddr6)) < 0) + { + perror("openvas-libraries : libopenvas : ids_send.c : inject() : sendto() "); + } + efree(&packet); + close(soc); + return 0; +} + + int ids_send(fd, buf0, n, method) int fd; @@ -395,111 +497,143 @@ int n; int method; { - struct in_addr dst, src; - struct sockaddr_in sockaddr; - char * iface; - char filter[255]; - char * src_host, * dst_host; - int port; - int ret = 0; - int len; - char * buf = (char*)buf0; - unsigned int sz = sizeof(sockaddr); - int e; - unsigned char * packet; - int bpf; - - bzero(&sockaddr, sizeof(sockaddr)); - if(getpeername(fd, (struct sockaddr*)&sockaddr, &sz) < 0) - { - perror("getpeername() "); - } - port = ntohs(sockaddr.sin_port); - dst.s_addr = sockaddr.sin_addr.s_addr; - bzero(&src, sizeof(src)); - iface = routethrough(&dst, &src); - - - src_host = estrdup(inet_ntoa(src)); - dst_host = estrdup(inet_ntoa(dst)); - - snprintf(filter, sizeof(filter), "tcp and (src host %s and dst host %s and src port %d)", - dst_host, - src_host, - port); - efree(&src_host); - efree(&dst_host); - - bpf = bpf_open_live(iface, filter); + struct in_addr dst, src; + struct in6_addr dst6, src6; + struct sockaddr_in6 sockaddr6; + struct sockaddr_in *saddr; + struct sockaddr *sa; + char * iface; + char filter[255]; + char * src_host, * dst_host; + int port; + int ret = 0; + int len; + char * buf = (char*)buf0; + unsigned int sz = sizeof(sockaddr6); + int e; + unsigned char * packet; + int bpf; + char hostname[INET6_ADDRSTRLEN]; + int family; + + bzero(&sockaddr6, sizeof(sockaddr6)); + if(getpeername(fd, (struct sockaddr*)&sockaddr6, &sz) < 0) + { + perror("getpeername() "); + } + sa = (struct sockaddr *)&sockaddr6; + if(sa->sa_family == AF_INET) + { + family = AF_INET; + saddr = (struct sockaddr_in *)&sockaddr6; + port = ntohs(saddr->sin_port); + dst.s_addr = saddr->sin_addr.s_addr; + src.s_addr = 0; + iface = routethrough(&dst, &src); + + src_host = estrdup(inet_ntoa(src)); + dst_host = estrdup(inet_ntoa(dst)); + + snprintf(filter, sizeof(filter), "tcp and (src host %s and dst host %s and src port %d)", + dst_host, + src_host, + port); + efree(&src_host); + efree(&dst_host); + } + else + { + family = AF_INET6; + port = ntohs(sockaddr6.sin6_port); + memcpy(&dst6,&sockaddr6.sin6_addr,sizeof(struct in6_addr)); + bzero(&src6, sizeof(src6)); + iface = v6_routethrough(&dst6, &src6); + + src_host = estrdup(inet_ntop(AF_INET6,&src6, hostname, sizeof(hostname))); + dst_host = estrdup(inet_ntop(AF_INET6,&dst6, hostname,sizeof(hostname))); + snprintf(filter, sizeof(filter), "tcp and (src host %s and dst host %s and src port %d)", + dst_host, + src_host, + port); + efree(&src_host); + efree(&dst_host); + } + + bpf = bpf_open_live(iface, filter); if(bpf >= 0) { - e = send(fd, buf+ret, 1, 0); - packet = bpf_next(bpf, &len); - if(e < 0) - return -1; - else - ret+=e; - /* - * We can start to send stuff now - */ - while(ret < n) - { - if(packet) - { - char *pkt_ip; - int num_before = (rand() / 1000) % 3; - int num_after = (rand() / 1000) % 3; - int i; - - if(!num_before && !num_after) - { - if(rand() % 2)num_before = 1; - else num_after = 1; - } - pkt_ip = (char*)(packet + get_datalink_size(bpf_datalink(bpf))); - - /* - * send bogus data before - */ - for(i=0;is6_addr32[3]; + src.s_addr = 0; + iface = routethrough(&dst, &src); + src_host = estrdup(inet_ntoa(src)); + dst_host = estrdup(inet_ntoa(dst)); + } + else + { + family = AF_INET6; + iface = v6_routethrough(dst6, src6); + src_host = estrdup(inet_ntop(AF_INET6,src6, hostname, sizeof(hostname))); + dst_host = estrdup(inet_ntop(AF_INET6,dst6, hostname,sizeof(hostname))); + } - src_host = estrdup(inet_ntoa(src)); - dst_host = estrdup(inet_ntoa(*dst)); snprintf(filter, sizeof(filter), "tcp and (src host %s and dst host %s and src port %d)", - dst_host, src_host, port); - + dst_host, src_host, port); + efree(&src_host); - efree(&dst_host); - + efree(&dst_host); + + bpf = bpf_open_live(iface, filter); if(bpf >= 0) - { + { ret = open_sock_tcp(args, port, timeout); if(ret >= 0) { @@ -541,8 +692,11 @@ { char *pkt_ip; pkt_ip = (char*)(packet + get_datalink_size(bpf_datalink(bpf))); - - inject(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_RST, NULL, 0); + + if(family == AF_INET) + inject(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_RST, NULL, 0); + else + injectv6(pkt_ip, len - get_datalink_size(bpf_datalink(bpf)), method, TCP_FLAG_RST, NULL, 0); } } bpf_close(bpf); Modified: trunk/openvas-libraries/nasl/nasl_host.c =================================================================== --- trunk/openvas-libraries/nasl/nasl_host.c 2009-12-01 11:01:39 UTC (rev 6022) +++ trunk/openvas-libraries/nasl/nasl_host.c 2009-12-01 11:49:52 UTC (rev 6023) @@ -184,7 +184,6 @@ char hostname[255]; char * ret; struct in6_addr * ia = plug_get_host_ip(script_infos); - struct in_addr src; struct in6_addr in6addr; struct in_addr inaddr; struct in6_addr src6; @@ -222,7 +221,7 @@ (void)v6_routethrough(ia, &src6); } - if(!IN6_ARE_ADDR_EQUAL(&src, &in6addr_any)) + if(!IN6_ARE_ADDR_EQUAL(&src6, &in6addr_any)) { char * ret; From scm-commit at wald.intevation.org Tue Dec 1 14:49:44 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 14:49:44 +0100 (CET) Subject: [Openvas-commits] r6024 - in trunk/openvas-plugins: . scripts Message-ID: <20091201134944.1518A85D9F61@pyrosoma.intevation.org> Author: mime Date: 2009-12-01 14:49:41 +0100 (Tue, 01 Dec 2009) New Revision: 6024 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/netstat_portscan.nasl Log: Bugfix Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-01 11:49:52 UTC (rev 6023) +++ trunk/openvas-plugins/ChangeLog 2009-12-01 13:49:41 UTC (rev 6024) @@ -1,5 +1,10 @@ 2009-12-01 Michael Meyer + * scripts/netstat_portscan.nasl: + Bugfix (invalid port number). + +2009-12-01 Michael Meyer + * scripts/asterisk_37153.nasl, scripts/PowerPhlogger_detect.nasl, scripts/cacti_37137.nasl, Modified: trunk/openvas-plugins/scripts/netstat_portscan.nasl =================================================================== --- trunk/openvas-plugins/scripts/netstat_portscan.nasl 2009-12-01 11:49:52 UTC (rev 6023) +++ trunk/openvas-plugins/scripts/netstat_portscan.nasl 2009-12-01 13:49:41 UTC (rev 6024) @@ -130,7 +130,7 @@ addr = v[2]; port = v[3]; # display("> ", addr, ":", port, " (", proto, ")\n"); - if (port < 1 || port > 65535) + if (int(port) < 1 || int(port) > 65535) display('netstat_portscan(', get_host_ip(), '): invalid port number ', port, '\n'); else if ((check && addr != "127.0.0.1") || addr == "0.0.0.0" || addr == ip || addr == ":::" || addr == '*') From scm-commit at wald.intevation.org Tue Dec 1 14:57:57 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 14:57:57 +0100 (CET) Subject: [Openvas-commits] r6025 - in trunk/gsa: . src/html/src Message-ID: <20091201135757.6CECC85D9F7C@pyrosoma.intevation.org> Author: jan Date: 2009-12-01 14:57:56 +0100 (Tue, 01 Dec 2009) New Revision: 6025 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/omp.xsl Log: * src/html/src/omp.xsl: Grey out Stop/Delete in case a Task is "Requested". Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-01 13:49:41 UTC (rev 6024) +++ trunk/gsa/ChangeLog 2009-12-01 13:57:56 UTC (rev 6025) @@ -1,3 +1,7 @@ +2009-12-01 Jan-Oliver Wagner + + * src/html/src/omp.xsl: Grey out Stop/Delete in case a Task is "Requested". + 2009-11-27 Matthew Mundell * src/gsad_omp.h, src/gsad_omp.c: New files. Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2009-12-01 13:49:41 UTC (rev 6024) +++ trunk/gsa/src/html/src/omp.xsl 2009-12-01 13:57:56 UTC (rev 6025) @@ -1033,7 +1033,7 @@ - + Abort @@ -1048,7 +1048,7 @@ - + Delete Author: mwiegand Date: 2009-12-01 16:15:12 +0100 (Tue, 01 Dec 2009) New Revision: 6026 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: Set up an empty scan config as template for new configs. * src/tasks_sql.h (init_manage): Make sure the scan config 'empty' exists, create it if it does not. (delete_config): Refuse to delete 'empty'. (config_in_use): Set 'empty' as in use. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-12-01 13:57:56 UTC (rev 6025) +++ trunk/openvas-manager/ChangeLog 2009-12-01 15:15:12 UTC (rev 6026) @@ -1,3 +1,12 @@ +2009-12-01 Michael Wiegand + + Set up an empty scan config as template for new configs. + + * src/tasks_sql.h (init_manage): Make sure the scan config 'empty' + exists, create it if it does not. + (delete_config): Refuse to delete 'empty'. + (config_in_use): Set 'empty' as in use. + 2009-11-30 Michael Wiegand Post-release version bump. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-12-01 13:57:56 UTC (rev 6025) +++ trunk/openvas-manager/src/tasks_sql.h 2009-12-01 15:15:12 UTC (rev 6026) @@ -2425,6 +2425,24 @@ setup_full_config_prefs (config, 0, 0, 1); } + if (sql_int (0, 0, + "SELECT count(*) FROM configs" + " WHERE name = 'empty';") + == 0) + { + config_t config; + + sql ("INSERT into configs (name, nvt_selector, comment, family_count," + " nvt_count, nvts_growing, families_growing)" + " VALUES ('empty', 'empty'," + " 'Empty and static configuration template'," + " 0, 0, 0, 0);"); + + /* Setup preferences for the config. */ + config = sqlite3_last_insert_rowid (task_db); + setup_full_config_prefs (config, 1, 1, 0); + } + /* Ensure the predefined target exists. */ if (sql_int (0, 0, "SELECT count(*) FROM targets WHERE name = 'Localhost';") @@ -5541,7 +5559,8 @@ if (strcmp (name, "Full and fast") == 0 || strcmp (name, "Full and fast ultimate") == 0 || strcmp (name, "Full and very deep") == 0 - || strcmp (name, "Full and very deep ultimate") == 0) + || strcmp (name, "Full and very deep ultimate") == 0 + || strcmp (name, "empty") == 0) return 1; quoted_name = sql_nquote (name, strlen (name)); @@ -5650,7 +5669,8 @@ if (strcmp (name, "Full and fast") == 0 || strcmp (name, "Full and fast ultimate") == 0 || strcmp (name, "Full and very deep") == 0 - || strcmp (name, "Full and very deep ultimate") == 0) + || strcmp (name, "Full and very deep ultimate") == 0 + || strcmp (name, "empty") == 0) return 1; quoted_name = sql_quote (name); From scm-commit at wald.intevation.org Tue Dec 1 16:20:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 16:20:31 +0100 (CET) Subject: [Openvas-commits] r6027 - in trunk/gsa: . src src/html/src Message-ID: <20091201152031.D8E97861F2E4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-01 16:20:31 +0100 (Tue, 01 Dec 2009) New Revision: 6027 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad_omp.c trunk/gsa/src/html/src/omp.xsl Log: Add support for new empty scan config template. * src/html/src/omp.xsl: Switch default to 'empty'. * src/gsad_omp.c (create_config_omp): Switch default to 'empty'. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-01 15:15:12 UTC (rev 6026) +++ trunk/gsa/ChangeLog 2009-12-01 15:20:31 UTC (rev 6027) @@ -1,3 +1,11 @@ +2009-12-01 Michael Wiegand + + Add support for new empty scan config template. + + * src/html/src/omp.xsl: Switch default to 'empty'. + + * src/gsad_omp.c (create_config_omp): Switch default to 'empty'. + 2009-12-01 Jan-Oliver Wagner * src/html/src/omp.xsl: Grey out Stop/Delete in case a Task is "Requested". Modified: trunk/gsa/src/gsad_omp.c =================================================================== --- trunk/gsa/src/gsad_omp.c 2009-12-01 15:15:12 UTC (rev 6026) +++ trunk/gsa/src/gsad_omp.c 2009-12-01 15:20:31 UTC (rev 6027) @@ -1413,7 +1413,7 @@ "%s%s%s" "", name, - base ? base : "Full and fast", + base ? base : "empty", comment ? "" : "", comment ? comment : "", comment ? "" : "") == -1) Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2009-12-01 15:15:12 UTC (rev 6026) +++ trunk/gsa/src/html/src/omp.xsl 2009-12-01 15:20:31 UTC (rev 6027) @@ -1508,9 +1508,9 @@ From scm-commit at wald.intevation.org Tue Dec 1 16:27:11 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 16:27:11 +0100 (CET) Subject: [Openvas-commits] r6028 - in trunk/openvas-manager: . doc Message-ID: <20091201152711.D37FD861F2E4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-01 16:27:11 +0100 (Tue, 01 Dec 2009) New Revision: 6028 Modified: trunk/openvas-manager/CHANGES trunk/openvas-manager/ChangeLog trunk/openvas-manager/VERSION trunk/openvas-manager/doc/Doxyfile trunk/openvas-manager/doc/Doxyfile_full Log: Preparing the openvas-manager 0.9.6 release. * VERSION: Set to 0.9.6. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. Modified: trunk/openvas-manager/CHANGES =================================================================== --- trunk/openvas-manager/CHANGES 2009-12-01 15:20:31 UTC (rev 6027) +++ trunk/openvas-manager/CHANGES 2009-12-01 15:27:11 UTC (rev 6028) @@ -1,3 +1,16 @@ +openvas-manager 0.9.6 (2009-12-01) + +This is the twelfth development release of the openvas-manager module +for the Open Vulnerability Assessment System (OpenVAS). + +Many thanks to everyone who has contributed to this release: +Matthew Mundell and Felix Wolfsteller. + +Main changes since 0.9.5: + +* Support for empty scan config templates has been added. + + openvas-manager 0.9.5 (2009-11-30) This is the eleventh development release of the openvas-manager module Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-12-01 15:20:31 UTC (rev 6027) +++ trunk/openvas-manager/ChangeLog 2009-12-01 15:27:11 UTC (rev 6028) @@ -1,3 +1,13 @@ +2009-12-01 Michael Wiegand + + Preparing the openvas-manager 0.9.6 release. + + * VERSION: Set to 0.9.6. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CHANGES: Updated. + 2009-12-01 Michael Wiegand Set up an empty scan config as template for new configs. Modified: trunk/openvas-manager/VERSION =================================================================== --- trunk/openvas-manager/VERSION 2009-12-01 15:20:31 UTC (rev 6027) +++ trunk/openvas-manager/VERSION 2009-12-01 15:27:11 UTC (rev 6028) @@ -1 +1 @@ -0.9.6.SVN +0.9.6 Modified: trunk/openvas-manager/doc/Doxyfile =================================================================== --- trunk/openvas-manager/doc/Doxyfile 2009-12-01 15:20:31 UTC (rev 6027) +++ trunk/openvas-manager/doc/Doxyfile 2009-12-01 15:27:11 UTC (rev 6028) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.6.SVN +PROJECT_NUMBER = 0.9.6 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-manager/doc/Doxyfile_full =================================================================== --- trunk/openvas-manager/doc/Doxyfile_full 2009-12-01 15:20:31 UTC (rev 6027) +++ trunk/openvas-manager/doc/Doxyfile_full 2009-12-01 15:27:11 UTC (rev 6028) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.6.SVN +PROJECT_NUMBER = 0.9.6 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Dec 1 16:32:05 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 16:32:05 +0100 (CET) Subject: [Openvas-commits] r6029 - tags Message-ID: <20091201153205.6E2FE861F2E4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-01 16:32:05 +0100 (Tue, 01 Dec 2009) New Revision: 6029 Added: tags/openvas-manager-release-0.9.6/ Log: Tagging openvas-manager 0.9.6 release. Copied: tags/openvas-manager-release-0.9.6 (from rev 6028, trunk/openvas-manager) From scm-commit at wald.intevation.org Tue Dec 1 16:33:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 16:33:54 +0100 (CET) Subject: [Openvas-commits] r6030 - in trunk/openvas-manager: . doc Message-ID: <20091201153354.A99F9861F2C7@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-01 16:33:54 +0100 (Tue, 01 Dec 2009) New Revision: 6030 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog trunk/openvas-manager/VERSION trunk/openvas-manager/doc/Doxyfile trunk/openvas-manager/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 0.9.7.SVN. * CMakeLists.txt: CPACK_PACKAGE_VERSION_PATCH updated. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2009-12-01 15:32:05 UTC (rev 6029) +++ trunk/openvas-manager/CMakeLists.txt 2009-12-01 15:33:54 UTC (rev 6030) @@ -70,7 +70,7 @@ set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "0") set (CPACK_PACKAGE_VERSION_MINOR "9") -set (CPACK_PACKAGE_VERSION_PATCH "6${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_PATCH "7${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-12-01 15:32:05 UTC (rev 6029) +++ trunk/openvas-manager/ChangeLog 2009-12-01 15:33:54 UTC (rev 6030) @@ -1,3 +1,13 @@ +2009-12-01 Michael Wiegand + + Post-release version bump. + + * VERSION: Set to 0.9.7.SVN. + + * CMakeLists.txt: CPACK_PACKAGE_VERSION_PATCH updated. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + 2009-12-01 Michael Wiegand Preparing the openvas-manager 0.9.6 release. Modified: trunk/openvas-manager/VERSION =================================================================== --- trunk/openvas-manager/VERSION 2009-12-01 15:32:05 UTC (rev 6029) +++ trunk/openvas-manager/VERSION 2009-12-01 15:33:54 UTC (rev 6030) @@ -1 +1 @@ -0.9.6 +0.9.7.SVN Modified: trunk/openvas-manager/doc/Doxyfile =================================================================== --- trunk/openvas-manager/doc/Doxyfile 2009-12-01 15:32:05 UTC (rev 6029) +++ trunk/openvas-manager/doc/Doxyfile 2009-12-01 15:33:54 UTC (rev 6030) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.6 +PROJECT_NUMBER = 0.9.7.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-manager/doc/Doxyfile_full =================================================================== --- trunk/openvas-manager/doc/Doxyfile_full 2009-12-01 15:32:05 UTC (rev 6029) +++ trunk/openvas-manager/doc/Doxyfile_full 2009-12-01 15:33:54 UTC (rev 6030) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.6 +PROJECT_NUMBER = 0.9.7.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Dec 1 16:43:58 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 16:43:58 +0100 (CET) Subject: [Openvas-commits] r6031 - in trunk/gsa: . src/html/src Message-ID: <20091201154358.55314861F2C7@pyrosoma.intevation.org> Author: jan Date: 2009-12-01 16:43:57 +0100 (Tue, 01 Dec 2009) New Revision: 6031 Modified: trunk/gsa/CMakeLists.txt trunk/gsa/ChangeLog trunk/gsa/VERSION trunk/gsa/src/html/src/about.htm4 Log: * VERSION, CMakeLists.txt, src/html/src/about.htm4: Version set to 0.8.2.SVN. Modified: trunk/gsa/CMakeLists.txt =================================================================== --- trunk/gsa/CMakeLists.txt 2009-12-01 15:33:54 UTC (rev 6030) +++ trunk/gsa/CMakeLists.txt 2009-12-01 15:43:57 UTC (rev 6031) @@ -51,7 +51,7 @@ # TODO: Parse version numbers from file VERSION (see also below) SET(CPACK_PACKAGE_VERSION_MAJOR "0") SET(CPACK_PACKAGE_VERSION_MINOR "8") -SET(CPACK_PACKAGE_VERSION_PATCH "1.SVN") +SET(CPACK_PACKAGE_VERSION_PATCH "2.SVN") SET(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") SET(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") SET(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-01 15:33:54 UTC (rev 6030) +++ trunk/gsa/ChangeLog 2009-12-01 15:43:57 UTC (rev 6031) @@ -1,3 +1,8 @@ +2009-12-01 Jan-Oliver Wagner + + * VERSION, CMakeLists.txt, src/html/src/about.htm4: Version set + to 0.8.2.SVN. + 2009-12-01 Michael Wiegand Add support for new empty scan config template. Modified: trunk/gsa/VERSION =================================================================== --- trunk/gsa/VERSION 2009-12-01 15:33:54 UTC (rev 6030) +++ trunk/gsa/VERSION 2009-12-01 15:43:57 UTC (rev 6031) @@ -1 +1 @@ -0.8.1.SVN +0.8.2.SVN Modified: trunk/gsa/src/html/src/about.htm4 =================================================================== --- trunk/gsa/src/html/src/about.htm4 2009-12-01 15:33:54 UTC (rev 6030) +++ trunk/gsa/src/html/src/about.htm4 2009-12-01 15:43:57 UTC (rev 6031) @@ -4,7 +4,7 @@ -

Greenbone Security Assistant Version 0.8.1.SVN

+

Greenbone Security Assistant Version 0.8.2.SVN

The Greenbone Security Assistant is a web-based graphical From scm-commit at wald.intevation.org Tue Dec 1 17:21:09 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 1 Dec 2009 17:21:09 +0100 (CET) Subject: [Openvas-commits] r6032 - in trunk/openvas-plugins: . scripts Message-ID: <20091201162109.043458667D1D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-01 17:21:07 +0100 (Tue, 01 Dec 2009) New Revision: 6032 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/cpe_policy.nasl Log: * scripts/cpe_policy.nasl: Bugfix to improve missing CPE detection. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-01 15:43:57 UTC (rev 6031) +++ trunk/openvas-plugins/ChangeLog 2009-12-01 16:21:07 UTC (rev 6032) @@ -1,3 +1,7 @@ +2009-12-01 Michael Wiegand + + * scripts/cpe_policy.nasl: Bugfix to improve missing CPE detection. + 2009-12-01 Michael Meyer * scripts/netstat_portscan.nasl: Modified: trunk/openvas-plugins/scripts/cpe_policy.nasl =================================================================== --- trunk/openvas-plugins/scripts/cpe_policy.nasl 2009-12-01 15:43:57 UTC (rev 6031) +++ trunk/openvas-plugins/scripts/cpe_policy.nasl 2009-12-01 16:21:07 UTC (rev 6032) @@ -52,7 +52,6 @@ } cpes = get_kb_list("cpe:/*"); -if(isnull(cpes))exit(0); severity = script_get_preference("Severity"); severity_upon = script_get_preference("Severity upon"); From scm-commit at wald.intevation.org Wed Dec 2 08:54:05 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 08:54:05 +0100 (CET) Subject: [Openvas-commits] r6033 - in trunk/openvas-plugins: . scripts Message-ID: <20091202075405.5F6CB8667D1D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-02 08:54:02 +0100 (Wed, 02 Dec 2009) New Revision: 6033 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/cpe.inc Log: * scripts/cpe.inc: Re-added landesk entry which got lost in the last update. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-01 16:21:07 UTC (rev 6032) +++ trunk/openvas-plugins/ChangeLog 2009-12-02 07:54:02 UTC (rev 6033) @@ -1,3 +1,8 @@ +2009-12-02 Michael Wiegand + + * scripts/cpe.inc: Re-added landesk entry which got lost in the last + update. + 2009-12-01 Michael Wiegand * scripts/cpe_policy.nasl: Bugfix to improve missing CPE detection. Modified: trunk/openvas-plugins/scripts/cpe.inc =================================================================== --- trunk/openvas-plugins/scripts/cpe.inc 2009-12-01 16:21:07 UTC (rev 6032) +++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-02 07:54:02 UTC (rev 6033) @@ -708,6 +708,7 @@ "QEMU/Lin/Ver", "^([0-9.]+)", "cpe:/a:qemu:qemu:", "Gpg4win/Win/Ver", "^([0-9.]+)", "cpe:/a:gpg4win:gpg4win:", "Kleopatra/Win/Ver", "^([0-9.]+)", "cpe:/a:kde-apps:kleopatra:", +"www/*/landesk", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:landesk:landesk_management_suite:", "Snort/Linux/Ver", "^([0-9.]+)", "cpe:/a:snort:snort:", "www/*/joomla", "^([0-9.]+)", "cpe:/a:joomla:joomla", "www/*/base", "^([0-9.]+)", "cpe:/a:base:basic_analysis_and_security_engine:", From scm-commit at wald.intevation.org Wed Dec 2 09:38:41 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 09:38:41 +0100 (CET) Subject: [Openvas-commits] r6034 - in trunk/gsa: . src/html/src Message-ID: <20091202083841.6F800861F2F1@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-02 09:38:40 +0100 (Wed, 02 Dec 2009) New Revision: 6034 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/src/omp.xsl Log: * src/html/src/omp.xsl: Make 'Full and fast' accessible again as a scan config template. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 07:54:02 UTC (rev 6033) +++ trunk/gsa/ChangeLog 2009-12-02 08:38:40 UTC (rev 6034) @@ -1,3 +1,8 @@ +2009-12-02 Michael Wiegand + + * src/html/src/omp.xsl: Make 'Full and fast' accessible again as a scan + config template. + 2009-12-01 Jan-Oliver Wagner * VERSION, CMakeLists.txt, src/html/src/about.htm4: Version set Modified: trunk/gsa/src/html/src/omp.xsl =================================================================== --- trunk/gsa/src/html/src/omp.xsl 2009-12-02 07:54:02 UTC (rev 6033) +++ trunk/gsa/src/html/src/omp.xsl 2009-12-02 08:38:40 UTC (rev 6034) @@ -1514,6 +1514,12 @@

+ + +
- - Full and fast + Empty, static and fast
+ + Full and fast +
Import config file From scm-commit at wald.intevation.org Wed Dec 2 12:57:21 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 12:57:21 +0100 (CET) Subject: [Openvas-commits] r6035 - in trunk/openvas-manager: . src Message-ID: <20091202115721.9E7D8865F4A0@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-02 12:57:18 +0100 (Wed, 02 Dec 2009) New Revision: 6035 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tasks_sql.h Log: Fixed a bug which caused NVT selections in non-growing families to be wrongly calculated. * src/tasks_sql.h (manage_set_config_nvts): Defer determining the old NVT count until we know whether the family is growing or not, hand the correct growing flag to nvt_selector_nvt_count (). Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-12-02 08:38:40 UTC (rev 6034) +++ trunk/openvas-manager/ChangeLog 2009-12-02 11:57:18 UTC (rev 6035) @@ -1,3 +1,12 @@ +2009-12-02 Michael Wiegand + + Fixed a bug which caused NVT selections in non-growing families to be + wrongly calculated. + + * src/tasks_sql.h (manage_set_config_nvts): Defer determining the old + NVT count until we know whether the family is growing or not, hand the + correct growing flag to nvt_selector_nvt_count (). + 2009-12-01 Michael Wiegand Post-release version bump. Modified: trunk/openvas-manager/src/tasks_sql.h =================================================================== --- trunk/openvas-manager/src/tasks_sql.h 2009-12-02 08:38:40 UTC (rev 6034) +++ trunk/openvas-manager/src/tasks_sql.h 2009-12-02 11:57:18 UTC (rev 6035) @@ -5968,14 +5968,14 @@ /* If the family is growing, then exclude all no's, otherwise the family * is static, so include all yes's. */ - old_nvt_count = nvt_selector_nvt_count (selector, family, 1); - if (nvt_selector_family_growing (selector, family, config_families_growing (config))) { iterator_t nvts; + old_nvt_count = nvt_selector_nvt_count (selector, family, 1); + /* Clear any NVT selectors for this family from the config. */ sql ("DELETE FROM nvt_selectors" @@ -6014,6 +6014,8 @@ } else { + old_nvt_count = nvt_selector_nvt_count (selector, family, 0); + /* Clear any NVT selectors for this family from the config. */ sql ("DELETE FROM nvt_selectors" From scm-commit at wald.intevation.org Wed Dec 2 13:55:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 13:55:01 +0100 (CET) Subject: [Openvas-commits] r6036 - in trunk/openvas-plugins: . scripts Message-ID: <20091202125501.1CE7B861F2C5@pyrosoma.intevation.org> Author: chandra Date: 2009-12-02 13:54:57 +0100 (Wed, 02 Dec 2009) New Revision: 6036 Added: trunk/openvas-plugins/scripts/gb_dotnetnuke_info_disc_vuln.nasl trunk/openvas-plugins/scripts/gb_dotnetnuke_xss_search_vuln.nasl trunk/openvas-plugins/scripts/gb_dovecot_base_dir_sec_bypass_vuln.nasl trunk/openvas-plugins/scripts/gb_robo_ftp_client_bof_vuln.nasl trunk/openvas-plugins/scripts/gb_robo_ftp_client_detect.nasl trunk/openvas-plugins/scripts/gb_typsoft_ftp_detect.nasl trunk/openvas-plugins/scripts/gb_typsoft_ftp_server_dos_vuln.nasl trunk/openvas-plugins/scripts/gb_xm_easyftp_dir_create_dos_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/cpe.inc trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl trunk/openvas-plugins/scripts/xerver_37064.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/ChangeLog 2009-12-02 12:54:57 UTC (rev 6036) @@ -1,3 +1,22 @@ +2009-12-02 Chandrashekhar B + + * scripts/gb_typsoft_ftp_server_dos_vuln.nasl, + scripts/gb_dotnetnuke_xss_search_vuln.nasl, + scripts/gb_robo_ftp_client_bof_vuln.nasl, + scripts/gb_xm_easyftp_dir_create_dos_vuln.nasl, + scripts/gb_robo_ftp_client_detect.nasl, + scripts/gb_typsoft_ftp_detect.nasl, + scripts/gb_dotnetnuke_info_disc_vuln.nasl, + scripts/gb_dovecot_base_dir_sec_bypass_vuln.nasl: + Added new plugins. + + * scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl, + scripts/xerver_37064.nasl: + Added new CVE. + + * scripts/cpe.inc: + Updated to include new KB. + 2009-12-02 Michael Wiegand * scripts/cpe.inc: Re-added landesk entry which got lost in the last Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/cve_current.txt 2009-12-02 12:54:57 UTC (rev 6036) @@ -320,3 +320,9 @@ 37137 Greenbone svn R 37048 Greenbone svn R 37150 Greenbone svn R +CVE-2009-3897 SecPod svn R +CVE-2009-4103 SecPod svn L +CVE-2009-4109 SecPod svn R +CVE-2009-4110 SecPod svn R +CVE-2009-4105 SecPod svn R +CVE-2009-4108 SecPod svn R Modified: trunk/openvas-plugins/scripts/cpe.inc =================================================================== --- trunk/openvas-plugins/scripts/cpe.inc 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-02 12:54:57 UTC (rev 6036) @@ -736,7 +736,9 @@ "Axon-Virtual-PBX/Ver", "^([0-9.]+)", "cpe:/a:nch:axon_virtual_pbx:", "www/*/UseBB", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:usebb:usebb:", "www/*/FrontAccounting", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:frontaccounting:frontaccounting:", -"HomeFTPServer/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:downstairs.dnsalias:home_ftp_server:" +"HomeFTPServer/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:downstairs.dnsalias:home_ftp_server:", +"Robo/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?" , "cpe:/a:robo-ftp:robo-ftp:", +"TYPSoft/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:typsoft:typsoft_ftp_server:" ); Added: trunk/openvas-plugins/scripts/gb_dotnetnuke_info_disc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_dotnetnuke_info_disc_vuln.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_dotnetnuke_info_disc_vuln.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -0,0 +1,93 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_dotnetnuke_info_disc_vuln.nasl 5970 2009-12-02 17:12:58Z dec $ +# +# DotNetNuke Information Disclosure Vulnerability +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800153); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4109"); + script_bugtraq_id(37139); + script_name("DotNetNuke Information Disclosure Vulnerability"); + desc = " + Overview: The host is installed with DotNetNuke and is prone to Information + Disclosure Vulnerability. + + Vulnerability Insight: + The flaw exists due to install wizard insecurely displaying certain pages + containing version information to an anonymous user. + + Impact: + Successful exploitation will let the attacker obtain sensitive information + and attacker can use this information for further attacks. + + Impact Level: System/Application + + Affected Software/OS: + DotNetNuke versions 4.0 through 5.1.4 on all running platforms. + + Fix: Update to version 5.2.0 or later, + For Updates Refer, http://www.dotnetnuke.com/ + + References: + http://secunia.com/advisories/37480 + http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno30/tabid/1449/Default.aspx + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:P/I:N/A:N) + CVSS Temporal Score : 3.7 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of DotNetNuke"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Web application abuses"); + script_dependencies("gb_dotnetnuke_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +dnnPort = get_http_port(default:80); +if(!dnnPort){ + exit(0); +} + +dnnVer = get_kb_item("www/" + dnnPort + "/DotNetNuke"); +if(!dnnVer){ + exit(0); +} + +dnnVer = eregmatch(pattern:"^(.+) under (/.*)$", string:dnnVer); +if(dnnVer[1] != NULL) +{ + if(version_in_range(version:dnnVer[1], test_version:"4.0", test_version2:"5.1.4")){ + security_warning(dnnPort); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_dotnetnuke_info_disc_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_dotnetnuke_xss_search_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_dotnetnuke_xss_search_vuln.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_dotnetnuke_xss_search_vuln.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -0,0 +1,93 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_dotnetnuke_xss_search_vuln.nasl 5970 2009-12-02 13:52:12Z dec $ +# +# DotNetNuke Cross Site Scripting Vulnerability +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800152); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4110"); + script_bugtraq_id(37139); + script_name("DotNetNuke Cross Site Scripting Vulnerability"); + desc = " + Overview: The host is installed with DotNetNuke and is prone to Cross Site + Scripting Vulnerability. + + Vulnerability Insight: + The flaw is caused due to input passed to the search parameters are not properly + sanitized before being returned to the user. + + Impact: + Successful attack could lead to execution of arbitrary HTML and script code + in the context of an affected site. + + Impact Level: Application + + Affected Software/OS: + DotNetNuke versions 4.8 through 5.1.4 on all running platforms. + + Fix: Update to version 5.2.0 or later, + For Updates Refer, http://www.dotnetnuke.com/ + + References: + http://secunia.com/advisories/37480 + http://www.dotnetnuke.com/News/SecurityPolicy/securitybulletinno31/tabid/1450/Default.aspx + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N) + CVSS Temporal Score : 3.2 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of DotNetNuke"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Web application abuses"); + script_dependencies("gb_dotnetnuke_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +dnnPort = get_http_port(default:80); +if(!dnnPort){ + exit(0); +} + +dnnVer = get_kb_item("www/" + dnnPort + "/DotNetNuke"); +if(!dnnVer){ + exit(0); +} + +dnnVer = eregmatch(pattern:"^(.+) under (/.*)$", string:dnnVer); +if(dnnVer[1] != NULL) +{ + if(version_in_range(version:dnnVer[1], test_version:"4.8", test_version2:"5.1.4")){ + security_warning(dnnPort); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_dotnetnuke_xss_search_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_dovecot_base_dir_sec_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_dovecot_base_dir_sec_bypass_vuln.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_dovecot_base_dir_sec_bypass_vuln.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_dovecot_base_dir_sec_bypass_vuln.nasl 5899 2009-11-30 11:17:55Z nov $ +# +# Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it undr the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801055); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3897"); + script_bugtraq_id(37084); + script_name("Dovecot 'base_dir' Insecure Permissions Security Bypass Vulnerability"); + desc = " + Overview: This host has Dovecot installed and is prone to Security Bypass + Vulnerability + + Vulnerability Insight: + This flaw is caused due to insecure permissions (0777) being set on the 'base_dir' + directory and its parents, which could allow malicious users to replace auth + sockets and log in as other users. + + Impact: + Successful attack could allow malicious people to log in as another user, + which may aid in further attacks. + + Impact Level: System + + Affected Software/OS: + Dovecot versions 1.2 before 1.2.8 + + Fix: Apply the patch or upgrade to Dovecot version 1.2.8 + http://www.dovecot.org/download.html + + References: + http://xforce.iss.net/xforce/xfdb/54363 + http://www.vupen.com/english/advisories/2009/3306 + http://www.dovecot.org/list/dovecot-news/2009-November/000143.html + + CVSS Score: + CVSS Base Score : 4.6 (AV:L/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 3.4 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Dovecot"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("secpod_dovecot_detect.nasl"); + script_require_keys("Dovecot/Ver"); + exit(0); +} + + +include("version_func.inc"); + +dovecotVer = get_kb_item("Dovecot/Ver"); +if((dovecotVer != NULL) && (dovecotVer =~ "^1\.2")) +{ + if(version_is_less(version:dovecotVer, test_version:"1.2.8")){ + security_warning(0); + } +} Added: trunk/openvas-plugins/scripts/gb_robo_ftp_client_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_robo_ftp_client_bof_vuln.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_robo_ftp_client_bof_vuln.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_robo_ftp_client_bof_vuln.nasl 5968 2009-12-01 14:50:29Z dec $ +# +# Robo-FTP Response Processing Buffer Overflow Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801054); + script_version("$Revision: 1.0 $"); + script_bugtraq_id(37143); + script_cve_id("CVE-2009-4103"); + script_name("Robo-FTP Response Processing Buffer Overflow Vulnerability"); + desc = " + Overview: This host has installed Robo-FTP and is prone to Buffer Overflow + Vulnerability. + + Vulnerability Insight: + The flaw is due to a boundary error when processing certain responses from + the FTP server. This can be exploited to overflow a global buffer by tricking + a user into connecting to a malicious FTP server. + + Impact: + Successful exploitation will let the user execute arbitrary code in the context + of the vulnerable application. Failed exploit attempts will likely result in a + denial-of-service condition. + + Affected Software/OS: + Robo-FTP Client version 3.6.17 and prior. + + Fix: + No solution or patch is available as on 01st December 2009. Information + regarding this issue will be updated once the solution details are available. + http://www.robo-ftp.com/download/ + + References: + http://secunia.com/advisories/37452 + http://en.securitylab.ru/nvd/388275.php + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 8.5 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Robo-FTP Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C)Greenbone Networks GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_robo_ftp_client_detect.nasl"); + script_require_keys("Robo/FTP/Ver"); + exit(0); +} + + +include("version_func.inc"); + +roboftpVer = get_kb_item("Robo/FTP/Ver"); +if(roboftpVer != NULL) +{ + # Robo-FTP 3.6.17 (3.6.17.13) + if(version_is_less_equal(version:roboftpVer, test_version:"3.6.17.13")){ + security_hole(0); + } +} + Added: trunk/openvas-plugins/scripts/gb_robo_ftp_client_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_robo_ftp_client_detect.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_robo_ftp_client_detect.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -0,0 +1,71 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_robo_ftp_client_detect.nasl 5968 2009-12-01 10:05:35Z nov $ +# +# Robo-FTP Client Version Detection +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801053); + script_version("$Revision: 1.0 $"); + script_name("Robo-FTP Client Version Detection"); + desc = " + Overview : This script finds the installed Robo-FTP Client version and saves the + result in KB item. + + Risk factor : Informational"; + + script_description(desc); + script_summary("Set version of Robo-FTP Client in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(!registry_key_exists(key:"SOFTWARE\Robo-FTP")){ + exit(0); +} + +path = registry_get_sz(key:"SOFTWARE\Robo-FTP", item:"InstallDir"); +if(path != NULL) +{ + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:path + + "\Robo-FTP.exe"); + ftpVer = GetVer(share:share, file:file); + if(!isnull(ftpVer)){ + set_kb_item(name:"Robo/FTP/Ver", value:ftpVer); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_robo_ftp_client_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_typsoft_ftp_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_typsoft_ftp_detect.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_typsoft_ftp_detect.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -0,0 +1,67 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_typsoft_ftp_detect.nasl 5967 2009-12-01 17:05:29Z dec $ +# +# TYPSoft FTP Server Version Detection +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ + +if(description) +{ + script_id(801057); + script_version ("$Revision: 1.0 $"); + script_name("TYPSoft FTP Server Version Detection"); + desc = " + Overview: This script determines the TYPSoft FTP server version on the remote host + and sets the result in the KB. + + Risk factor : Informational"; + + script_description(desc); + script_summary("Sets KB of TYPSoft FTP version"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("FTP"); + script_dependencie("find_service.nes"); + script_require_ports("Services/www", 21); + exit(0); +} + + +include("ftp_func.inc"); + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(!get_port_state(port)){ + exit(0); +} + +banner = get_ftp_banner(port:port); +if("TYPSoft FTP" >< banner) +{ + tsVer = eregmatch(pattern:"TYPSoft FTP Server ([0-9.]+)", string:banner); + if(tsVer[1] != NULL){ + set_kb_item(name:"TYPSoft/FTP/Ver", value:tsVer[1]); + } +} Added: trunk/openvas-plugins/scripts/gb_typsoft_ftp_server_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_typsoft_ftp_server_dos_vuln.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_typsoft_ftp_server_dos_vuln.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -0,0 +1,95 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_typsoft_ftp_server_dos_vuln.nasl 5967 2009-01-12 17:12:58Z dec $ +# +# TYPSoft FTP Server 'APPE' and 'DELE' Commands DOS Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ + +if(description) +{ + script_id(801058); + script_version("$Revision: 1.0 $"); + script_bugtraq_id(37114); + script_cve_id("CVE-2009-4105"); + script_name("TYPSoft FTP Server 'APPE' and 'DELE' Commands DOS Vulnerability"); + desc = " + Overview: This host is running TYPSoft FTP Server and is prone to Denial of + Service Vulnerability. + + Vulnerability Insight: + The flaw is due to an error when handling the 'APPE' and 'DELE' commands. These can + be exploited through sending multiple login request in same socket. + + Impact: + Successful exploitation will let the user crash the application to cause + denial of service. + + Affected Software/OS: + TYPSoft FTP Server version 1.10 and prior. + + Fix: + No solution or patch is available as on 01st December 2009. Information + regarding this issue will be updated once the solution details are available. + http://www.softpedia.com/get/Internet/Servers/FTP-Servers/TYPSoft-FTP-Server.shtml + + References: + http://xforce.iss.net/xforce/xfdb/54407 + http://securitytracker.com/alerts/2009/Nov/1023234.html + + CVSS Score: + CVSS Base Score : 3.5 (AV:N/AC:M/Au:SI/C:N/I:N/A:P) + CVSS Temporal Score : 3.1 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of TYPSoft FTP Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("secpod_typsoft_ftp_detect.nasl"); + script_require_ports("Services/ftp", 21); + script_require_keys("TYPSoft/FTP/Ver"); + exit(0); +} + + +include("smb_nt.inc"); +include("version_func.inc"); + + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(!get_port_state(port)){ + exit(0); +} + +tsftpVer = get_kb_item("TYPSoft/FTP/Ver"); +if(tsftpVer != NULL) +{ + if(version_is_less_equal(version:tsftpVer, test_version:"1.10")){ + security_warning(port); + } +} + Modified: trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_xm_easy_personal_ftp_dos_vuln.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -7,6 +7,9 @@ # Authors: # Sharath S # +# Updated to CVE-2009-4048 +# - By Maneesh KB on 2009-11-24 #5879 +# # Copyright: # Copyright (c) 2009 Intevation GmbH, http://www.intevation.net # @@ -28,16 +31,20 @@ { script_id(801120); script_version("$Revision: 1.0 $"); - script_cve_id("CVE-2009-3643"); + script_cve_id("CVE-2009-3643", "CVE-2009-4048"); + script_bugtraq_id(37016, 36969); script_name("XM Easy Personal FTP Server 'LIST' And 'NLST' Command DoS Vulnerability"); desc = " Overview: This host is running XM Easy Personal FTP Server and is prone to Denial of Service vulnerability. Vulnerability Insight: - The flaw is caused due to an error when processing directory listing FTP - requests. This can be exploited to terminate the FTP service via overly - large 'LIST' or 'NLST' requests. + - The flaw is caused due to an error when processing directory listing FTP + requests. This can be exploited to terminate the FTP service via overly + large 'LIST' or 'NLST' requests. + - An error when handling certain FTP requests. By sending a specially- + crafted request to the APPE or DELE commands, a remote authenticated + attacker could cause the server to stop responding. Impact: Successful exploitation will let the attackers to cause a Denial of Service @@ -48,13 +55,14 @@ Affected Software/OS: Dxmsoft, XM Easy Personal FTP Server version 5.8.0 and prior - Fix: No solution or patch is available as on 21th October, 2009. Information + Fix: No solution or patch is available as on 24th November, 2009. Information regarding this issue will be updated once the solution details are available. For updates refer, http://www.dxm2008.com/index.htm References: http://osvdb.org/58542 http://secunia.com/advisories/36941/ + http://xforce.iss.net/xforce/xfdb/54277 http://xforce.iss.net/xforce/xfdb/53643 http://packetstormsecurity.org/0910-exploits/XM-ftp-dos.txt Added: trunk/openvas-plugins/scripts/gb_xm_easyftp_dir_create_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_xm_easyftp_dir_create_dos_vuln.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/gb_xm_easyftp_dir_create_dos_vuln.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -0,0 +1,96 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_xm_easyftp_dir_create_dos_vuln.nasl 5971 2009-12-02 17:05:29Z dec $ +# +# XM Easy Personal FTP Server File/Folder Denial of Service Vulnerability +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800726); + script_version("$Revision: 1.0 $"); + script_bugtraq_id(37112); + script_cve_id("CVE-2009-4108"); + script_name("XM Easy Personal FTP Server File/Folder Denial of Service Vulnerability"); + desc = " + Overview: This host is running XM Easy Personal FTP Server and is prone + to Denial of Service Vulnerability. + + Vulnerability Insight: + This flaw is due to improper validation check while creating recursive + directories by an authenticated user inside the root folder of the FTP + server. + + Impact: + Successful exploitation will let the authenticated user create recursive + directories and crash the FTP Server. + + Affected Software/OS: + Dxmsoft XM Easy Personal FTP Server version 5.8.0 and prior. + + Fix: + No solution/patch is available as on 02nd December, 2009. Information + regarding this issue will updated once the solution details are available. + For updates refer, http://www.dxm2008.com + + References: + http://secunia.com/advisories/37473 + http://xforce.iss.net/xforce/xfdb/54400 + http://www.securityfocus.com/archive/1/archive/1/508049/100/0/threaded + + CVSS Score: + CVSS Base Score : 4.0 (AV:N/AC:L/Au:SI/C:N/I:N/A:P) + CVSS Temporal Score : 3.6 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of XM Easy Personal FTP Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("find_service.nes", "gb_xm_easy_personal_ftp_detect.nasl"); + script_require_keys("XM-Easy-Personal-FTP/Ver"); + script_require_ports("Services/ftp", 21); + exit(0); +} + + +include("ftp_func.inc"); +include("version_func.inc"); + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(!get_port_state(port)){ + exit(0); +} + +xmFTPVer = get_kb_item("XM-Easy-Personal-FTP/Ver"); +if(xmFTPVer != NULL) +{ + # Grep for version 5.8.0 and prior + if(version_is_less_equal(version:xmFTPVer, test_version:"5.8.0")){ + security_warning(port); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_xm_easyftp_dir_create_dos_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Modified: trunk/openvas-plugins/scripts/xerver_37064.nasl =================================================================== --- trunk/openvas-plugins/scripts/xerver_37064.nasl 2009-12-02 11:57:18 UTC (rev 6035) +++ trunk/openvas-plugins/scripts/xerver_37064.nasl 2009-12-02 12:54:57 UTC (rev 6036) @@ -27,6 +27,7 @@ if (description) { script_id(100355); + script_cve_id("CVE-2009-4086"); script_bugtraq_id(37064); script_version ("1.0-$Revision$"); From scm-commit at wald.intevation.org Wed Dec 2 14:56:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 14:56:55 +0100 (CET) Subject: [Openvas-commits] r6037 - in trunk/openvas-scanner: . openvassd Message-ID: <20091202135655.29D18865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-02 14:56:52 +0100 (Wed, 02 Dec 2009) New Revision: 6037 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/auth.c trunk/openvas-scanner/openvassd/comm.c trunk/openvas-scanner/openvassd/openvassd.c Log: Made logging less verbose by wrapping a number of debugging messages in an #ifdef DEBUG. * openvassd/auth.c (auth_check_user): Only log successful logins when DEBUG is defined. * openvassd/comm.c (comm_init): Only log the protocol version requested by the client when DEBUG is defined. * openvassd/openvassd.c (main_loop): Only log debug messages about the connection when DEBUG is defined. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-12-02 12:54:57 UTC (rev 6036) +++ trunk/openvas-scanner/ChangeLog 2009-12-02 13:56:52 UTC (rev 6037) @@ -1,3 +1,17 @@ +2009-12-02 Michael Wiegand + + Made logging less verbose by wrapping a number of debugging messages in + an #ifdef DEBUG. + + * openvassd/auth.c (auth_check_user): Only log successful logins when + DEBUG is defined. + + * openvassd/comm.c (comm_init): Only log the protocol version requested + by the client when DEBUG is defined. + + * openvassd/openvassd.c (main_loop): Only log debug messages about the + connection when DEBUG is defined. + 2009-11-30 Chandrashekhar B * cnvts/synscan/synscan.c (rawsocket): IPv6 enabling. Modified: trunk/openvas-scanner/openvassd/auth.c =================================================================== --- trunk/openvas-scanner/openvassd/auth.c 2009-12-02 12:54:57 UTC (rev 6036) +++ trunk/openvas-scanner/openvassd/auth.c 2009-12-02 13:56:52 UTC (rev 6037) @@ -92,7 +92,9 @@ char* user = emalloc(strlen(buf_user)+1); strncpy(user, buf_user, strlen(buf_user)); +#ifdef DEBUG log_write("successful login of %s from %s\n", buf_user, from); +#endif if(arg_get_value(globals, "user")) arg_set_value(globals, "user", strlen(user), user); else Modified: trunk/openvas-scanner/openvassd/comm.c =================================================================== --- trunk/openvas-scanner/openvassd/comm.c 2009-12-02 12:54:57 UTC (rev 6036) +++ trunk/openvas-scanner/openvassd/comm.c 2009-12-02 13:56:52 UTC (rev 6037) @@ -86,7 +86,9 @@ { EXIT(0); } +#ifdef DEBUG log_write ("Client requested protocol %s.\n", buf); +#endif return(version); } Modified: trunk/openvas-scanner/openvassd/openvassd.c =================================================================== --- trunk/openvas-scanner/openvassd/openvassd.c 2009-12-02 12:54:57 UTC (rev 6036) +++ trunk/openvas-scanner/openvassd/openvassd.c 2009-12-02 13:56:52 UTC (rev 6037) @@ -708,7 +708,9 @@ saddr = (struct sockaddr_in *)&address; if(inet_ntop(AF_INET, &saddr->sin_addr, asciiaddr, INET6_ADDRSTRLEN) != NULL) { +#ifdef DEBUG log_write("Family is %d ascii address is %s\n",address.sin_family,asciiaddr); +#endif } else { @@ -719,7 +721,9 @@ { if(inet_ntop(AF_INET6, &address6.sin6_addr, asciiaddr, INET6_ADDRSTRLEN) != NULL) { +#ifdef DEBUG log_write("Family is %d ascii address is %s\n",address6.sin6_family,asciiaddr); +#endif } else { @@ -755,7 +759,9 @@ } } #endif +#ifdef DEBUG log_write ("connection from %s\n", (char *)asciiaddr); +#endif /* efree(&asciiaddr); */ From scm-commit at wald.intevation.org Wed Dec 2 17:31:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 17:31:13 +0100 (CET) Subject: [Openvas-commits] r6038 - in trunk/openvas-plugins: . scripts Message-ID: <20091202163113.C8BB2865F4A0@pyrosoma.intevation.org> Author: mime Date: 2009-12-02 17:30:58 +0100 (Wed, 02 Dec 2009) New Revision: 6038 Added: trunk/openvas-plugins/scripts/ISPworker_26277.nasl trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_detect.nasl trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl trunk/openvas-plugins/scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl trunk/openvas-plugins/scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl trunk/openvas-plugins/scripts/gb_dotnetnuke_auth_bypass_vuln.nasl trunk/openvas-plugins/scripts/gb_dotnetnuke_detect.nasl trunk/openvas-plugins/scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl trunk/openvas-plugins/scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl trunk/openvas-plugins/scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl trunk/openvas-plugins/scripts/gb_flock_detect_lin.nasl trunk/openvas-plugins/scripts/gb_flock_detect_win.nasl trunk/openvas-plugins/scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl trunk/openvas-plugins/scripts/gb_ibm_db2mc_detect.nasl trunk/openvas-plugins/scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl trunk/openvas-plugins/scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl trunk/openvas-plugins/scripts/gb_ikiwiki_detect.nasl trunk/openvas-plugins/scripts/gb_k-meleon_detect.nasl trunk/openvas-plugins/scripts/gb_lunascape_detect.nasl trunk/openvas-plugins/scripts/gb_maxthon_detect.nasl trunk/openvas-plugins/scripts/gb_mozilla_detect_win.nasl trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl trunk/openvas-plugins/scripts/gb_ms_win2k3_dos_vuln_sep09.nasl trunk/openvas-plugins/scripts/gb_netrisk_detect.nasl trunk/openvas-plugins/scripts/gb_netrisk_sec_bypass_vuln.nasl trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_win.nasl trunk/openvas-plugins/scripts/gb_openpro_detect.nasl trunk/openvas-plugins/scripts/gb_openpro_file_inc_vuln.nasl trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl trunk/openvas-plugins/scripts/gb_orca_browser_detect.nasl trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl trunk/openvas-plugins/scripts/gb_sinecms_detect.nasl trunk/openvas-plugins/scripts/gb_sinecms_file_incl_vuln.nasl trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl trunk/openvas-plugins/scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl trunk/openvas-plugins/scripts/secpod_firefox_document_location_dos_vuln.nasl trunk/openvas-plugins/scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_aug09.nasl trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl trunk/openvas-plugins/scripts/secpod_ms09-046.nasl trunk/openvas-plugins/scripts/secpod_ms09-047.nasl trunk/openvas-plugins/scripts/secpod_ms09-048.nasl trunk/openvas-plugins/scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl trunk/openvas-plugins/scripts/secpod_php_sec_bypass_vuln_aug09.nasl trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl trunk/openvas-plugins/scripts/secpod_squirrelmail_csrf_vuln.nasl trunk/openvas-plugins/scripts/showmount.nasl trunk/openvas-plugins/scripts/yahoo_msg_running.nasl Log: Added new plugins. Removed unnecessary log messages Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/ChangeLog 2009-12-02 16:30:58 UTC (rev 6038) @@ -1,3 +1,65 @@ +2009-12-02 Michael Wiegand + + * scripts/simple_machines_forum_37182.nasl, + scripts/ISPworker_26277.nasl: + Added new plugins. + + * scripts/gb_flock_detect_win.nasl, + scripts/secpod_php_sec_bypass_vuln_aug09.nasl, + scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl, + scripts/gb_k-meleon_detect.nasl, + scripts/ms_telnet_overflow.nasl, + scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl, + scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl, + scripts/gb_adobe_robohelp_server_detect.nasl, + scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl, + scripts/gb_openpro_file_inc_vuln.nasl, + scripts/secpod_google_chrome_mult_vuln_aug09.nasl, + scripts/secpod_ms09-046.nasl, + scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl, + scripts/gb_maxthon_detect.nasl, + scripts/gb_mozilla_detect_win.nasl, + scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl, + scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl, + scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl, + scripts/gb_sinecms_detect.nasl, + scripts/gb_firefox_detect_lin.nasl, + scripts/gb_openoffice_word_bof_vuln_lin.nasl, + scripts/gb_netrisk_sec_bypass_vuln.nasl, + scripts/gb_openpro_detect.nasl, + scripts/gb_ikiwiki_detect.nasl, + scripts/secpod_squirrelmail_csrf_vuln.nasl, + scripts/gb_flock_detect_lin.nasl, + scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl, + scripts/gb_icq_toolbar_detect.nasl, + scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl, + scripts/secpod_ms09-048.nasl, + scripts/gb_orca_browser_detect.nasl, + scripts/gb_ibm_db2mc_detect.nasl, + scripts/gb_dotnetnuke_detect.nasl, + scripts/gb_netrisk_detect.nasl, + scripts/secpod_firefox_document_location_dos_vuln.nasl, + scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl, + scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl, + scripts/gb_ms_win2k3_dos_vuln_sep09.nasl, + scripts/yahoo_msg_running.nasl, + scripts/gb_dotnetnuke_auth_bypass_vuln.nasl, + scripts/secpod_kvirc_detect_win.nasl, + scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl, + scripts/secpod_projectbutler_file_inc_vuln.nasl, + scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl, + scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl, + scripts/gb_sinecms_file_incl_vuln.nasl, + scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl, + scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl, + scripts/secpod_ms09-047.nasl, + scripts/gb_lunascape_detect.nasl, + scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl, + scripts/showmount.nasl, + scripts/gb_openoffice_word_bof_vuln_win.nasl, + scripts/gb_qtweb_detect.nasl: + Removed unnecessary log messages. + 2009-12-02 Chandrashekhar B * scripts/gb_typsoft_ftp_server_dos_vuln.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/cve_current.txt 2009-12-02 16:30:58 UTC (rev 6038) @@ -326,3 +326,4 @@ CVE-2009-4110 SecPod svn R CVE-2009-4105 SecPod svn R CVE-2009-4108 SecPod svn R +37182 Greenbone svn R Added: trunk/openvas-plugins/scripts/ISPworker_26277.nasl =================================================================== --- trunk/openvas-plugins/scripts/ISPworker_26277.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/ISPworker_26277.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -0,0 +1,100 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# ISPworker Download.PHP Multiple Directory Traversal Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100370); + script_bugtraq_id(26277); + script_cve_id("CVE-2007-5813"); + script_version ("1.0-$Revision$"); + + script_name("ISPworker Download.PHP Multiple Directory Traversal Vulnerabilities"); + +desc = "Overview: +ISPworker is prone to multiple directory-traversal vulnerabilities +because it fails to sufficiently sanitize user-supplied input. + +Exploiting these issues may allow an attacker to obtain sensitive +information that could aid in further attacks. + +These issues affect ISPworker 1.21 and 1.23; other versions may also +be affected. + +References: +http://www.securityfocus.com/bid/26277 +http://www.ispware.de/ispworker/index.php + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if ISPworker is prone to multiple directory-traversal vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); + +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/ispworker",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/module/biz/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "Login - ISPworker", string: buf, icase: TRUE) && + egrep(pattern: "start_authentication", string: buf, icase: TRUE)) { + + url = string(dir,"/module/ticket/download.php?ticketid=../../../../../../../../../etc/passwd%00"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req,bodyonly:FALSE); + if( buf == NULL )exit(0); + + if(egrep(pattern: "root:.*:0:[01]:.*", string: buf, icase: TRUE)) { + + security_warning(port:port); + exit(0); + + } + } +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/ISPworker_26277.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -55,7 +55,6 @@ if(!get_port_state(robohelpPort)) { - log_message(data:"gb_adobe_robohelp_server_detect.nasl: Required HTTP port is not open."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_adobe_robohelp_server_unspecified_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -81,7 +81,6 @@ robohelpPort = get_http_port(default:8080); if(!robohelpPort) { - log_message(data:"gb_adobe_robohelp_server_unspecified_vuln.nasl: Required HTTP port is not open."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_apple_safari_js_uri_xss_vuln_sep09.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -76,7 +76,6 @@ safariVer = get_kb_item("AppleSafari/Version"); if(isnull(safariVer)) { - log_message(data:"gb_apple_safari_js_uri_xss_vuln_sep09.nasl:Exit due to NULL value return from KB for Apple Safari"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_avant_browser_addr_bar_spoofing_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -76,7 +76,6 @@ abVer = get_kb_item("AvantBrowser/Ver"); if(!abVer){ - log_message(data:"gb_avant_browser_addr_bar_spoofing_vuln.nasl:Avant Browser is not installed"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_dotnetnuke_auth_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_dotnetnuke_auth_bypass_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_dotnetnuke_auth_bypass_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -76,14 +76,11 @@ dnnPort = get_http_port(default:80); if(!dnnPort){ - log_message(data:"gb_dotnetnuke_auth_bypass_vuln.nasl: Required port is not open."); exit(0); } dnnVer = get_kb_item("www/" + dnnPort + "/DotNetNuke"); if(!dnnVer){ - log_message(data:"gb_dotnetnuke_auth_bypass_vuln.nasl: - DotNetNuke is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_dotnetnuke_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_dotnetnuke_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_dotnetnuke_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -54,7 +54,6 @@ } if(!get_port_state(dnnPort)){ - log_message(data:"gb_dotnetnuke_detect.nasl: Required port is not open."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_dotnetnuke_installwizard_info_disc_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -76,15 +76,11 @@ dnnPort = get_http_port(default:80); if(!dnnPort){ - log_message(data:"gb_dotnetnuke_installwizard_info_disc_vuln.nasl: - Required port is not open."); exit(0); } dnnVer = get_kb_item("www/" + dnnPort + "/DotNetNuke"); if(!dnnVer){ - log_message(data:"gb_dotnetnuke_installwizard_info_disc_vuln.nasl: - DotNetNuke is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_dotnetnuke_skin_sec_bypass_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -76,15 +76,11 @@ dnnPort = get_http_port(default:80); if(!dnnPort){ - log_message(data:"gb_dotnetnuke_skin_sec_bypass_vuln.nasl: - Required port is not open."); exit(0); } dnnVer = get_kb_item("www/" + dnnPort + "/DotNetNuke"); if(!dnnVer){ - log_message(data:"gb_dotnetnuke_skin_sec_bypass_vuln.nasl: - DotNetNuke is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_firefox_data_uri_xss_vuln_sep09_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -82,7 +82,6 @@ if(!ffVer) { - log_message(data:"gb_firefox_data_uri_xss_vuln_sep09_lin.nasl: Firefox is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_firefox_detect_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -54,7 +54,6 @@ fox_sock = ssh_login_or_reuse_connection(); if(!fox_sock) { - log_message(data:"gb_firefox_detect_lin.nasl:Unable to login through SSH."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_flock_detect_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_flock_detect_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_flock_detect_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -49,7 +49,6 @@ f_soc = ssh_login_or_reuse_connection(); if(!f_soc){ - log_message(data:"gb_flock_detect_win.nasl:SSH login failed"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_flock_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_flock_detect_win.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_flock_detect_win.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -52,12 +52,10 @@ if(!get_kb_item("SMB/WindowsVersion")) { - log_message(data:"gb_flock_detect_win.nasl:Non-Windows Platform found"); exit(0); } if(!registry_key_exists(key:"SOFTWARE\Flock\Flock")){ - log_message(data:"gb_flock_detect_win.nasl:Flock is not installed"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_google_chrome_js_uri_xss_vuln_sep09.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -78,7 +78,6 @@ chromeVer = get_kb_item("GoogleChrome/Win/Ver"); if(isnull(chromeVer)) { - log_message(data:"gb_google_chrome_js_uri_xss_vuln_sep09.nasl:Google Chrome not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_ibm_db2mc_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_db2mc_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_ibm_db2mc_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -55,7 +55,6 @@ if(!get_port_state(dmcPort)) { - log_message(data:"gb_ibm_db2mc_detect.nasl: Required HTTP port is not open."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_ibm_db2mc_mult_unspecified_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -81,14 +81,12 @@ dmcPort = get_http_port(default:80); if(!dmcPort) { - log_message(data:"gb_ibm_db2mc_mult_unspecified_vuln.nasl: Required HTTP Port is not open"); exit(0); } dmcVer = get_kb_item("www/" + dmcPort + "/IBM/DB2MC"); if(!dmcVer) { - log_message(data:"gb_ibm_db2mc_mult_unspecified_vuln.nasl: IBM DB2 MC is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_icq_toolbar_actvx_ctrl_dos_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -82,7 +82,6 @@ cqVer = get_kb_item("ICQ/Toolbar/Ver"); if(!cqVer) { - log_message(data:"gb_icq_toolbar_actvx_ctrl_dos_vuln: ICQ Toolbar is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_icq_toolbar_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -51,7 +51,6 @@ include("secpod_smb_func.inc"); if(!get_kb_item("SMB/WindowsVersion")){ - log_message(data:"gb_icq_toolbar_detect.nasl: Not a Windows target."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_ikiwiki_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ikiwiki_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_ikiwiki_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -50,7 +50,6 @@ sock = ssh_login_or_reuse_connection(); if(!sock) { - log_message(data:"gb_ikiwiki_detect.nasl: SSH login failed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_k-meleon_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_k-meleon_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_k-meleon_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -52,7 +52,6 @@ if(!get_kb_item("SMB/WindowsVersion")) { - log_message(data:"gb_k-meleon_detect.nasl: Not a Windows target."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_lunascape_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_lunascape_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_lunascape_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -52,7 +52,6 @@ if(!get_kb_item("SMB/WindowsVersion")) { - log_message(data:"gb_lunascape_detect.nasl:Not a Windows target."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_maxthon_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_maxthon_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_maxthon_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -52,7 +52,6 @@ if(!get_kb_item("SMB/WindowsVersion")) { - log_message(data:"gb_maxthon_detect.nasl: Not a Windows target."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_mozilla_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mozilla_detect_win.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_mozilla_detect_win.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -106,7 +106,6 @@ if(!get_kb_item("SMB/WindowsVersion")){ - log_message(data:"gb_mozilla_detect_win.nasl: Not a Windows target."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -84,7 +84,6 @@ version_is_equal(version:ffVer, test_version:"3.5.2")) { security_warning(0); - log_message(data:"Exit due to Firefox Vulnerable version is Found"); exit(0); } } Modified: trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_mozilla_prdts_addr_bar_spoofing_vuln_win.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -84,7 +84,6 @@ version_is_equal(version:ffVer, test_version:"3.5.2")) { security_warning(0); - log_message(data:"Exit due to Firefox Vulnerable version is Found"); exit(0); } } Modified: trunk/openvas-plugins/scripts/gb_ms_win2k3_dos_vuln_sep09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ms_win2k3_dos_vuln_sep09.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_ms_win2k3_dos_vuln_sep09.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -80,8 +80,6 @@ include("secpod_smb_func.inc"); if(hotfix_check_sp(win2003:3) <= 0){ - log_message(data:"gb_ms_win2k3_dos_vuln_sep09.nasl: - Installed OS is not vulnerable"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_netrisk_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_netrisk_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_netrisk_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -55,7 +55,6 @@ if(!get_port_state(netriskPort)) { - log_message(data:"gb_netrisk_detect.nasl: Required HTTP port is not open"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_netrisk_sec_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_netrisk_sec_bypass_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_netrisk_sec_bypass_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -80,7 +80,6 @@ if(!netriskPort) { - log_message(data:"gb_netrisk_sec_bypass_vuln.nasl: Required HTTP port is not open."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -79,7 +79,6 @@ openVer = get_kb_item("OpenOffice/Linux/Ver"); if(!openVer) { - log_message(data:"gb_openoffice_word_bof_vuln_lin.nasl: OpenOffice is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_win.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_openoffice_word_bof_vuln_win.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -79,7 +79,6 @@ openVer = get_kb_item("OpenOffice/Win/Ver"); if(!openVer) { - log_message(data:"gb_openoffice_word_bof_vuln_win.nasl: OpenOffice is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_openpro_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_openpro_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_openpro_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -53,7 +53,6 @@ openPort = 80; } if(!get_port_state(openPort)){ - log_message(data:"gb_openpro_detect.nasl: Required HTTP port is not open"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_openpro_file_inc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_openpro_file_inc_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_openpro_file_inc_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -77,7 +77,6 @@ openPort = get_http_port(default:80); if(!openPort){ - log_message(data:"gb_openpro_file_inc_vuln.nasl: Required HTTP port is not open"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -76,7 +76,6 @@ operaVer = get_kb_item("Opera/Build/Linux/Ver"); if(isnull(operaVer)) { - log_message(data:"gb_opera_js_uri_xss_vuln_sep09_lin.nasl: Opera is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_opera_js_uri_xss_vuln_sep09_win.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -76,7 +76,6 @@ operaVer = get_kb_item("Opera/Build/Win/Ver"); if(isnull(operaVer)) { - log_message(data:"gb_opera_js_uri_xss_vuln_sep09_win.nasl: Opera is not installed"); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_lin.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -89,7 +89,6 @@ if(isnull(operaVer)) { - log_message(data:"gb_opera_mult_url_spoof_vuln_sep09_lin.nasl: Opera is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_opera_mult_url_spoof_vuln_sep09_win.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -88,7 +88,6 @@ operaVer = get_kb_item("Opera/Win/Version"); if(isnull(operaVer)) { - log_message(data:"gb_opera_mult_url_spoof_vuln_sep09_win.nasl: Opera is not installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_orca_browser_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_orca_browser_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_orca_browser_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -108,7 +108,6 @@ if(!get_kb_item("SMB/WindowsVersion")) { - log_message(data:"gb_orca_browser_detect.nasl: Not a Windows target."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_qtweb_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -52,7 +52,6 @@ if(!get_kb_item("SMB/WindowsVersion")) { - log_message(data:"gb_qtweb_detect.nasl: Not a Windows target."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_sinecms_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sinecms_detect.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_sinecms_detect.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -55,7 +55,6 @@ if(!get_port_state(sinePort)) { - log_message(data:"gb_sinecms_detect.nasl: Required HTTP port is not open."); exit(0); } Modified: trunk/openvas-plugins/scripts/gb_sinecms_file_incl_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_sinecms_file_incl_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/gb_sinecms_file_incl_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -81,7 +81,6 @@ sinePort = get_http_port(default:80); if(!sinePort) { - log_message(data:"gb_sinecms_file_incl_vuln.nasl: Required HTTP port is not open."); exit(0); } Modified: trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl =================================================================== --- trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/ms_telnet_overflow.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -70,7 +70,6 @@ close(sock); return(1); }else{ - log_message(data:'Can\'t connect to port ' + port); return(0); } } Modified: trunk/openvas-plugins/scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_asterisk_sip_channel_driver_dos_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -124,8 +124,6 @@ astk_sock = ssh_login_or_reuse_connection(); if(!astk_sock) { - log_message(data:"secpod_asterisk_sip_channel_driver_dos_vuln.nasl: - Unable to login over ssh"); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_firefox_document_location_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_firefox_document_location_dos_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_firefox_document_location_dos_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -81,8 +81,6 @@ include("version_func.inc"); if(hotfix_check_sp(xp:4) <= 0){ - log_message(data:"secpod_firefox_document_location_dos_vuln.nasl: - Installed OS is not Windows XP SP3 and below"); exit(0); } @@ -91,8 +89,6 @@ if(isnull(ffVer)) { - log_message(data:"secpod_firefox_document_location_dos_vuln.nasl: - Firefox is not installed"); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_google_chrome_chromehtml_dos_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -78,8 +78,6 @@ chromeVer = get_kb_item("GoogleChrome/Win/Ver"); if(isnull(chromeVer)){ - log_message(data:"secpod_google_chrome_chromehtml_dos_vuln.nasl: - Google Chrome is not installed"); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_aug09.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_aug09.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_aug09.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -82,8 +82,6 @@ chromeVer = get_kb_item("GoogleChrome/Win/Ver"); if(isnull(chromeVer)){ - log_message(data:"secpod_google_chrome_mult_vuln_aug09.nasl: - Google Chrome is not installed"); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_kvirc_detect_win.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -52,7 +52,6 @@ # Check for Windows OS if(!get_kb_item("SMB/WindowsVersion")){ - log_message(data:"secpod_kvirc_detect_win.nasl:Target Machine is not a Windows OS"); exit(0); } @@ -102,7 +101,6 @@ } else { - log_message(data:"Version is not Found in Readme.txt File"); exit(0); } } Modified: trunk/openvas-plugins/scripts/secpod_ms09-046.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-046.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_ms09-046.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -81,14 +81,12 @@ include("secpod_smb_func.inc"); if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){ - log_message(data:"Exit because installed OS is not vulnerable"); exit(0); } # MS09-046 Hotfix check if(hotfix_missing(name:"956844") == 0) { - log_message(data:"secpod_ms09-046.nasl: Hotfix is installed."); exit(0); } @@ -97,7 +95,6 @@ if(!dllPath) { - log_message(data:"secpod_ms09-046.nasl: Required dll is not found."); exit(0); } @@ -108,7 +105,6 @@ dllVer = GetVer(file:file, share:share); if(!dllVer) { - log_message(data:"secpod_ms09-046.nasl: Required dll is not found."); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_ms09-047.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-047.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_ms09-047.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -86,7 +86,6 @@ # MS09-047 Hotfix check if((hotfix_missing(name:"968816") == 0)||(hotfix_missing(name:"972554") == 0)) { - log_message(data:"secpod_ms09-047.nasl: Required hotfix is installed."); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_ms09-048.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-048.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_ms09-048.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -91,7 +91,6 @@ # MS09-048 Hotfix check if(hotfix_missing(name:"967723") == 0) { - log_message(data:"secpod_ms09-048.nasl: Hotfix is installed."); exit(0); } @@ -99,7 +98,6 @@ item:"Install Path"); if(!sysPath) { - log_message(data:"secpod_ms09-048.nasl: Required file is not present."); exit(0); } @@ -110,7 +108,6 @@ sysVer = GetVer(file:file, share:share); if(!sysVer) { - log_message(data:"secpod_ms09-048.nasl: Unable to get the version for the file Tcpip.sys."); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_ms_ie_addr_bar_spoofing_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -78,7 +78,6 @@ ieVer = get_kb_item("MS/IE/EXE/Ver"); if(!ieVer) { - log_message(data:"secpod_ms_ie_addr_bar_spoofing_vuln:Internet Explorer is not installed"); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_php_sec_bypass_vuln_aug09.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_php_sec_bypass_vuln_aug09.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_php_sec_bypass_vuln_aug09.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -80,7 +80,6 @@ phpPort = get_http_port(default:80); if(!phpPort) { - log_message(data:"secpod_php_sec_bypass_vuln_aug09.nasl: HTTP port is not open"); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_projectbutler_file_inc_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -81,15 +81,11 @@ } if(!get_port_state(pbPort)){ - log_message(data:"secpod_projectbutler_file_inc_vuln.nasl: - Require port is not open"); exit(0); } if(safe_checks()) { - log_message(data:"secpod_projectbutler_file_inc_vuln.nasl: - Safe check is enabled, not proceeding"); exit(0); } Modified: trunk/openvas-plugins/scripts/secpod_squirrelmail_csrf_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_squirrelmail_csrf_vuln.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/secpod_squirrelmail_csrf_vuln.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -86,7 +86,6 @@ if(isnull(squirrelPort)) { - log_message(data:"secpod_squirrelmail_csrf_vuln.nasl: Required HTTP port is not open"); exit(0); } @@ -94,7 +93,6 @@ if(isnull(squirrelVer)) { - log_message(data:"secpod_squirrelmail_csrf_vuln.nasl: SquirrelMail not installed"); exit(0); } Modified: trunk/openvas-plugins/scripts/showmount.nasl =================================================================== --- trunk/openvas-plugins/scripts/showmount.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/showmount.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -105,7 +105,6 @@ if(protocol == IPPROTO_UDP){ udp_sock = open_sock_udp(port); if(isnull(udp_sock)) { - log_message(data: "rpc_mountd_export: Error opening socket on udp port " + port); return NULL; } send(socket: udp_sock, data: rpc_mountd_export_call); @@ -114,43 +113,36 @@ }else if(protocol == IPPROTO_TCP){ tcp_sock = open_sock_tcp(port); if(isnull(tcp_sock)){ - log_message(data: "rpc_mountd_export: Error opening socket on tcp port " + port); return NULL; } send(socket: tcp_sock, data: rpc_mountd_export_call); rpc_mountd_export_reply = recv(socket: tcp_sock, length: MSS); close(tcp_sock); }else { - log_message(data: "rpc_mountd_export: Invalid protocol"); return NULL; } if(isnull(rpc_mountd_export_reply)){ - log_message(data: "rpc_mountd_export: No reply message"); return NULL; } #RPC reply reply_xid = substr(rpc_mountd_export_reply,0,3); if(reply_xid != XID){ - log_message(data: "rpc_mountd_export: xid don't match"); return NULL; } reply_msg_type = substr(rpc_mountd_export_reply,4,7); if(reply_msg_type != raw_string(0x00, 0x00, 0x00, 0x01)){ - log_message(data: "rpc_mountd_export: Not a reply message"); return NULL; } reply_reply_state = substr(rpc_mountd_export_reply,8,11); if(reply_reply_state != raw_string(0x00, 0x00, 0x00, 0x00)){ - log_message(data: "rpc_mountd_export: Call was denied by the server"); return NULL; } reply_verifier_flavor = substr(rpc_mountd_export_reply,12,15); reply_verifier_length = substr(rpc_mountd_export_reply,16,19); reply_accept_state = substr(rpc_mountd_export_reply,20,23); if(reply_accept_state != raw_string(0x00, 0x00, 0x00, 0x00)){ - log_message(data: "rpc_mountd_export: Remote procedure returned an error"); return NULL; } #MOUNTD exportlist @@ -168,7 +160,6 @@ export_list = rpc_mountd_export(port: RPC_MOUNTD_port, protocol: IPPROTO_UDP); #using UDP because get_rpc_port is written only for udp ports if(isnull(export_list)){ - log_message(data: "rpc_mountd_export: FAIL!"); exit(-1); }else{ VALUE_FOLLOWS = raw_string(0x00, 0x00, 0x00, 0x01); Added: trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl =================================================================== --- trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -0,0 +1,101 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Simple Machines Forum Multiple Security Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100371); + script_bugtraq_id(37182); + script_version ("1.0-$Revision$"); + + script_name("Simple Machines Forum Multiple Security Vulnerabilities"); + +desc = "Overview: +Simple Machines Forum is prone to multiple security vulnerabilities: + +- A remote PHP code-execution vulnerability +- Multiple cross-site scripting vulnerabilities +- Multiple cross-site request-forgery vulnerabilities +- An information-disclosure vulnerability +- Multiple denial-of-service vulnerabilities + + Attackers can exploit these issues to execute arbitrary script code + within the context of the webserver, perform unauthorized actions on + behalf of legitimate users, compromise the affected application, + steal cookie-based authentication credentials, obtain information + that could aid in further attacks or cause denial-of-service + conditions. + +Please note some of these issues may already be described in other +BIDs. This BID will be updated if further analysis confirms this. + +These issues affect Simple Machines Forum 2.0 RC2. Some of these +issues also affect version 1.1.10. + +Solution: +Reportedly, the vendor fixed some of the issues in the release 1.1.11. + +References: +http://www.securityfocus.com/bid/37182 +http://www.simplemachines.org/ +http://code.google.com/p/smf2-review/issues/list + +Risk factor : High"; + + script_description(desc); + script_summary("Determine if Simple Machines Forum is prone to multiple security vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("gb_simple_machines_forum_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/SMF")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_equal(version: vers, test_version: "1.1.10") || + version_is_equal(version: vers, test_version: "2.0.RC2")) { + security_warning(port:port); + exit(0); + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/yahoo_msg_running.nasl =================================================================== --- trunk/openvas-plugins/scripts/yahoo_msg_running.nasl 2009-12-02 13:56:52 UTC (rev 6037) +++ trunk/openvas-plugins/scripts/yahoo_msg_running.nasl 2009-12-02 16:30:58 UTC (rev 6038) @@ -173,7 +173,6 @@ } }else{ - log_message(data:"Can't open socket."); exit(-1); } From scm-commit at wald.intevation.org Wed Dec 2 17:35:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 17:35:47 +0100 (CET) Subject: [Openvas-commits] r6039 - trunk/openvas-plugins Message-ID: <20091202163547.6F63E861F2C2@pyrosoma.intevation.org> Author: mime Date: 2009-12-02 17:35:45 +0100 (Wed, 02 Dec 2009) New Revision: 6039 Modified: trunk/openvas-plugins/ChangeLog Log: Fixed wrong Changelog entry Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-02 16:30:58 UTC (rev 6038) +++ trunk/openvas-plugins/ChangeLog 2009-12-02 16:35:45 UTC (rev 6039) @@ -1,4 +1,4 @@ -2009-12-02 Michael Wiegand +2009-12-02 Michael Meyer * scripts/simple_machines_forum_37182.nasl, scripts/ISPworker_26277.nasl: From scm-commit at wald.intevation.org Wed Dec 2 19:07:19 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 19:07:19 +0100 (CET) Subject: [Openvas-commits] r6040 - in trunk/gsa: . src Message-ID: <20091202180719.1B3C9861F2F1@pyrosoma.intevation.org> Author: jan Date: 2009-12-02 19:07:18 +0100 (Wed, 02 Dec 2009) New Revision: 6040 Modified: trunk/gsa/ChangeLog trunk/gsa/src/CMakeLists.txt trunk/gsa/src/gsad_oap.h Log: * src/gsad_oap.h: Fixed comment. * src/CMakeLists.txt: Reformatted. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 16:35:45 UTC (rev 6039) +++ trunk/gsa/ChangeLog 2009-12-02 18:07:18 UTC (rev 6040) @@ -1,3 +1,9 @@ +2009-12-02 Jan-Oliver Wagner + + * src/gsad_oap.h: Fixed comment. + + * src/CMakeLists.txt: Reformatted. + 2009-12-02 Michael Wiegand * src/html/src/omp.xsl: Make 'Full and fast' accessible again as a scan Modified: trunk/gsa/src/CMakeLists.txt =================================================================== --- trunk/gsa/src/CMakeLists.txt 2009-12-02 16:35:45 UTC (rev 6039) +++ trunk/gsa/src/CMakeLists.txt 2009-12-02 18:07:18 UTC (rev 6040) @@ -29,24 +29,24 @@ exec_program (pkg-config ARGS --cflags gthread-2.0 - OUTPUT_VARIABLE GLIB_THREAD_CFLAGS) + OUTPUT_VARIABLE GLIB_THREAD_CFLAGS) exec_program (pkg-config ARGS --libs gthread-2.0 - OUTPUT_VARIABLE GLIB_THREAD_LDFLAGS) + OUTPUT_VARIABLE GLIB_THREAD_LDFLAGS) exec_program (pkg-config ARGS --cflags glib-2.0 - OUTPUT_VARIABLE GLIB_CFLAGS) + OUTPUT_VARIABLE GLIB_CFLAGS) exec_program (pkg-config ARGS --libs glib-2.0 - OUTPUT_VARIABLE GLIB_LDFLAGS) + OUTPUT_VARIABLE GLIB_LDFLAGS) exec_program (pkg-config ARGS --cflags libxml-2.0 - OUTPUT_VARIABLE LIBXML_CFLAGS) + OUTPUT_VARIABLE LIBXML_CFLAGS) exec_program (pkg-config ARGS --libs libxml-2.0 - OUTPUT_VARIABLE LIBXML_LDFLAGS) + OUTPUT_VARIABLE LIBXML_LDFLAGS) exec_program (libopenvas-config ARGS --cflags Modified: trunk/gsa/src/gsad_oap.h =================================================================== --- trunk/gsa/src/gsad_oap.h 2009-12-02 16:35:45 UTC (rev 6039) +++ trunk/gsa/src/gsad_oap.h 2009-12-02 18:07:18 UTC (rev 6040) @@ -1,6 +1,6 @@ /* Greenbone Security Assistant * $Id$ - * Description: Headers for GSA's OAP communication module + * Description: Headers for GSA's OAP communication module. * * Authors: * Matthew Mundell From scm-commit at wald.intevation.org Wed Dec 2 19:43:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 19:43:31 +0100 (CET) Subject: [Openvas-commits] r6041 - in trunk/openvas-plugins: . scripts Message-ID: <20091202184331.1EE88861F2C8@pyrosoma.intevation.org> Author: mime Date: 2009-12-02 19:43:26 +0100 (Wed, 02 Dec 2009) New Revision: 6041 Added: trunk/openvas-plugins/scripts/adaptcms_33698.nasl trunk/openvas-plugins/scripts/phpmyfaq_37180.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-02 18:07:18 UTC (rev 6040) +++ trunk/openvas-plugins/ChangeLog 2009-12-02 18:43:26 UTC (rev 6041) @@ -1,5 +1,14 @@ 2009-12-02 Michael Meyer + * * scripts/phpmyfaq_37180.nasl, + scripts/adaptcms_33698.nasl: + Added new plugins. + + * scripts/simple_machines_forum_37182.nasl: + Changed security_warning() to security_hole(). + +2009-12-02 Michael Meyer + * scripts/simple_machines_forum_37182.nasl, scripts/ISPworker_26277.nasl: Added new plugins. Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-02 18:07:18 UTC (rev 6040) +++ trunk/openvas-plugins/cve_current.txt 2009-12-02 18:43:26 UTC (rev 6041) @@ -327,3 +327,5 @@ CVE-2009-4105 SecPod svn R CVE-2009-4108 SecPod svn R 37182 Greenbone svn R +37180 Greenbone svn R +33698 Greenbone svn R Added: trunk/openvas-plugins/scripts/adaptcms_33698.nasl =================================================================== --- trunk/openvas-plugins/scripts/adaptcms_33698.nasl 2009-12-02 18:07:18 UTC (rev 6040) +++ trunk/openvas-plugins/scripts/adaptcms_33698.nasl 2009-12-02 18:43:26 UTC (rev 6041) @@ -0,0 +1,100 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100373); + script_bugtraq_id(33698); + script_version ("1.0-$Revision$"); + + script_name("AdaptCMS Lite Cross Site Scripting and Remote File Include Vulnerabilities"); + +desc = "Overview: +AdaptCMS Lite is prone to multiple cross-site scripting +vulnerabilities and a remote file-include vulnerability because it +fails to sufficiently sanitize user-supplied data. + +An attacker can exploit these issues to execute malicious PHP code +in the context of the webserver process. This may allow the attacker +to compromise the application and the underlying system. The +attacker may also execute script code in an unsuspecting user's +browser or steal cookie-based authentication credentials; other +attacks are also possible. + +AdaptCMS Lite 1.4 and 1.5 are vulnerable; other versions may also +be affected. + +References: +http://www.securityfocus.com/bid/33698 +http://www.adaptcms.com + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if AdaptCMS Lite is prone to multiple vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/adaptcms","/cms",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/sitemap.xml"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "Generated by AdaptCMS", string: buf, icase: TRUE)) { + + url = string(dir, "/index.php?view=redirect&url=javascript:alert(%22openvas-xss-test%22)"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); + if( buf == NULL )exit(0); + + if(egrep(pattern: '"openvas-xss-test"', string: buf)) { + security_warning(port:port); + exit(0); + } + + } +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/adaptcms_33698.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/phpmyfaq_37180.nasl =================================================================== --- trunk/openvas-plugins/scripts/phpmyfaq_37180.nasl 2009-12-02 18:07:18 UTC (rev 6040) +++ trunk/openvas-plugins/scripts/phpmyfaq_37180.nasl 2009-12-02 18:43:26 UTC (rev 6041) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# phpMyFAQ 2.5.4 and Prior Multiple Unspecified Cross Site Scripting Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100372); + script_bugtraq_id(37180); + script_version ("1.0-$Revision$"); + + script_name("phpMyFAQ 2.5.4 and Prior Multiple Unspecified Cross Site Scripting Vulnerabilities"); + +desc = "Overview: +phpMyFAQ is prone to multiple cross-site scripting +vulnerabilities because the application fails to properly +sanitize user-supplied input. + +An attacker may leverage these issues to execute arbitrary script code +in the browser of an unsuspecting user in the context of the affected +site. This may allow the attacker to steal cookie-based authentication +credentials and to launch other attacks. + +Versions prior to phpMyFAQ 2.5.5 are vulnerable. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/37180 +http://www.phpmyfaq.de/ +http://www.phpmyfaq.de/advisory_2009-12-01.php + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine the phpMyFAQ version"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("phpmyfaq_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/phpmyfaq")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_less(version: vers, test_version: "2.5.5")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/phpmyfaq_37180.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl =================================================================== --- trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl 2009-12-02 18:07:18 UTC (rev 6040) +++ trunk/openvas-plugins/scripts/simple_machines_forum_37182.nasl 2009-12-02 18:43:26 UTC (rev 6041) @@ -93,7 +93,7 @@ if(version_is_equal(version: vers, test_version: "1.1.10") || version_is_equal(version: vers, test_version: "2.0.RC2")) { - security_warning(port:port); + security_hole(port:port); exit(0); } } From scm-commit at wald.intevation.org Wed Dec 2 20:13:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 20:13:55 +0100 (CET) Subject: [Openvas-commits] r6042 - in trunk/gsa: . src Message-ID: <20091202191355.900F2861F2EB@pyrosoma.intevation.org> Author: jan Date: 2009-12-02 20:13:51 +0100 (Wed, 02 Dec 2009) New Revision: 6042 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: * src/gsad.c: Fixed some comments. Added list of includes. (DEFAULT_GSAD_PORT, DEFAULT_OPENVAS_ADMINISTRATOR_PORT, DEFAULT_OPENVAS_MANAGER_PORT, GCRY_THREAD_OPTION_PTHREAD_IMPL, gsad_daemon, validator, init_validator): New. (main): Use unified exit code. Improved comments. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 18:43:26 UTC (rev 6041) +++ trunk/gsa/ChangeLog 2009-12-02 19:13:51 UTC (rev 6042) @@ -1,5 +1,13 @@ 2009-12-02 Jan-Oliver Wagner + * src/gsad.c: Fixed some comments. Added list of includes. + (DEFAULT_GSAD_PORT, DEFAULT_OPENVAS_ADMINISTRATOR_PORT, + DEFAULT_OPENVAS_MANAGER_PORT, GCRY_THREAD_OPTION_PTHREAD_IMPL, + gsad_daemon, validator, init_validator): New. + (main): Use unified exit code. Improved comments. + +2009-12-02 Jan-Oliver Wagner + * src/gsad_oap.h: Fixed comment. * src/CMakeLists.txt: Reformatted. Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-02 18:43:26 UTC (rev 6041) +++ trunk/gsa/src/gsad.c 2009-12-02 19:13:51 UTC (rev 6042) @@ -1,6 +1,6 @@ /* Greenbone Security Assistant * $Id$ - * Description: Main module of Greenbone Security Assistant daemon + * Description: Main module of Greenbone Security Assistant daemon. * * Authors: * Jan-Oliver Wagner @@ -31,7 +31,7 @@ * @brief Main module of Greenbone Security Assistant daemon * * This file contains the core of the GSA server process that - * handles HTTPS requests, communication with OpenVAS-Manager via + * handles HTTPS requests and communicates with OpenVAS-Manager via the * OMP protocol. */ @@ -41,9 +41,135 @@ #undef G_LOG_FATAL_MASK #define G_LOG_FATAL_MASK G_LOG_LEVEL_ERROR +#include +#include +#include +#include +#include #include +#include +#include +#include +#include +#include +#include +#include +#include +#include +/* This must follow the system includes. */ +#include +#include "gsad_omp.h" +#include "gsad_oap.h" /* for create_user_oap */ +#include "tracef.h" +#include "validator.h" + /** + * @brief Fallback GSAD port. + */ +#define DEFAULT_GSAD_PORT 443 + +/** + * @brief Fallback Administrator port. + */ +#define DEFAULT_OPENVAS_ADMINISTRATOR_PORT 9393 + +/** + * @brief Fallback Manager port. + */ +#define DEFAULT_OPENVAS_MANAGER_PORT 9390 + +/** + * @brief Libgcrypt thread callback definition. + */ +GCRY_THREAD_OPTION_PTHREAD_IMPL; + +/** + * @brief The handle on the embedded HTTP daemon. + */ +struct MHD_Daemon *gsad_daemon; + +/** + * @brief Parameter validator. + */ +validator_t validator; + +/** + * @brief Initialise the parameter validator. + */ +void +init_validator () +{ + validator = openvas_validator_new (); + + openvas_validator_add (validator, + "cmd", + "^(abort_task)" + "|(create_config)" + "|(create_lsc_credential)" + "|(create_target)" + "|(create_task)" + "|(create_user)" + "|(delete_config)" + "|(delete_lsc_credential)" + "|(delete_report)" + "|(delete_target)" + "|(delete_task)" + "|(delete_user)" + "|(edit_config)" + "|(edit_config_family)" + "|(edit_config_nvt)" + "|(get_config)" + "|(get_config_family)" + "|(get_config_nvt)" + "|(get_configs)" + "|(get_lsc_credentials)" + "|(get_nvt_details)" + "|(get_report)" + "|(get_status)" + "|(get_targets)" + "|(get_users)" + "|(save_config)" + "|(save_config_family)" + "|(save_config_nvt)" + "|(start_task)$"); + + openvas_validator_add (validator, "boolean", "^0|1$"); + openvas_validator_add (validator, "comment", "^[-_[:alnum:], \\./]{0,400}$"); + openvas_validator_add (validator, "create_credentials_type", "^(gen|pass)$"); + openvas_validator_add (validator, "family", "^[-_[:alnum:] ]{1,200}$"); + openvas_validator_add (validator, "first_result", "^[0-9]+$"); + openvas_validator_add (validator, "format", "^(html)|(nbe)|(pdf)|(xml)$"); + openvas_validator_add (validator, "hosts", "^[[:alnum:], \\./]{1,80}$"); + openvas_validator_add (validator, "levels", "^(h|m|l|g){0,4}$"); + openvas_validator_add (validator, "login", "^[[:alnum:]]{1,10}$"); + openvas_validator_add (validator, "max_result", "^[0-9]+$"); + openvas_validator_add (validator, "name", "^[-_[:alnum:], \\./]{1,80}$"); + openvas_validator_add (validator, "oid", "^[0-9.]{1,80}$"); + openvas_validator_add (validator, "page", "^[_[:alnum:] ]{1,40}$"); + openvas_validator_add (validator, "package_format", "^(key)|(rpm)|(deb)|(exe)$"); + openvas_validator_add (validator, "password", "^[[:alnum:], \\./]{0,40}$"); + /** @todo Better regex. */ + openvas_validator_add (validator, "preference_name", "^(.*){0,400}$"); + openvas_validator_add (validator, "pw", "^[[:alnum:]]{1,10}$"); + openvas_validator_add (validator, "rcfile", NULL); + openvas_validator_add (validator, "report_id", "^[a-z0-9\\-]+$"); + openvas_validator_add (validator, "role", "^[[:alnum:] ]{1,40}$"); + openvas_validator_add (validator, "task_id", "^[a-z0-9\\-]+$"); + openvas_validator_add (validator, "sort_field", "^[[:alnum:] ]{1,20}$"); + openvas_validator_add (validator, "sort_order", "^(ascending)|(descending)$"); + openvas_validator_add (validator, "uuid", "^[0-9abcdefABCDEF.]{1,40}$"); + + openvas_validator_alias (validator, "scanconfig", "name"); + openvas_validator_alias (validator, "scantarget", "name"); + openvas_validator_alias (validator, "base", "name"); + openvas_validator_alias (validator, "level_high", "boolean"); + openvas_validator_alias (validator, "level_medium", "boolean"); + openvas_validator_alias (validator, "level_low", "boolean"); + openvas_validator_alias (validator, "level_log", "boolean"); +} + +/** * @brief Callback iterator for MHD_get_connection_values * * The current implementation is empty. @@ -519,6 +645,8 @@ * * @param[in] argc Argument counter * @param[in] argv Argument vector + * + * @return EXIT_SUCCESS on success, else EXIT_FAILURE. */ int main (int argc, char **argv) @@ -727,7 +855,7 @@ if (gsad_daemon == NULL) { g_critical ("%s: MHD_start_daemon failed!\n", __FUNCTION__); - return 1; + return EXIT_FAILURE; } else { @@ -737,12 +865,11 @@ gsad_port); } - /* wait forever for input or interrupts */ + /* Wait forever for input or interrupts. */ while (1) { select (0, NULL, NULL, NULL, NULL); } - return 0; + return EXIT_SUCCESS; } - From scm-commit at wald.intevation.org Wed Dec 2 20:35:32 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 20:35:32 +0100 (CET) Subject: [Openvas-commits] r6043 - in trunk/gsa: . src Message-ID: <20091202193532.99201865F4A7@pyrosoma.intevation.org> Author: jan Date: 2009-12-02 20:35:31 +0100 (Wed, 02 Dec 2009) New Revision: 6043 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: * src/gsad.c (print_header, send_response, send_http_authenticate_header, request_handler): Improve documentation. (request_handler): Use "const" where possible. Introduce oap_cgi_base. Improve redirect for non-base URLs. Redirect "/login/". Fix memleak. (gsad_init): Improve documentation. Call init_validator. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 19:13:51 UTC (rev 6042) +++ trunk/gsa/ChangeLog 2009-12-02 19:35:31 UTC (rev 6043) @@ -1,5 +1,14 @@ 2009-12-02 Jan-Oliver Wagner + * src/gsad.c (print_header, send_response, + send_http_authenticate_header, request_handler): Improve documentation. + (request_handler): Use "const" where possible. Introduce + oap_cgi_base. Improve redirect for non-base URLs. Redirect + "/login/". Fix memleak. + (gsad_init): Improve documentation. Call init_validator. + +2009-12-02 Jan-Oliver Wagner + * src/gsad.c: Fixed some comments. Added list of includes. (DEFAULT_GSAD_PORT, DEFAULT_OPENVAS_ADMINISTRATOR_PORT, DEFAULT_OPENVAS_MANAGER_PORT, GCRY_THREAD_OPTION_PTHREAD_IMPL, Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-02 19:13:51 UTC (rev 6042) +++ trunk/gsa/src/gsad.c 2009-12-02 19:35:31 UTC (rev 6043) @@ -174,14 +174,11 @@ * * The current implementation is empty. * - * @param cls Not used for this callback. + * @param[in] cls Not used for this callback. + * @param[in] kind Not used for this callback. + * @param[in] key Header key. + * @param[in] value Header value. * - * @param kind Not used for this callback. - * - * @param key Header key. - * - * @param key Header value. - * * @return MHD_YES is always returned. */ int @@ -194,12 +191,10 @@ /** * @brief Sends a HTTP response. * - * @param connection The connection handle. + * @param[in] connection The connection handle. + * @param[in] page The HTML page content. + * @param[in] status_code The HTTP status code. * - * @param page The HTML page content. - * - * @param status The HTTP status code. - * * @return The result of MHD_queue_response. */ int @@ -219,10 +214,9 @@ /** * @brief Sends a HTTP redirection. * - * @param connection The connection handle. + * @param[in] connection The connection handle. + * @param[in] location The URL to redirect to. * - * @param location The URL where to redirect. - * * @return MHD_NO in case of a problem. Else MHD_YES. */ int @@ -251,10 +245,9 @@ /** * @brief Sends HTTP header requesting the browser to authenticate itself. * - * @param connection The connection object. + * @param[in] connection The connection object. + * @param[in] realm Name of the realm that was authenticated for. * - * @param realm Name of the realm that was authenticated for. - * * @return MHD_NO in case of an error. Else the result of queueing * the response. */ @@ -293,6 +286,8 @@ /** * @brief HTTP request handler for GSAD. * + * This routine is the callback request handler for microhttpd. + * * @param[in] cls Not used for this callback. * @param[in] connection Connection handle, e.g. used to send response. * @param[in] url The URL requested. @@ -300,12 +295,10 @@ * @param[in] version Not used for this callback. * @param[in] upload_data Data used for POST requests. * @param[in] upload_data_size Size of upload_data. - * @param[out] con_cls For exhange of connection-related data + * @param[out] con_cls For exchange of connection-related data * (here a struct gsad_connection_info). * * @return MHD_NO in case of problems. MHD_YES if all is OK. - * - * This routine is the callback request handler for microhttpd. */ int request_handler (void *cls, struct MHD_Connection *connection, @@ -313,8 +306,9 @@ const char *version, const char *upload_data, size_t * upload_data_size, void **con_cls) { - char *url_base = "/"; - char *cgi_base = "/omp"; + const char *url_base = "/"; + const char *omp_cgi_base = "/omp"; + const char *oap_cgi_base = "/oap"; char *default_file = "/login/login.html"; struct MHD_Response *response; @@ -329,6 +323,7 @@ { struct gsad_connection_info *con_info; + // @todo what frees this? con_info = calloc (1, sizeof (struct gsad_connection_info)); if (NULL == con_info) return MHD_NO; @@ -344,14 +339,22 @@ return MHD_NO; /* Only accept GET and POST methods and send ERROR_PAGE in other cases. */ - if ((0 != strcmp (method, "GET")) && (0 != strcmp (method, "POST"))) + if (strcmp (method, "GET") && strcmp (method, "POST")) + /** @todo return MHD_NO;? */ send_response (connection, ERROR_PAGE, MHD_HTTP_METHOD_NOT_ACCEPTABLE); /* Redirect any URL not matching the base to the default file. */ if (strcmp (&url[0], url_base) == 0) { - send_redirect_header (connection, default_file); - return MHD_YES; + if (is_http_authenticated (connection)) + { + return send_http_authenticate_header (connection, REALM); + } + else + { + send_redirect_header (connection, default_file); + return MHD_YES; + } } /* Treat logging out specially. */ @@ -359,6 +362,12 @@ && (!strncmp (&url[0], "/logout", strlen ("/logout")))) /* flawfinder: ignore, it is a const str */ { + /** + * @todo The problem is the URL is still "/logout" after the + * authentication, so this just keeps sending the auth header. + * All the user can do is cancel so the browser clears the + * credentials. Perhaps the only way to do this is to keep + * state across requests. */ if (is_http_authenticated (connection)) { return send_http_authenticate_header (connection, REALM); @@ -370,6 +379,15 @@ } } + if ((!strcmp (method, "GET")) + && (! strncmp (&url[0], "/login/", strlen ("/login/"))) /* flawfinder: ignore, + it is a const str */ + && ! url[strlen ("/login/")]) + { + send_redirect_header (connection, default_file); + return MHD_YES; + } + /* Check for authentication. */ if ((!is_http_authenticated (connection)) && (strncmp (&url[0], "/login/", strlen ("/login/")))) /* flawfinder: ignore, @@ -385,10 +403,10 @@ { /* This is a GET request. */ - if (!strncmp (&url[0], cgi_base, strlen (cgi_base))) /* flawfinder: ignore, - it is a const str */ + if (!strncmp (&url[0], omp_cgi_base, strlen (omp_cgi_base)) + || !strncmp (&url[0], oap_cgi_base, strlen (oap_cgi_base))) { - /* URL requests to run OMP command. */ + /* URL requests to run OMP or OAP command. */ unsigned int res_len = 0; res = exec_omp_get (connection); @@ -398,7 +416,9 @@ response_size = 0; } else - res_len = strlen (res); + { + res_len = strlen (res); + } response = MHD_create_response_from_data (res_len, (void *) res, @@ -438,16 +458,23 @@ /* URL requests neither an OMP command nor a special GSAD command, * so it is a simple file. */ - /* FIXME: validation, URL length restriction */ + /* @todo: validation, URL length restriction */ path = g_strconcat (GSA_STATE_DIR, url, NULL); file = fopen (path, "r"); /* flawfinder: ignore, this file is just read and sent */ - /* In case the file is not found, always serve the default file. */ + /* In case the file is not found, logout if logged in, else always + * the default file. */ if (file == NULL) { tracef ("File %s failed, ", path); g_free (path); + + if (is_http_authenticated (connection)) + { + return send_http_authenticate_header (connection, REALM); + } + path = g_strconcat (GSA_STATE_DIR, default_file, NULL); tracef ("trying default file <%s>.\n", path); file = fopen (path, "r"); /* flawfinder: ignore, this file is just @@ -459,6 +486,7 @@ /* Even the default file failed. */ tracef ("Default file failed.\n"); send_response (connection, FILE_NOT_FOUND, MHD_HTTP_NOT_FOUND); + g_free (path); } else { @@ -493,12 +521,13 @@ { struct gsad_connection_info *con_info; + // @todo what frees this? con_info = calloc (1, sizeof (struct gsad_connection_info)); if (NULL == con_info) return MHD_NO; con_info->postprocessor = - MHD_create_post_processor (connection, POSTBUFFERSIZE, + MHD_create_post_processor (connection, POST_BUFFER_SIZE, serve_post, (void *) con_info); if (NULL == con_info->postprocessor) return MHD_NO; @@ -527,10 +556,10 @@ /** * @brief Initialization routine for GSAD. * + * This routine checks for required files and initializes the gcrypt + * library. + * * @return MHD_NO in case of problems. MHD_YES if all is OK. - * - * This routine checks or required files and initializes the gcrypt - * library. */ int gsad_init (void) @@ -587,6 +616,9 @@ return MHD_NO; } + /* Init the validator. */ + init_validator (); + tracef ("Initialization of GSA successful.\n"); return MHD_YES; } From scm-commit at wald.intevation.org Wed Dec 2 21:11:49 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 21:11:49 +0100 (CET) Subject: [Openvas-commits] r6044 - in trunk/gsa: . src Message-ID: <20091202201149.B9DF1861F2C8@pyrosoma.intevation.org> Author: jan Date: 2009-12-02 21:11:46 +0100 (Wed, 02 Dec 2009) New Revision: 6044 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: * src/gsad.c (gsad_connection_info, get_header_credentials, is_http_authenticated, file_reader, get_file_size): New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 19:35:31 UTC (rev 6043) +++ trunk/gsa/ChangeLog 2009-12-02 20:11:46 UTC (rev 6044) @@ -1,5 +1,10 @@ 2009-12-02 Jan-Oliver Wagner + * src/gsad.c (gsad_connection_info, get_header_credentials, + is_http_authenticated, file_reader, get_file_size): New. + +2009-12-02 Jan-Oliver Wagner + * src/gsad.c (print_header, send_response, send_http_authenticate_header, request_handler): Improve documentation. (request_handler): Use "const" where possible. Introduce Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-02 19:35:31 UTC (rev 6043) +++ trunk/gsa/src/gsad.c 2009-12-02 20:11:46 UTC (rev 6044) @@ -172,6 +172,185 @@ /** * @brief Callback iterator for MHD_get_connection_values * + * These objects are used to hold connection information + * during the multiple calls of the request handler that + * refer to the same request. + * + * Once a request is finished, the object will be free'd. + */ +struct gsad_connection_info +{ + int connectiontype; ///< 1=POST, 2=GET. + struct MHD_PostProcessor *postprocessor; ///< POST processor. + char *response; ///< HTTP response text. + int answercode; ///< HTTP response code. + + /** + * @brief create_task / create_target / create_config POST request info + * @todo This should eventually be a dynamic key-based structure. + * @todo Combine POST and GET parameter handling. + */ + struct req_parms + { + char *base; ///< Value of "base" parameter. + char *cmd; ///< Value of "cmd" parameter. + char *name; ///< Value of "name" parameter. + char *comment; ///< Value of "comment" parameter. + char *family; ///< Value of "family" parameter. + char *scanconfig; ///< Value of "scanconfig" parameter. + char *scantarget; ///< Value of "scantarget" parameter. + char *sort_field; ///< Value of "sort_field" parameter. + char *sort_order; ///< Value of "sort_order" parameter. + char *levels; ///< Value of "levels" parameter. + char *rcfile; ///< Value of "rcfile" parameter. + char *role; ///< Value of "role" parameter. + char *submit; ///< Value of "submit" parameter. + char *hosts; ///< Value of "hosts" parameter. + char *login; ///< Value of "login" parameter. + char *oid; ///< Value of "oid" parameter. + char *pw; ///< Value of "pw" parameter. + char *password; ///< Value of "password" parameter. + char *timeout; ///< Value of "timeout" parameter. + GArray *passwords; ///< Collection of "password:*" parameters. + GArray *preferences; ///< Collection of "preference:*" parameters. + GArray *nvts; ///< Collection of "nvt:*" parameters. + GArray *trends; ///< Collection of "trend:*" parameters. + GArray *selects; ///< Collection of "select:*" parameters. + } req_parms; +}; + +/** + * @brief Parse name and password from Base64 HTTP Basic Auth string. + * @param[in] connection Connection. + * + * @return Credentials on success, else NULL. + */ +credentials_t * +get_header_credentials (struct MHD_Connection * connection) +{ + const char *header_auth; + guchar *header_auth_decoded = NULL; + const char *strbase = "Basic "; + unsigned int header_auth_decoded_len; + gchar **auth_split; + + header_auth = MHD_lookup_connection_value (connection, + MHD_HEADER_KIND, "Authorization"); + if (header_auth == NULL) + return NULL; + + if (strncmp (header_auth, strbase, strlen (strbase)) != 0) + return NULL; + + header_auth_decoded = g_base64_decode (header_auth + strlen (strbase), + &header_auth_decoded_len); + /* g_base64_decode can return NULL (Glib 2.12.4-2), at least + * when header_auth_decoded_len is zero. */ + if (header_auth_decoded == NULL) + { + header_auth_decoded = (guchar *) g_strdup (""); + header_auth_decoded_len = 0; + } + +#if 0 + /* for debug purposes */ + tracef ("Somebody is trying to authenticate with:" + " %s, which is %s decoded\n", + header_auth + strlen (strbase), + header_auth_decoded); +#endif + + auth_split = g_strsplit ((gchar *) header_auth_decoded, ":", 0); + g_free (header_auth_decoded); + + if (g_strv_length (auth_split) != 2) + { + g_warning ("%s: Could not get credentials from header! (Colons in credentials?)\n", + __FUNCTION__); + g_strfreev (auth_split); + return NULL; + } + else + { + credentials_t *creds = malloc (sizeof (credentials_t)); + if (creds == NULL) abort (); + creds->username = strdup (auth_split[0]); + creds->password = strdup (auth_split[1]); + g_strfreev (auth_split); + return creds; + } +} + +/** + * @brief Checks whether an HTTP client is authenticated. + * + * @todo: Checks with the manager _every_ time, which makes it quite slow. + * + * @param[in] connection Connection. + * + * @return MHD_YES if authenticated, else MHD_NO. + */ +int +is_http_authenticated (struct MHD_Connection *connection) +{ + credentials_t *creds = get_header_credentials (connection); + + if (creds == NULL) + return MHD_NO; + + if (is_omp_authenticated (creds->username, creds->password)) + return MHD_YES; + + return MHD_NO; +} + +/** + * @brief Reads from a file. + * + * @param[in] cls File. + * @param[in] pos Position in file to start reading. + * @param[out] buf Buffer to read into. + * @param[in] max Maximum number of bytes to read. + * + * @return The number of bytes read. + */ +static int +file_reader (void *cls, uint64_t pos, char *buf, int max) +{ + FILE *file = cls; + + fseek (file, pos, SEEK_SET); + return fread (buf, 1, max, file); +} + +/** + * @brief Determines the size of a given file. + * + * @param[in] filename Path to file. + * + * @return Size of file \arg filename, or 0 if the file could not be opened. + */ +long +get_file_size (const char *filename) +{ + FILE *fp; + fp = fopen (filename, "rb"); + if (fp) + { + long size; + if ((0 != fseek (fp, 0, SEEK_END)) || (-1 == (size = ftell (fp)))) + size = 0; + fclose (fp); + + return size; + } + else + return 0; +} + +/** + * @brief Callback iterator for MHD_get_connection_values + * * The current implementation is empty. * * @param[in] cls Not used for this callback. From scm-commit at wald.intevation.org Wed Dec 2 21:35:04 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 21:35:04 +0100 (CET) Subject: [Openvas-commits] r6045 - in trunk/gsa: . src Message-ID: <20091202203504.7D590861F2C2@pyrosoma.intevation.org> Author: jan Date: 2009-12-02 21:35:03 +0100 (Wed, 02 Dec 2009) New Revision: 6045 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: * src/gsad.c (free_resources, check_is_dir): New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 20:11:46 UTC (rev 6044) +++ trunk/gsa/ChangeLog 2009-12-02 20:35:03 UTC (rev 6045) @@ -1,5 +1,9 @@ 2009-12-02 Jan-Oliver Wagner + * src/gsad.c (free_resources, check_is_dir): New. + +2009-12-02 Jan-Oliver Wagner + * src/gsad.c (gsad_connection_info, get_header_credentials, is_http_authenticated, file_reader, get_file_size): New. Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-02 20:11:46 UTC (rev 6044) +++ trunk/gsa/src/gsad.c 2009-12-02 20:35:03 UTC (rev 6045) @@ -324,6 +324,207 @@ } /** + * @brief Free resources. + * + * Used as free callback for HTTP daemon. + * + * @param[in] cls Dummy parameter. + * @param[in] connection Connection. + * @param[in] con_cls Connection information. + * @param[in] toe Dummy parameter. + */ +void +free_resources (void *cls, struct MHD_Connection *connection, + void **con_cls, enum MHD_RequestTerminationCode toe) +{ + struct gsad_connection_info *con_info = + (struct gsad_connection_info *) *con_cls; + + if (NULL == con_info) + { + tracef ("con_info was NULL!\n"); + return; + } + + tracef ("connectiontype=%d\n", con_info->connectiontype); + + if (con_info->connectiontype == 1) + { + if (NULL != con_info->postprocessor) + { + MHD_destroy_post_processor (con_info->postprocessor); + } + } + if (con_info->req_parms.base) + { + free (con_info->req_parms.base); + } + if (con_info->req_parms.cmd) + { + free (con_info->req_parms.cmd); + } + if (con_info->req_parms.name) + { + free (con_info->req_parms.name); + } + if (con_info->req_parms.comment) + { + free (con_info->req_parms.comment); + } + if (con_info->req_parms.family) + { + free (con_info->req_parms.family); + } + if (con_info->req_parms.scanconfig) + { + free (con_info->req_parms.scanconfig); + } + if (con_info->req_parms.scantarget) + { + free (con_info->req_parms.scantarget); + } + if (con_info->req_parms.rcfile) + { + free (con_info->req_parms.rcfile); + } + if (con_info->req_parms.role) + { + free (con_info->req_parms.role); + } + if (con_info->req_parms.submit) + { + free (con_info->req_parms.submit); + } + if (con_info->req_parms.hosts) + { + free (con_info->req_parms.hosts); + } + if (con_info->req_parms.login) + { + free (con_info->req_parms.login); + } + if (con_info->req_parms.pw) + { + free (con_info->req_parms.pw); + } + if (con_info->req_parms.password) + { + free (con_info->req_parms.password); + } + if (con_info->req_parms.oid) + { + free (con_info->req_parms.oid); + } + if (con_info->req_parms.sort_field) + { + free (con_info->req_parms.sort_field); + } + if (con_info->req_parms.sort_order) + { + free (con_info->req_parms.sort_order); + } + if (con_info->req_parms.timeout) + { + free (con_info->req_parms.timeout); + } + if (con_info->req_parms.preferences) + { + preference_t *item; + int index = 0; + + while ((item = g_array_index (con_info->req_parms.preferences, + preference_t*, + index++))) + { + g_free (item->name); + g_free (item->nvt); + g_free (item->value); + g_free (item); + } + + g_array_free (con_info->req_parms.preferences, TRUE); + } + if (con_info->req_parms.passwords) + { + preference_t *item; + int index = 0; + + while ((item = g_array_index (con_info->req_parms.passwords, + preference_t*, + index++))) + { + g_free (item->name); + g_free (item->nvt); + g_free (item->value); + g_free (item); + } + + g_array_free (con_info->req_parms.passwords, TRUE); + } + if (con_info->req_parms.nvts) + { + gchar *item; + int index = 0; + + while ((item = g_array_index (con_info->req_parms.nvts, gchar*, index++))) + g_free (item); + + g_array_free (con_info->req_parms.nvts, TRUE); + } + if (con_info->req_parms.selects) + { + gchar *item; + int index = 0; + + while ((item = g_array_index (con_info->req_parms.selects, + gchar*, + index++))) + g_free (item); + + g_array_free (con_info->req_parms.selects, TRUE); + } + if (con_info->req_parms.trends) + { + gchar *item; + int index = 0; + + while ((item = g_array_index (con_info->req_parms.trends, + gchar*, + index++))) + g_free (item); + + g_array_free (con_info->req_parms.trends, TRUE); + } + free (con_info); + *con_cls = NULL; +} + +/** + * @brief Checks whether a file is a directory or not. + * + * @todo Handle symbolic links. + * + * @param[in] name Name of directory. + * + * @return 1 if parameter is directory, 0 if it is not, -1 if it does + * not exist or could not be accessed. + */ +int +check_is_dir (const char *name) +{ + struct stat sb; + + if (stat (name, &sb)) + { + return -1; + } + else + { + return (S_ISDIR (sb.st_mode)); + } +} + +/** * @brief Determines the size of a given file. * * @param[in] filename Path to file. From scm-commit at wald.intevation.org Wed Dec 2 22:02:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 22:02:22 +0100 (CET) Subject: [Openvas-commits] r6046 - in trunk/gsa: . src Message-ID: <20091202210222.A6C1485D9F67@pyrosoma.intevation.org> Author: jan Date: 2009-12-02 22:02:21 +0100 (Wed, 02 Dec 2009) New Revision: 6046 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: * src/gsad.c (serve_post): New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 20:35:03 UTC (rev 6045) +++ trunk/gsa/ChangeLog 2009-12-02 21:02:21 UTC (rev 6046) @@ -1,5 +1,9 @@ 2009-12-02 Jan-Oliver Wagner + * src/gsad.c (serve_post): New. + +2009-12-02 Jan-Oliver Wagner + * src/gsad.c (free_resources, check_is_dir): New. 2009-12-02 Jan-Oliver Wagner Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-02 20:35:03 UTC (rev 6045) +++ trunk/gsa/src/gsad.c 2009-12-02 21:02:21 UTC (rev 6046) @@ -500,6 +500,433 @@ } /** + * @brief Called once the post request handler has collected the multiple + * @brief parts of a post request. Fills the req_params of an + * @brief gsad_connection_info. + * + * Implements a MHD_PostDataIterator, returning MHD_NO if iteration should + * stop, MHD_YES if further key/value pairs should be looked at. + * + * After serve_post, the connection info is free'd. + * + * @todo Parameter documentation from microhttpd's documentation. + * + * @param[in,out] coninfo_cls User-specified closure (here: gsad_connection_info). + * @param[in] kind Type of the value + * @param[in] key 0-terminated key for the value + * @param[in] filename Name of the uploaded file, NULL if not known. + * @param[in] contenttype Mime-type of the data, NULL if not known. + * @param[in] transfer_encoding Encoding of the data, NULL if not known. + * @param[in] data Pointer to size bytes of data at the specified offset. + * @param[in] off Offset of data in the overall value. + * @param[in] size Number of bytes in data available. + * + * @return MHD_YES to continue iterating over post data, MHD_NO to stop. + */ +int +serve_post (void *coninfo_cls, enum MHD_ValueKind kind, const char *key, + const char *filename, const char *contenttype, + const char *transfer_encoding, const char *data, uint64_t off, + size_t size) +{ + struct gsad_connection_info *con_info = + (struct gsad_connection_info *) coninfo_cls; + gboolean abort_on_insane = FALSE; + + con_info->answercode = MHD_HTTP_INTERNAL_SERVER_ERROR; + con_info->response = SERVER_ERROR; + + if (NULL != key) + { + if (!strcmp (key, "base")) + { + con_info->req_parms.base = malloc (size + 1); + memcpy ((char *) con_info->req_parms.base, (char *) data, size); + con_info->req_parms.base[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "base", + con_info->req_parms.base)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "cmd")) + { + con_info->req_parms.cmd = malloc (size + 1); + memcpy ((char *) con_info->req_parms.cmd, (char *) data, size); + con_info->req_parms.cmd[size] = 0; + if (abort_on_insane + && openvas_validate (validator, "cmd", con_info->req_parms.cmd)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "name")) + { + con_info->req_parms.name = malloc (size + 1); + memcpy ((char *) con_info->req_parms.name, (char *) data, size); + con_info->req_parms.name[size] = 0; + if (abort_on_insane + && openvas_validate (validator, "name", con_info->req_parms.name)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "login")) + { + con_info->req_parms.login = malloc (size + 1); + memcpy ((char *) con_info->req_parms.login, (char *) data, size); + con_info->req_parms.login[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "login", + con_info->req_parms.login)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "pw")) + { + con_info->req_parms.pw = malloc (size + 1); + memcpy ((char *) con_info->req_parms.pw, (char *) data, size); + con_info->req_parms.pw[size] = 0; + if (abort_on_insane + && openvas_validate (validator, "pw", con_info->req_parms.pw)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "family")) + { + con_info->req_parms.family = malloc (size + 1); + memcpy ((char *) con_info->req_parms.family, (char *) data, size); + con_info->req_parms.family[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "family", + con_info->req_parms.family)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "scanconfig")) + { + con_info->req_parms.scanconfig = malloc (size + 1); + memcpy ((char *) con_info->req_parms.scanconfig, (char *) data, size); + con_info->req_parms.scanconfig[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "scanconfig", + con_info->req_parms.scanconfig)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "scantarget")) + { + con_info->req_parms.scantarget = malloc (size + 1); + memcpy ((char *) con_info->req_parms.scantarget, (char *) data, size); + con_info->req_parms.scantarget[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "scantarget", + con_info->req_parms.scantarget)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "hosts")) + { + con_info->req_parms.hosts = malloc (size + 1); + memcpy ((char *) con_info->req_parms.hosts, (char *) data, size); + con_info->req_parms.hosts[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "hosts", + con_info->req_parms.hosts)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "comment")) + { + con_info->req_parms.comment = malloc (size + 1); + memcpy ((char *) con_info->req_parms.comment, (char *) data, size); + con_info->req_parms.comment[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "comment", + con_info->req_parms.comment)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "rcfile")) + { + if (con_info->req_parms.rcfile) + { + int prevsize = strlen (con_info->req_parms.rcfile); + con_info->req_parms.rcfile = + realloc (con_info->req_parms.rcfile, prevsize + size + 1); + memcpy (&con_info->req_parms.rcfile[prevsize], (char *) data, + size); + con_info->req_parms.rcfile[size + prevsize] = 0; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + else + { + con_info->req_parms.rcfile = malloc (size + 1); + memcpy ((char *) con_info->req_parms.rcfile, (char *) data, size); + con_info->req_parms.rcfile[size] = 0; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + } + if (!strcmp (key, "oid")) + { + con_info->req_parms.oid = malloc (size + 1); + memcpy ((char *) con_info->req_parms.oid, (char *) data, size); + con_info->req_parms.oid[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "oid", + con_info->req_parms.oid)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "password")) + { + con_info->req_parms.password = malloc (size + 1); + memcpy ((char *) con_info->req_parms.password, (char *) data, size); + con_info->req_parms.password[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "password", + con_info->req_parms.password)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "role")) + { + con_info->req_parms.role = malloc (size + 1); + memcpy ((char *) con_info->req_parms.role, (char *) data, size); + con_info->req_parms.role[size] = 0; + if (abort_on_insane + && openvas_validate (validator, "role", con_info->req_parms.role)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "submit")) + { + con_info->req_parms.submit = malloc (size + 1); + memcpy ((char *) con_info->req_parms.submit, (char *) data, size); + con_info->req_parms.submit[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "page", + con_info->req_parms.submit)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strcmp (key, "timeout")) + { + con_info->req_parms.timeout = malloc (size + 1); + memcpy ((char *) con_info->req_parms.timeout, (char *) data, size); + con_info->req_parms.timeout[size] = 0; + if (abort_on_insane + && openvas_validate (validator, + "boolean", + con_info->req_parms.timeout)) + return MHD_NO; + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strncmp (key, "nvt:", strlen ("nvt:"))) + { + gchar *nvt = g_strdup (key + strlen ("nvt:")); + if (abort_on_insane + && openvas_validate (validator, + "uuid", + nvt)) + { + g_free (nvt); + return MHD_NO; + } + + if (con_info->req_parms.nvts == NULL) + con_info->req_parms.nvts + = g_array_new (TRUE, + FALSE, + sizeof (gchar*)); + + g_array_append_val (con_info->req_parms.nvts, nvt); + + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strncmp (key, "preference:", strlen ("preference:"))) + { + int uuid_start = -1, uuid_end = -1, count; + count = sscanf (key, + "preference:%*[^[][%n%*[^]]%n]:%*s", + &uuid_start, + &uuid_end); + if (count == 0 && uuid_start > 0 && uuid_end > 0) + { + preference_t preference; + + /* Just put the type in the nvt field for now, so that there + * is something to free. */ + preference.nvt = g_strndup (key + uuid_start, uuid_end - uuid_start); + if (abort_on_insane + && openvas_validate (validator, "uuid", preference.nvt)) + { + g_free (preference.nvt); + return MHD_NO; + } + + preference.name = g_strdup (key + strlen ("preference:")); + if (abort_on_insane + && openvas_validate (validator, + "preference_name", + preference.name)) + { + g_free (preference.nvt); + g_free (preference.name); + return MHD_NO; + } + + preference.value = g_memdup (data, size); + preference.value_size = size; + + if (con_info->req_parms.preferences == NULL) + con_info->req_parms.preferences + = g_array_new (TRUE, + FALSE, + sizeof (preference_t*)); + + { + gconstpointer p = g_memdup (&preference, sizeof (preference)); + g_array_append_vals (con_info->req_parms.preferences, + &p, + 1); + } + + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + return MHD_NO; + } + if (!strncmp (key, "password:", strlen ("password:"))) + { + int uuid_start = -1, uuid_end = -1, count; + count = sscanf (key, + "password:%*[^[][%n%*[^]]%n]:%*s", + &uuid_start, + &uuid_end); + if (count == 0 && uuid_start > 0 && uuid_end > 0) + { + preference_t preference; + + /* Just put the type in the nvt field for now, so that there + * is something to free. */ + preference.nvt = g_strndup (key + uuid_start, uuid_end - uuid_start); + if (abort_on_insane + && openvas_validate (validator, "uuid", preference.nvt)) + { + g_free (preference.nvt); + return MHD_NO; + } + + preference.name = g_strdup (key + strlen ("password:")); + if (abort_on_insane + && openvas_validate (validator, + "preference_name", + preference.name)) + { + g_free (preference.nvt); + g_free (preference.name); + return MHD_NO; + } + + preference.value = g_memdup (data, size); + preference.value_size = size; + + if (con_info->req_parms.passwords == NULL) + con_info->req_parms.passwords + = g_array_new (TRUE, + FALSE, + sizeof (preference_t*)); + + { + gconstpointer p = g_memdup (&preference, sizeof (preference)); + g_array_append_vals (con_info->req_parms.passwords, + &p, + 1); + } + + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + return MHD_NO; + } + if (!strncmp (key, "select:", strlen ("select:"))) + { + gchar *select = g_strdup (key + strlen ("select:")); + if (abort_on_insane + && openvas_validate (validator, "name", select)) + { + g_free (select); + return MHD_NO; + } + + if (con_info->req_parms.selects == NULL) + con_info->req_parms.selects + = g_array_new (TRUE, + FALSE, + sizeof (gchar*)); + + g_array_append_val (con_info->req_parms.selects, select); + + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + if (!strncmp (key, "trend:", strlen ("trend:")) + && size > 0 + && data[0] == '1') + { + gchar *trend = g_strdup (key + strlen ("trend:")); + if (abort_on_insane + && openvas_validate (validator, "name", trend)) + { + g_free (trend); + return MHD_NO; + } + + if (con_info->req_parms.trends == NULL) + con_info->req_parms.trends + = g_array_new (TRUE, + FALSE, + sizeof (gchar*)); + + g_array_append_val (con_info->req_parms.trends, trend); + + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; + } + return MHD_NO; +} + +/** * @brief Checks whether a file is a directory or not. * * @todo Handle symbolic links. From scm-commit at wald.intevation.org Wed Dec 2 23:43:44 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 2 Dec 2009 23:43:44 +0100 (CET) Subject: [Openvas-commits] r6047 - in trunk/gsa: . src Message-ID: <20091202224344.EAD8E861F2E8@pyrosoma.intevation.org> Author: jan Date: 2009-12-02 23:43:43 +0100 (Wed, 02 Dec 2009) New Revision: 6047 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: * src/gsad.c (exec_omp_post, exec_omp_get): New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 21:02:21 UTC (rev 6046) +++ trunk/gsa/ChangeLog 2009-12-02 22:43:43 UTC (rev 6047) @@ -1,5 +1,9 @@ 2009-12-02 Jan-Oliver Wagner + * src/gsad.c (exec_omp_post, exec_omp_get): New. + +2009-12-02 Jan-Oliver Wagner + * src/gsad.c (serve_post): New. 2009-12-02 Jan-Oliver Wagner Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-02 21:02:21 UTC (rev 6046) +++ trunk/gsa/src/gsad.c 2009-12-02 22:43:43 UTC (rev 6047) @@ -927,6 +927,593 @@ } /** + * @brief Handle a complete POST request. + * + * Ensures there is a command, then depending on the command validates + * parameters and calls the appropriate OAP or OMP function (like + * create_task_omp). + * + * @param[in] credentials User credentials sent by client. + * @param[in] con_info Connection info. + * + * @return MHD_YES. + */ +int +exec_omp_post (credentials_t * credentials, + struct gsad_connection_info *con_info) +{ + if (!con_info->req_parms.cmd) + { + con_info->response = gsad_message ("Internal error", + __FUNCTION__, + __LINE__, + "An internal error occured inside GSA daemon. " + "Diagnostics: Empty command.", + "/omp?cmd=get_status"); + } + else if (0 == strcmp (con_info->req_parms.cmd, "create_lsc_credential")) + { + if (openvas_validate (validator, "name", con_info->req_parms.name)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, "comment", con_info->req_parms.comment)) + { + free (con_info->req_parms.comment); + con_info->req_parms.comment = NULL; + } + if (openvas_validate (validator, + "password", + con_info->req_parms.password)) + { + free (con_info->req_parms.password); + con_info->req_parms.password = NULL; + } + if (openvas_validate (validator, + "create_credentials_type", + con_info->req_parms.base)) + { + free (con_info->req_parms.base); + con_info->req_parms.base = NULL; + } + con_info->response = + create_lsc_credential_omp (credentials, + con_info->req_parms.name, + con_info->req_parms.comment, + con_info->req_parms.base, + con_info->req_parms.password); + } + else if (!strcmp (con_info->req_parms.cmd, "create_task")) + { + if (openvas_validate (validator, "name", con_info->req_parms.name)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, + "scantarget", + con_info->req_parms.scantarget)) + { + free (con_info->req_parms.scantarget); + con_info->req_parms.scantarget = NULL; + } + if (openvas_validate (validator, + "scanconfig", + con_info->req_parms.scanconfig)) + { + free (con_info->req_parms.scanconfig); + con_info->req_parms.scanconfig = NULL; + } + if ((con_info->req_parms.name == NULL) || + (con_info->req_parms.scanconfig == NULL) || + (con_info->req_parms.scantarget == NULL)) + con_info->response = gsad_newtask (credentials, "Invalid parameter"); + else + con_info->response = + create_task_omp (credentials, con_info->req_parms.name, "comment", + con_info->req_parms.scantarget, + con_info->req_parms.scanconfig); + } + else if (0 == strcmp (con_info->req_parms.cmd, "create_user")) + { + if (openvas_validate (validator, "name", con_info->req_parms.name)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, + "password", + con_info->req_parms.password)) + { + /** @todo Free con_info->req_parms.password? */ + con_info->req_parms.password = NULL; + } + if (openvas_validate (validator, "role", con_info->req_parms.role)) + { + free (con_info->req_parms.role); + con_info->req_parms.role = NULL; + } + con_info->response = + create_user_oap (credentials, + con_info->req_parms.name, + con_info->req_parms.password, + con_info->req_parms.role); + } + else if (0 == strcmp (con_info->req_parms.cmd, "create_target")) + { + if (openvas_validate (validator, "name", con_info->req_parms.name)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, "hosts", con_info->req_parms.hosts)) + { + free (con_info->req_parms.hosts); + con_info->req_parms.hosts = NULL; + } + if (openvas_validate (validator, "comment", con_info->req_parms.comment)) + { + free (con_info->req_parms.comment); + con_info->req_parms.comment = NULL; + } + if (openvas_validate (validator, "name", con_info->req_parms.password)) + { + free (con_info->req_parms.password); + con_info->req_parms.password = NULL; + } + con_info->response = + create_target_omp (credentials, con_info->req_parms.name, + con_info->req_parms.hosts, + con_info->req_parms.comment, + con_info->req_parms.password); + } + else if (!strcmp (con_info->req_parms.cmd, "create_config")) + { + if (openvas_validate (validator, "base", con_info->req_parms.base)) + { + free (con_info->req_parms.base); + con_info->req_parms.base = NULL; + } + if (openvas_validate (validator, "name", con_info->req_parms.name)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, "comment", con_info->req_parms.comment)) + { + free (con_info->req_parms.comment); + con_info->req_parms.comment = NULL; + } + con_info->response = + create_config_omp (credentials, con_info->req_parms.name, + con_info->req_parms.comment, + con_info->req_parms.rcfile, + con_info->req_parms.base); + } + else if (0 == strcmp (con_info->req_parms.cmd, "get_status")) + { + con_info->response = get_status_omp (credentials, NULL, NULL, NULL); + } + else if (!strcmp (con_info->req_parms.cmd, "save_config")) + { + if (openvas_validate (validator, "name", con_info->req_parms.name)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, "page", con_info->req_parms.submit)) + { + free (con_info->req_parms.submit); + con_info->req_parms.name = NULL; + } + con_info->response = + save_config_omp (credentials, + con_info->req_parms.name, + con_info->req_parms.sort_field, + con_info->req_parms.sort_order, + con_info->req_parms.selects, + con_info->req_parms.trends, + con_info->req_parms.preferences, + con_info->req_parms.submit); + } + else if (!strcmp (con_info->req_parms.cmd, "save_config_family")) + { + if (openvas_validate (validator, "name", con_info->req_parms.name)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, "family", con_info->req_parms.family)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + con_info->response = + save_config_family_omp (credentials, + con_info->req_parms.name, + con_info->req_parms.family, + con_info->req_parms.sort_field, + con_info->req_parms.sort_order, + con_info->req_parms.nvts); + } + else if (!strcmp (con_info->req_parms.cmd, "save_config_nvt")) + { + if (openvas_validate (validator, "name", con_info->req_parms.name)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, "family", con_info->req_parms.family)) + { + free (con_info->req_parms.name); + con_info->req_parms.name = NULL; + } + if (openvas_validate (validator, "oid", con_info->req_parms.oid)) + { + free (con_info->req_parms.oid); + con_info->req_parms.oid = NULL; + } + con_info->response = + save_config_nvt_omp (credentials, + con_info->req_parms.name, + con_info->req_parms.family, + con_info->req_parms.oid, + con_info->req_parms.sort_field, + con_info->req_parms.sort_order, + con_info->req_parms.preferences, + con_info->req_parms.passwords, + con_info->req_parms.timeout); + } + else + { + con_info->response = gsad_message ("Internal error", + __FUNCTION__, + __LINE__, + "An internal error occured inside GSA daemon. " + "Diagnostics: Unknown command.", + "/omp?cmd=get_status"); + } + + con_info->answercode = MHD_HTTP_OK; + return MHD_YES; +} + +/** + * @brief Handle a complete GET request. + * + * After some input checking, depending on the cmd parameter of the connection, + * issue an omp command (via *_omp functions). + * + * @param[in] connection Connection. + * + * @return Newly allocated response string. + */ +char * +exec_omp_get (struct MHD_Connection *connection) +{ + char *cmd = NULL; + const char *task_id = NULL; + const char *report_id = NULL; + const char *format = NULL; + const char *package_format = NULL; + const char *name = NULL; + const char *family = NULL; + const char *first_result = NULL; + const char *max_results = NULL; + const char *oid = NULL; + const char *sort_field = NULL; + const char *sort_order = NULL; + const char *levels = NULL; + int high = 0, medium = 0, low = 0, log = 0; + credentials_t *credentials = NULL; + + const int CMD_MAX_SIZE = 22; + const int VAL_MAX_SIZE = 100; + + credentials = get_header_credentials (connection); + if (credentials == NULL) + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occured inside GSA daemon. " + "Diagnostics: Missing credentials for OMP request.", + "/login.html"); + + cmd = + (char *) MHD_lookup_connection_value (connection, MHD_GET_ARGUMENT_KIND, + "cmd"); + if (openvas_validate (validator, "cmd", cmd)) + cmd = NULL; + + if ((cmd != NULL) && (strlen (cmd) < CMD_MAX_SIZE)) + { + tracef ("cmd: [%s]\n", cmd); + task_id = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "task_id"); + if (openvas_validate (validator, "task_id", task_id)) + task_id = NULL; + + report_id = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "report_id"); + if (openvas_validate (validator, "report_id", report_id)) + report_id = NULL; + + oid = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "oid"); + if (openvas_validate (validator, "oid", oid)) + oid = NULL; + + format = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "format"); + if (openvas_validate (validator, "format", format)) + format = NULL; + + package_format = MHD_lookup_connection_value + (connection, + MHD_GET_ARGUMENT_KIND, + "package_format"); + if (openvas_validate (validator, "package_format", package_format)) + package_format = NULL; + + name = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "name"); + if (openvas_validate (validator, "name", name)) + name = NULL; + + family = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "family"); + if (openvas_validate (validator, "family", name)) + family = NULL; + + first_result = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "first_result"); + if (openvas_validate (validator, "first_result", first_result)) + first_result = NULL; + + max_results = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "max_results"); + if (openvas_validate (validator, "max_results", max_results)) + max_results = NULL; + + sort_field = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "sort_field"); + if (openvas_validate (validator, "sort_field", sort_field)) + sort_field = NULL; + + sort_order = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "sort_order"); + if (openvas_validate (validator, "sort_order", sort_order)) + sort_order = NULL; + + levels = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "levels"); + if (levels) + { + /* "levels" overrides "level_*". */ + if (openvas_validate (validator, "levels", levels)) + levels = NULL; + } + else + { + const char *level; + + level = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "level_high"); + if (openvas_validate (validator, "level_high", level)) + high = 0; + else + high = atoi (level); + + level = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "level_medium"); + if (openvas_validate (validator, "level_medium", level)) + medium = 0; + else + medium = atoi (level); + + level = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "level_low"); + if (openvas_validate (validator, "level_low", level)) + low = 0; + else + low = atoi (level); + + level = MHD_lookup_connection_value (connection, + MHD_GET_ARGUMENT_KIND, + "level_log"); + if (openvas_validate (validator, "level_log", level)) + log = 0; + else + log = atoi (level); + } + } + else + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occured inside GSA daemon. " + "Diagnostics: No valid command for omp.", + "/omp?cmd=get_status"); + + /** @todo Pass sort_order and sort_field to all page handlers. */ + /** @todo Ensure that XSL passes on sort_order and sort_field. */ + + /* Check cmd and precondition, start respective omp command(s) */ + if ((0 == strcmp (cmd, "delete_task")) && (task_id != NULL) + && (strlen (task_id) < VAL_MAX_SIZE)) + return delete_task_omp (credentials, task_id); + + else if ((0 == strcmp (cmd, "abort_task")) && (task_id != NULL) + && (strlen (task_id) < VAL_MAX_SIZE)) + return abort_task_omp (credentials, task_id); + + else if ((0 == strcmp (cmd, "start_task")) && (task_id != NULL) + && (strlen (task_id) < VAL_MAX_SIZE)) + return start_task_omp (credentials, task_id); + + else if ((0 == strcmp (cmd, "get_status")) && (task_id != NULL) + && (strlen (task_id) < VAL_MAX_SIZE)) + return get_status_omp (credentials, task_id, sort_field, sort_order); + + else if ((0 == strcmp (cmd, "delete_lsc_credential")) && (name != NULL)) + return delete_lsc_credential_omp (credentials, name); + + else if ((0 == strcmp (cmd, "delete_report")) && (report_id != NULL) + && (strlen (report_id) < VAL_MAX_SIZE)) + return delete_report_omp (credentials, report_id, task_id); + + else if ((0 == strcmp (cmd, "delete_user")) && (name != NULL)) + return delete_user_oap (credentials, name); + + else if ((0 == strcmp (cmd, "delete_target")) && (name != NULL)) + return delete_target_omp (credentials, name); + + else if ((0 == strcmp (cmd, "delete_config")) && (name != NULL)) + return delete_config_omp (credentials, name); + + else if (0 == strcmp (cmd, "edit_config")) + return get_config_omp (credentials, name, 1); + + else if (0 == strcmp (cmd, "edit_config_family")) + return get_config_family_omp (credentials, name, family, sort_field, + sort_order, 1); + + else if (0 == strcmp (cmd, "edit_config_nvt")) + return get_config_nvt_omp (credentials, name, family, oid, sort_field, + sort_order, 1); + + else if (0 == strcmp (cmd, "get_lsc_credentials") + && ((name == NULL && package_format == NULL) + || (name && package_format))) + { + if (name == NULL) + return get_lsc_credentials_omp (credentials, + name, + package_format, + &response_size, + sort_field, + sort_order); + + /** + * @todo + * Get these sizes from constants that are also used by gsad_params. + */ + content_type = calloc (16, sizeof (char)); + snprintf (content_type, 16, "application/%s", package_format); + content_disposition = calloc (250, sizeof (char)); + snprintf (content_disposition, 250, + "attachment; filename=openvas-lsc-target-%s_0.5-1.%s", + name, + (strcmp (package_format, "key") == 0 ? "pub" : package_format)); + + /** @todo On fail, HTML ends up in file. */ + return get_lsc_credentials_omp (credentials, + name, + package_format, + &response_size, + NULL, + NULL); + } + + else if ((0 == strcmp (cmd, "get_report")) && (report_id != NULL) + && (strlen (report_id) < VAL_MAX_SIZE)) + { + unsigned int first; + unsigned int max; + + if (!first_result || sscanf (first_result, "%u", &first) != 1) + first = 1; + if (!max_results || sscanf (max_results, "%u", &max) != 1) + max = 1000; + + if (format != NULL) + { + /** + * @todo + * Get these sizes from constants that are also used by + * gsad_params. + */ + /* @todo name is now 80 */ + content_type = calloc (16, sizeof (char)); + snprintf (content_type, 16, "application/%s", format); + content_disposition = calloc (70, sizeof (char)); + snprintf (content_disposition, 70, + "attachment; filename=report-%s.%s", report_id, format); + } + + if (levels) + return get_report_omp (credentials, report_id, format, &response_size, + (const unsigned int) first, + (const unsigned int) max, + sort_field, + sort_order, + levels); + + { + char *ret; + GString *string = g_string_new (""); + if (high) g_string_append (string, "h"); + if (medium) g_string_append (string, "m"); + if (low) g_string_append (string, "l"); + if (log) g_string_append (string, "g"); + ret = get_report_omp (credentials, report_id, format, &response_size, + (const unsigned int) first, + (const unsigned int) max, + sort_field, + sort_order, + string->str); + g_string_free (string, TRUE); + return ret; + } + } + + else if (0 == strcmp (cmd, "get_status")) + return get_status_omp (credentials, NULL, sort_field, sort_order); + + else if (0 == strcmp (cmd, "get_targets")) + return get_targets_omp (credentials, sort_field, sort_order); + + else if (0 == strcmp (cmd, "get_users")) + return get_users_oap (credentials, sort_field, sort_order); + + else if (0 == strcmp (cmd, "get_config")) + return get_config_omp (credentials, name, 0); + + else if (0 == strcmp (cmd, "get_configs")) + return get_configs_omp (credentials, sort_field, sort_order); + + else if (0 == strcmp (cmd, "get_config_family")) + return get_config_family_omp (credentials, name, family, sort_field, + sort_order, 0); + + else if (0 == strcmp (cmd, "get_config_nvt")) + return get_config_nvt_omp (credentials, name, family, oid, sort_field, + sort_order, 0); + + else if ((0 == strcmp (cmd, "get_nvt_details")) && (oid != NULL)) + { + return get_nvt_details_omp (credentials, oid); + } + + else + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occured inside GSA daemon. " + "Diagnostics: Unknown command.", + "/omp?cmd=get_status"); +} + +/** * @brief Checks whether a file is a directory or not. * * @todo Handle symbolic links. From scm-commit at wald.intevation.org Thu Dec 3 01:27:56 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 01:27:56 +0100 (CET) Subject: [Openvas-commits] r6048 - in trunk/gsa: . src Message-ID: <20091203002756.94384861EACF@pyrosoma.intevation.org> Author: jan Date: 2009-12-03 01:27:53 +0100 (Thu, 03 Dec 2009) New Revision: 6048 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: * src/gsad.c (REALM, POST_BUFFER_SIZE, FILE_NOT_FOUND, ERROR_PAGE, SERVER_ERROR, content_type, content_disposition, response_size, log_config, verbose): New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-02 22:43:43 UTC (rev 6047) +++ trunk/gsa/ChangeLog 2009-12-03 00:27:53 UTC (rev 6048) @@ -1,3 +1,9 @@ +2009-12-03 Jan-Oliver Wagner + + * src/gsad.c (REALM, POST_BUFFER_SIZE, FILE_NOT_FOUND, + ERROR_PAGE, SERVER_ERROR, content_type, content_disposition, + response_size, log_config, verbose): New. + 2009-12-02 Jan-Oliver Wagner * src/gsad.c (exec_omp_post, exec_omp_get): New. Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-02 22:43:43 UTC (rev 6047) +++ trunk/gsa/src/gsad.c 2009-12-03 00:27:53 UTC (rev 6048) @@ -80,16 +80,71 @@ #define DEFAULT_OPENVAS_MANAGER_PORT 9390 /** + * @brief HTTP basic authentication realm. + */ +#define REALM "\"Greenbone Security Assistant\"" + +/** + * @brief Buffer size for POST processor. + */ +#define POST_BUFFER_SIZE 500000 + +/** * @brief Libgcrypt thread callback definition. */ GCRY_THREAD_OPTION_PTHREAD_IMPL; /** + * @brief Last resort HTML on failure to open "default_file". + */ +const char *FILE_NOT_FOUND = + "File not foundFile not found"; + +/** + * @brief Error page HTML. + */ +const char *ERROR_PAGE = "HTTP Method not supported"; + +/** + * @brief Server error HTML. + */ +char *SERVER_ERROR = + "An internal server error has occured."; + +/** * @brief The handle on the embedded HTTP daemon. */ struct MHD_Daemon *gsad_daemon; +/** @todo Ensure the accesses to these are thread safe. */ + /** + * @brief Content-Type passed between callbacks when sending files. + */ +char *content_type = NULL; + +/** + * @brief Content-Disposition passed between callbacks when sending files. + */ +char *content_disposition = NULL; + +/** + * @brief Response size passed between callbacks when sending files. + */ +unsigned int response_size = 0; + +/** + * @brief Logging parameters, as passed to setup_log_handlers. + */ +GSList *log_config = NULL; + +// @todo This is the definition for the entire program. +/** + * @brief Verbose output flag. + */ +int verbose = 0; + +/** * @brief Parameter validator. */ validator_t validator; From scm-commit at wald.intevation.org Thu Dec 3 09:50:27 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 09:50:27 +0100 (CET) Subject: [Openvas-commits] r6049 - in trunk/openvas-administrator: . src Message-ID: <20091203085027.A44A3861F2FD@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-03 09:50:26 +0100 (Thu, 03 Dec 2009) New Revision: 6049 Modified: trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/src/admin.c trunk/openvas-administrator/src/admin.h trunk/openvas-administrator/src/oap.c trunk/openvas-administrator/src/openvasad.c Log: Improved locking during feed synchronization. * src/oap.c: Defined status for a busy resource. (oap_xml_handle_end_element): Add a currently_syncing element to the feed description if the feed is currently being synchronized. Respond with a "busy" message when feed is already being synchronized. Do proper locking before feed synchronization and remove the lock when done. Send empty name and description instead of error if we could not identify the synchronization script. * src/admin.c: Added new functions for lockfile management. (openvasad_create_lockfile, openvasad_remove_lockfile, openvasad_currently_syncing): New. * src/admin.h: Updated header. * src/openvasad.c (main): Use new functions for lockfile management. Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2009-12-03 00:27:53 UTC (rev 6048) +++ trunk/openvas-administrator/ChangeLog 2009-12-03 08:50:26 UTC (rev 6049) @@ -1,3 +1,23 @@ +2009-12-03 Michael Wiegand + + Improved locking during feed synchronization. + + * src/oap.c: Defined status for a busy resource. + (oap_xml_handle_end_element): Add a currently_syncing element to the + feed description if the feed is currently being synchronized. Respond + with a "busy" message when feed is already being synchronized. Do proper + locking before feed synchronization and remove the lock when done. Send + empty name and description instead of error if we could not identify the + synchronization script. + + * src/admin.c: Added new functions for lockfile management. + (openvasad_create_lockfile, openvasad_remove_lockfile, + openvasad_currently_syncing): New. + + * src/admin.h: Updated header. + + * src/openvasad.c (main): Use new functions for lockfile management. + 2009-12-01 Michael Wiegand Improving feed synchronization support. Modified: trunk/openvas-administrator/src/admin.c =================================================================== --- trunk/openvas-administrator/src/admin.c 2009-12-03 00:27:53 UTC (rev 6048) +++ trunk/openvas-administrator/src/admin.c 2009-12-03 08:50:26 UTC (rev 6049) @@ -961,4 +961,88 @@ return TRUE; } +/** + * @brief Create a lockfile for synchronization and store the name of the + * synchronization script. + * + * @param sync_script The file name of the synchronization script. + * + * @return TRUE if the lockfile was written successfully, FALSE if + * not. + */ +gboolean +openvasad_create_lockfile (const gchar * sync_script) +{ + g_assert (sync_script); + if (openvasad_currently_syncing ()) + { + return FALSE; + } + + gchar *lockfile_name = g_build_filename (g_get_tmp_dir (), + "openvasad-feed-sync.lock", + NULL); + + if (!g_file_set_contents (lockfile_name, sync_script, -1, NULL)) + { + g_warning ("Failed to write lockfile!"); + g_free (lockfile_name); + return FALSE; + } + + g_free (lockfile_name); + return TRUE; +} + +/** + * @brief Remove a lockfile for synchronization. + * + * @return TRUE if the lockfile was removed successfully, FALSE if + * not. + */ +gboolean +openvasad_remove_lockfile (void) +{ + gchar *lockfile_name = g_build_filename (g_get_tmp_dir (), + "openvasad-feed-sync.lock", + NULL); + if (!g_file_test (lockfile_name, G_FILE_TEST_EXISTS)) + { + g_free (lockfile_name); + return TRUE; + } + + if (g_unlink (lockfile_name) == 0) + { + g_free (lockfile_name); + return TRUE; + } + + g_warning ("Failed to remove lockfile!"); + g_free (lockfile_name); + return FALSE; +} + +/** + * @brief Determine if the administrator is currently synchronizing with a + * feed, i.e. if a lockfile exists. + * + * @return TRUE if the administrator is currently synchronizing with a feed, + * FALSE if not. + */ +gboolean +openvasad_currently_syncing (void) +{ + gchar *lockfile_name = g_build_filename (g_get_tmp_dir (), + "openvasad-feed-sync.lock", + NULL); + if (g_file_test (lockfile_name, G_FILE_TEST_EXISTS)) + { + g_free (lockfile_name); + return TRUE; + } + + g_free (lockfile_name); + return FALSE; +} Modified: trunk/openvas-administrator/src/admin.h =================================================================== --- trunk/openvas-administrator/src/admin.h 2009-12-03 00:27:53 UTC (rev 6048) +++ trunk/openvas-administrator/src/admin.h 2009-12-03 08:50:26 UTC (rev 6049) @@ -40,6 +40,10 @@ gboolean openvas_get_sync_script_identification (const gchar *, gchar **); gboolean openvas_get_sync_script_description (const gchar *, gchar **); +gboolean openvasad_create_lockfile (const gchar *); +gboolean openvasad_remove_lockfile (void); +gboolean openvasad_currently_syncing (void); + GString *print_preferences_xml (GHashTable *); GString *print_users_xml (GSList *); GString *print_users_text (GSList *); Modified: trunk/openvas-administrator/src/oap.c =================================================================== --- trunk/openvas-administrator/src/oap.c 2009-12-03 00:27:53 UTC (rev 6048) +++ trunk/openvas-administrator/src/oap.c 2009-12-03 08:50:26 UTC (rev 6049) @@ -198,6 +198,7 @@ * 400 Bad request * 401 Must auth * 404 Missing + * 409 Busy/Conflict */ /** @@ -226,6 +227,16 @@ #define STATUS_ERROR_MISSING_TEXT "Resource missing" /** + * @brief Response code for a busy resource. + */ +#define STATUS_ERROR_BUSY "409" + +/** + * @brief Response code text for a busy resource. + */ +#define STATUS_ERROR_BUSY_TEXT "Resource busy" + +/** * @brief Response code when authorisation failed. */ #define STATUS_ERROR_AUTH_FAILED "400" @@ -1017,6 +1028,10 @@ SEND_TO_CLIENT_OR_FAIL (""); SENDF_TO_CLIENT_OR_FAIL ("%s", ident[3]); SENDF_TO_CLIENT_OR_FAIL ("%s", feed_description); + if (openvasad_currently_syncing ()) + { + SEND_TO_CLIENT_OR_FAIL (""); + } SEND_TO_CLIENT_OR_FAIL (""); SEND_TO_CLIENT_OR_FAIL (""); g_strfreev (ident); @@ -1025,7 +1040,14 @@ } else { - SEND_TO_CLIENT_OR_FAIL (XML_INTERNAL_ERROR ("describe_feed")); + SEND_TO_CLIENT_OR_FAIL (""); + SEND_TO_CLIENT_OR_FAIL (""); + SEND_TO_CLIENT_OR_FAIL (""); + SEND_TO_CLIENT_OR_FAIL (""); + SEND_TO_CLIENT_OR_FAIL (""); + SEND_TO_CLIENT_OR_FAIL (""); } set_client_state (CLIENT_AUTHENTIC); break; @@ -1033,6 +1055,14 @@ case CLIENT_SYNC_FEED: { + if (openvasad_currently_syncing ()) + { + SEND_TO_CLIENT_OR_FAIL (""); + SEND_TO_CLIENT_OR_FAIL (""); + } + openvasad_create_lockfile (sync_script); if (openvas_sync_feed (sync_script)) { SEND_TO_CLIENT_OR_FAIL (" Author: jan Date: 2009-12-03 10:51:10 +0100 (Thu, 03 Dec 2009) New Revision: 6050 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/make_html Log: * src/html/make_html: Fix grep for static files to exclude SVN elements. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-03 08:50:26 UTC (rev 6049) +++ trunk/gsa/ChangeLog 2009-12-03 09:51:10 UTC (rev 6050) @@ -1,5 +1,10 @@ 2009-12-03 Jan-Oliver Wagner + * src/html/make_html: Fix grep for static files to exclude + SVN elements. + +2009-12-03 Jan-Oliver Wagner + * src/gsad.c (REALM, POST_BUFFER_SIZE, FILE_NOT_FOUND, ERROR_PAGE, SERVER_ERROR, content_type, content_disposition, response_size, log_config, verbose): New. Modified: trunk/gsa/src/html/make_html =================================================================== --- trunk/gsa/src/html/make_html 2009-12-03 08:50:26 UTC (rev 6049) +++ trunk/gsa/src/html/make_html 2009-12-03 09:51:10 UTC (rev 6050) @@ -30,7 +30,7 @@ SRCDIR=src HTM4_LIST=`cd $(SRCDIR) ; find . -name "*.htm4"` -STATIC_LIST=`find . -type f | grep -v "htm4$$"` +STATIC_LIST=`find . -type f | grep -v "htm4$$" | grep -v "\/\.svn\/"` PUBLIC_LIST=gsa-style.css favicon.gif img/gsa_splash.png \ img/style/window_dec_a.png img/style/window_dec_b.png \ img/style/window_dec_c.png From scm-commit at wald.intevation.org Thu Dec 3 11:02:53 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 11:02:53 +0100 (CET) Subject: [Openvas-commits] r6051 - in trunk/gsa: . src src/html src/html/src src/html/src/help Message-ID: <20091203100253.825D3861F2C3@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-03 11:02:52 +0100 (Thu, 03 Dec 2009) New Revision: 6051 Added: trunk/gsa/src/html/src/help/feed_management.htm4 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c trunk/gsa/src/gsad_oap.c trunk/gsa/src/gsad_oap.h trunk/gsa/src/html/header.m4 trunk/gsa/src/html/src/gsad.xsl trunk/gsa/src/html/src/help/contents.htm4 trunk/gsa/src/html/src/oap.xsl Log: Added initial NVT feed synchronization support. * src/gsad.c (init_validator): Mark get_feed and sync_feed as valid commands. (exec_omp_post): Add handling of sync_feed command. (exec_omp_get): Add handling of get_feed command. * src/gsad_oap.c: Added functions for getting the description of a feed and for synchronization with a feed. (get_feed_oap, sync_feed_oap): New. * src/gsad_oap.h: Updated header. * src/html/src/gsad.xsl, src/html/src/help/contents.htm4, src/html/header.m4: Add menu item for feed management. * src/html/src/oap.xsl: Add support for new response types. * src/html/src/help/feed_management.htm4: New. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/ChangeLog 2009-12-03 10:02:52 UTC (rev 6051) @@ -1,3 +1,25 @@ +2009-12-03 Michael Wiegand + + Added initial NVT feed synchronization support. + + * src/gsad.c (init_validator): Mark get_feed and sync_feed as valid + commands. + (exec_omp_post): Add handling of sync_feed command. + (exec_omp_get): Add handling of get_feed command. + + * src/gsad_oap.c: Added functions for getting the description of a feed + and for synchronization with a feed. + (get_feed_oap, sync_feed_oap): New. + + * src/gsad_oap.h: Updated header. + + * src/html/src/gsad.xsl, src/html/src/help/contents.htm4, + src/html/header.m4: Add menu item for feed management. + + * src/html/src/oap.xsl: Add support for new response types. + + * src/html/src/help/feed_management.htm4: New. + 2009-12-03 Jan-Oliver Wagner * src/html/make_html: Fix grep for static files to exclude Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/src/gsad.c 2009-12-03 10:02:52 UTC (rev 6051) @@ -184,6 +184,8 @@ "|(get_status)" "|(get_targets)" "|(get_users)" + "|(get_feed)" + "|(sync_feed)" "|(save_config)" "|(save_config_family)" "|(save_config_nvt)" @@ -1220,6 +1222,10 @@ con_info->req_parms.passwords, con_info->req_parms.timeout); } + else if (0 == strcmp (con_info->req_parms.cmd, "sync_feed")) + { + con_info->response = sync_feed_oap (credentials); + } else { con_info->response = gsad_message ("Internal error", @@ -1542,6 +1548,9 @@ else if (0 == strcmp (cmd, "get_users")) return get_users_oap (credentials, sort_field, sort_order); + else if (0 == strcmp (cmd, "get_feed")) + return get_feed_oap (credentials, sort_field, sort_order); + else if (0 == strcmp (cmd, "get_config")) return get_config_omp (credentials, name, 0); Modified: trunk/gsa/src/gsad_oap.c =================================================================== --- trunk/gsa/src/gsad_oap.c 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/src/gsad_oap.c 2009-12-03 10:02:52 UTC (rev 6051) @@ -363,3 +363,137 @@ fflush (stderr); return xsl_transform_oap (credentials, text); } + +/** + * @brief Get descriptions of the feed(s) connected to the administrator. + * + * @param[in] credentials Username and password for authentication + * @param[in] sort_field Field to sort on, or NULL. + * @param[in] sort_order "ascending", "descending", or NULL. + * + * @return Result of XSL transformation. + */ +char * +get_feed_oap (credentials_t * credentials, const char * sort_field, + const char * sort_order) +{ + tracef ("In get_feed_oap\n"); + entity_t entity; + char *text = NULL; + gnutls_session_t session; + int socket; + + switch (administrator_connect (credentials, &socket, &session)) + { + case -1: + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occurred while getting the user list. " + "The current list of feeds is not available. " + "Diagnostics: Failure to connect to administrator daemon.", + "/omp?cmd=get_status"); + case -2: + return xsl_transform_oap (credentials, + g_strdup + ("" + "Only users given the Administrator role" + " may access Feed Administration." + "")); + } + + if (openvas_server_sendf (&session, + "" + "" + "") + == -1) + { + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occurred while getting the feed list. " + "The current list of feeds is not available. " + "Diagnostics: Failure to send command to administrator daemon.", + "/omp?cmd=get_status"); + } + + entity = NULL; + if (read_entity_and_text (&session, &entity, &text)) + { + openvas_server_close (socket, session); + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occurred while getting the user list. " + "The current list of feeds is not available. " + "Diagnostics: Failure to receive response from administrator daemon.", + "/omp?cmd=get_status"); + } + free_entity (entity); + + openvas_server_close (socket, session); + tracef ("get_feed_oap: got text: %s", text); + fflush (stderr); + return xsl_transform_oap (credentials, text); +} + +/** + * @brief Synchronize with an NVT feed and XSL transform the result. + * + * @param[in] credentials Username and password for authentication + * + * @return Result of XSL transformation. + */ +char * +sync_feed_oap (credentials_t * credentials) +{ + tracef ("In sync_feed_oap\n"); + entity_t entity; + char *text = NULL; + gnutls_session_t session; + int socket; + + switch (administrator_connect (credentials, &socket, &session)) + { + case -1: + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occurred while synchronizing with the NVT feed. " + "Feed synchronization is currently not available. " + "Diagnostics: Failure to connect to administrator daemon.", + "/omp?cmd=get_status"); + case -2: + return xsl_transform_oap (credentials, + g_strdup + ("" + "Only users given the Administrator role" + " may access Feed Administration." + "")); + } + + if (openvas_server_sendf (&session, + "" + "" + "") + == -1) + { + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occurred while synchronizing with the NVT feed. " + "Feed synchronization is currently not available. " + "Diagnostics: Failure to send command to administrator daemon.", + "/omp?cmd=get_status"); + } + + entity = NULL; + if (read_entity_and_text (&session, &entity, &text)) + { + openvas_server_close (socket, session); + return gsad_message ("Internal error", __FUNCTION__, __LINE__, + "An internal error occurred while synchronizing with the NVT feed. " + "Feed synchronization is currently not available. " + "Diagnostics: Failure to receive response from administrator daemon.", + "/omp?cmd=get_status"); + } + free_entity (entity); + + openvas_server_close (socket, session); + tracef ("sync_feed_oap: got text: %s", text); + fflush (stderr); + return xsl_transform_oap (credentials, text); +} + Modified: trunk/gsa/src/gsad_oap.h =================================================================== --- trunk/gsa/src/gsad_oap.h 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/src/gsad_oap.h 2009-12-03 10:02:52 UTC (rev 6051) @@ -41,5 +41,7 @@ char * create_user_oap (credentials_t *, const char *, const char *, const char *); char * delete_user_oap (credentials_t *, const char *); +char * get_feed_oap (credentials_t *, const char *, const char *); +char * sync_feed_oap (credentials_t *); #endif /* not _GSAD_OAP_H */ Modified: trunk/gsa/src/html/header.m4 =================================================================== --- trunk/gsa/src/html/header.m4 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/src/html/header.m4 2009-12-03 10:02:52 UTC (rev 6051) @@ -51,6 +51,7 @@
  • Administration
  • Help Modified: trunk/gsa/src/html/src/gsad.xsl =================================================================== --- trunk/gsa/src/html/src/gsad.xsl 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/src/html/src/gsad.xsl 2009-12-03 10:02:52 UTC (rev 6051) @@ -105,6 +105,7 @@ Administration
  • Modified: trunk/gsa/src/html/src/help/contents.htm4 =================================================================== --- trunk/gsa/src/html/src/help/contents.htm4 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/src/html/src/help/contents.htm4 2009-12-03 10:02:52 UTC (rev 6051) @@ -28,6 +28,7 @@
  • Administration
  • Miscellaneous
      • Added: trunk/gsa/src/html/src/help/feed_management.htm4 =================================================================== --- trunk/gsa/src/html/src/help/feed_management.htm4 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/src/html/src/help/feed_management.htm4 2009-12-03 10:02:52 UTC (rev 6051) @@ -0,0 +1,38 @@ +m4_define(`PAGE_TITLE', `Help: NVT Feed Management') +m4_include(`header.m4') + + +
      + +

      NVT Feed Management

      + +

      +The management of NVT feeds is only accessible for users that own +the "Administrator" role. +

      + + +

      Synchronization with an NVT Feed

      + +

      +This dialog allows you synchronize your NVT collection with an NVT feed. It +shows the name of the NVT Feed Service your installation is configured to use +and a short description of the tool which will be used to synchronize your NVT +collection with the Feed Service. Hit the "Synchronize with Feed now" button to +start the synchronization. +

      + + +

      Consequences of an NVT Synchronization

      + +

      +The synchronization with an NVT Feed Service will take a short amount of time, +depending on the time of your last synchronization and the amount of changes in +the Feed Service. While synchronizing, the interface might seem slow to react. +At the end of the synchronization, some components of your installation will +need to be reloaded to make full use of your updated NVT collection. This may +cause the interface to be unresponsive for a short amount of time. +

      + +m4_include(`footer.m4') Modified: trunk/gsa/src/html/src/oap.xsl =================================================================== --- trunk/gsa/src/html/src/oap.xsl 2009-12-03 09:51:10 UTC (rev 6050) +++ trunk/gsa/src/html/src/oap.xsl 2009-12-03 10:02:52 UTC (rev 6051) @@ -180,4 +180,75 @@ + + + + + + + + + +
      +
      +
      +
      NVT Feed Management + + + +
      +
      +
      + + + + + + + + + + + + + +
      Name +
      +
      Description + +
      + + + + + + + + +

      + Learn about the consequences of feed synchronization +

      +
      +
      +
      +
      +       + + + + + + Synchronization with NVT Feed + + + + + + + + + + + From scm-commit at wald.intevation.org Thu Dec 3 11:28:42 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 11:28:42 +0100 (CET) Subject: [Openvas-commits] r6052 - trunk/openvas-scanner Message-ID: <20091203102842.B4F20861F2DD@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-03 11:28:36 +0100 (Thu, 03 Dec 2009) New Revision: 6052 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvas-nvt-sync.in Log: * openvas-nvt-sync.in: Added support for upcoming synchronization script API. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-12-03 10:02:52 UTC (rev 6051) +++ trunk/openvas-scanner/ChangeLog 2009-12-03 10:28:36 UTC (rev 6052) @@ -1,3 +1,8 @@ +2009-12-03 Michael Wiegand + + * openvas-nvt-sync.in: Added support for upcoming synchronization + script API. + 2009-12-02 Michael Wiegand Made logging less verbose by wrapping a number of debugging messages in Modified: trunk/openvas-scanner/openvas-nvt-sync.in =================================================================== --- trunk/openvas-scanner/openvas-nvt-sync.in 2009-12-03 10:02:52 UTC (rev 6051) +++ trunk/openvas-scanner/openvas-nvt-sync.in 2009-12-03 10:28:36 UTC (rev 6052) @@ -42,6 +42,14 @@ # An alternative syntax which might work if the above doesn't: #FEED=rsync at rsync.openvas.org::nvt-feed +# Script and feed information which will be made available to user through +# command line options and automated tools. +SCRIPT_NAME="openvas-nvt-sync" +VERSION=@version@ +FEED_NAME="OpenVAS NVT Feed" +FEED_PROVIDER="The OpenVAS Project" +RESTRICTED=0 + findcmd() { CMD=$1 @@ -105,12 +113,61 @@ } } -echo "OpenVAS NVT Sync $Release$" +do_self_test () +{ + RSYNC_AVAIL=`command -v rsync` + if [[ -z $RSYNC_AVAIL ]] ; then + SELFTEST_FAIL=1 + echo "The rsync binary could not be found." 1>&2 + fi + MD5SUM_AVAIL=`command -v md5sum` + if [[ -z $MD5SUM_AVAIL ]] ; then + SELFTEST_FAIL=1 + echo "The md5sum binary could not be found." 1>&2 + fi + eval "rsync -nqltvrP \"$FEED/md5sums\" \"$NVT_DIR\"" + if [ $? -ne 0 ] ; then + SELFTEST_FAIL=1 + echo "Error: rsync failed." 1>&2 + fi +} + +do_describe () +{ + echo "This script synchronizes an NVT collection with the $FEED_NAME." + echo "The $FEED_NAME is provided by $FEED_PROVIDER." +} + +while test $# -gt 0; do + case "$1" in + --version) + echo $VERSION + exit 0 + ;; + --identify) + echo "NVTSYNC|$SCRIPT_NAME|$VERSION|$FEED_NAME|$RESTRICTED|NVTSYNC" + exit 0 + ;; + --selftest) + SELFTEST_FAIL=0 + do_self_test + exit $SELFTEST_FAIL + ;; + --describe) + do_describe + exit 0 + ;; + esac + shift +done + +do_describe echo " " -echo "Configured NVT Feed: $FEED" -echo "Synchronized into: $NVT_DIR" +echo "Synchronizing into $NVT_DIR" echo " " chk_system_tools sync_nvts restart_openvassd + +exit 0 From scm-commit at wald.intevation.org Thu Dec 3 12:50:24 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 12:50:24 +0100 (CET) Subject: [Openvas-commits] r6053 - in trunk/openvas-scanner: . cnvts/openvas_tcp_scanner cnvts/synscan Message-ID: <20091203115024.30386865F467@pyrosoma.intevation.org> Author: chandra Date: 2009-12-03 12:50:23 +0100 (Thu, 03 Dec 2009) New Revision: 6053 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c trunk/openvas-scanner/cnvts/synscan/synscan.c Log: Fixed compiler warnings Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-12-03 10:28:36 UTC (rev 6052) +++ trunk/openvas-scanner/ChangeLog 2009-12-03 11:50:23 UTC (rev 6053) @@ -1,3 +1,8 @@ +2009-12-03 Chandrashekhar B + + * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, + cnvts/synscan/synscan.c: Fixed compiler warnings. + 2009-12-03 Michael Wiegand * openvas-nvt-sync.in: Added support for upcoming synchronization Modified: trunk/openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c =================================================================== --- trunk/openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c 2009-12-03 10:28:36 UTC (rev 6052) +++ trunk/openvas-scanner/cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c 2009-12-03 11:50:23 UTC (rev 6053) @@ -1450,7 +1450,7 @@ struct arglist * hostinfos = arg_get_value(desc, "HOSTNAME"); char * port_range = arg_get_value(preferences, "port_range"); char * p; - struct in_addr *p_addr; + struct in6_addr *p_addr; int timeout = 0, max_cnx, min_cnx, safe_checks = 0, x; p = arg_get_value(preferences, "safe_checks"); Modified: trunk/openvas-scanner/cnvts/synscan/synscan.c =================================================================== --- trunk/openvas-scanner/cnvts/synscan/synscan.c 2009-12-03 10:28:36 UTC (rev 6052) +++ trunk/openvas-scanner/cnvts/synscan/synscan.c 2009-12-03 11:50:23 UTC (rev 6053) @@ -741,6 +741,8 @@ unsigned short *ports; int family; + dst.s_addr = 0; + if(IN6_IS_ADDR_V4MAPPED(dst6)) { family = AF_INET; From scm-commit at wald.intevation.org Thu Dec 3 12:57:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 12:57:47 +0100 (CET) Subject: [Openvas-commits] r6054 - in trunk/openvas-plugins: . scripts Message-ID: <20091203115747.C911D865F46E@pyrosoma.intevation.org> Author: mime Date: 2009-12-03 12:57:42 +0100 (Thu, 03 Dec 2009) New Revision: 6054 Added: trunk/openvas-plugins/scripts/awstats_detect.nasl trunk/openvas-plugins/scripts/pligg_37185.nasl trunk/openvas-plugins/scripts/pligg_cms_detect.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-03 11:50:23 UTC (rev 6053) +++ trunk/openvas-plugins/ChangeLog 2009-12-03 11:57:42 UTC (rev 6054) @@ -1,3 +1,10 @@ +2009-12-03 Michael Meyer + + * scripts/pligg_cms_detect.nasl, + scripts/pligg_37185.nasl, + scripts/awstats_detect.nasl: + Added new plugins. + 2009-12-02 Michael Meyer * * scripts/phpmyfaq_37180.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-03 11:50:23 UTC (rev 6053) +++ trunk/openvas-plugins/cve_current.txt 2009-12-03 11:57:42 UTC (rev 6054) @@ -329,3 +329,4 @@ 37182 Greenbone svn R 37180 Greenbone svn R 33698 Greenbone svn R +37185 Greenbone svn R Added: trunk/openvas-plugins/scripts/awstats_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/awstats_detect.nasl 2009-12-03 11:50:23 UTC (rev 6053) +++ trunk/openvas-plugins/scripts/awstats_detect.nasl 2009-12-03 11:57:42 UTC (rev 6054) @@ -0,0 +1,120 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# AWStats Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running AWStats, a free powerful and featureful tool that +generates advanced web, streaming, ftp or mail server statistics, +graphically. + +See also: +http://awstats.sourceforge.net/ + +Risk factor : None"; + +if (description) +{ + script_id(100376); + script_version ("1.0-$Revision$"); + + script_name("AWStats Detection"); + script_description(desc); + script_summary("Checks for the presence of AWStats"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/awstats","/stats","/logs","/awstats/cgi-bin","/statistics","/statistik/cgi-bin","/awstats-cgi",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/awstats.pl?framename=mainright"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + + if( buf == NULL )continue; + + if(egrep(pattern: 'content="Awstats - Advanced Web Statistics', string: buf, icase: TRUE) || + egrep(pattern: "AWStats UseFramesWhenCGI", string: buf) || + egrep(pattern: "Created by awstats", string: buf) || + egrep(pattern: "CreateDirDataIfNotExists", string: buf)) { + + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + ### try to get version + version = eregmatch(string: buf, pattern: "Advanced Web Statistics ([0-9.]+)",icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + + set_kb_item(name: string("www/", port, "/awstats"), value: string(vers," under ",install)); + if("unknown" >!< vers) { + set_kb_item(name: string("cpe:/a:awstats:awstats:",vers), value: TRUE); + } else { + set_kb_item(name: string("cpe:/a:awstats:awstats"), value: TRUE); + } + + info = string("None\n\nAwstats Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); + Property changes on: trunk/openvas-plugins/scripts/awstats_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/pligg_37185.nasl =================================================================== --- trunk/openvas-plugins/scripts/pligg_37185.nasl 2009-12-03 11:50:23 UTC (rev 6053) +++ trunk/openvas-plugins/scripts/pligg_37185.nasl 2009-12-03 11:57:42 UTC (rev 6054) @@ -0,0 +1,90 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Pligg Cross Site Scripting And Request Forgery Remote Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100375); + script_bugtraq_id(37185); + script_version ("1.0-$Revision$"); + + script_name("Pligg Cross Site Scripting And Request Forgery Remote Vulnerabilities"); + +desc = "Overview: +Pligg is prone to multiple cross-site scripting vulnerabilities and a +cross-site request-forgery vulnerability. + +An attacker can exploit these issues to steal cookie-based +authentication credentials or perform unauthorized actions when +masquerading as the victim. Other attacks are also possible. + +Versions prior to Pligg 1.0.3 are vulnerable. + +Solution: +Vendor updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/37185 +http://holisticinfosec.org/content/view/130/45/ +http://www.pligg.com/blog/775/pligg-cms-1-0-3-release/ +http://www.pligg.com/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine the version of Pligg"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("pligg_cms_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/pligg")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_less(version: vers, test_version: "1.0.3")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/pligg_37185.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/pligg_cms_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/pligg_cms_detect.nasl 2009-12-03 11:50:23 UTC (rev 6053) +++ trunk/openvas-plugins/scripts/pligg_cms_detect.nasl 2009-12-03 11:57:42 UTC (rev 6054) @@ -0,0 +1,132 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Pligg CMS Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running Pligg CMS, an open source CMS. + +See also: +http://www.pligg.com/ + +Risk factor : None"; + +if (description) +{ + script_id(100374); + script_version ("1.0-$Revision$"); + + script_name("Pligg CMS Detection"); + script_description(desc); + script_summary("Checks for the presence of Pligg CMS "); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/pligg","/cms",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "Copyright 2009.*Pligg 0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + + url = string(dir, "/readme.html"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req,bodyonly:TRUE); + + if("Pligg Readme" >< buf) { + version = eregmatch(string: buf, pattern: "Version ([0-9.]+)",icase:TRUE); + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + } else { + + url = string(dir, "/languages/lang_english.conf"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req,bodyonly:TRUE); + + if("Pligg English language" >< buf) { + version = eregmatch(string: buf, pattern: "//([0-9.]+) ",icase:TRUE); + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + } + } + + set_kb_item(name: string("www/", port, "/pligg"), value: string(vers," under ",install)); + if("unknown" >!< vers) { + set_kb_item(name: string("cpe:/a:pligg:pligg_cms:",vers), value: TRUE); + } else { + set_kb_item(name: string("cpe:/a:pligg:pligg_cms"), value: TRUE); + } + + info = string("None\n\nPligg CMS Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/pligg_cms_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Thu Dec 3 15:52:05 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 15:52:05 +0100 (CET) Subject: [Openvas-commits] r6055 - in trunk/openvas-plugins: . scripts Message-ID: <20091203145205.2A20C861F2E3@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-03 15:52:01 +0100 (Thu, 03 Dec 2009) New Revision: 6055 Added: trunk/openvas-plugins/scripts/slad.inc Removed: trunk/openvas-plugins/scripts/slad_init.nasl trunk/openvas-plugins/scripts/slad_ssh.inc Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/slad_fetch_results.nasl trunk/openvas-plugins/scripts/slad_run.nasl Log: Improved SLAD support. * scripts/slad_fetch_results.nasl, scripts/slad_run.nasl: Made header more verbose. Now uses ssh_authorization.nasl for SSH credentials management. * scripts/slad_ssh.inc, scripts/slad_init.nasl: Removed obsolete separate SSH credentials management. * scripts/slad.inc: New. Provides functionality needed by slad_run.nasl and slad_fetch_results.nasl. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-03 11:57:42 UTC (rev 6054) +++ trunk/openvas-plugins/ChangeLog 2009-12-03 14:52:01 UTC (rev 6055) @@ -1,3 +1,17 @@ +2009-12-03 Michael Wiegand + + Improved SLAD support. + + * scripts/slad_fetch_results.nasl, scripts/slad_run.nasl: Made header + more verbose. Now uses ssh_authorization.nasl for SSH credentials + management. + + * scripts/slad_ssh.inc, scripts/slad_init.nasl: Removed obsolete + separate SSH credentials management. + + * scripts/slad.inc: New. Provides functionality needed by slad_run.nasl + and slad_fetch_results.nasl. + 2009-12-03 Michael Meyer * scripts/pligg_cms_detect.nasl, Added: trunk/openvas-plugins/scripts/slad.inc =================================================================== --- trunk/openvas-plugins/scripts/slad.inc 2009-12-03 11:57:42 UTC (rev 6054) +++ trunk/openvas-plugins/scripts/slad.inc 2009-12-03 14:52:01 UTC (rev 6055) @@ -0,0 +1,160 @@ +############################################################################### +# OpenVAS Vulnerability Test Support File +# +# Support functions for SLAD queries +# +# Authors: +# Dirk Jagdmann +# Michael Wiegand +# +# Copyright: +# Copyright (c) 2005 DN-Systems GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ + +function init_add_preferences () { + script_add_preference (name: "Execute Tripwire HIDS to check system's file integrity (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "Execute ClamAV to search for virus-infected files (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "ClamAV level", type: "radio", value: "Move infected files to quarantine;Remove infected files;Move infected files to quarantine exclude archives (.zip, .tgz, etc);Remove infected files exclude archives (.zip, .tgz, etc)"); + script_add_preference (name: "Execute LSOF to retrieve a list of open files (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "Execute Tiger for various checks (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "tiger level", type: "radio", value: "Checks user and passwd on local system;Check Filesystem Permissions;Check Systems Configuration and applications;Check running System and Processes;Perform all Tiger checks on system"); + script_add_preference (name: "Analyse Syslog-Files for security incidents (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "syslogwatch level", type: "radio", value: "Analyse SysLogs low detail;Analyse SysLogs medium detail;Analyse SysLogs high detail"); + script_add_preference (name: "fetch hardware MB sensors (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "Execute John-the-Ripper to find weak user passwords", type: "checkbox", value: "no"); + script_add_preference (name: "john level", type: "radio", value: "Fast-Crack;Dictionary Mode (slow);Full-Crack (very slow)"); + script_add_preference (name: "Execute ovaldi for scanning OVAL described issues", type: "checkbox", value: "no"); + script_add_preference (name: "ovaldi report format", type: "radio", value: "Text;HTML"); + script_add_preference (name: "Analyse SNMP-Traps collected by snmptrapd (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "Fetch Snort-Events from the Snort MYSQL Database (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "Execute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt (Linux only)", type: "checkbox", value: "no"); + script_add_preference (name: "Execute ChkRootKit to find installed rootkits (Linux only)", type: "checkbox", value: "no"); +} + +function run_slad (sock, slad_exe) { + # tripwire + run = script_get_preference ("Execute Tripwire HIDS to check system's file integrity (Linux only)"); + slad_cmd = slad_exe + " -r tripwire:tripwire"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # ClamAV + run = script_get_preference ("Execute ClamAV to search for virus-infected files (Linux only)"); + level = script_get_preference ("ClamAV level"); + if (level == "Move infected files to quarantine") slad_cmd = slad_exe + " -r ClamAV:ClamAVQua"; + else if (level == "Remove infected files") slad_cmd = slad_exe + " -r ClamAV:ClamAVDel"; + else if (level == "Move infected files to quarantine exclude archives (.zip, .tgz, etc)") slad_cmd = slad_exe + " -r ClamAV:ClamAVNoArch"; + else if (level == "Remove infected files exclude archives (.zip, .tgz, etc)") slad_cmd = slad_exe + " -r ClamAV:ClamAVDelNoArch"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # lsof + run = script_get_preference ("Execute LSOF to retrieve a list of open files (Linux only)"); + slad_cmd = slad_exe + " -r lsof:lsof"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # tiger + run = script_get_preference ("Execute Tiger for various checks (Linux only)"); + level = script_get_preference ("tiger level"); + if (level == "Checks user and passwd on local system") slad_cmd = slad_exe + " -r tiger:tigeruser"; + else if (level == "Check Filesystem Permissions") slad_cmd = slad_exe + " -r tiger:tigerperm"; + else if (level == "Check Systems Configuration and applications") slad_cmd = slad_exe + " -r tiger:tigerconfig"; + else if (level == "Check running System and Processes") slad_cmd = slad_exe + " -r tiger:tigersystem"; + else if (level == "Perform all Tiger checks on system") slad_cmd = slad_exe + " -r tiger:fulltiger"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # syslogwatch + run = script_get_preference ("Analyse Syslog-Files for security incidents (Linux only)"); + level = script_get_preference ("syslogwatch level"); + if (level == "Analyse SysLogs low detail") slad_cmd = slad_exe + " -r syslogwatch:logwatchlow"; + else if (level == "Analyse SysLogs medium detail") slad_cmd = slad_exe + " -r syslogwatch:logwatchmed"; + else if (level == "Analyse SysLogs high detail") slad_cmd = slad_exe + " -r syslogwatch:logwatchhigh"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # sensors + run = script_get_preference ("fetch hardware MB sensors (Linux only)"); + slad_cmd = slad_exe + " -r sensors:sensors"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # john + run = script_get_preference ("Execute John-the-Ripper to find weak user passwords"); + level = script_get_preference ("john level"); + if (level == "Fast-Crack") slad_cmd = slad_exe + " -r john:fastjohn"; + else if (level == "Dictionary Mode (slow)") slad_cmd = slad_exe + " -r john:dictjohn"; + else if (level == "Full-Crack (very slow)") slad_cmd = slad_exe + " -r john:fulljohn"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # ovaldi + run = script_get_preference ("Execute ovaldi for scanning OVAL described issues"); + report_format = script_get_preference("ovaldi report format"); + if (report_format == "Text") slad_cmd = slad_exe + " -r ovaldi:short"; + else if (report_format == "Text") slad_cmd = slad_exe + " -r ovaldi:html"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # snmptrapwatch + run = script_get_preference ("Analyse SNMP-Traps collected by snmptrapd (Linux only)"); + slad_cmd = slad_exe + " -r snmptrapwatch:snmptrapwatch"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # snort + run = script_get_preference ("Fetch Snort-Events from the Snort MYSQL Database (Linux only)"); + slad_cmd = slad_exe + " -r snort:snort"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # sshvulnkey + run = script_get_preference ("Execute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt (Linux only)"); + slad_cmd = slad_exe + " -r sshvulnkey:sshvuln"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + # chkrootkit + run = script_get_preference ("Execute ChkRootKit to find installed rootkits (Linux only)"); + slad_cmd = slad_exe + " -r chkrootkit:chkrootkit"; + if (run == "yes") results += ssh_cmd (socket: sock, cmd: slad_cmd, timeout: 60); + if (results) security_warning (data: results); +} + +function get_slad_description (entry) { + if (entry == "tripwire:tripwire:tripwire") return "Execute Tripwire HIDS to check system's file integrity"; + else if (entry == "ClamAV:ClamAVQua:QuarantClamAV") return "Execute ClamAV to search for virus-infected files: Move infected files to quarantine"; + else if (entry == "ClamAV:ClamAVDel:DeleteClamAV") return "Execute ClamAV to search for virus-infected files: Remove infected files"; + else if (entry == "ClamAV:ClamAVNoArch:QuarantClamAVNoArch") return "Execute ClamAV to search for virus-infected files: Move infected files to quarantine exclude archives (.zip, .tgz, etc)"; + else if (entry == "ClamAV:ClamAVDelNoArch:DeleteClamAVNoArch") return "Execute ClamAV to search for virus-infected files: Remove infected files exclude archives (.zip, .tgz, etc)"; + else if (entry == "lsof:lsof:lsof") return "Execute LSOF to retrieve a list of open files"; + else if (entry == "tiger:tigeruser:tigeruser") return "Execute Tiger for various checks: Checks user and passwd on local system"; + else if (entry == "tiger:tigerperm:tigerperm") return "Execute Tiger for various checks: Check Filesystem Permissions"; + else if (entry == "tiger:tigerconfig:tigerconfig") return "Execute Tiger for various checks: Check Systems Configuration and applications"; + else if (entry == "tiger:tigersystem:tigersystem") return "Execute Tiger for various checks: Check running System and Processes"; + else if (entry == "tiger:fulltiger:fulltiger") return "Execute Tiger for various checks: Perform all Tiger checks on system"; + else if (entry == "syslogwatch:logwatchlow:logwatchlow") return "Analyse Syslog-Files for security incidents: Analyse SysLogs low detail"; + else if (entry == "syslogwatch:logwatchmed:logwatchmed") return "Analyse Syslog-Files for security incidents: Analyse SysLogs medium detail"; + else if (entry == "syslogwatch:logwatchhigh:logwatchhigh") return "Analyse Syslog-Files for security incidents: Analyse SysLogs high detail"; + else if (entry == "sensors:sensors:sensors") return "fetch hardware MB sensors"; + else if (entry == "john:fastjohn:fastjohn") return "Execute John-the-Ripper to find weak user passwords: Fast-Crack"; + else if (entry == "john:dictjohn:dictjohn") return "Execute John-the-Ripper to find weak user passwords: Dictionary Mode (slow)"; + else if (entry == "john:fulljohn:fulljohn") return "Execute John-the-Ripper to find weak user passwords: Full-Crack (very slow)"; + else if (entry == "ovaldi:short:short") return "Execute ovaldi for scanning OVAL described issues: Text Report"; + else if (entry == "ovaldi:html:html") return "Execute ovaldi for scanning OVAL described issues: HTML Report"; + else if (entry == "snmptrapwatch:snmptrapwatch:trapwatch") return "Analyse SNMP-Traps collected by snmptrapd: SNMP Traps in the daemon.log"; + else if (entry == "snort:snort:snort") return "Fetch Snort-Events from the Snort MYSQL Database"; + else if (entry == "sshvulnkey:sshvuln:normal") return "Execute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt"; + else if (entry == "chkrootkit:chkrootkit:normal") return "Execute ChkRootKit to find installed rootkits"; +} + +function dump_preferences () { + display ("tripwire: ", script_get_preference ("Execute Tripwire HIDS to check system's file integrity (Linux only)"), "\n"); + display ("ClamAV: ", script_get_preference ("Execute ClamAV to search for virus-infected files (Linux only)"), "\n"); + display (" level: ", script_get_preference ("ClamAV level"), "\n"); + display ("lsof: ", script_get_preference ("Execute LSOF to retrieve a list of open files (Linux only)"), "\n"); + display ("tiger: ", script_get_preference ("Execute Tiger for various checks (Linux only)"), "\n"); + display (" level: ", script_get_preference ("tiger level"), "\n"); + display ("syslogwatch: ", script_get_preference ("Analyse Syslog-Files for security incidents (Linux only)"), "\n"); + display (" level: ", script_get_preference ("syslogwatch level"), "\n"); + display ("sensors: ", script_get_preference ("fetch hardware MB sensors"), "\n"); + display ("john: ", script_get_preference ("Execute John-the-Ripper to find weak user passwords (Linux only)"), "\n"); + display (" level: ", script_get_preference ("john level"), "\n"); + display ("ovaldi: ", script_get_preference ("Execute ovaldi for scanning OVAL described issues (Linux only)"), "\n"); + display ("snmptrapwatch: ", script_get_preference ("Analyse SNMP-Traps collected by snmptrapd (Linux only)"), "\n"); + display ("snort: ", script_get_preference ("Fetch Snort-Events from the Snort MYSQL Database (Linux only)"), "\n"); + display ("sshvulnkey: ", script_get_preference ("Execute ssh vulnkey to detect unsecure SSH RSA and DSA keys from broken Debian OpenSSL pkt (Linux only)"), "\n"); + display ("chkrootkit: ", script_get_preference ("Execute ChkRootKit to find installed rootkits (Linux only)"), "\n"); +} Modified: trunk/openvas-plugins/scripts/slad_fetch_results.nasl =================================================================== --- trunk/openvas-plugins/scripts/slad_fetch_results.nasl 2009-12-03 11:57:42 UTC (rev 6054) +++ trunk/openvas-plugins/scripts/slad_fetch_results.nasl 2009-12-03 14:52:01 UTC (rev 6055) @@ -1,15 +1,33 @@ +############################################################################### +# OpenVAS Vulnerability Test # +# Fetch results of SLAD queries from a remote machine # -# Copyright 2005 DN Systems GmbH +# Authors: +# Dirk Jagdmann +# Michael Wiegand # -# License: GNU GPLv2 or any later version +# Copyright: +# Copyright (c) 2005 DN-Systems GmbH # +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ debug = 0; include ("ssh_func.inc"); include ("slad.inc"); -include ("slad_ssh.inc"); if(description) { script_id(90003); @@ -37,15 +55,20 @@ family = "SLAD"; script_family(family); - script_dependencies ("find_service.nes", "slad_init.nasl"); + script_dependencies ("find_service.nes", "ssh_authorization.nasl"); script_require_ports (22, "Services/ssh"); - script_require_keys ("SLAD/login"); + script_require_keys ("Secret/SSH/login"); exit(0); } { - sock = slad_ssh_login (); + sock = ssh_login_or_reuse_connection(); + if(!sock) { + # Send "error" as set by ssh_funcs. + log_message(port:port, data:get_ssh_error()); + exit(0); + } slad_exe = '/opt/slad/bin/sladd'; slad_cmd = slad_exe + ' -s jobs'; Deleted: trunk/openvas-plugins/scripts/slad_init.nasl =================================================================== --- trunk/openvas-plugins/scripts/slad_init.nasl 2009-12-03 11:57:42 UTC (rev 6054) +++ trunk/openvas-plugins/scripts/slad_init.nasl 2009-12-03 14:52:01 UTC (rev 6055) @@ -1,72 +0,0 @@ -# -# -# Copyright 2005 DN Systems GmbH -# -# License: GNU GPLv2 or any later version -# - -debug = 0; -slad_login_name = "slad"; - -if(description) { - script_id(90001); - script_version ("1.0"); - name = "SLAD Init"; - - script_name(name); - - desc = " -This script provides the SLAD scripts with login -information."; - - script_description(desc); - - summary = "Set SLAD login information"; - script_summary(summary); - - script_category(ACT_INIT); - - script_copyright("This script is Copyright 2005 DN Systems GmbH"); - family = "SLAD"; - script_family(family); - - # The script preferences - script_add_preference (name: "slad SSH public key:", type: "file", - value: ""); - script_add_preference (name: "slad SSH private key:", type: "file", - value: ""); - script_add_preference (name: "slad SSH key passphrase:", type: "password", - value: ""); - exit(0); -} - -{ - if (debug) { - display ("kb: n: <", get_kb_item ("SLAD/login"), ">\n"); - display ("pub: ", get_kb_item ("SLAD/publickey"), "\n"); - display ("priv: ", get_kb_item ("SLAD/privatekey"), "\n"); - } - - # Get the values from the script preferences - slad_public_key = script_get_preference_file_content ("slad SSH public key:"); - slad_private_key = script_get_preference_file_content ("slad SSH private key:"); - slad_key_passphrase = script_get_preference ("slad SSH key passphrase:"); - - if (debug) { - display ("d1: pp: <", slad_key_passphrase, ">\n"); - display ("pub: ", slad_public_key, "\n"); - display ("priv: ", slad_private_key, "\n"); - } - - # Store secret information for running/fetching results - if (slad_key_passphrase) - replace_kb_item (name: "Secret/SLAD/passphrase", value: slad_key_passphrase); - - replace_kb_item (name: "SLAD/login", value: slad_login_name); - - if (slad_public_key) - replace_kb_item (name: "SLAD/publickey", value: slad_public_key); - - if (slad_private_key) - replace_kb_item (name: "SLAD/privatekey", value: slad_private_key); -} Modified: trunk/openvas-plugins/scripts/slad_run.nasl =================================================================== --- trunk/openvas-plugins/scripts/slad_run.nasl 2009-12-03 11:57:42 UTC (rev 6054) +++ trunk/openvas-plugins/scripts/slad_run.nasl 2009-12-03 14:52:01 UTC (rev 6055) @@ -1,14 +1,32 @@ +############################################################################### +# OpenVAS Vulnerability Test # +# Fetch results of SLAD queries from a remote machine # -# Copyright 2005 DN Systems GmbH +# Authors: +# Dirk Jagdmann +# Michael Wiegand # -# License: GNU GPLv2 or any later version +# Copyright: +# Copyright (c) 2005 DN-Systems GmbH # +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ debug = 0; include ("ssh_func.inc"); -include ("slad_ssh.inc"); include ("slad.inc"); if (description) { @@ -28,7 +46,7 @@ script_description(desc); - summary = "Connects to SLAD to tun programs remotely"; + summary = "Connects to SLAD to run programs remotely"; script_summary(summary); script_category(ACT_GATHER_INFO); @@ -37,7 +55,7 @@ family = "SLAD"; script_family(family); - script_dependencies ("find_service.nes", "slad_init.nasl"); + script_dependencies ("find_service.nes", "ssh_authorization.nasl"); script_require_ports (22, "Services/ssh"); # Dynamic entries for running from slad.inc @@ -52,7 +70,12 @@ if (debug) dump_preferences (); - sock = slad_ssh_login (); + sock = ssh_login_or_reuse_connection(); + if(!sock) { +# Send "error" as set by ssh_funcs. + log_message(port:port, data:get_ssh_error()); + exit(0); + } run_slad (sock: sock, slad_exe: "/opt/slad/bin/sladd"); close (sock); Deleted: trunk/openvas-plugins/scripts/slad_ssh.inc =================================================================== --- trunk/openvas-plugins/scripts/slad_ssh.inc 2009-12-03 11:57:42 UTC (rev 6054) +++ trunk/openvas-plugins/scripts/slad_ssh.inc 2009-12-03 14:52:01 UTC (rev 6055) @@ -1,49 +0,0 @@ -# -# -# Copyright 2005 DN Systems GmbH -# -# License: GNU GPLv2 or any later version -# -function slad_ssh_login () { - slad_key_passphrase = get_kb_item ("Secret/SLAD/passphrase"); - slad_login_name = get_kb_item ("SLAD/login"); - slad_public_key = get_kb_item ("SLAD/publickey"); - slad_private_key = get_kb_item ("SLAD/privatekey"); - - if (debug) { - display ("slad_run: n: <", slad_login_name, - "> pp: <", slad_key_passphrase, ">\n"); - display ("pub: ", slad_public_key, "\n"); - display ("priv: ", slad_private_key, "\n"); - } - - port = kb_ssh_transport(); - if (!port) port = 22; - else port = int (port); - - if (!slad_login_name) { - security_note (port: port, data: "No username given for SLAD checks. SLAD checks will be disabled."); - exit (0); - } - if (!slad_private_key) { - security_note (port: port, data: "No key given for SLAD checks. SLAD checks will be disabled."); - exit (0); - } - - # Connect via SSH - sock = open_sock_tcp (port); - if (!sock || sock < 1) { - security_warning (port: port, data: "Could not get socket."); - exit (0); - } - if (ssh_login (socket:sock, login: slad_login_name, password: NULL, - pub: slad_public_key, priv: slad_private_key, - passphrase: slad_key_passphrase) != 0) { - msg = "SSH login failed: " + get_ssh_error(); - security_warning (port: port, data: msg); - close (sock); - exit (0); - } - - return sock; -} From scm-commit at wald.intevation.org Thu Dec 3 22:07:42 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 22:07:42 +0100 (CET) Subject: [Openvas-commits] r6056 - trunk/openvas-plugins/scripts Message-ID: <20091203210742.2DA71861F2D3@pyrosoma.intevation.org> Author: reinke Date: 2009-12-03 22:07:40 +0100 (Thu, 03 Dec 2009) New Revision: 6056 Modified: trunk/openvas-plugins/scripts/gb_typsoft_ftp_server_dos_vuln.nasl Log: Modified: trunk/openvas-plugins/scripts/gb_typsoft_ftp_server_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_typsoft_ftp_server_dos_vuln.nasl 2009-12-03 14:52:01 UTC (rev 6055) +++ trunk/openvas-plugins/scripts/gb_typsoft_ftp_server_dos_vuln.nasl 2009-12-03 21:07:40 UTC (rev 6056) @@ -65,7 +65,7 @@ script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); script_family("Denial of Service"); - script_dependencies("secpod_typsoft_ftp_detect.nasl"); + script_dependencies("gb_typsoft_ftp_detect.nasl"); script_require_ports("Services/ftp", 21); script_require_keys("TYPSoft/FTP/Ver"); exit(0); From scm-commit at wald.intevation.org Thu Dec 3 22:10:52 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 3 Dec 2009 22:10:52 +0100 (CET) Subject: [Openvas-commits] r6057 - in trunk/openvas-plugins: . scripts Message-ID: <20091203211052.58E06865F467@pyrosoma.intevation.org> Author: reinke Date: 2009-12-03 22:10:42 +0100 (Thu, 03 Dec 2009) New Revision: 6057 Added: trunk/openvas-plugins/scripts/RHSA_2009_1601.nasl trunk/openvas-plugins/scripts/RHSA_2009_1615.nasl trunk/openvas-plugins/scripts/RHSA_2009_1619.nasl trunk/openvas-plugins/scripts/RHSA_2009_1620.nasl trunk/openvas-plugins/scripts/deb_1939_1.nasl trunk/openvas-plugins/scripts/deb_1941_1.nasl trunk/openvas-plugins/scripts/fcore_2009_10751.nasl trunk/openvas-plugins/scripts/fcore_2009_10783.nasl trunk/openvas-plugins/scripts/fcore_2009_11070.nasl trunk/openvas-plugins/scripts/fcore_2009_11126.nasl trunk/openvas-plugins/scripts/fcore_2009_11352.nasl trunk/openvas-plugins/scripts/fcore_2009_11356.nasl trunk/openvas-plugins/scripts/fcore_2009_11374.nasl trunk/openvas-plugins/scripts/fcore_2009_11919.nasl trunk/openvas-plugins/scripts/fcore_2009_12218.nasl trunk/openvas-plugins/scripts/fcore_2009_12233.nasl trunk/openvas-plugins/scripts/freebsd_bugzilla8.nasl trunk/openvas-plugins/scripts/freebsd_libtool0.nasl trunk/openvas-plugins/scripts/freebsd_libvorbis1.nasl trunk/openvas-plugins/scripts/glsa_200911_03.nasl trunk/openvas-plugins/scripts/glsa_200911_04.nasl trunk/openvas-plugins/scripts/glsa_200911_05.nasl trunk/openvas-plugins/scripts/glsa_200911_06.nasl trunk/openvas-plugins/scripts/mdksa_2009_303.nasl trunk/openvas-plugins/scripts/sles10_ethereal4.nasl trunk/openvas-plugins/scripts/sles10_java-1_4_2-ibm4.nasl trunk/openvas-plugins/scripts/sles10_mutt1.nasl trunk/openvas-plugins/scripts/sles11_bind0.nasl trunk/openvas-plugins/scripts/sles11_cdparanoia.nasl trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def4.nasl trunk/openvas-plugins/scripts/sles11_java-1_4_2-ibm1.nasl trunk/openvas-plugins/scripts/sles11_mutt0.nasl trunk/openvas-plugins/scripts/sles9p5063230.nasl trunk/openvas-plugins/scripts/sles9p5063382.nasl trunk/openvas-plugins/scripts/sles9p5063532.nasl trunk/openvas-plugins/scripts/ubuntu_861_1.nasl trunk/openvas-plugins/scripts/ubuntu_862_1.nasl Modified: trunk/openvas-plugins/ChangeLog Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/ChangeLog 2009-12-03 21:10:42 UTC (rev 6057) @@ -1,3 +1,49 @@ +2009-12-03 Thomas Reinke + + * scripts/deb_1939_1.nasl, + scripts/deb_1941_1.nasl, + scripts/freebsd_bugzilla8.nasl, + scripts/freebsd_libtool0.nasl, + scripts/freebsd_libvorbis1.nasl, + scripts/glsa_200911_03.nasl, + scripts/glsa_200911_04.nasl, + scripts/glsa_200911_05.nasl, + scripts/glsa_200911_06.nasl, + scripts/ubuntu_861_1.nasl, + scripts/ubuntu_862_1.nasl, + scripts/mdksa_2009_303.nasl, + scripts/RHSA_2009_1601.nasl, + scripts/RHSA_2009_1615.nasl, + scripts/RHSA_2009_1619.nasl, + scripts/RHSA_2009_1620.nasl, + scripts/fcore_2009_10751.nasl, + scripts/fcore_2009_10783.nasl, + scripts/fcore_2009_11070.nasl, + scripts/fcore_2009_11126.nasl, + scripts/fcore_2009_11352.nasl, + scripts/fcore_2009_11356.nasl, + scripts/fcore_2009_11374.nasl, + scripts/fcore_2009_11919.nasl, + scripts/fcore_2009_12218.nasl, + scripts/fcore_2009_12233.nasl, + scripts/sles9p5063230.nasl, + scripts/sles9p5063382.nasl, + scripts/sles9p5063532.nasl, + scripts/sles10_ethereal4.nasl, + scripts/sles10_java-1_4_2-ibm4.nasl, + scripts/sles10_mutt1.nasl, + scripts/sles11_bind0.nasl, + scripts/sles11_cdparanoia.nasl, + scripts/sles11_ext4dev-kmp-def4.nasl, + scripts/sles11_java-1_4_2-ibm1.nasl, + scripts/sles11_mutt0.nasl: + New scripts. + +2009-12-03 Thomas Reinke + + * scripts/gb_typsoft_ftp_server_dos_vuln.nasl + Incorrect dependency fixed. + 2009-12-03 Michael Wiegand Improved SLAD support. Added: trunk/openvas-plugins/scripts/RHSA_2009_1601.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1601.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/RHSA_2009_1601.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,104 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1601 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66316); + script_cve_id("CVE-2009-0689"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1601"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1601. + +The kdelibs packages provide libraries for the K Desktop Environment (KDE). + +A buffer overflow flaw was found in the kdelibs string to floating point +conversion routines. A web page containing malicious JavaScript could crash +Konqueror or, potentially, execute arbitrary code with the privileges of +the user running Konqueror. (CVE-2009-0689) + +Users should upgrade to these updated packages, which contain a backported +patch to correct this issue. The desktop must be restarted (log out, then +log back in) for this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1601.html +http://www.redhat.com/security/updates/classification/#critical + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1601"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kdelibs", rpm:"kdelibs~3.3.1~17.el4_8.1", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kdelibs-debuginfo", rpm:"kdelibs-debuginfo~3.3.1~17.el4_8.1", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kdelibs-devel", rpm:"kdelibs-devel~3.3.1~17.el4_8.1", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kdelibs", rpm:"kdelibs~3.5.4~25.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kdelibs-apidocs", rpm:"kdelibs-apidocs~3.5.4~25.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kdelibs-debuginfo", rpm:"kdelibs-debuginfo~3.5.4~25.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kdelibs-devel", rpm:"kdelibs-devel~3.5.4~25.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1615.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1615.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/RHSA_2009_1615.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,111 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1615 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66317); + script_cve_id("CVE-2009-2625"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1615"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1615. + +The xerces-j2 packages provide the Apache Xerces2 Java Parser, a +high-performance XML parser. A Document Type Definition (DTD) defines the +legal syntax (and also which elements can be used) for certain types of +files, such as XML files. + +A flaw was found in the way the Apache Xerces2 Java Parser processed the +SYSTEM identifier in DTDs. A remote attacker could provide a +specially-crafted XML file, which once parsed by an application using the +Apache Xerces2 Java Parser, would lead to a denial of service (application +hang due to excessive CPU use). (CVE-2009-2625) + +Users should upgrade to these updated packages, which contain a backported +patch to correct this issue. Applications using the Apache Xerces2 Java +Parser must be restarted for this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1615.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1615"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"xerces-j2", rpm:"xerces-j2~2.7.1~7jpp.2.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xerces-j2-debuginfo", rpm:"xerces-j2-debuginfo~2.7.1~7jpp.2.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xerces-j2-scripts", rpm:"xerces-j2-scripts~2.7.1~7jpp.2.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xerces-j2-demo", rpm:"xerces-j2-demo~2.7.1~7jpp.2.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xerces-j2-javadoc-apis", rpm:"xerces-j2-javadoc-apis~2.7.1~7jpp.2.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xerces-j2-javadoc-impl", rpm:"xerces-j2-javadoc-impl~2.7.1~7jpp.2.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xerces-j2-javadoc-other", rpm:"xerces-j2-javadoc-other~2.7.1~7jpp.2.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xerces-j2-javadoc-xni", rpm:"xerces-j2-javadoc-xni~2.7.1~7jpp.2.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1619.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1619.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/RHSA_2009_1619.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,88 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1619 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66318); + script_cve_id("CVE-2009-3894"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1619"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1619. + +Dstat is a versatile replacement for the vmstat, iostat, and netstat tools. +Dstat can be used for performance tuning tests, benchmarks, and +troubleshooting. + +Robert Buchholz of the Gentoo Security Team reported a flaw in the Python +module search path used in dstat. If a local attacker could trick a +local user into running dstat from a directory containing a Python script +that is named like an importable module, they could execute arbitrary code +with the privileges of the user running dstat. (CVE-2009-3894) + +All dstat users should upgrade to this updated package, which contains a +backported patch to correct this issue. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1619.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1619"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"dstat", rpm:"dstat~0.6.6~3.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1620.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1620.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/RHSA_2009_1620.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,116 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1620 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66319); + script_cve_id("CVE-2009-4022"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1620"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1620. + +The Berkeley Internet Name Domain (BIND) is an implementation of the Domain +Name System (DNS) protocols. BIND includes a DNS server (named); a resolver +library (routines for applications to use when interfacing with DNS); and +tools for verifying that the DNS server is operating correctly. + +Michael Sinatra discovered that BIND was incorrectly caching responses +without performing proper DNSSEC validation, when those responses were +received during the resolution of a recursive client query that requested +DNSSEC records but indicated that checking should be disabled. A remote +attacker could use this flaw to bypass the DNSSEC validation check and +perform a cache poisoning attack if the target BIND server was receiving +such client queries. (CVE-2009-4022) + +All BIND users are advised to upgrade to these updated packages, which +contain a backported patch to resolve this issue. After installing the +update, the BIND daemon (named) will be restarted automatically. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1620.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1620"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"bind", rpm:"bind~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-debuginfo", rpm:"bind-debuginfo~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-libs", rpm:"bind-libs~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-sdb", rpm:"bind-sdb~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-chroot", rpm:"bind-chroot~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-libbind-devel", rpm:"bind-libbind-devel~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"caching-nameserver", rpm:"caching-nameserver~9.3.6~4.P1.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1939_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1939_1.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/deb_1939_1.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,109 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1939-1 (libvorbis) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66331); + script_cve_id("CVE-2009-2663", "CVE-2009-3379"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1939-1 (libvorbis)"); + + desc = " +The remote host is missing an update to libvorbis +announced via advisory DSA 1939-1. + +Lucas Adamski, Matthew Gregan, David Keeler, and Dan Kaminsky discovered +that libvorbis, a library for the Vorbis general-purpose compressed +audio codec, did not correctly handle certain malformed ogg files. An +attacher could cause a denial of service (memory corruption and +application crash) or possibly execute arbitrary code via a crafted .ogg +file. + +For the oldstable distribution (etch), these problems have been fixed in +version 1.1.2.dfsg-1.4+etch1. + +For the stable distribution (lenny), these problems have been fixed in +version 1.2.0.dfsg-3.1+lenny1. + +For the testing distribution (squeeze) and the unstable distribution +(sid), these problems have been fixed in version 1.2.3-1 + +We recommend that you upgrade your libvorbis packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201939-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1939-1 (libvorbis)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libvorbisenc2", ver:"1.1.2.dfsg-1.4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisfile3", ver:"1.1.2.dfsg-1.4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis0a", ver:"1.1.2.dfsg-1.4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis-dev", ver:"1.1.2.dfsg-1.4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisfile3", ver:"1.2.0.dfsg-3.1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis0a", ver:"1.2.0.dfsg-3.1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis-dev", ver:"1.2.0.dfsg-3.1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisenc2", ver:"1.2.0.dfsg-3.1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1941_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1941_1.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/deb_1941_1.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1941-1 (poppler) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66332); + script_cve_id("CVE-2009-0755", "CVE-2009-3903", "CVE-2009-3904", "CVE-2009-3905", "CVE-2009-3906", "CVE-2009-3907", "CVE-2009-3908", "CVE-2009-3909", "CVE-2009-3938"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1941-1 (poppler)"); + + desc = " +The remote host is missing an update to poppler +announced via advisory DSA 1941-1. + +Several integer overflows, buffer overflows and memory allocation +errors were discovered in the Poppler PDF rendering library, which may +lead to denial of service or the execution of arbitrary code if a user +is tricked into opening a malformed PDF document. + +For the stable distribution (lenny), these problems have been fixed in +version 0.8.7-3. + +An update for the old stable distribution (etch) will be issued soon as +version 0.4.5-5.1etch4. + +For the unstable distribution (sid), these problems will be fixed soon. + +We recommend that you upgrade your poppler packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201941-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1941-1 (poppler)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libpoppler-dev", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpoppler-qt-dev", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"poppler-utils", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpoppler-qt2", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpoppler-glib3", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpoppler-qt4-dev", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpoppler-qt4-3", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpoppler3", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libpoppler-glib-dev", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"poppler-dbg", ver:"0.8.7-3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10751.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10751.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_10751.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,118 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10751 (snort) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66322); + script_cve_id("CVE-2009-3641"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-10751 (snort)"); + + desc = " +The remote host is missing an update to snort +announced via advisory FEDORA-2009-10751. + +Update Information: + +Update to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash) while +printing specially-crafted IPv6 packet using the -v option + +ChangeLog: + +* Sun Oct 25 2009 Dennis Gilmore - 2.8.5.1-1 +- update for CVE-2009-3641 + +References: + +[ 1 ] Bug #530863 - CVE-2009-3641 Snort: DoS (crash) while printing specially-crafted IPv6 packet using the -v option +https://bugzilla.redhat.com/show_bug.cgi?id=530863 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update snort' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10751 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-10751 (snort)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"snort", rpm:"snort~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-bloat", rpm:"snort-bloat~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-mysql", rpm:"snort-mysql~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-mysql+flexresp", rpm:"snort-mysql+flexresp~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-plain+flexresp", rpm:"snort-plain+flexresp~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-postgresql", rpm:"snort-postgresql~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-postgresql+flexresp", rpm:"snort-postgresql+flexresp~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-snmp", rpm:"snort-snmp~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-snmp+flexresp", rpm:"snort-snmp+flexresp~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-debuginfo", rpm:"snort-debuginfo~2.8.5.1~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10783.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10783.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_10783.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,118 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10783 (snort) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66325); + script_cve_id("CVE-2009-3641"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10783 (snort)"); + + desc = " +The remote host is missing an update to snort +announced via advisory FEDORA-2009-10783. + +Update Information: + +Update to 2.8.5.1 which includes a fix for CVE-2009-3641 DoS (crash) while +printing specially-crafted IPv6 packet using the -v option + +ChangeLog: + +* Sun Oct 25 2009 Dennis Gilmore - 2.8.5.1-1 +- update for CVE-2009-3641 + +References: + +[ 1 ] Bug #530863 - CVE-2009-3641 Snort: DoS (crash) while printing specially-crafted IPv6 packet using the -v option +https://bugzilla.redhat.com/show_bug.cgi?id=530863 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update snort' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10783 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10783 (snort)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"snort", rpm:"snort~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-bloat", rpm:"snort-bloat~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-mysql", rpm:"snort-mysql~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-mysql+flexresp", rpm:"snort-mysql+flexresp~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-plain+flexresp", rpm:"snort-plain+flexresp~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-postgresql", rpm:"snort-postgresql~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-postgresql+flexresp", rpm:"snort-postgresql+flexresp~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-snmp", rpm:"snort-snmp~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-snmp+flexresp", rpm:"snort-snmp+flexresp~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"snort-debuginfo", rpm:"snort-debuginfo~2.8.5.1~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11070.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11070.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_11070.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,191 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11070 (asterisk) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66321); + script_cve_id("CVE-2008-7220"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-11070 (asterisk)"); + + desc = " +The remote host is missing an update to asterisk +announced via advisory FEDORA-2009-11070. + +Update Information: + +* Wed Nov 4 2009 Jeffrey C. Ollie - 1.6.1.9-1 - Update to +1.6.1.9 to fix AST-2009-009/CVE-2008-7220 and AST-2009-008 - Fix obsoletes for +firmware subpackage + +ChangeLog: + +* Wed Nov 4 2009 Jeffrey C. Ollie - 1.6.1.9-1 +- Update to 1.6.1.9 to fix AST-2009-009/CVE-2008-7220 and AST-2009-008 +- Fix obsoletes for firmware subpackage + +References: + +[ 1 ] Bug #523277 - CVE-2008-7220 WordPress, MediaTomb, python-webhelpers, Asterisk, Plone -- embedded Prototype JavaScript FrameWork: XSS Ajax requests (AST-2009-009) +https://bugzilla.redhat.com/show_bug.cgi?id=523277 +[ 2 ] Bug #533137 - Asterisk: SIP responses expose valid usernames (AST-2009-008) +https://bugzilla.redhat.com/show_bug.cgi?id=533137 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update asterisk' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11070 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-11070 (asterisk)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"asterisk", rpm:"asterisk~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-ais", rpm:"asterisk-ais~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-alsa", rpm:"asterisk-alsa~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-apidoc", rpm:"asterisk-apidoc~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-curl", rpm:"asterisk-curl~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-dahdi", rpm:"asterisk-dahdi~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-devel", rpm:"asterisk-devel~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-fax", rpm:"asterisk-fax~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-festival", rpm:"asterisk-festival~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-ices", rpm:"asterisk-ices~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-jabber", rpm:"asterisk-jabber~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-jack", rpm:"asterisk-jack~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-ldap", rpm:"asterisk-ldap~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-ldap-fds", rpm:"asterisk-ldap-fds~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-lua", rpm:"asterisk-lua~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-minivm", rpm:"asterisk-minivm~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-misdn", rpm:"asterisk-misdn~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-odbc", rpm:"asterisk-odbc~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-oss", rpm:"asterisk-oss~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-portaudio", rpm:"asterisk-portaudio~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-postgresql", rpm:"asterisk-postgresql~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-radius", rpm:"asterisk-radius~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-skinny", rpm:"asterisk-skinny~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-snmp", rpm:"asterisk-snmp~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-sqlite", rpm:"asterisk-sqlite~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-tds", rpm:"asterisk-tds~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-unistim", rpm:"asterisk-unistim~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-usbradio", rpm:"asterisk-usbradio~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-voicemail", rpm:"asterisk-voicemail~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-voicemail-imap", rpm:"asterisk-voicemail-imap~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-voicemail-odbc", rpm:"asterisk-voicemail-odbc~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-voicemail-plain", rpm:"asterisk-voicemail-plain~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-debuginfo", rpm:"asterisk-debuginfo~1.6.1.9~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11126.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11126.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_11126.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,191 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11126 (asterisk) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66324); + script_cve_id("CVE-2008-7220", "CVE-2009-0041"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-11126 (asterisk)"); + + desc = " +The remote host is missing an update to asterisk +announced via advisory FEDORA-2009-11126. + +Update Information: + +* Thu Nov 5 2009 Jeffrey C. Ollie - 1.6.0.17-2 +- Fix firmware path +* Wed Nov 4 2009 Jeffrey C. Ollie - 1.6.0.17-1 +- Update to 1.6.0.17 to fix AST-2009-009/CVE-2008-7220 +- Merge the firmware subpackage back into the main package. +- Don't package the iaxy firmware anymore. + +ChangeLog: + +* Thu Nov 5 2009 Jeffrey C. Ollie - 1.6.0.17-2 +- Fix firmware path +* Wed Nov 4 2009 Jeffrey C. Ollie - 1.6.0.17-1 +- Update to 1.6.0.17 to fix AST-2009-009/CVE-2008-7220 +- Merge the firmware subpackage back into the main package. +- Don't package the iaxy firmware anymore. + +References: + +[ 1 ] Bug #533137 - Asterisk: SIP responses expose valid usernames (AST-2009-008) +https://bugzilla.redhat.com/show_bug.cgi?id=533137 +[ 2 ] Bug #523277 - CVE-2008-7220 WordPress, MediaTomb, python-webhelpers, Asterisk, Plone -- embedded Prototype JavaScript FrameWork: XSS Ajax requests (AST-2009-009) +https://bugzilla.redhat.com/show_bug.cgi?id=523277 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update asterisk' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11126 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-11126 (asterisk)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"asterisk", rpm:"asterisk~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-alsa", rpm:"asterisk-alsa~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-curl", rpm:"asterisk-curl~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-dahdi", rpm:"asterisk-dahdi~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-devel", rpm:"asterisk-devel~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-fax", rpm:"asterisk-fax~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-festival", rpm:"asterisk-festival~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-ices", rpm:"asterisk-ices~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-jabber", rpm:"asterisk-jabber~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-jack", rpm:"asterisk-jack~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-ldap", rpm:"asterisk-ldap~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-ldap-fds", rpm:"asterisk-ldap-fds~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-lua", rpm:"asterisk-lua~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-minivm", rpm:"asterisk-minivm~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-misdn", rpm:"asterisk-misdn~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-odbc", rpm:"asterisk-odbc~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-oss", rpm:"asterisk-oss~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-portaudio", rpm:"asterisk-portaudio~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-postgresql", rpm:"asterisk-postgresql~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-radius", rpm:"asterisk-radius~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-skinny", rpm:"asterisk-skinny~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-snmp", rpm:"asterisk-snmp~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-sqlite", rpm:"asterisk-sqlite~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-tds", rpm:"asterisk-tds~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-unistim", rpm:"asterisk-unistim~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-usbradio", rpm:"asterisk-usbradio~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-voicemail", rpm:"asterisk-voicemail~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-voicemail-imap", rpm:"asterisk-voicemail-imap~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-voicemail-odbc", rpm:"asterisk-voicemail-odbc~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-voicemail-plain", rpm:"asterisk-voicemail-plain~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"asterisk-debuginfo", rpm:"asterisk-debuginfo~1.6.0.17~2.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11352.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11352.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_11352.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11352 (tomcat6) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66329); + script_cve_id("CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-11352 (tomcat6)"); + + desc = " +The remote host is missing an update to tomcat6 +announced via advisory FEDORA-2009-11352. + +Update Information: + +Fix for CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, and +CVE-2009-0783. + +ChangeLog: + +* Mon Nov 9 2009 Alexander Kurtakov 0:6.0.20-1 +- Update to 6.0.20. Fixes CVE-2009-0033,CVE-2009-0580. + +References: + +[ 1 ] Bug #533903 - CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2008-5515 CVE-2009-0781 Multiple tomcat6 vulnerabilities [Fedora all] +https://bugzilla.redhat.com/show_bug.cgi?id=533903 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update tomcat6' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11352 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-11352 (tomcat6)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"tomcat6", rpm:"tomcat6~6.0.20~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-admin-webapps", rpm:"tomcat6-admin-webapps~6.0.20~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-docs-webapp", rpm:"tomcat6-docs-webapp~6.0.20~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-javadoc", rpm:"tomcat6-javadoc~6.0.20~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-jsp-2.1", rpm:"tomcat6-jsp-2.1~api~6.0.20", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-lib", rpm:"tomcat6-lib~6.0.20~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-servlet-2.5", rpm:"tomcat6-servlet-2.5~api~6.0.20", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-webapps", rpm:"tomcat6-webapps~6.0.20~1.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11356.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11356.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_11356.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11356 (tomcat6) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66330); + script_cve_id("CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-11356 (tomcat6)"); + + desc = " +The remote host is missing an update to tomcat6 +announced via advisory FEDORA-2009-11356. + +Update Information: + +Fix for CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, and +CVE-2009-0783. + +ChangeLog: + +* Mon Nov 9 2009 Alexander Kurtakov 0:6.0.20-1 +- Update to 6.0.20. Fixes CVE-2009-0033,CVE-2009-0580. + +References: + +[ 1 ] Bug #533903 - CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2008-5515 CVE-2009-0781 Multiple tomcat6 vulnerabilities [Fedora all] +https://bugzilla.redhat.com/show_bug.cgi?id=533903 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update tomcat6' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11356 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-11356 (tomcat6)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"tomcat6", rpm:"tomcat6~6.0.20~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-admin-webapps", rpm:"tomcat6-admin-webapps~6.0.20~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-docs-webapp", rpm:"tomcat6-docs-webapp~6.0.20~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-javadoc", rpm:"tomcat6-javadoc~6.0.20~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-jsp-2.1", rpm:"tomcat6-jsp-2.1~api~6.0.20", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-lib", rpm:"tomcat6-lib~6.0.20~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-servlet-2.5", rpm:"tomcat6-servlet-2.5~api~6.0.20", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-webapps", rpm:"tomcat6-webapps~6.0.20~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11374.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11374.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_11374.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11374 (tomcat6) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66326); + script_cve_id("CVE-2008-5515", "CVE-2009-0033", "CVE-2009-0580", "CVE-2009-0781", "CVE-2009-0783"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-11374 (tomcat6)"); + + desc = " +The remote host is missing an update to tomcat6 +announced via advisory FEDORA-2009-11374. + +Update Information: + +Fix for CVE-2008-5515, CVE-2009-0033, CVE-2009-0580, CVE-2009-0781, and +CVE-2009-0783. + +ChangeLog: + +* Mon Nov 9 2009 Alexander Kurtakov 0:6.0.20-1 +- Update to 6.0.20. Fixes CVE-2009-0033,CVE-2009-0580. + +References: + +[ 1 ] Bug #533903 - CVE-2009-0033 CVE-2009-0580 CVE-2009-0783 CVE-2008-5515 CVE-2009-0781 Multiple tomcat6 vulnerabilities [Fedora all] +https://bugzilla.redhat.com/show_bug.cgi?id=533903 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update tomcat6' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11374 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-11374 (tomcat6)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"tomcat6", rpm:"tomcat6~6.0.20~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-admin-webapps", rpm:"tomcat6-admin-webapps~6.0.20~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-docs-webapp", rpm:"tomcat6-docs-webapp~6.0.20~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-javadoc", rpm:"tomcat6-javadoc~6.0.20~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-jsp-2.1", rpm:"tomcat6-jsp-2.1~api~6.0.20", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-lib", rpm:"tomcat6-lib~6.0.20~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-servlet-2.5", rpm:"tomcat6-servlet-2.5~api~6.0.20", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tomcat6-webapps", rpm:"tomcat6-webapps~6.0.20~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11919.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11919.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_11919.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,106 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11919 (bugzilla) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66323); + script_cve_id("CVE-2009-3386"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-11919 (bugzilla)"); + + desc = " +The remote host is missing an update to bugzilla +announced via advisory FEDORA-2009-11919. + +Update Information: + +Bugzilla 3.4.4 fixes security issues that were found in previous +versions of the software where private information would be leaked +to other users. + +CVE Number: CVE-2009-3386 + +See upstream security advisory for additional details: +http://www.bugzilla.org/security/3.4.3/ + +ChangeLog: + +* Thu Nov 19 2009 Emmanuel Seyman - 3.4.4-1 +- Update to 3.4.4 (CVE-2009-3386) + +References: + +[ 1 ] Bug #539598 - CVE-2009-3386 bugzilla hidden bug alias disclosure +https://bugzilla.redhat.com/show_bug.cgi?id=539598 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update bugzilla' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11919 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-11919 (bugzilla)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"bugzilla", rpm:"bugzilla~3.4.4~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bugzilla-contrib", rpm:"bugzilla-contrib~3.4.4~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bugzilla-doc", rpm:"bugzilla-doc~3.4.4~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bugzilla-doc-build", rpm:"bugzilla-doc-build~3.4.4~1.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12218.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12218.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_12218.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,110 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12218 (bind) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66327); + script_cve_id("CVE-2009-4022", "CVE-2009-0696"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-12218 (bind)"); + + desc = " +The remote host is missing an update to bind +announced via advisory FEDORA-2009-12218. + +Update Information: + +Update to 9.6.1-P2 release which contains following fix: +* Additional section of response could be cached without successful +DNSSEC validation even if DNSSEC validation is enabled + +ChangeLog: + +* Wed Nov 25 2009 Adam Tkac 32:9.6.1-7.P2 +- update to 9.6.1-P2 (CVE-2009-4022) + +References: + +[ 1 ] Bug #538744 - CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses +https://bugzilla.redhat.com/show_bug.cgi?id=538744 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update bind' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12218 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-12218 (bind)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"bind", rpm:"bind~9.6.1~7.P2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-chroot", rpm:"bind-chroot~9.6.1~7.P2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.6.1~7.P2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-libs", rpm:"bind-libs~9.6.1~7.P2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-sdb", rpm:"bind-sdb~9.6.1~7.P2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.6.1~7.P2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-debuginfo", rpm:"bind-debuginfo~9.6.1~7.P2.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12233.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12233.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/fcore_2009_12233.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12233 (bind) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66328); + script_cve_id("CVE-2009-4022"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-12233 (bind)"); + + desc = " +The remote host is missing an update to bind +announced via advisory FEDORA-2009-12233. + +Update Information: + +Update to 9.6.1-P2 release which contains following fix: +* Additional section of response could be cached without successful +DNSSEC validation even if DNSSEC validation is enabled + +ChangeLog: + +* Wed Nov 25 2009 Adam Tkac 32:9.6.1-13.P2 +- update to 9.6.1-P2 (CVE-2009-4022) +* Thu Oct 8 2009 Adam Tkac 32:9.6.1-12.P1 +- don't package named-bootconf utility, it is very outdated and unneeded + +References: + +[ 1 ] Bug #538744 - CVE-2009-4022 bind: cache poisoning using not validated DNSSEC responses +https://bugzilla.redhat.com/show_bug.cgi?id=538744 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update bind' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12233 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-12233 (bind)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"bind", rpm:"bind~9.6.1~13.P2.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-chroot", rpm:"bind-chroot~9.6.1~13.P2.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-devel", rpm:"bind-devel~9.6.1~13.P2.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-libs", rpm:"bind-libs~9.6.1~13.P2.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-sdb", rpm:"bind-sdb~9.6.1~13.P2.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.6.1~13.P2.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-debuginfo", rpm:"bind-debuginfo~9.6.1~13.P2.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_bugzilla8.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_bugzilla8.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/freebsd_bugzilla8.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,84 @@ +# +#VID 92ca92c1-d859-11de-89f9-001517351c22 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 92ca92c1-d859-11de-89f9-001517351c22 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66341); + script_cve_id("CVE-2009-3386"); + script_version ("$Revision$"); + script_name("FreeBSD Ports: bugzilla"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: bugzilla + +CVE-2009-3386 +Template.pm in Bugzilla 3.3.2 through 3.4.3 and 3.5 through 3.5.1 +allows remote attackers to discover the alias of a private bug by +reading the (1) Depends On or (2) Blocks field of a related bug. + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.bugzilla.org/security/3.4.3/ +http://www.vuxml.org/freebsd/92ca92c1-d859-11de-89f9-001517351c22.html + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: bugzilla"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"bugzilla"); +if(!isnull(bver) && revcomp(a:bver, b:"3.3.1")>0 && revcomp(a:bver, b:"3.4.4")<0) { + security_note(0, data:"Package bugzilla version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_libtool0.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_libtool0.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/freebsd_libtool0.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,79 @@ +# +#VID 77c14729-dc5e-11de-92ae-02e0184b8d35 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 77c14729-dc5e-11de-92ae-02e0184b8d35 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66339); + script_version ("$Revision$"); + script_name("FreeBSD Ports: libtool"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: libtool + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://secunia.com/advisories/37414/ +http://lists.gnu.org/archive/html/libtool/2009-11/msg00059.html +http://www.vuxml.org/freebsd/77c14729-dc5e-11de-92ae-02e0184b8d35.html + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: libtool"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"libtool"); +if(!isnull(bver) && revcomp(a:bver, b:"2.2.6b")<0) { + security_note(0, data:"Package libtool version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_libvorbis1.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_libvorbis1.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/freebsd_libvorbis1.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,89 @@ +# +#VID 94edff42-d93d-11de-a434-0211d880e350 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 94edff42-d93d-11de-a434-0211d880e350 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66340); + script_cve_id("CVE-2008-1420", "CVE-2009-3379"); + script_version ("$Revision$"); + script_name("FreeBSD Ports: libvorbis"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: libvorbis + +CVE-2008-1420 +Integer overflow in residue partition value (aka partvals) evaluation +in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to +execute arbitrary code via a crafted OGG file, which triggers a heap +overflow. + +CVE-2009-3379 +Multiple unspecified vulnerabilities in libvorbis, as used in Mozilla +Firefox 3.5.x before 3.5.4, allow remote attackers to cause a denial +of service (application crash) or possibly execute arbitrary code via +unknown vectors. NOTE: this might overlap CVE-2009-2663. + +Solution: +Update your system with the appropriate patches or +software upgrades. + + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: libvorbis"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"libvorbis"); +if(!isnull(bver) && revcomp(a:bver, b:"1.2.3_1,3")<0) { + security_note(0, data:"Package libvorbis version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200911_03.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200911_03.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/glsa_200911_03.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,92 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(66333); + script_cve_id("CVE-2008-5005", "CVE-2008-5006", "CVE-2008-5514"); + script_version ("$Revision$"); + script_name("Gentoo Security Advisory GLSA 200911-03 (c-client uw-imap)"); + + desc = " +The remote host is missing updates announced in +advisory GLSA 200911-03. + +Multiple vulnerabilities have been found in the UW IMAP toolkit and the + c-client library, the worst of which leading to the execution of +arbitrary + code. + +Solution: +All c-client library users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=net-libs/c-client-2007e' + +All UW IMAP toolkit users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=net-mail/uw-imap-2007e' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200911-03 +http://bugs.gentoo.org/show_bug.cgi?id=245425 +http://bugs.gentoo.org/show_bug.cgi?id=252567 + +Risk factor : High"; + + script_description(desc); + + script_summary("Gentoo Security Advisory GLSA 200911-03 (c-client uw-imap)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Gentoo Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"net-libs/c-client", unaffected: make_list("ge 2007e"), vulnerable: make_list("lt 2007e"))) { + vuln=1; +} +if(ispkgvuln(pkg:"net-mail/uw-imap", unaffected: make_list("ge 2007e"), vulnerable: make_list("lt 2007e"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200911_04.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200911_04.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/glsa_200911_04.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,81 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(66334); + script_cve_id("CVE-2009-3894"); + script_version ("$Revision$"); + script_name("Gentoo Security Advisory GLSA 200911-04 (dstat)"); + + desc = " +The remote host is missing updates announced in +advisory GLSA 200911-04. + +An untrusted search path vulnerability in the dstat might result in the + execution of arbitrary code. + +Solution: +All dstat users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=sys-apps/dstat-0.6.9-r1' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200911-04 +http://bugs.gentoo.org/show_bug.cgi?id=293497 + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Gentoo Security Advisory GLSA 200911-04 (dstat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Gentoo Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"sys-apps/dstat", unaffected: make_list("ge 0.6.9-r1"), vulnerable: make_list("lt 0.6.9-r1"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200911_05.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200911_05.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/glsa_200911_05.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,82 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(66335); + script_cve_id("CVE-2009-2560", "CVE-2009-3241", "CVE-2009-3242", "CVE-2009-3243", "CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-3829"); + script_version ("$Revision$"); + script_name("Gentoo Security Advisory GLSA 200911-05 (wireshark)"); + + desc = " +The remote host is missing updates announced in +advisory GLSA 200911-05. + +Multiple vulnerabilities have been discovered in Wireshark, allowing for + the remote execution of arbitrary code, or Denial of Service. + +Solution: +All Wireshark users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=net-analyzer/wireshark-1.2.3' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200911-05 +http://bugs.gentoo.org/show_bug.cgi?id=285280 +http://bugs.gentoo.org/show_bug.cgi?id=290710 + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Gentoo Security Advisory GLSA 200911-05 (wireshark)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Gentoo Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"net-analyzer/wireshark", unaffected: make_list("ge 1.2.3"), vulnerable: make_list("lt 1.2.3"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200911_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200911_06.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/glsa_200911_06.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,81 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(66336); + script_cve_id("CVE-2009-4025"); + script_version ("$Revision$"); + script_name("Gentoo Security Advisory GLSA 200911-06 (PEAR-Net_Traceroute)"); + + desc = " +The remote host is missing updates announced in +advisory GLSA 200911-06. + +An input sanitation error in PEAR Net_Traceroute might allow remote + attackers to execute arbitrary commands. + +Solution: +All PEAR Net_Traceroute users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=dev-php/PEAR-Net_Traceroute-0.21.2' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200911-06 +http://bugs.gentoo.org/show_bug.cgi?id=294264 + +Risk factor : High"; + + script_description(desc); + + script_summary("Gentoo Security Advisory GLSA 200911-06 (PEAR-Net_Traceroute)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Gentoo Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"dev-php/PEAR-Net_Traceroute", unaffected: make_list("ge 0.21.2"), vulnerable: make_list("lt 0.21.2"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_303.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_303.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/mdksa_2009_303.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,378 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:303 (php) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66320); + script_cve_id("CVE-2009-3557", "CVE-2009-3558", "CVE-2009-4017", "CVE-2009-4018"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:303 (php)"); + + desc = " +The remote host is missing an update to php +announced via advisory MDVSA-2009:303. + +Some vulnerabilities were discovered and corrected in php-5.2.11: + +The tempnam function in ext/standard/file.c in PHP 5.2.11 and +earlier, and 5.3.x before 5.3.1, allows context-dependent attackers +to bypass safe_mode restrictions, and create files in group-writable +or world-writable directories, via the dir and prefix arguments +(CVE-2009-3557). + +The posix_mkfifo function in ext/posix/posix.c in PHP 5.2.11 and +earlier, and 5.3.x before 5.3.1, allows context-dependent attackers +to bypass open_basedir restrictions, and create FIFO files, via the +pathname and mode arguments, as demonstrated by creating a .htaccess +file (CVE-2009-3558). + +PHP 5.2.11, and 5.3.x before 5.3.1, does not restrict the number +of temporary files created when handling a multipart/form-data POST +request, which allows remote attackers to cause a denial of service +(resource exhaustion), and makes it easier for remote attackers to +exploit local file inclusion vulnerabilities, via multiple requests, +related to lack of support for the max_file_uploads directive +(CVE-2009-4017). + +The proc_open function in ext/standard/proc_open.c in PHP +before 5.2.11 and 5.3.x before 5.3.1 does not enforce the (1) +safe_mode_allowed_env_vars and (2) safe_mode_protected_env_vars +directives, which allows context-dependent attackers to execute +programs with an arbitrary environment via the env parameter, as +demonstrated by a crafted value of the LD_LIBRARY_PATH environment +variable (CVE-2009-4018). + +Intermittent segfaults occured on x86_64 with the latest phpmyadmin +and with apache (#53735). + +Additionally, some packages which require so, have been rebuilt and +are being provided as updates. + +Affected: 2009.1 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:303 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:303 (php)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"apache-mod_php", rpm:"apache-mod_php~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libphp5_common5", rpm:"libphp5_common5~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-apc", rpm:"php-apc~3.1.3p1~0.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-apc-admin", rpm:"php-apc-admin~3.1.3p1~0.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-bcmath", rpm:"php-bcmath~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-bz2", rpm:"php-bz2~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-calendar", rpm:"php-calendar~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-cgi", rpm:"php-cgi~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-cli", rpm:"php-cli~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-ctype", rpm:"php-ctype~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-curl", rpm:"php-curl~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-dba", rpm:"php-dba~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-dbase", rpm:"php-dbase~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-dbx", rpm:"php-dbx~1.1.0~26.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-devel", rpm:"php-devel~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-dio", rpm:"php-dio~0.0.2~3.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-dom", rpm:"php-dom~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-eaccelerator", rpm:"php-eaccelerator~0.9.5.3~8.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-eaccelerator-admin", rpm:"php-eaccelerator-admin~0.9.5.3~8.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-exif", rpm:"php-exif~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-fam", rpm:"php-fam~5.0.1~7.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-fcgi", rpm:"php-fcgi~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-fileinfo", rpm:"php-fileinfo~1.0.4~15.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-filepro", rpm:"php-filepro~5.1.6~17.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-filter", rpm:"php-filter~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-ftp", rpm:"php-ftp~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-gd", rpm:"php-gd~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-gettext", rpm:"php-gettext~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-gmp", rpm:"php-gmp~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-hash", rpm:"php-hash~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-iconv", rpm:"php-iconv~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-idn", rpm:"php-idn~1.2b~15.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-imap", rpm:"php-imap~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-ini", rpm:"php-ini~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-json", rpm:"php-json~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-ldap", rpm:"php-ldap~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-mbstring", rpm:"php-mbstring~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-mcal", rpm:"php-mcal~0.6~27.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-mcrypt", rpm:"php-mcrypt~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-mhash", rpm:"php-mhash~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-mime_magic", rpm:"php-mime_magic~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-ming", rpm:"php-ming~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-mssql", rpm:"php-mssql~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-mysql", rpm:"php-mysql~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-mysqli", rpm:"php-mysqli~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-ncurses", rpm:"php-ncurses~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-odbc", rpm:"php-odbc~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-openssl", rpm:"php-openssl~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-optimizer", rpm:"php-optimizer~0.1~0.alpha1.5.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pcntl", rpm:"php-pcntl~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pdo", rpm:"php-pdo~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pdo_dblib", rpm:"php-pdo_dblib~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pdo_mysql", rpm:"php-pdo_mysql~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pdo_odbc", rpm:"php-pdo_odbc~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pdo_pgsql", rpm:"php-pdo_pgsql~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pdo_sqlite", rpm:"php-pdo_sqlite~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pgsql", rpm:"php-pgsql~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-posix", rpm:"php-posix~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-pspell", rpm:"php-pspell~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-readline", rpm:"php-readline~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-recode", rpm:"php-recode~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-sasl", rpm:"php-sasl~0.1.0~25.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-session", rpm:"php-session~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-shmop", rpm:"php-shmop~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-snmp", rpm:"php-snmp~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-soap", rpm:"php-soap~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-sockets", rpm:"php-sockets~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-sqlite", rpm:"php-sqlite~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-ssh2", rpm:"php-ssh2~0.11.0~2.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-suhosin", rpm:"php-suhosin~0.9.29~0.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-sybase", rpm:"php-sybase~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-sysvmsg", rpm:"php-sysvmsg~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-sysvsem", rpm:"php-sysvsem~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-sysvshm", rpm:"php-sysvshm~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-tclink", rpm:"php-tclink~3.4.4~10.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-tidy", rpm:"php-tidy~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-tokenizer", rpm:"php-tokenizer~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-translit", rpm:"php-translit~0.6.0~7.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-vld", rpm:"php-vld~0.9.1~8.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-wddx", rpm:"php-wddx~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-xattr", rpm:"php-xattr~1.1.0~6.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-xdebug", rpm:"php-xdebug~2.0.5~0.1mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-xml", rpm:"php-xml~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-xmlreader", rpm:"php-xmlreader~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-xmlrpc", rpm:"php-xmlrpc~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-xmlwriter", rpm:"php-xmlwriter~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-xsl", rpm:"php-xsl~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-zip", rpm:"php-zip~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-zlib", rpm:"php-zlib~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64php5_common5", rpm:"lib64php5_common5~5.2.11~0.2mdv2009.1", rls:"MNDK_2009.1")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles10_ethereal4.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles10_ethereal4.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles10_ethereal4.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,83 @@ +# +#VID slesp2-ethereal-6627 +# OpenVAS Vulnerability Test +# $ +# Description: Security update for ethereal +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66346); + script_cve_id("CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-2560"); + script_version ("$Revision$"); + script_name("SLES10: Security update for ethereal"); + + desc = "The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + ethereal + ethereal-devel + + +More details may also be found by searching for the SuSE +Enterprise Server 10 patch database located at +http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES10: Security update for ethereal"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"ethereal", rpm:"ethereal~0.10.14~16.40.1", rls:"SLES10.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ethereal-devel", rpm:"ethereal-devel~0.10.14~16.40.1", rls:"SLES10.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles10_java-1_4_2-ibm4.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles10_java-1_4_2-ibm4.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles10_java-1_4_2-ibm4.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,91 @@ +# +#VID slesp2-java-1_4_2-ibm-6648 +# OpenVAS Vulnerability Test +# $ +# Description: Security update for IBM Java 1.4.2 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66345); + script_cve_id("CVE-2009-1100"); + script_version ("$Revision$"); + script_name("SLES10: Security update for IBM Java 1.4.2"); + + desc = "The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + java-1_4_2-ibm + java-1_4_2-ibm-devel + java-1_4_2-ibm-jdbc + java-1_4_2-ibm-plugin + + +More details may also be found by searching for the SuSE +Enterprise Server 10 patch database located at +http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES10: Security update for IBM Java 1.4.2"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"java-1_4_2-ibm", rpm:"java-1_4_2-ibm~1.4.2_sr13.2~0.4.1", rls:"SLES10.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1_4_2-ibm-devel", rpm:"java-1_4_2-ibm-devel~1.4.2_sr13.2~0.4.1", rls:"SLES10.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1_4_2-ibm-jdbc", rpm:"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.4.1", rls:"SLES10.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1_4_2-ibm-plugin", rpm:"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.4.1", rls:"SLES10.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles10_mutt1.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles10_mutt1.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles10_mutt1.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,77 @@ +# +#VID slesp2-mutt-6672 +# OpenVAS Vulnerability Test +# $ +# Description: Security update for mutt +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66347); + script_version ("$Revision$"); + script_name("SLES10: Security update for mutt"); + + desc = "The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + mutt + +More details may also be found by searching for the SuSE +Enterprise Server 10 patch database located at +http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES10: Security update for mutt"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"mutt", rpm:"mutt~1.5.9i~27.12.2", rls:"SLES10.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles11_bind0.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles11_bind0.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles11_bind0.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,97 @@ +# +#VID 815e5fc596ff53d04190524da4e8d4bb +# OpenVAS Vulnerability Test +# $ +# Description: Security update for bind +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66349); + script_cve_id("CVE-2009-4022"); + script_version ("$Revision$"); + script_name("SLES11: Security update for bind"); + + desc = "The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + bind + bind-chrootenv + bind-doc + bind-libs + bind-utils + +References: + https://bugzilla.novell.com/show_bug.cgi?id=558260 + +More details may also be found by searching for the SuSE +Enterprise Server 11 patch database located at +http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES11: Security update for bind"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"bind", rpm:"bind~9.5.0P2~20.4.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-chrootenv", rpm:"bind-chrootenv~9.5.0P2~20.4.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-doc", rpm:"bind-doc~9.5.0P2~20.4.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-libs", rpm:"bind-libs~9.5.0P2~20.4.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"bind-utils", rpm:"bind-utils~9.5.0P2~20.4.1", rls:"SLES11.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles11_cdparanoia.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles11_cdparanoia.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles11_cdparanoia.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,108 @@ +# +#VID 036b34b556d9338c53561c16d2f5a3ce +# OpenVAS Vulnerability Test +# $ +# Description: Security update for pidgin +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66351); + script_cve_id("CVE-2009-3026", "CVE-2009-3025", "CVE-2009-3083", "CVE-2009-3084", "CVE-2009-3085", "CVE-2009-3615"); + script_version ("$Revision$"); + script_name("SLES11: Security update for pidgin"); + + desc = "The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + cdparanoia + desktop-file-utils + fam + gnome-vfs2 + gstreamer-0_10 + libogg0 + liboil + +References: + https://bugzilla.novell.com/show_bug.cgi?id=535570 + https://bugzilla.novell.com/show_bug.cgi?id=535832 + https://bugzilla.novell.com/show_bug.cgi?id=536602 + https://bugzilla.novell.com/show_bug.cgi?id=548072 + +More details may also be found by searching for the SuSE +Enterprise Server 11 patch database located at +http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES11: Security update for pidgin"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"cdparanoia", rpm:"cdparanoia~IIIalpha9.8~691.22", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"desktop-file-utils", rpm:"desktop-file-utils~0.15~1.29", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"fam", rpm:"fam~2.7.0~130.21", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gnome-vfs2", rpm:"gnome-vfs2~2.24.0~7.4", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-0_10", rpm:"gstreamer-0_10~0.10.21~3.20", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libogg0", rpm:"libogg0~1.1.3~87.12", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"liboil", rpm:"liboil~0.3.15~3.10", rls:"SLES11.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def4.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def4.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles11_ext4dev-kmp-def4.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,171 @@ +# +#VID a3c4f0428e25dca1993e5018e76d6758 +# OpenVAS Vulnerability Test +# $ +# Description: Security update for Linux kernel +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66352); + script_cve_id("CVE-2009-3547", "CVE-2009-2910", "CVE-2009-2903", "CVE-2009-3621", "CVE-2009-3612", "CVE-2005-4881", "CVE-2009-3620", "CVE-2009-3726", "CVE-2009-3286"); + script_version ("$Revision$"); + script_name("SLES11: Security update for Linux kernel"); + + desc = "The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + ext4dev-kmp-default + ext4dev-kmp-pae + ext4dev-kmp-vmi + ext4dev-kmp-xen + kernel-default + kernel-default-base + kernel-pae + kernel-pae-base + kernel-source + kernel-syms + kernel-vmi + kernel-vmi-base + kernel-xen + kernel-xen-base + +References: + https://bugzilla.novell.com/show_bug.cgi?id=551348 + https://bugzilla.novell.com/show_bug.cgi?id=549567 + https://bugzilla.novell.com/show_bug.cgi?id=441062 + https://bugzilla.novell.com/show_bug.cgi?id=547357 + https://bugzilla.novell.com/show_bug.cgi?id=549751 + https://bugzilla.novell.com/show_bug.cgi?id=556532 + https://bugzilla.novell.com/show_bug.cgi?id=551942 + https://bugzilla.novell.com/show_bug.cgi?id=544760 + https://bugzilla.novell.com/show_bug.cgi?id=554122 + https://bugzilla.novell.com/show_bug.cgi?id=547137 + https://bugzilla.novell.com/show_bug.cgi?id=549751 + https://bugzilla.novell.com/show_bug.cgi?id=540349 + https://bugzilla.novell.com/show_bug.cgi?id=539878 + https://bugzilla.novell.com/show_bug.cgi?id=548070 + https://bugzilla.novell.com/show_bug.cgi?id=536467 + https://bugzilla.novell.com/show_bug.cgi?id=548071 + https://bugzilla.novell.com/show_bug.cgi?id=551142 + https://bugzilla.novell.com/show_bug.cgi?id=544779 + https://bugzilla.novell.com/show_bug.cgi?id=522790 + https://bugzilla.novell.com/show_bug.cgi?id=548807 + https://bugzilla.novell.com/show_bug.cgi?id=550648 + https://bugzilla.novell.com/show_bug.cgi?id=519820 + https://bugzilla.novell.com/show_bug.cgi?id=552775 + https://bugzilla.novell.com/show_bug.cgi?id=531716 + https://bugzilla.novell.com/show_bug.cgi?id=524222 + https://bugzilla.novell.com/show_bug.cgi?id=528427 + https://bugzilla.novell.com/show_bug.cgi?id=524683 + https://bugzilla.novell.com/show_bug.cgi?id=552602 + https://bugzilla.novell.com/show_bug.cgi?id=523487 + https://bugzilla.novell.com/show_bug.cgi?id=547357 + https://bugzilla.novell.com/show_bug.cgi?id=539010 + https://bugzilla.novell.com/show_bug.cgi?id=472410 + https://bugzilla.novell.com/show_bug.cgi?id=549748 + https://bugzilla.novell.com/show_bug.cgi?id=542505 + https://bugzilla.novell.com/show_bug.cgi?id=548101 + https://bugzilla.novell.com/show_bug.cgi?id=541648 + https://bugzilla.novell.com/show_bug.cgi?id=540997 + https://bugzilla.novell.com/show_bug.cgi?id=556864 + https://bugzilla.novell.com/show_bug.cgi?id=548074 + +More details may also be found by searching for the SuSE +Enterprise Server 11 patch database located at +http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES11: Security update for Linux kernel"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"ext4dev-kmp-default", rpm:"ext4dev-kmp-default~0_2.6.27.39_0.3~7.1.22", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ext4dev-kmp-pae", rpm:"ext4dev-kmp-pae~0_2.6.27.39_0.3~7.1.22", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ext4dev-kmp-vmi", rpm:"ext4dev-kmp-vmi~0_2.6.27.39_0.3~7.1.22", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ext4dev-kmp-xen", rpm:"ext4dev-kmp-xen~0_2.6.27.39_0.3~7.1.22", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-pae-base", rpm:"kernel-pae-base~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-vmi", rpm:"kernel-vmi~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-vmi-base", rpm:"kernel-vmi-base~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~2.6.27.39~0.3.1", rls:"SLES11.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles11_java-1_4_2-ibm1.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles11_java-1_4_2-ibm1.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles11_java-1_4_2-ibm1.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,89 @@ +# +#VID 078e3d197ce1488682c8fe5574f20e9b +# OpenVAS Vulnerability Test +# $ +# Description: Security update for IBM Java 1.4.2 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66348); + script_cve_id("CVE-2009-1100"); + script_version ("$Revision$"); + script_name("SLES11: Security update for IBM Java 1.4.2"); + + desc = "The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + java-1_4_2-ibm + java-1_4_2-ibm-jdbc + java-1_4_2-ibm-plugin + +References: + https://bugzilla.novell.com/show_bug.cgi?id=551829 + +More details may also be found by searching for the SuSE +Enterprise Server 11 patch database located at +http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES11: Security update for IBM Java 1.4.2"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"java-1_4_2-ibm", rpm:"java-1_4_2-ibm~1.4.2_sr13.2~0.1.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1_4_2-ibm-jdbc", rpm:"java-1_4_2-ibm-jdbc~1.4.2_sr13.2~0.1.1", rls:"SLES11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"java-1_4_2-ibm-plugin", rpm:"java-1_4_2-ibm-plugin~1.4.2_sr13.2~0.1.1", rls:"SLES11.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles11_mutt0.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles11_mutt0.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles11_mutt0.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,79 @@ +# +#VID 0ccab56be657333f931d55271c4b246a +# OpenVAS Vulnerability Test +# $ +# Description: Security update for mutt +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66350); + script_version ("$Revision$"); + script_name("SLES11: Security update for mutt"); + + desc = "The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + mutt +References: + https://bugzilla.novell.com/show_bug.cgi?id=537141 + +More details may also be found by searching for the SuSE +Enterprise Server 11 patch database located at +http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES11: Security update for mutt"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"mutt", rpm:"mutt~1.5.17~42.33.1", rls:"SLES11.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles9p5063230.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles9p5063230.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles9p5063230.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,82 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Security update for IBM Java2 and SDK +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66344); + script_cve_id("CVE-2009-1100"); + script_version ("$Revision$"); + script_name("SLES9: Security update for IBM Java2 and SDK"); + + desc = " +The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + IBMJava2-JRE + IBMJava2-SDK + +For more information, please visit the referenced security +advisories. + +More details may also be found by searching for keyword +5063230 within the SuSE Enterprise Server 9 patch +database at http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES9: Security update for IBM Java2 and SDK"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"IBMJava2-JRE", rpm:"IBMJava2-JRE~1.4.2_sr13.2~0.7", rls:"SLES9.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles9p5063382.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles9p5063382.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles9p5063382.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,81 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Security update for ethereal +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66343); + script_cve_id("CVE-2009-3549", "CVE-2009-3550", "CVE-2009-3551", "CVE-2009-2560"); + script_version ("$Revision$"); + script_name("SLES9: Security update for ethereal"); + + desc = " +The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + ethereal + +For more information, please visit the referenced security +advisories. + +More details may also be found by searching for keyword +5063382 within the SuSE Enterprise Server 9 patch +database at http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES9: Security update for ethereal"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"ethereal", rpm:"ethereal~0.10.13~2.45", rls:"SLES9.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/sles9p5063532.nasl =================================================================== --- trunk/openvas-plugins/scripts/sles9p5063532.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/sles9p5063532.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,78 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Security update for mutt +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66342); + script_version ("$Revision$"); + script_name("SLES9: Security update for mutt"); + + desc = " +The remote host is missing updates to packages that affect +the security of your system. One or more of the following packages +are affected: + + mutt + + +More details may also be found by searching for keyword +5063532 within the SuSE Enterprise Server 9 patch +database at http://download.novell.com/patch/finder/ + +Solution: + +Please install the updates provided by SuSE. + +Risk factor : High"; + + script_description(desc); + + script_summary("SLES9: Security update for mutt"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("SuSE Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"mutt", rpm:"mutt~1.5.6i~64.14", rls:"SLES9.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/ubuntu_861_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/ubuntu_861_1.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/ubuntu_861_1.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,146 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory USN-861-1 (libvorbis) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66337); + script_cve_id("CVE-2008-2009", "CVE-2009-3379"); + script_version ("$Revision$"); + script_name("Ubuntu USN-861-1 (libvorbis)"); + + desc = " +The remote host is missing an update to libvorbis +announced via advisory USN-861-1. + +Details follow: + +It was discovered that libvorbis did not correctly handle ogg files with +underpopulated Huffman trees. If a user were tricked into opening a +specially crafted ogg file with an application that uses libvorbis, an +attacker could cause a denial of service. (CVE-2008-2009) + +It was discovered that libvorbis did not correctly handle certain malformed +ogg files. If a user were tricked into opening a specially crafted ogg file +with an application that uses libvorbis, an attacker could cause a denial +of service or possibly execute arbitrary code with the user's privileges. +(CVE-2009-3379) + +Solution: +The problem can be corrected by upgrading your system to the +following package versions: + +Ubuntu 8.04 LTS: + libvorbis0a 1.2.0.dfsg-2ubuntu0.3 + +Ubuntu 8.10: + libvorbis0a 1.2.0.dfsg-3.1ubuntu0.8.10.2 + +Ubuntu 9.04: + libvorbis0a 1.2.0.dfsg-3.1ubuntu0.9.04.2 + +Ubuntu 9.10: + libvorbis0a 1.2.0.dfsg-6ubuntu0.1 + +After a standard system upgrade you need to restart any applications that +use libvorbis, such as Totem and gtkpod, to effect the necessary changes. + +https://secure1.securityspace.com/smysecure/catid.html?in=USN-861-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Ubuntu USN-861-1 (libvorbis)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Ubuntu Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libvorbis-dev", ver:"1.2.0.dfsg-2ubuntu0.3", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis0a", ver:"1.2.0.dfsg-2ubuntu0.3", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisenc2", ver:"1.2.0.dfsg-2ubuntu0.3", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisfile3", ver:"1.2.0.dfsg-2ubuntu0.3", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis-dev", ver:"1.2.0.dfsg-3.1ubuntu0.8.10.2", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis0a", ver:"1.2.0.dfsg-3.1ubuntu0.8.10.2", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisenc2", ver:"1.2.0.dfsg-3.1ubuntu0.8.10.2", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisfile3", ver:"1.2.0.dfsg-3.1ubuntu0.8.10.2", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis-dev", ver:"1.2.0.dfsg-3.1ubuntu0.9.04.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis0a", ver:"1.2.0.dfsg-3.1ubuntu0.9.04.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisenc2", ver:"1.2.0.dfsg-3.1ubuntu0.9.04.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisfile3", ver:"1.2.0.dfsg-3.1ubuntu0.9.04.2", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis-dev", ver:"1.2.0.dfsg-6ubuntu0.1", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbis0a", ver:"1.2.0.dfsg-6ubuntu0.1", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisenc2", ver:"1.2.0.dfsg-6ubuntu0.1", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libvorbisfile3", ver:"1.2.0.dfsg-6ubuntu0.1", rls:"UBUNTU9.10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/ubuntu_862_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/ubuntu_862_1.nasl 2009-12-03 21:07:40 UTC (rev 6056) +++ trunk/openvas-plugins/scripts/ubuntu_862_1.nasl 2009-12-03 21:10:42 UTC (rev 6057) @@ -0,0 +1,495 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory USN-862-1 (php5) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66338); + script_cve_id("CVE-2008-7068", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3557", "CVE-2009-3558", "CVE-2009-4017", "CVE-2009-4018"); + script_version ("$Revision$"); + script_name("Ubuntu USN-862-1 (php5)"); + + desc = " +The remote host is missing an update to php5 +announced via advisory USN-862-1. + +Details follow: + +Maksymilian Arciemowicz discovered that PHP did not properly validate +arguments to the dba_replace function. If a script passed untrusted input +to the dba_replace function, an attacker could truncate the database. This +issue only applied to Ubuntu 6.06 LTS, 8.04 LTS, and 8.10. (CVE-2008-7068) + +It was discovered that PHP's php_openssl_apply_verification_policy +function did not correctly handle SSL certificates with zero bytes in the +Common Name. A remote attacker could exploit this to perform a man in the +middle attack to view sensitive information or alter encrypted +communications. (CVE-2009-3291) + +It was discovered that PHP did not properly handle certain malformed images +when being parsed by the Exif module. A remote attacker could exploit this +flaw and cause the PHP server to crash, resulting in a denial of service. +(CVE-2009-3292) + +Grzegorz Stachowiak discovered that PHP did not properly enforce +restrictions in the tempnam function. An attacker could exploit this issue +to bypass safe_mode restrictions. (CVE-2009-3557) + +Grzegorz Stachowiak discovered that PHP did not properly enforce +restrictions in the posix_mkfifo function. An attacker could exploit this +issue to bypass open_basedir restrictions. (CVE-2009-3558) + +Bogdan Calin discovered that PHP did not limit the number of temporary +files created when handling multipart/form-data POST requests. A remote +attacker could exploit this flaw and cause the PHP server to consume all +available resources, resulting in a denial of service. (CVE-2009-4017) + +ATTENTION: This update changes previous PHP behaviour by limiting the +number of files in a POST request to 50. This may be increased by adding a +max_file_uploads directive to the php.ini configuration file. + +It was discovered that PHP did not properly enforce restrictions in the +proc_open function. An attacker could exploit this issue to bypass +safe_mode_protected_env_vars restrictions and possibly execute arbitrary +code with application privileges. (CVE-2009-4018) + +Solution: +The problem can be corrected by upgrading your system to the +following package versions: + +Ubuntu 6.06 LTS: + libapache2-mod-php5 5.1.2-1ubuntu3.17 + php5-cgi 5.1.2-1ubuntu3.17 + php5-cli 5.1.2-1ubuntu3.17 + +Ubuntu 8.04 LTS: + libapache2-mod-php5 5.2.4-2ubuntu5.9 + php5-cgi 5.2.4-2ubuntu5.9 + php5-cli 5.2.4-2ubuntu5.9 + +Ubuntu 8.10: + libapache2-mod-php5 5.2.6-2ubuntu4.5 + php5-cgi 5.2.6-2ubuntu4.5 + php5-cli 5.2.6-2ubuntu4.5 + +Ubuntu 9.04: + libapache2-mod-php5 5.2.6.dfsg.1-3ubuntu4.4 + php5-cgi 5.2.6.dfsg.1-3ubuntu4.4 + php5-cli 5.2.6.dfsg.1-3ubuntu4.4 + +Ubuntu 9.10: + libapache2-mod-php5 5.2.10.dfsg.1-2ubuntu6.3 + php5-cgi 5.2.10.dfsg.1-2ubuntu6.3 + php5-cli 5.2.10.dfsg.1-2ubuntu6.3 + +In general, a standard system upgrade is sufficient to effect the +necessary changes. + +https://secure1.securityspace.com/smysecure/catid.html?in=USN-862-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Ubuntu USN-862-1 (php5)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Ubuntu Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"php-pear", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cgi", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cli", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-common", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-curl", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-dev", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gd", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-ldap", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mhash", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mysql", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mysqli", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-odbc", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pgsql", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-recode", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-snmp", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sqlite", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sybase", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xsl", ver:"5.1.2-1ubuntu3.17", rls:"UBUNTU6.06 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php-pear", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cgi", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cli", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-common", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-curl", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-dev", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gd", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gmp", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-ldap", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mhash", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mysql", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-odbc", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pspell", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-recode", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-snmp", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sybase", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-tidy", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xsl", ver:"5.2.4-2ubuntu5.9", rls:"UBUNTU8.04 LTS")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php-pear", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cgi", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cli", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-common", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-curl", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-dbg", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-dev", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gd", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gmp", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-ldap", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mhash", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mysql", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-odbc", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pspell", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-recode", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-snmp", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sybase", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-tidy", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xsl", ver:"5.2.6-2ubuntu4.5", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php-pear", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cgi", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cli", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-common", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-curl", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-dbg", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-dev", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gd", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gmp", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-ldap", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mhash", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mysql", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-odbc", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pspell", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-recode", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-snmp", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sybase", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-tidy", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xsl", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.2.6.dfsg.1-3ubuntu4.4", rls:"UBUNTU9.04")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php-pear", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-php5", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cgi", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-cli", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-common", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-curl", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-dbg", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-dev", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gd", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-gmp", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-ldap", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mhash", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-mysql", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-odbc", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pgsql", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-pspell", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-recode", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-snmp", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sqlite", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-sybase", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-tidy", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xmlrpc", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"php5-xsl", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libapache2-mod-php5filter", ver:"5.2.10.dfsg.1-2ubuntu6.3", rls:"UBUNTU9.10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} From scm-commit at wald.intevation.org Fri Dec 4 10:51:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 4 Dec 2009 10:51:31 +0100 (CET) Subject: [Openvas-commits] r6058 - in trunk/openvas-libraries: . nasl Message-ID: <20091204095131.CCFDF861F2F2@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-04 10:51:31 +0100 (Fri, 04 Dec 2009) New Revision: 6058 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/nasl/exec.c trunk/openvas-libraries/nasl/nasl.c Log: Solved bug #1101 (http://bugs.openvas.org/1170); openvas-nasl now supports relative paths. * nasl/exec.c (exec_nasl_script): Use glib functions to simplify and extend directory access. Removed todos. * nasl/nasl.c (main): Removed todo. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-03 21:10:42 UTC (rev 6057) +++ trunk/openvas-libraries/ChangeLog 2009-12-04 09:51:31 UTC (rev 6058) @@ -1,3 +1,13 @@ +2009-12-04 Michael Wiegand + + Solved bug #1101 (http://bugs.openvas.org/1170); openvas-nasl now + supports relative paths. + + * nasl/exec.c (exec_nasl_script): Use glib functions to simplify and + extend directory access. Removed todos. + + * nasl/nasl.c (main): Removed todo. + 2009-12-01 Chandrashekhar B * misc/ids_send.c (ids_open_sock_tcp): IPv6 enable. Modified: trunk/openvas-libraries/nasl/exec.c =================================================================== --- trunk/openvas-libraries/nasl/exec.c 2009-12-03 21:10:42 UTC (rev 6057) +++ trunk/openvas-libraries/nasl/exec.c 2009-12-04 09:51:31 UTC (rev 6058) @@ -22,6 +22,8 @@ #include /* for MAXPATHLEN */ #include /* for getpid */ +#include + #include "system.h" /* for efree */ #include "nasl_regex.h" @@ -1773,9 +1775,7 @@ srand48(getpid() + getppid() + (long)time(NULL)); - /** @todo Use glib functions */ - old_dir[sizeof(old_dir) - 1] = '\0'; - getcwd(old_dir, sizeof(old_dir) - 1); + g_snprintf (old_dir, MAXPATHLEN, "%s", g_get_current_dir ()); #if NASL_DEBUG > 2 nasl_trace_fp = stderr; @@ -1788,19 +1788,11 @@ arg_set_value (script_infos, "script_name", strlen(name), estrdup(name)); } - /** @todo use glib (~g_path_basename) */ - newdir = strrchr (name, '/'); - if (newdir != NULL) - { - char dir[MAXPATHLEN+1]; - char *s; - dir[sizeof(dir) - 1] = '\0'; - strncpy(dir, name, sizeof(dir) - 1); - s = strrchr(dir, '/'); - s[0] = '\0'; - chdir(dir); - } + newdir = g_path_get_basename (name); + chdir (newdir); + g_free (newdir); + bzero (&ctx, sizeof(ctx)); if (mode & NASL_ALWAYS_SIGNED) ctx.always_authenticated = 1; Modified: trunk/openvas-libraries/nasl/nasl.c =================================================================== --- trunk/openvas-libraries/nasl/nasl.c 2009-12-03 21:10:42 UTC (rev 6057) +++ trunk/openvas-libraries/nasl/nasl.c 2009-12-04 09:51:31 UTC (rev 6058) @@ -224,8 +224,6 @@ hg_globals = hg_init (target, 4); efree (&target); - /** @todo relative paths starting with '../' do not work. Probably a switch to - * glib functions in exec.c would do the trick. (http://bugs.openvas.org/1101) */ // for absolute and relative paths add_nasl_inc_dir (""); From scm-commit at wald.intevation.org Fri Dec 4 10:55:39 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 4 Dec 2009 10:55:39 +0100 (CET) Subject: [Openvas-commits] r6059 - trunk/openvas-libraries Message-ID: <20091204095539.4B6FE865999E@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-04 10:55:38 +0100 (Fri, 04 Dec 2009) New Revision: 6059 Modified: trunk/openvas-libraries/ChangeLog Log: * ChangeLog: Fixed bug # in the last entry. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-04 09:51:31 UTC (rev 6058) +++ trunk/openvas-libraries/ChangeLog 2009-12-04 09:55:38 UTC (rev 6059) @@ -1,6 +1,10 @@ 2009-12-04 Michael Wiegand - Solved bug #1101 (http://bugs.openvas.org/1170); openvas-nasl now + * ChangeLog: Fixed bug # in the last entry. + +2009-12-04 Michael Wiegand + + Solved bug #1101 (http://bugs.openvas.org/1101); openvas-nasl now supports relative paths. * nasl/exec.c (exec_nasl_script): Use glib functions to simplify and From scm-commit at wald.intevation.org Fri Dec 4 11:03:10 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 4 Dec 2009 11:03:10 +0100 (CET) Subject: [Openvas-commits] r6060 - trunk/openvas-scanner Message-ID: <20091204100310.9BA9B865999E@pyrosoma.intevation.org> Author: jan Date: 2009-12-04 11:03:10 +0100 (Fri, 04 Dec 2009) New Revision: 6060 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvas-nvt-sync.in Log: * openvas-nvt-sync.in: Added URL of feed home page. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-12-04 09:55:38 UTC (rev 6059) +++ trunk/openvas-scanner/ChangeLog 2009-12-04 10:03:10 UTC (rev 6060) @@ -1,3 +1,7 @@ +2009-12-04 Jan-Oliver Wagner + + * openvas-nvt-sync.in: Added URL of feed home page. + 2009-12-03 Chandrashekhar B * cnvts/openvas_tcp_scanner/openvas_tcp_scanner.c, Modified: trunk/openvas-scanner/openvas-nvt-sync.in =================================================================== --- trunk/openvas-scanner/openvas-nvt-sync.in 2009-12-04 09:55:38 UTC (rev 6059) +++ trunk/openvas-scanner/openvas-nvt-sync.in 2009-12-04 10:03:10 UTC (rev 6060) @@ -48,6 +48,7 @@ VERSION=@version@ FEED_NAME="OpenVAS NVT Feed" FEED_PROVIDER="The OpenVAS Project" +FEED_HOME="http://www.openvas.org/openvas-nvt-feed.html" RESTRICTED=0 findcmd() @@ -134,8 +135,9 @@ do_describe () { - echo "This script synchronizes an NVT collection with the $FEED_NAME." - echo "The $FEED_NAME is provided by $FEED_PROVIDER." + echo "This script synchronizes an NVT collection with the '$FEED_NAME'." + echo "The '$FEED_NAME' is provided by '$FEED_PROVIDER'." + echo "Online information about this feed: '$FEED_HOME'." } while test $# -gt 0; do From scm-commit at wald.intevation.org Fri Dec 4 11:05:56 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 4 Dec 2009 11:05:56 +0100 (CET) Subject: [Openvas-commits] r6061 - in trunk/openvas-libraries: . nasl Message-ID: <20091204100556.26DDE865999E@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-04 11:05:55 +0100 (Fri, 04 Dec 2009) New Revision: 6061 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/nasl/nasl.c Log: Add support for defining one additional directory on the command line which will be used to look for includes to openvas-nasl. * nasl/nasl.c (main): Introduced the --include-dir / -i command line parameter. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-04 10:03:10 UTC (rev 6060) +++ trunk/openvas-libraries/ChangeLog 2009-12-04 10:05:55 UTC (rev 6061) @@ -1,5 +1,13 @@ 2009-12-04 Michael Wiegand + Add support for defining one additional directory on the command line + which will be used to look for includes to openvas-nasl. + + * nasl/nasl.c (main): Introduced the --include-dir / -i command line + parameter. + +2009-12-04 Michael Wiegand + * ChangeLog: Fixed bug # in the last entry. 2009-12-04 Michael Wiegand Modified: trunk/openvas-libraries/nasl/nasl.c =================================================================== --- trunk/openvas-libraries/nasl/nasl.c 2009-12-04 10:03:10 UTC (rev 6060) +++ trunk/openvas-libraries/nasl/nasl.c 2009-12-04 10:05:55 UTC (rev 6061) @@ -124,6 +124,7 @@ static gchar * trace_file = NULL; static gboolean with_safe_checks = FALSE; static gboolean authenticated_mode = FALSE; + static gchar * include_dir = NULL; static gchar ** nasl_filenames = NULL; GError *error = NULL; GOptionContext *option_context; @@ -145,6 +146,8 @@ "Specifies that the script should be run with 'safe checks' enabled", NULL }, { "authenticated", 'X', 0, G_OPTION_ARG_NONE, &authenticated_mode, "Run the script in 'authenticated' mode", NULL }, + { "include-dir", 'i', 0, G_OPTION_ARG_FILENAME, &include_dir, + "Search for includes in ", NULL }, { G_OPTION_REMAINING, 0, 0, G_OPTION_ARG_FILENAME_ARRAY, &nasl_filenames, NULL, NULL }, { NULL } }; @@ -226,6 +229,10 @@ // for absolute and relative paths add_nasl_inc_dir (""); + if (include_dir != NULL) + { + add_nasl_inc_dir (include_dir); + } while (hg_next_host(hg_globals, &ip6, hostname, sizeof(hostname)) >= 0) { From scm-commit at wald.intevation.org Fri Dec 4 12:32:24 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 4 Dec 2009 12:32:24 +0100 (CET) Subject: [Openvas-commits] r6062 - in trunk/openvas-libraries: . nasl Message-ID: <20091204113224.844BC865F4A0@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-04 12:32:23 +0100 (Fri, 04 Dec 2009) New Revision: 6062 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/nasl/exec.c Log: * nasl/exec.c (exec_nasl_script): Fixed a potential memory leak, improved error handling, made glib usage more consistent, clarified return value in documentation. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-04 10:05:55 UTC (rev 6061) +++ trunk/openvas-libraries/ChangeLog 2009-12-04 11:32:23 UTC (rev 6062) @@ -1,5 +1,11 @@ 2009-12-04 Michael Wiegand + * nasl/exec.c (exec_nasl_script): Fixed a potential memory leak, + improved error handling, made glib usage more consistent, clarified + return value in documentation. + +2009-12-04 Michael Wiegand + Add support for defining one additional directory on the command line which will be used to look for includes to openvas-nasl. Modified: trunk/openvas-libraries/nasl/exec.c =================================================================== --- trunk/openvas-libraries/nasl/exec.c 2009-12-04 10:05:55 UTC (rev 6061) +++ trunk/openvas-libraries/nasl/exec.c 2009-12-04 11:32:23 UTC (rev 6062) @@ -19,10 +19,10 @@ #include /* for srand48 */ #include /* for strlen */ -#include /* for MAXPATHLEN */ #include /* for getpid */ -#include +#include /* for g_get_current_dir and others */ +#include /* for g_chdir */ #include "system.h" /* for efree */ @@ -1755,7 +1755,8 @@ * @param mode Bit field describing launch mode (description, parse * always signed). * - * @return Values < 0 + * @return 0 if the script was executed successfully, negative values if an + * error occurred. */ int exec_nasl_script (struct arglist * script_infos, const char* name, int mode) @@ -1765,8 +1766,8 @@ int err = 0; tree_cell *ret; lex_ctxt *lexic; - char old_dir[MAXPATHLEN+1]; - char *newdir; + gchar *old_dir; + gchar *newdir; char *old; tree_cell tc; struct arglist* prefs = arg_get_value (script_infos, "preferences"); @@ -1775,7 +1776,7 @@ srand48(getpid() + getppid() + (long)time(NULL)); - g_snprintf (old_dir, MAXPATHLEN, "%s", g_get_current_dir ()); + old_dir = g_get_current_dir (); #if NASL_DEBUG > 2 nasl_trace_fp = stderr; @@ -1790,7 +1791,12 @@ newdir = g_path_get_basename (name); - chdir (newdir); + if (g_chdir (newdir) != 0) + { + g_free (old_dir); + g_free (newdir); + return -1; + } g_free (newdir); bzero (&ctx, sizeof(ctx)); @@ -1799,7 +1805,8 @@ if (nasl_reload_or_parse(&ctx, name) < 0) { - chdir(old_dir); + g_chdir(old_dir); + g_free (old_dir); return -1; } @@ -1890,6 +1897,12 @@ #endif chdir (old_dir); + if (g_chdir (old_dir) != 0) + { + g_free (old_dir); + return -1; + } + g_free (old_dir); if (mode & NASL_EXEC_DONT_CLEANUP) return err; From scm-commit at wald.intevation.org Fri Dec 4 14:18:02 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 4 Dec 2009 14:18:02 +0100 (CET) Subject: [Openvas-commits] r6063 - in trunk/openvas-plugins: . scripts Message-ID: <20091204131802.652AC861F2DC@pyrosoma.intevation.org> Author: chandra Date: 2009-12-04 14:17:59 +0100 (Fri, 04 Dec 2009) New Revision: 6063 Added: trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln.nasl trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln_lin.nasl trunk/openvas-plugins/scripts/gb_mysql_dos_n_spoofing_vuln.nasl trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: released Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-04 11:32:23 UTC (rev 6062) +++ trunk/openvas-plugins/ChangeLog 2009-12-04 13:17:59 UTC (rev 6063) @@ -1,3 +1,12 @@ +2009-12-04 Chandrashekhar B + + * scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl, + scripts/gb_mysql_dos_n_spoofing_vuln.nasl, + scripts/gb_mysql_auth_bypass_vuln_lin.nasl, + scripts/gb_php_mult_vuln_dec09.nasl, + scripts/gb_mysql_auth_bypass_vuln.nasl: + Added new plugins. + 2009-12-03 Thomas Reinke * scripts/deb_1939_1.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-04 11:32:23 UTC (rev 6062) +++ trunk/openvas-plugins/cve_current.txt 2009-12-04 13:17:59 UTC (rev 6063) @@ -330,3 +330,10 @@ 37180 Greenbone svn R 33698 Greenbone svn R 37185 Greenbone svn R +CVE-2009-4019 SecPod svn R +CVE-2008-7247 SecPod svn R +CVE-2009-4030 SecPod svn R +CVE-2009-4028 SecPod svn R +CVE-2009-4018 SecPod svn R +CVE-2009-2626 SecPod svn R +CVE-2009-3672 SecPod svn L Added: trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl 2009-12-04 11:32:23 UTC (rev 6062) +++ trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl 2009-12-04 13:17:59 UTC (rev 6063) @@ -0,0 +1,83 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ms_ie_style_object_remote_code_exe_vuln.nasl 6031 2009-12-03 11:17:55Z dec $ +# +# MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it undr the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800727); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3672"); + script_bugtraq_id(37085); + script_name("MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability"); + desc = " + Overview: This host has Microsoft Internet Explorer installed and is prone to + Remote Code Execution Vulnerability. + + Vulnerability Insight: + This flaw is caused due to CSS information inside HTML rendering engine, + inside mshtml.dll library file. Malicious use of 'outerHTML' property + causes the remote browser to spray the heap memory allocated area. + + Impact: + Successful attack could allow malicious people to execute arbitrary code in the + context of the user running the application or compromise the application and + possibly the system. failed attacks may cause denial-of-service condition. + + Impact Level: System/Application + + Affected Software/OS: + Microsoft Internet Explorer 6.x and 7.x + + Fix: + No solution or patch is available as on 04th December, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.microsoft.com/technet/security/advisory/977981.mspx + + References: + http://www.securityfocus.com/archive/1/archive/1/507984/100/0/threaded + http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 8.4 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Microsoft Internet Explorer"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("gb_ms_ie_detect.nasl"); + script_require_keys("MS/IE/Version"); + exit(0); +} + + +include("version_func.inc"); + +ieVer = get_kb_item("MS/IE/Version"); +if(ieVer =~ "^(6|7)\..*"){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln.nasl 2009-12-04 11:32:23 UTC (rev 6062) +++ trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln.nasl 2009-12-04 13:17:59 UTC (rev 6063) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_mysql_auth_bypass_vuln.nasl 5988 2009-12-03 25:29:17Z dec $ +# +# MySQL Authenticated Access Restrictions Bypass Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801066); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4030"); + script_name("MySQL Authenticated Access Restrictions Bypass Vulnerability"); + desc = " + Overview: The host is running MySQL and is prone to Access restrictions Bypass + Vulnerability + + Vulnerability Insight: + The flaw is due to an error while calling CREATE TABLE on a MyISAM table with modified + DATA DIRECTORY or INDEX DIRECTORY. + + Impact: + Successful exploitation could allow users to bypass intended access restrictions + by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring + to a subdirectory. + + Impact Level: Application + + Affected Software/OS: + MySQL 5.1.x before 5.1.41 on all running platform. + + Fix: Upgrade to MySQL version 5.1.41 + For Updates Refer, http://dev.mysql.com/downloads + + References: + http://bugs.mysql.com/bug.php?id=32167 + http://dev.mysql.com/doc/refman/5.1/en/news-5-1-41.html + + CVSS Score: + CVSS Base Score : 4.4 (AV:L/AC:M/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 3.2 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of MySQL"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("mysql_version.nasl"); + script_require_ports("Services/mysql", 3306); + exit(0); +} + + +include("misc_func.inc"); +include("version_func.inc"); + +sqlPort = get_kb_item("Services/mysql"); +if(!sqlPort){ + sqlPort = 3306; +} + +if(!get_port_state(sqlPort)){ + exit(0); +} + +mysqlVer = get_mysql_version(port:sqlPort); +if(!isnull(mysqlVer)) +{ + mysqlVer = eregmatch(pattern:"([0-9.a-z]+)", string:mysqlVer); + if(!isnull(mysqlVer[1])) + { + if(version_in_range(version:mysqlVer[1], test_version:"5.1",test_version2:"5.1.40")){ + security_warning(sqlPort); + } + } +} + Property changes on: trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln_lin.nasl 2009-12-04 11:32:23 UTC (rev 6062) +++ trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln_lin.nasl 2009-12-04 13:17:59 UTC (rev 6063) @@ -0,0 +1,107 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_mysql_auth_bypass_vuln_lin.nasl 5988 2009-12-03 23:29:17Z dec $ +# +# MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801065); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-7247"); + script_name("MySQL Authenticated Access Restrictions Bypass Vulnerability (Linux)"); + desc = " + Overview: The host is running MySQL and is prone to Access Restrictions Bypass + Vulnerability + + Vulnerability Insight: + The flaw is due to an error in 'sql/sql_table.cc', when the data home directory + contains a symlink to a different filesystem. + + Impact: + Successful exploitation could allow users to bypass intended access restrictions + by calling CREATE TABLE with DATA DIRECTORY or INDEX DIRECTORY argument referring + to a subdirectory. + + Impact Level: Application + + Affected Software/OS: + MySQL 5.0.x before 5.0.88, 5.1.x before 5.1.41, 6.0 before 6.0.9-alpha + + Fix: Upgrade to MySQL version 5.0.88 or 5.1.41 or 6.0.9-alpha + For Updates Refer, http://dev.mysql.com/downloads + + References: + http://lists.mysql.com/commits/59711 + http://bugs.mysql.com/bug.php?id=39277 + http://marc.info/?l=oss-security&m=125908040022018&w=2 + + CVSS Score: + CVSS Base Score : 6.0 (AV:N/AC:M/Au:SI/C:P/I:P/A:P) + CVSS Temporal Score : 4.4 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of MySQL"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("mysql_version.nasl"); + script_require_ports("Services/mysql", 3306); + exit(0); +} + + +include("misc_func.inc"); +include("version_func.inc"); + +sqlPort = get_kb_item("Services/mysql"); +if(!sqlPort){ + sqlPort = 3306; +} + +if(!get_port_state(sqlPort)){ + exit(0); +} + +mysqlVer = get_mysql_version(port:sqlPort); +if(isnull(mysqlVer)){ + exit(0); +} + +mysqlVer = eregmatch(pattern:"([0-9.a-z]+)", string:mysqlVer); +if(isnull(mysqlVer[1])){ + exit(0); +} + +if(version_in_range(version:mysqlVer[1], test_version:"5.0",test_version2:"5.0.87") || + version_in_range(version:mysqlVer[1], test_version:"5.1",test_version2:"5.1.40")){ + security_warning(sqlPort); +} + +else if(mysqlVer[1] =~ "^6\.") +{ + if(version_is_less(version:mysqlVer[1],test_version:"6.0.9a")){ + security_warning(sqlPort); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_mysql_auth_bypass_vuln_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_mysql_dos_n_spoofing_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_mysql_dos_n_spoofing_vuln.nasl 2009-12-04 11:32:23 UTC (rev 6062) +++ trunk/openvas-plugins/scripts/gb_mysql_dos_n_spoofing_vuln.nasl 2009-12-04 13:17:59 UTC (rev 6063) @@ -0,0 +1,104 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_mysql_dos_n_spoofing_vuln.nasl 5988 2009-12-03 21:29:17Z dec $ +# +# MySQL Denial Of Service and Spoofing Vulnerabilities +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801064); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4019","CVE-2009-4028"); + script_name("MySQL Denial Of Service and Spoofing Vulnerabilities"); + desc = " + Overview: The host is running MySQL and is prone to Denial Of Service + and Spoofing Vulnerabilities + + Vulnerability Insight: + The flaws are due to: + - mysqld does not properly handle errors during execution of certain SELECT + statements with subqueries, and does not preserve certain null_value flags + during execution of statements that use the 'GeomFromWKB()' function. + - An error in 'vio_verify_callback()' function in 'viosslfactories.c', when + OpenSSL is used, accepts a value of zero for the depth of X.509 certificates. + + Impact: + Successful exploitation could allow users to cause a Denial of Service and + man-in-the-middle attackers to spoof arbitrary SSL-based MySQL servers via + a crafted certificate. + + Impact Level: Application + + Affected Software/OS: + MySQL 5.0.x before 5.0.88 and 5.1.x before 5.1.41 on all running platform. + + Fix: Upgrade to MySQL version 5.0.88 or 5.1.41 + For Updates Refer, http://dev.mysql.com/downloads + + References: + http://bugs.mysql.com/47780 + http://bugs.mysql.com/47320 + http://marc.info/?l=oss-security&m=125881733826437&w=2 + http://dev.mysql.com/doc/refman/5.0/en/news-5-0-88.html + + CVSS Score: + CVSS Base Score : 6.4 (AV:N/AC:L/Au:NR/C:N/I:P/A:P) + CVSS Temporal Score : 4.7 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of MySQL"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("mysql_version.nasl"); + script_require_ports("Services/mysql", 3306); + exit(0); +} + + +include("misc_func.inc"); +include("version_func.inc"); + +sqlPort = get_kb_item("Services/mysql"); +if(!sqlPort){ + sqlPort = 3306; +} + +if(!get_port_state(sqlPort)){ + exit(0); +} + +mysqlVer = get_mysql_version(port:sqlPort); +if(isnull(mysqlVer)){ + exit(0); +} + +mysqlVer = eregmatch(pattern:"([0-9.a-z]+)", string:mysqlVer); +if(!isnull(mysqlVer[1])) +{ + if(version_in_range(version:mysqlVer[1], test_version:"5.0",test_version2:"5.0.87") || + version_in_range(version:mysqlVer[1], test_version:"5.1",test_version2:"5.1.40")){ + security_warning(sqlPort); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_mysql_dos_n_spoofing_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl 2009-12-04 11:32:23 UTC (rev 6062) +++ trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl 2009-12-04 13:17:59 UTC (rev 6063) @@ -0,0 +1,107 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_php_mult_vuln_dec09.nasl 5956 2009-12-02 18:42:56Z dec $ +# +# PHP Multiple Vulnerabilities Dec-09 +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801060); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4018","CVE-2009-2626"); + script_bugtraq_id(37138, 36009); + script_name("PHP Multiple Vulnerabilities Dec-09"); + desc = " + Overview: This host is running PHP and is prone to multiple vulnerabilities. + + Vulnerability Insight: + Multiple flaws are due to: + - Error in 'proc_open()' function in 'ext/standard/proc_open.c' that does not + enforce the 'safe_mode_allowed_env_vars' and 'safe_mode_protected_env_vars' + directives, which allows attackers to execute programs with an arbitrary + environment via the env parameter. + - Error in 'zend_restore_ini_entry_cb()' function in 'zend_ini.c', which + allows attackers to obtain sensitive information. + + Impact: + Successful exploitation could allow local attackers to bypass certain + security restrictions and cause denial of service. + + Impact Level: Network + + Affected Software/OS: + PHP version 5.2.10 and prior. + PHP version 5.3.x before 5.3.1 + + Fix: Upgrade to PHP version 5.3.1 + http://www.php.net/downloads.php + + References: + http://secunia.com/advisories/37482 + http://bugs.php.net/bug.php?id=49026 + http://securityreason.com/achievement_securityalert/65 + http://www.openwall.com/lists/oss-security/2009/11/23/15 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.9 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version of PHP"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Web application abuses"); + script_dependencies("gb_php_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("version_func.inc"); + +phpPort = get_kb_item("Services/www"); +if(!phpPort) +{ + phpPort = 80; + if(!get_port_state(phpPort)){ + exit(0); + } +} + +phpVer = get_kb_item("www/" + phpPort + "/PHP"); +if(!phpVer){ + exit(0); +} + +if(version_is_less(version:phpVer, test_version:"5.2.11")){ + security_hole(0); + exit(0); +} + +else if(phpVer =~ "^5\.3") +{ + if(version_is_less(version:phpVer, test_version:"5.3.1")){ + security_hole(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Fri Dec 4 16:58:12 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 4 Dec 2009 16:58:12 +0100 (CET) Subject: [Openvas-commits] r6064 - in trunk/openvas-plugins: . scripts Message-ID: <20091204155812.D4552861F2E2@pyrosoma.intevation.org> Author: reinke Date: 2009-12-04 16:58:10 +0100 (Fri, 04 Dec 2009) New Revision: 6064 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ubuntu_862_1.nasl Log: Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-04 13:17:59 UTC (rev 6063) +++ trunk/openvas-plugins/ChangeLog 2009-12-04 15:58:10 UTC (rev 6064) @@ -1,3 +1,7 @@ +2009-12-04 Thomas Reinke + * scripts/ubuntu_862_1.nasl: + Shortened description + 2009-12-04 Chandrashekhar B * scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl, Modified: trunk/openvas-plugins/scripts/ubuntu_862_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/ubuntu_862_1.nasl 2009-12-04 13:17:59 UTC (rev 6063) +++ trunk/openvas-plugins/scripts/ubuntu_862_1.nasl 2009-12-04 15:58:10 UTC (rev 6064) @@ -46,8 +46,7 @@ It was discovered that PHP's php_openssl_apply_verification_policy function did not correctly handle SSL certificates with zero bytes in the Common Name. A remote attacker could exploit this to perform a man in the -middle attack to view sensitive information or alter encrypted -communications. (CVE-2009-3291) +middle attack. (CVE-2009-3291) It was discovered that PHP did not properly handle certain malformed images when being parsed by the Exif module. A remote attacker could exploit this @@ -69,7 +68,7 @@ ATTENTION: This update changes previous PHP behaviour by limiting the number of files in a POST request to 50. This may be increased by adding a -max_file_uploads directive to the php.ini configuration file. +max_file_uploads directive to php.ini. It was discovered that PHP did not properly enforce restrictions in the proc_open function. An attacker could exploit this issue to bypass From scm-commit at wald.intevation.org Sat Dec 5 12:49:19 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sat, 5 Dec 2009 12:49:19 +0100 (CET) Subject: [Openvas-commits] r6065 - in trunk/openvas-plugins: . scripts Message-ID: <20091205114919.29DC4865F461@pyrosoma.intevation.org> Author: chandra Date: 2009-12-05 12:49:16 +0100 (Sat, 05 Dec 2009) New Revision: 6065 Added: trunk/openvas-plugins/scripts/gb_golden_ftp_server_detect.nasl trunk/openvas-plugins/scripts/gb_golden_ftp_server_dir_trav_vuln.nasl trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/cpe.inc Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-04 15:58:10 UTC (rev 6064) +++ trunk/openvas-plugins/ChangeLog 2009-12-05 11:49:16 UTC (rev 6065) @@ -1,3 +1,13 @@ +2009-12-05 Chandrashekhar B + + * scripts/gb_golden_ftp_server_detect.nasl, + scripts/gb_golden_ftp_server_dir_trav_vuln.nasl, + scripts/gb_kaspersky_av_2010_dos_vuln.nasl, + scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl: + Added new plugins. + + * scripts/cpe.inc: Added new CPE. + 2009-12-04 Thomas Reinke * scripts/ubuntu_862_1.nasl: Shortened description Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-04 15:58:10 UTC (rev 6064) +++ trunk/openvas-plugins/cve_current.txt 2009-12-05 11:49:16 UTC (rev 6065) @@ -337,3 +337,7 @@ CVE-2009-4018 SecPod svn R CVE-2009-2626 SecPod svn R CVE-2009-3672 SecPod svn L +CVE-2009-4150 SecPod svn L +CVE-2009-4194 SecPod svn R +CVE-2009-4114 SecPod svn L + Modified: trunk/openvas-plugins/scripts/cpe.inc =================================================================== --- trunk/openvas-plugins/scripts/cpe.inc 2009-12-04 15:58:10 UTC (rev 6064) +++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-05 11:49:16 UTC (rev 6065) @@ -738,7 +738,9 @@ "www/*/FrontAccounting", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:frontaccounting:frontaccounting:", "HomeFTPServer/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:downstairs.dnsalias:home_ftp_server:", "Robo/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?" , "cpe:/a:robo-ftp:robo-ftp:", -"TYPSoft/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:typsoft:typsoft_ftp_server:" +"TYPSoft/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:typsoft:typsoft_ftp_server:", +"Golden/FTP/Pro/Ver", "^([0-9.]+)", "cpe:/a:kmint21:golden_ftp_server:", +"Golden/FTP/Free/Ver", "^([0-9.]+)", "cpe:/a:kmint21:golden_ftp_server:" ); Added: trunk/openvas-plugins/scripts/gb_golden_ftp_server_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_golden_ftp_server_detect.nasl 2009-12-04 15:58:10 UTC (rev 6064) +++ trunk/openvas-plugins/scripts/gb_golden_ftp_server_detect.nasl 2009-12-05 11:49:16 UTC (rev 6065) @@ -0,0 +1,81 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_golden_ftp_server_detect.nasl 6053 2009-12-04 17:05:29Z dec $ +# +# Golden FTP Server Version Detection +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ + +if(description) +{ + script_id(801072); + script_version ("$Revision: 1.0 $"); + script_name("Golden FTP Server Version Detection"); + desc = " + Overview: This script determines Golden FTP server version on the + remote host and sets the result in KB. + + Risk factor : Informational"; + + script_description(desc); + script_summary("Sets KB for Golden FTP server version"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Service detection"); + script_dependencies("find_service.nes"); + script_require_ports("Services/ftp", 21); + exit(0); +} + + +include("ftp_func.inc"); + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(!get_port_state(port)){ + exit(0); +} + +banner = get_ftp_banner(port:port); +if(isnull(banner)){ + exit(0); +} + +if("220 Golden FTP Server Pro" >< banner) +{ + gftpVer = eregmatch(pattern:"v([0-9.]+)", string:banner); + if(gftpVer[1] != NULL) + { + set_kb_item(name:"Golden/FTP/Pro/Ver", value:gftpVer[1]); + break; + } +} + +if(("220 Golden FTP Server" >< banner) && ("Pro" >!< banner)) +{ + gfftpVer = eregmatch(pattern:"v([0-9.]+)", string:banner); + if(gfftpVer[1] != NULL){ + set_kb_item(name:"Golden/FTP/Free/Ver", value:gfftpVer[1]); + } +} Added: trunk/openvas-plugins/scripts/gb_golden_ftp_server_dir_trav_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_golden_ftp_server_dir_trav_vuln.nasl 2009-12-04 15:58:10 UTC (rev 6064) +++ trunk/openvas-plugins/scripts/gb_golden_ftp_server_dir_trav_vuln.nasl 2009-12-05 11:49:16 UTC (rev 6065) @@ -0,0 +1,102 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_golden_ftp_server_dir_trav_vuln.nasl 5967 2009-12-04 17:12:58Z dec $ +# +# Golden FTP Server 'DELE' Command Directory Traversal Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +################################################################################ + +if(description) +{ + script_id(801073); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4194"); + script_name("Golden FTP Server 'DELE' Command Directory Traversal Vulnerability"); + desc = " + Overview: This host is running Golden FTP Server and is prone to Directory + Traversal vulnerability. + + Vulnerability Insight: + The flaw is caused due to an input validation error in 'DELE' command. It is + possible to escape the FTP root and delete arbitrary files on the system via + directory traversal (../../) attack methods. + + Impact: + Successful exploitation will allow the remote authenticated user to access + arbitrary folders and delete arbitrary files from the FTP directories. + + Affected Software/OS: + Golden FTP Server Pro version 4.30 and prior. + Golden FTP Server Free version 4.30 and prior. + + Fix: + No solution or patch is available as on 04th December 2009. Information + regarding this issue will be updated once the solution details are available. + For Updates Refer, http://www.goldenftpserver.com/download.html + + References: + http://secunia.com/advisories/37527 + http://xforce.iss.net/xforce/xfdb/54497 + http://www.exploit-db.com/exploits/10258 + + CVSS Score: + CVSS Base Score : 6.0 (AV:N/AC:M/Au:SI/C:P/I:P/A:P) + CVSS Temporal Score : 5.4 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Golden FTP Server"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("FTP"); + script_dependencies("gb_golden_ftp_server_detect.nasl"); + script_require_ports("Services/ftp", 21); + script_require_keys("Golden/FTP/Pro/Ver","Golden/FTP/Free/Ver"); + exit(0); +} + + +include("version_func.inc"); + +port = get_kb_item("Services/ftp"); +if(!port){ + port = 21; +} + +if(!get_port_state(port)){ + exit(0); +} + +if(gftpVer = get_kb_item("Golden/FTP/Pro/Ver")) +{ + # Golden FTP server Pro v4.30 = v4.50 + if(version_is_less_equal(version:gftpVer, test_version:"4.50")){ + security_hole(port); + } +} + +else if(gfftpVer = get_kb_item("Golden/FTP/Free/Ver")) +{ + # Golden FTP server Free v4.30 = v4.50 + if(version_is_less_equal(version:gfftpVer, test_version:"4.50")){ + security_hole(port); + } +} Added: trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl 2009-12-04 15:58:10 UTC (rev 6064) +++ trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl 2009-12-05 11:49:16 UTC (rev 6065) @@ -0,0 +1,99 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ibm_db2_mulptiple_vuln_lin_dec09.nasl 6030 2009-12-04 16:03:51Z dec $ +# +# IBM DB2 Multiple Vulnerabilities - Dec09 (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801071); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4150"); + script_name("IBM DB2 Multiple Vulnerabilities - Dec09 (Linux)"); + desc = " + Overview: The host is installed with IBM DB2 and is prone to multiple + vulnerabilities. + + Vulnerability Insight: + Multiple flaws are due to: + - Unspecified error exists related to a table function when the definer + loses required privileges. + - Unspecified error that can be exploited to insert, update, or delete rows + in a table without having required privileges. + - Unspecified error in the handling of 'SET SESSION AUTHORIZATION' statements. + - Error in 'DASAUTO' command, it can be run by non-privileged users. + + Impact: + Successful exploitation allows the attacker to potentially perform certain + actions with escalated privileges or to bypass certain security restrictions. + + Impact Level: System/Application + + Affected Software/OS: + IBM DB2 version 8 prior to Fixpak 18 + IBM DB2 version 9.1 prior to Fixpak 8 + IBM DB2 version 9.5 prior to Fixpak 4 + IBM DB2 version 9.7 prior to Fixpak 1 + + Fix: + Update DB2 8 Fixpak 18 or 9.1 Fixpak 8 or 9.5 Fixpak 4 or 9.7 Fixpak 1 or later. + For Updates Refer, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053 + + References: + http://secunia.com/advisories/37454 + http://securitytracker.com/id?1023242 + http://www.vupen.com/english/advisories/2009/3340 + http://www-01.ibm.com/support/docview.wss?uid=swg21386689 + http://www-01.ibm.com/support/docview.wss?uid=swg21403619 + + CVSS Score: + CVSS Base Score : 4.6 (AV:L/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 3.4 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of IBM DB2"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("General"); + script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl"); + script_require_keys("Linux/IBM_db2/Ver"); + exit(0); +} + + +include("version_func.inc"); + +ibmVer = get_kb_item("Linux/IBM_db2/Ver"); +if(!ibmVer){ + exit(0); +} + +# Check for IBM DB2 version 8 before FP18, 9.1 before FP8, 9.5 before FP4 +# 9.1 FP8 =>9.1.0.8, 9.5 FP4 =>9.5.0.4, 8 FP18 =>8.1.18, 9.7 FP1=> 9.7.0.1 +if(version_is_equal(version:ibmVer, test_version:"9.7.0.0")|| + version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.17")|| + version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.7")|| + version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.3")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl 2009-12-04 15:58:10 UTC (rev 6064) +++ trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl 2009-12-05 11:49:16 UTC (rev 6065) @@ -0,0 +1,84 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_kaspersky_av_2010_dos_vuln.nasl 5989 2009-12-05 12:03:46Z dec $ +# +# Kaspersky Anti-Virus 2010 'kl1.sys' Driver DoS Vulnerability +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800154); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4114"); + script_bugtraq_id(37044); + script_name("Kaspersky Anti-Virus 2010 'kl1.sys' Driver DoS Vulnerability"); + desc = " + Overview: The host is installed with Kaspersky Anti-Virus 2010 and is prone + to Denial of Service vulnerability. + + Vulnerability Insight: + The flaw is due to NULL pointer dereference in 'kl1.sys' driver via a + specially-crafted IOCTL 0x0022c008 call. + + Impact: + Successful exploitation will let the attacker to execute arbitrary code with + elevated privileges or cause the kernel to crash. + + Impact Level: System/Application + + Affected Software/OS: + Kaspersky Anti-Virus 2010 before 9.0.0.736 on Windows. + + Fix: Update to version 9.0.0.736 or later, + For Updates Refer, http://www.kaspersky.com/downloads + + References: + http://secunia.com/advisories/37398 + http://xforce.iss.net/xforce/xfdb/54309 + http://www.securityfocus.com/archive/1/archive/1/507933/100/0/threaded + + CVSS Score: + CVSS Base Score : 4.9 (AV:L/AC:L/Au:NR/C:N/I:N/A:C) + CVSS Temporal Score : 3.9 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Kaspersky Anti-Virus"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_kaspersky_av_detect.nasl"); + exit(0); +} + + +include("version_func.inc"); + +## Get Version from KB +kavVer = get_kb_item("Kaspersky/AV/Ver"); +if(kavVer != NULL) +{ + ## Kaspersky Anti-Virus 2010 before 9.0.0.736 + if(version_in_range(version:kavVer, test_version:"9.0", test_version2:"9.0.0.735")){ + security_warning(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Sat Dec 5 18:20:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sat, 5 Dec 2009 18:20:47 +0100 (CET) Subject: [Openvas-commits] r6066 - in trunk/openvas-libraries: . nasl Message-ID: <20091205172047.A336E861F2CD@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-05 18:20:46 +0100 (Sat, 05 Dec 2009) New Revision: 6066 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/nasl/exec.c Log: * nasl/exec.c (exec_nasl_script): Use correct glib function for determining the directory. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-05 11:49:16 UTC (rev 6065) +++ trunk/openvas-libraries/ChangeLog 2009-12-05 17:20:46 UTC (rev 6066) @@ -1,3 +1,8 @@ +2009-12-05 Michael Wiegand + + * nasl/exec.c (exec_nasl_script): Use correct glib function for + determining the directory. + 2009-12-04 Michael Wiegand * nasl/exec.c (exec_nasl_script): Fixed a potential memory leak, Modified: trunk/openvas-libraries/nasl/exec.c =================================================================== --- trunk/openvas-libraries/nasl/exec.c 2009-12-05 11:49:16 UTC (rev 6065) +++ trunk/openvas-libraries/nasl/exec.c 2009-12-05 17:20:46 UTC (rev 6066) @@ -1789,7 +1789,7 @@ arg_set_value (script_infos, "script_name", strlen(name), estrdup(name)); } - newdir = g_path_get_basename (name); + newdir = g_path_get_dirname (name); if (g_chdir (newdir) != 0) { From scm-commit at wald.intevation.org Mon Dec 7 09:36:04 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 09:36:04 +0100 (CET) Subject: [Openvas-commits] r6067 - in trunk/openvas-plugins: . scripts Message-ID: <20091207083604.8795F861F2EE@pyrosoma.intevation.org> Author: mime Date: 2009-12-07 09:36:01 +0100 (Mon, 07 Dec 2009) New Revision: 6067 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/cpe_policy.nasl trunk/openvas-plugins/scripts/pligg_cms_detect.nasl Log: Added workaround Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-05 17:20:46 UTC (rev 6066) +++ trunk/openvas-plugins/ChangeLog 2009-12-07 08:36:01 UTC (rev 6067) @@ -1,3 +1,11 @@ +2009-12-07 Michael Meyer + + * scripts/cpe_policy.nasl: + Added temp. workaround for gsa. + + * scripts/pligg_cms_detect.nasl: + Changed search string. + 2009-12-05 Chandrashekhar B * scripts/gb_golden_ftp_server_detect.nasl, Modified: trunk/openvas-plugins/scripts/cpe_policy.nasl =================================================================== --- trunk/openvas-plugins/scripts/cpe_policy.nasl 2009-12-05 17:20:46 UTC (rev 6066) +++ trunk/openvas-plugins/scripts/cpe_policy.nasl 2009-12-07 08:36:01 UTC (rev 6067) @@ -59,9 +59,15 @@ if(!single_cpe || strlen(single_cpe) < 6) { cpes_list = script_get_preference_file_content("CPE List"); - if(!cpes_list)exit(0); + if(!cpes_list) { + cpes_list = script_get_preference("CPE List"); + if(!cpes_list)exit(0); + sep = ";"; + } else { + sep = '\n'; + } - mycpes_split = split(cpes_list, sep:'\n', keep:0); # expecting entrys seperated by \n + mycpes_split = split(cpes_list, sep: sep, keep:0); mycpes = make_list(); i = 0; @@ -80,7 +86,6 @@ if(!mycpes)exit(0); running = TRUE; - if(severity_upon == "present") { foreach cpe (keys(cpes)) { foreach mycpe (mycpes) { Modified: trunk/openvas-plugins/scripts/pligg_cms_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/pligg_cms_detect.nasl 2009-12-05 17:20:46 UTC (rev 6066) +++ trunk/openvas-plugins/scripts/pligg_cms_detect.nasl 2009-12-07 08:36:01 UTC (rev 6067) @@ -69,7 +69,7 @@ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); if( buf == NULL )continue; - if(egrep(pattern: "Copyright 2009.*Pligg 0) { install=dir; From scm-commit at wald.intevation.org Mon Dec 7 09:46:33 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 09:46:33 +0100 (CET) Subject: [Openvas-commits] r6068 - in trunk/openvas-libraries: . doc Message-ID: <20091207084633.964E3865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 09:46:31 +0100 (Mon, 07 Dec 2009) New Revision: 6068 Modified: trunk/openvas-libraries/CHANGES trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION trunk/openvas-libraries/doc/Doxyfile trunk/openvas-libraries/doc/Doxyfile_full Log: Preparing the openvas-libraries 3.0.0-rc1 release. * CHANGES: Updated. * VERSION: Set to 3.0.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-libraries/CHANGES =================================================================== --- trunk/openvas-libraries/CHANGES 2009-12-07 08:36:01 UTC (rev 6067) +++ trunk/openvas-libraries/CHANGES 2009-12-07 08:46:31 UTC (rev 6068) @@ -1,3 +1,60 @@ +openvas-libraries 3.0.0-rc1 (2009-12-07) + +This release is the first release candidate of openvas-libraries +leading up to the upcoming 3.0 release of OpenVAS. +It introduces a significantly improved and changed source +code architecture and therefore introduces a new API for the +other OpenVAS components. + +OpenVAS 3.0 will introduce a new architecture where openvas-libraries +now includes openvas-libnasl as well as redundant code from openvas-client +and where openvas-server is renamed to openvas-scanner and includes any +platform-dependent elements of openvas-plugins. As a result of this, +the source code will shrink, though new features will be added. Also, +for running the scanner now only 2 modules are required (instead of 4 +as for OpenVAS 2.0). + +New features of OpenVAS include support for IPv6 and WMI-Clients. +Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator +as optional extension. This combination leverages the vulnerability +scanner to a comprehensive vulnerability management solution. + +The "release candidate" releases are intended to allow testing of the upcoming +3.0 series. It should be kept separate from OpenVAS 2.0 installations +and not be used in a production environment. + +Unless serious bugs are discovered, this release candidate will become the final +OpenVAS 3.0 release. Users are encouraged to test this release and to report +bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . + +Many thanks to everyone who has contributed to the 3.0.0 release: +Chandrashekhar B, Marcus Brinkmann, Tim Brown, Vlatko Kosturjak, Michael Meyer, +Matthew Mundell, Laban Mwangi, Srinivasa NL, Jan Wagner, Jan-Oliver Wagner, +Michael Wiegand and Felix Wolfsteller. + +Main changes compared to 2.0.x: + +* IPv6 support +* WMI-Client support +* Integration of openvas-libnasl +* New library "base" +* New library "omp" +* Former libopenvas renamed to libopenvas_misc +* New NVT cache implementation to overcome limitations +* Several files from openvas-client integrated +* Use of "cmake" to build base, omp and nasl +* glib dependency raised from 2.6 to 2.12 +* Minimum cmake version raised from 2.4 to 2.6 + +Main changes compared to 3.0.0-beta7: + +* A number of build issues on openSUSE 11.2 has been fixed. +* 64 bit compatibility has been improved. (Fixes: #1194, #1196) +* Temporary files created by NVTs are now correctly placed in the system + directory for temporary file (i.e. /tmp). (Fixes: #1170) +* The standalone NASL interpreter now supports relative paths. (Fixes: #1101). + + openvas-libraries 3.0.0-beta7 (2009-11-23) This release is the seventh beta version of openvas-libraries Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-07 08:36:01 UTC (rev 6067) +++ trunk/openvas-libraries/ChangeLog 2009-12-07 08:46:31 UTC (rev 6068) @@ -1,3 +1,13 @@ +2009-12-07 Michael Wiegand + + Preparing the openvas-libraries 3.0.0-rc1 release. + + * CHANGES: Updated. + + * VERSION: Set to 3.0.0.rc1. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + 2009-12-05 Michael Wiegand * nasl/exec.c (exec_nasl_script): Use correct glib function for Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2009-12-07 08:36:01 UTC (rev 6067) +++ trunk/openvas-libraries/VERSION 2009-12-07 08:46:31 UTC (rev 6068) @@ -1 +1 @@ -3.0.0.beta8.SVN +3.0.0.rc1 Modified: trunk/openvas-libraries/doc/Doxyfile =================================================================== --- trunk/openvas-libraries/doc/Doxyfile 2009-12-07 08:36:01 UTC (rev 6067) +++ trunk/openvas-libraries/doc/Doxyfile 2009-12-07 08:46:31 UTC (rev 6068) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta8.SVN +PROJECT_NUMBER = 3.0.0.rc1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-libraries/doc/Doxyfile_full =================================================================== --- trunk/openvas-libraries/doc/Doxyfile_full 2009-12-07 08:36:01 UTC (rev 6067) +++ trunk/openvas-libraries/doc/Doxyfile_full 2009-12-07 08:46:31 UTC (rev 6068) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta8.SVN +PROJECT_NUMBER = 3.0.0.rc1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Dec 7 10:00:11 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 10:00:11 +0100 (CET) Subject: [Openvas-commits] r6069 - tags Message-ID: <20091207090011.E1F5D865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 10:00:11 +0100 (Mon, 07 Dec 2009) New Revision: 6069 Added: tags/openvas-libraries-release-3.0.0-rc1/ Log: Tagging openvas-libraries 3.0.0-rc1 release. Copied: tags/openvas-libraries-release-3.0.0-rc1 (from rev 6068, trunk/openvas-libraries) From scm-commit at wald.intevation.org Mon Dec 7 10:01:49 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 10:01:49 +0100 (CET) Subject: [Openvas-commits] r6070 - in trunk/openvas-libraries: . doc Message-ID: <20091207090149.6D915865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 10:01:48 +0100 (Mon, 07 Dec 2009) New Revision: 6070 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/VERSION trunk/openvas-libraries/doc/Doxyfile trunk/openvas-libraries/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 3.0.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-07 09:00:11 UTC (rev 6069) +++ trunk/openvas-libraries/ChangeLog 2009-12-07 09:01:48 UTC (rev 6070) @@ -1,5 +1,13 @@ 2009-12-07 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 3.0.0.rc2.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2009-12-07 Michael Wiegand + Preparing the openvas-libraries 3.0.0-rc1 release. * CHANGES: Updated. Modified: trunk/openvas-libraries/VERSION =================================================================== --- trunk/openvas-libraries/VERSION 2009-12-07 09:00:11 UTC (rev 6069) +++ trunk/openvas-libraries/VERSION 2009-12-07 09:01:48 UTC (rev 6070) @@ -1 +1 @@ -3.0.0.rc1 +3.0.0.rc2.SVN Modified: trunk/openvas-libraries/doc/Doxyfile =================================================================== --- trunk/openvas-libraries/doc/Doxyfile 2009-12-07 09:00:11 UTC (rev 6069) +++ trunk/openvas-libraries/doc/Doxyfile 2009-12-07 09:01:48 UTC (rev 6070) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.rc1 +PROJECT_NUMBER = 3.0.0.rc2.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-libraries/doc/Doxyfile_full =================================================================== --- trunk/openvas-libraries/doc/Doxyfile_full 2009-12-07 09:00:11 UTC (rev 6069) +++ trunk/openvas-libraries/doc/Doxyfile_full 2009-12-07 09:01:48 UTC (rev 6070) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.rc1 +PROJECT_NUMBER = 3.0.0.rc2.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Dec 7 10:20:18 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 10:20:18 +0100 (CET) Subject: [Openvas-commits] r6071 - in trunk/openvas-scanner: . doc Message-ID: <20091207092018.BF590865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 10:20:17 +0100 (Mon, 07 Dec 2009) New Revision: 6071 Modified: trunk/openvas-scanner/CHANGES trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/VERSION trunk/openvas-scanner/doc/Doxyfile trunk/openvas-scanner/doc/Doxyfile_full Log: Preparing the openvas-scanner 3.0.0-rc1 release. * VERSION: Set to 3.0.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. Modified: trunk/openvas-scanner/CHANGES =================================================================== --- trunk/openvas-scanner/CHANGES 2009-12-07 09:01:48 UTC (rev 6070) +++ trunk/openvas-scanner/CHANGES 2009-12-07 09:20:17 UTC (rev 6071) @@ -1,3 +1,58 @@ +openvas-scanner 3.0.0-rc1 (2009-12-07) + +This release is the first release candidate of openvas-scanner +leading up to the upcoming 3.0 release of OpenVAS. +Apart from the name change from openvas-server to +openvas-scanner, the platform-dependent NVTs as +well as the OpenVAS NVT Feed synchronisation script +are now integrated. + +OpenVAS 3.0 will introduce a new architecture where openvas-libraries +now includes openvas-libnasl as well as redundant code from openvas-client +and where openvas-server is renamed to openvas-scanner and includes any +platform-dependent elements of openvas-plugins. As a result of this, +the source code will shrink, though new features will be added. Also, +for running the scanner now only 2 modules are required (instead of 4 +as for OpenVAS 2.0). + +New features of OpenVAS include support for IPv6 and WMI-Clients. +Version 3.0 prepares the new OpenVAS Manager and OpenVAS Administrator +as optional extension. This combination leverages the vulnerability +scanner to a comprehensive vulnerability management solution. + +The "release candidate" releases are intended to allow testing of the upcoming +3.0 series. It should be kept separate from OpenVAS 2.0 installations +and not be used in a production environment. + +Unless serious bugs are discovered, this release candidate will become the final +OpenVAS 3.0 release. Users are encouraged to test this release and to report +bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . + +Many thanks to everyone who has contributed to the 3.0.0 release: +Chandrashekhar B, Tim Brown, Javier Fernández-Sanguino Peña, +Vlatko Kosturjak, Matthew Mundell, Srinivasa NL, Jan Wagner, +Jan-Oliver Wagner, Michael Wiegand and Felix Wolfsteller. + +Main changes compared to 2.0.x: + +* IPv6 support +* Integration of platform dependent NVTs from openvas-plugins +* Integration of openvas-nvt-sync script +* Renamed daemon from openvasd to openvassd +* glib dependency raised from 2.6 to 2.12 +* openvasd-config removed as no other packages require this + package for building. +* For the same reason, no header files are installed anymore + +Main changes compared to 3.0.0-beta6: + +* IPv6 support has been improved. +* Support for the upcoming synchronization script API has been added to + openvas-nvt-sync. +* The amount of debug messages in the log files when not compiled in debug + mode has been reduced. + + openvas-scanner 3.0.0-beta6 (2009-11-23) This release is the sixth beta version of openvas-scanner Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-12-07 09:01:48 UTC (rev 6070) +++ trunk/openvas-scanner/ChangeLog 2009-12-07 09:20:17 UTC (rev 6071) @@ -1,3 +1,13 @@ +2009-12-07 Michael Wiegand + + Preparing the openvas-scanner 3.0.0-rc1 release. + + * VERSION: Set to 3.0.0.rc1. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CHANGES: Updated. + 2009-12-04 Jan-Oliver Wagner * openvas-nvt-sync.in: Added URL of feed home page. Modified: trunk/openvas-scanner/VERSION =================================================================== --- trunk/openvas-scanner/VERSION 2009-12-07 09:01:48 UTC (rev 6070) +++ trunk/openvas-scanner/VERSION 2009-12-07 09:20:17 UTC (rev 6071) @@ -1 +1 @@ -3.0.0.beta7.SVN +3.0.0.rc1 Modified: trunk/openvas-scanner/doc/Doxyfile =================================================================== --- trunk/openvas-scanner/doc/Doxyfile 2009-12-07 09:01:48 UTC (rev 6070) +++ trunk/openvas-scanner/doc/Doxyfile 2009-12-07 09:20:17 UTC (rev 6071) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta7.SVN +PROJECT_NUMBER = 3.0.0.rc1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-scanner/doc/Doxyfile_full =================================================================== --- trunk/openvas-scanner/doc/Doxyfile_full 2009-12-07 09:01:48 UTC (rev 6070) +++ trunk/openvas-scanner/doc/Doxyfile_full 2009-12-07 09:20:17 UTC (rev 6071) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta7.SVN +PROJECT_NUMBER = 3.0.0.rc1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Dec 7 10:38:58 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 10:38:58 +0100 (CET) Subject: [Openvas-commits] r6072 - tags Message-ID: <20091207093858.BE7FE865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 10:38:58 +0100 (Mon, 07 Dec 2009) New Revision: 6072 Added: tags/openvas-scanner-release-3.0.0-rc1/ Log: Tagging openvas-scanner 3.0.0-rc1 release. Copied: tags/openvas-scanner-release-3.0.0-rc1 (from rev 6071, trunk/openvas-scanner) From scm-commit at wald.intevation.org Mon Dec 7 10:40:57 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 10:40:57 +0100 (CET) Subject: [Openvas-commits] r6073 - in trunk/openvas-scanner: . doc Message-ID: <20091207094057.5A018865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 10:40:56 +0100 (Mon, 07 Dec 2009) New Revision: 6073 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/VERSION trunk/openvas-scanner/doc/Doxyfile trunk/openvas-scanner/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 3.0.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-12-07 09:38:58 UTC (rev 6072) +++ trunk/openvas-scanner/ChangeLog 2009-12-07 09:40:56 UTC (rev 6073) @@ -1,5 +1,13 @@ 2009-12-07 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 3.0.0.rc2.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2009-12-07 Michael Wiegand + Preparing the openvas-scanner 3.0.0-rc1 release. * VERSION: Set to 3.0.0.rc1. Modified: trunk/openvas-scanner/VERSION =================================================================== --- trunk/openvas-scanner/VERSION 2009-12-07 09:38:58 UTC (rev 6072) +++ trunk/openvas-scanner/VERSION 2009-12-07 09:40:56 UTC (rev 6073) @@ -1 +1 @@ -3.0.0.rc1 +3.0.0.rc2.SVN Modified: trunk/openvas-scanner/doc/Doxyfile =================================================================== --- trunk/openvas-scanner/doc/Doxyfile 2009-12-07 09:38:58 UTC (rev 6072) +++ trunk/openvas-scanner/doc/Doxyfile 2009-12-07 09:40:56 UTC (rev 6073) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.rc1 +PROJECT_NUMBER = 3.0.0.rc2.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-scanner/doc/Doxyfile_full =================================================================== --- trunk/openvas-scanner/doc/Doxyfile_full 2009-12-07 09:38:58 UTC (rev 6072) +++ trunk/openvas-scanner/doc/Doxyfile_full 2009-12-07 09:40:56 UTC (rev 6073) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.rc1 +PROJECT_NUMBER = 3.0.0.rc2.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Dec 7 11:15:08 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 11:15:08 +0100 (CET) Subject: [Openvas-commits] r6074 - in trunk/openvas-client: . doc Message-ID: <20091207101508.95E30865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 11:15:06 +0100 (Mon, 07 Dec 2009) New Revision: 6074 Modified: trunk/openvas-client/CHANGES trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION trunk/openvas-client/doc/Doxyfile trunk/openvas-client/doc/Doxyfile_full Log: Preparing the openvas-client 3.0.0-rc1 release. * VERSION: Set to 3.0.0.rc1. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. * ChangeLog: Fixed entry formatting. Modified: trunk/openvas-client/CHANGES =================================================================== --- trunk/openvas-client/CHANGES 2009-12-07 09:40:56 UTC (rev 6073) +++ trunk/openvas-client/CHANGES 2009-12-07 10:15:06 UTC (rev 6074) @@ -1,3 +1,55 @@ +openvas-client 3.0.0-rc1 (2009-12-07) + +This release is the first release candidate of openvas-client +leading up to the upcoming 3.0 release of OpenVAS. + +OpenVAS 3.0 will introduce a new architecture where openvas-libraries +is now mandatory dependency for openvas-client (removing a +significant amount of redundant source code). + +New features of OpenVAS-Client include support for IPv6 and +OpenVAS Management Protocol (OMP). The latter is optional for +use of the new OpenVAS Manager. OpenVAS-Client 3.0 remains +compatible with OpenVAS 2.0 Scanners. + +The "release candidate" releases are intended to allow testing of the upcoming +3.0 series. It should be kept separate from OpenVAS 2.0 installations +and not be used in a production environment. + +Unless serious bugs are discovered, this release candidate will become the final +OpenVAS 3.0 release. Users are encouraged to test this release and to report +bugs to the OpenVAS bug tracker located at http://bugs.openvas.org/ . + +Many thanks to everyone who has contributed to the 3.0.0 release: +Marcus Brinkmann, Tim Brown, Matthew Mundell, Jan-Oliver Wagner, +Michael Wiegand and Felix Wolfsteller. + +Main changes compared to 2.0.x: + +* IPv6 support +* Integration of OMP Support (to be activated at compile time) + It is even possible to configure the client at compile time + to use only OMP. +* Introduces dependency to openvas-libraries +* Redundant consolidated into openvas-libraries and removed +* Migration from OpenSSL to GNUTLS for the SSL-based + communication encryption +* glib dependency raised from 2.6 to 2.12 +* openvasclient-mkrand is removed +* vhosts support + +Main changes compared to 3.0.0-beta4: + +* Support for vhosts has been added. +* A bug which cause view options to not be correctly restored has been + fixed. (Fixes: #944) +* A bug which prevented the renaming of OTP scopes and OMP servers has + been fixed. +* GnuTLS availability is now being checked at configure time. (Fixes: + #1188) +* The progress bar is now displayed again when connecting to a server. + + openvas-client 3.0.0-beta4 (2009-11-09) This release is the fourth beta version of openvas-client Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-12-07 09:40:56 UTC (rev 6073) +++ trunk/openvas-client/ChangeLog 2009-12-07 10:15:06 UTC (rev 6074) @@ -1,3 +1,15 @@ +2009-12-07 Michael Wiegand + + Preparing the openvas-client 3.0.0-rc1 release. + + * VERSION: Set to 3.0.0.rc1. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CHANGES: Updated. + + * ChangeLog: Fixed entry formatting. + 2009-11-24 Christian Kuersteiner Fixed the progress bar when connecting to the scanner @@ -27,9 +39,9 @@ 2009-11-18 Christian Kuersteiner - * openvas/prefs_dialog/prefs_scan_assistant.c - (scan_assistant_create_dialog): Added text for virtual host syntax - on step 3. + * openvas/prefs_dialog/prefs_scan_assistant.c + (scan_assistant_create_dialog): Added text for virtual host syntax + on step 3. 2009-11-13 Felix Wolfsteller Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2009-12-07 09:40:56 UTC (rev 6073) +++ trunk/openvas-client/VERSION 2009-12-07 10:15:06 UTC (rev 6074) @@ -1 +1 @@ -3.0.0.beta5.SVN +3.0.0.rc1 Modified: trunk/openvas-client/doc/Doxyfile =================================================================== --- trunk/openvas-client/doc/Doxyfile 2009-12-07 09:40:56 UTC (rev 6073) +++ trunk/openvas-client/doc/Doxyfile 2009-12-07 10:15:06 UTC (rev 6074) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta5.SVN +PROJECT_NUMBER = 3.0.0.rc1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-client/doc/Doxyfile_full =================================================================== --- trunk/openvas-client/doc/Doxyfile_full 2009-12-07 09:40:56 UTC (rev 6073) +++ trunk/openvas-client/doc/Doxyfile_full 2009-12-07 10:15:06 UTC (rev 6074) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.beta5.SVN +PROJECT_NUMBER = 3.0.0.rc1 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Dec 7 11:34:41 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 11:34:41 +0100 (CET) Subject: [Openvas-commits] r6075 - in trunk/openvas-plugins: . scripts Message-ID: <20091207103441.8A6DB865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 11:34:38 +0100 (Mon, 07 Dec 2009) New Revision: 6075 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/slad_fetch_results.nasl trunk/openvas-plugins/scripts/slad_run.nasl Log: * scripts/slad_fetch_results.nasl, scripts/slad_run.nasl: Fixed family. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-07 10:15:06 UTC (rev 6074) +++ trunk/openvas-plugins/ChangeLog 2009-12-07 10:34:38 UTC (rev 6075) @@ -1,3 +1,7 @@ +2009-12-07 Michael Wiegand + + * scripts/slad_fetch_results.nasl, scripts/slad_run.nasl: Fixed family. + 2009-12-07 Michael Meyer * scripts/cpe_policy.nasl: Modified: trunk/openvas-plugins/scripts/slad_fetch_results.nasl =================================================================== --- trunk/openvas-plugins/scripts/slad_fetch_results.nasl 2009-12-07 10:15:06 UTC (rev 6074) +++ trunk/openvas-plugins/scripts/slad_fetch_results.nasl 2009-12-07 10:34:38 UTC (rev 6075) @@ -52,7 +52,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright 2005 DN Systems GmbH"); - family = "SLAD"; + family = "General"; script_family(family); script_dependencies ("find_service.nes", "ssh_authorization.nasl"); Modified: trunk/openvas-plugins/scripts/slad_run.nasl =================================================================== --- trunk/openvas-plugins/scripts/slad_run.nasl 2009-12-07 10:15:06 UTC (rev 6074) +++ trunk/openvas-plugins/scripts/slad_run.nasl 2009-12-07 10:34:38 UTC (rev 6075) @@ -52,7 +52,7 @@ script_category(ACT_GATHER_INFO); script_copyright("This script is Copyright 2005 DN Systems GmbH"); - family = "SLAD"; + family = "General"; script_family(family); script_dependencies ("find_service.nes", "ssh_authorization.nasl"); From scm-commit at wald.intevation.org Mon Dec 7 11:46:03 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 11:46:03 +0100 (CET) Subject: [Openvas-commits] r6076 - tags Message-ID: <20091207104603.BEA61861F2C9@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 11:46:03 +0100 (Mon, 07 Dec 2009) New Revision: 6076 Added: tags/openvas-client-release-3.0.0-rc1/ Log: Tagging openvas-client 3.0.0-rc1 release. Copied: tags/openvas-client-release-3.0.0-rc1 (from rev 6075, trunk/openvas-client) From scm-commit at wald.intevation.org Mon Dec 7 11:48:10 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 11:48:10 +0100 (CET) Subject: [Openvas-commits] r6077 - in trunk/openvas-client: . doc Message-ID: <20091207104810.CFB1B861F2C9@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 11:48:09 +0100 (Mon, 07 Dec 2009) New Revision: 6077 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION trunk/openvas-client/doc/Doxyfile trunk/openvas-client/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 3.0.0.rc2.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-12-07 10:46:03 UTC (rev 6076) +++ trunk/openvas-client/ChangeLog 2009-12-07 10:48:09 UTC (rev 6077) @@ -1,5 +1,13 @@ 2009-12-07 Michael Wiegand + Post-release version bump. + + * VERSION: Set to 3.0.0.rc2.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + +2009-12-07 Michael Wiegand + Preparing the openvas-client 3.0.0-rc1 release. * VERSION: Set to 3.0.0.rc1. Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2009-12-07 10:46:03 UTC (rev 6076) +++ trunk/openvas-client/VERSION 2009-12-07 10:48:09 UTC (rev 6077) @@ -1 +1 @@ -3.0.0.rc1 +3.0.0.rc2.SVN Modified: trunk/openvas-client/doc/Doxyfile =================================================================== --- trunk/openvas-client/doc/Doxyfile 2009-12-07 10:46:03 UTC (rev 6076) +++ trunk/openvas-client/doc/Doxyfile 2009-12-07 10:48:09 UTC (rev 6077) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.rc1 +PROJECT_NUMBER = 3.0.0.rc2.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-client/doc/Doxyfile_full =================================================================== --- trunk/openvas-client/doc/Doxyfile_full 2009-12-07 10:46:03 UTC (rev 6076) +++ trunk/openvas-client/doc/Doxyfile_full 2009-12-07 10:48:09 UTC (rev 6077) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 3.0.0.rc1 +PROJECT_NUMBER = 3.0.0.rc2.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Mon Dec 7 12:04:50 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 12:04:50 +0100 (CET) Subject: [Openvas-commits] r6078 - trunk/doc/website Message-ID: <20091207110450.D3663865F48D@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 12:04:50 +0100 (Mon, 07 Dec 2009) New Revision: 6078 Modified: trunk/doc/website/template_header.m4 Log: Updated download links for rc1 releases. Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2009-12-07 10:48:09 UTC (rev 6077) +++ trunk/doc/website/template_header.m4 2009-12-07 11:04:50 UTC (rev 6078) @@ -177,10 +177,10 @@

      - OpenVAS 3.0 BETA:
      - -libraries 3.0.0-beta7
      - -scanner 3.0.0-beta6
      - -client 3.0.0-beta4
      + OpenVAS 3.0 Release Candidate:
      + -libraries 3.0.0-rc1
      + -scanner 3.0.0-rc1
      + -client 3.0.0-rc1
      Optional:
      -manager 0.9.5
      -administrator 0.2.2
      From scm-commit at wald.intevation.org Mon Dec 7 15:16:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 15:16:34 +0100 (CET) Subject: [Openvas-commits] r6079 - trunk/gsa Message-ID: <20091207141634.EBFD385D9F49@pyrosoma.intevation.org> Author: felix Date: 2009-12-07 15:16:33 +0100 (Mon, 07 Dec 2009) New Revision: 6079 Modified: trunk/gsa/CMakeLists.txt trunk/gsa/ChangeLog Log: * CMakeLists.txt: Added checks for pkg-config and libopenvas-config. Modified: trunk/gsa/CMakeLists.txt =================================================================== --- trunk/gsa/CMakeLists.txt 2009-12-07 11:04:50 UTC (rev 6078) +++ trunk/gsa/CMakeLists.txt 2009-12-07 14:16:33 UTC (rev 6079) @@ -35,6 +35,41 @@ SET (CMAKE_BUILD_TYPE debug) +## Check existence required tools + +SET (MANDATORY_TOOL_MISSING FALSE) + +FIND_PROGRAM(PATH_TO_PKGCONFIG pkgo-config DOC "pkg-config program to retrieve " + "information about installed libraries in the system.") + +FIND_PROGRAM(PATH_TO_LIBOPENVASCONFIG libopenvas-config DOC "libopenvas-config program" + " to retrieve information about installed" + " openvas-libraries in the system.") + +MESSAGE(STATUS "Looking for pkg-config... ${PATH_TO_PKGCONFIG}") +IF(NOT PATH_TO_PKGCONFIG) + SET(MANDATORY_TOOL_MISSING TRUE) +ENDIF(NOT PATH_TO_PKGCONFIG) + +MESSAGE(STATUS "Looking for libopenvas-config... ${PATH_TO_LIBOPENVASCONFIG}") +IF(NOT PATH_TO_LIBOPENVASCONFIG) + SET(MANDATORY_TOOL_MISSING TRUE) +ENDIF(NOT PATH_TO_LIBOPENVASCONFIG) + +IF(MANDATORY_TOOL_MISSING) + MESSAGE("One or more tools or libraries could not be found on your system:") + IF(NOT PATH_TO_PKGCONFIG) + MESSAGE(FATAL_ERROR " - The pkg-config tool is required.") + ENDIF(NOT PATH_TO_PKGCONFIG) + IF(NOT PATH_TO_LIBOPENVASCONFIG) + MESSAGE(FATAL_ERROR " - The libopenvas-config tool is required (part of " + "openvas-libraries).") + ENDIF(NOT PATH_TO_LIBOPENVASCONFIG) +ENDIF(MANDATORY_TOOL_MISSING) + +# TODO: Check for libmicrohttpd, rats, flawfinder, splint, doxygen. +# (with the later 4 being optional) + ## CPack configuration SET(CPACK_CMAKE_GENERATOR "Unix Makefiles") Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-07 11:04:50 UTC (rev 6078) +++ trunk/gsa/ChangeLog 2009-12-07 14:16:33 UTC (rev 6079) @@ -1,3 +1,7 @@ +2009-12-07 Felix Wolfsteller + + * CMakeLists.txt: Added checks for pkg-config and libopenvas-config. + 2009-12-03 Michael Wiegand Added initial NVT feed synchronization support. From scm-commit at wald.intevation.org Mon Dec 7 15:20:53 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 15:20:53 +0100 (CET) Subject: [Openvas-commits] r6080 - trunk/gsa Message-ID: <20091207142053.6F6DF85D9F48@pyrosoma.intevation.org> Author: felix Date: 2009-12-07 15:20:51 +0100 (Mon, 07 Dec 2009) New Revision: 6080 Modified: trunk/gsa/CMakeLists.txt trunk/gsa/ChangeLog Log: * CMakeLists.txt: Improved checks for pkg-config and libopenvas-config, Intention was to first collect missing tools and then report on them to avoid configure-install cycles. Modified: trunk/gsa/CMakeLists.txt =================================================================== --- trunk/gsa/CMakeLists.txt 2009-12-07 14:16:33 UTC (rev 6079) +++ trunk/gsa/CMakeLists.txt 2009-12-07 14:20:51 UTC (rev 6080) @@ -39,7 +39,7 @@ SET (MANDATORY_TOOL_MISSING FALSE) -FIND_PROGRAM(PATH_TO_PKGCONFIG pkgo-config DOC "pkg-config program to retrieve " +FIND_PROGRAM(PATH_TO_PKGCONFIG pkg-config DOC "pkg-config program to retrieve " "information about installed libraries in the system.") FIND_PROGRAM(PATH_TO_LIBOPENVASCONFIG libopenvas-config DOC "libopenvas-config program" @@ -57,14 +57,14 @@ ENDIF(NOT PATH_TO_LIBOPENVASCONFIG) IF(MANDATORY_TOOL_MISSING) - MESSAGE("One or more tools or libraries could not be found on your system:") IF(NOT PATH_TO_PKGCONFIG) - MESSAGE(FATAL_ERROR " - The pkg-config tool is required.") + MESSAGE("The pkg-config tool is required.") ENDIF(NOT PATH_TO_PKGCONFIG) IF(NOT PATH_TO_LIBOPENVASCONFIG) - MESSAGE(FATAL_ERROR " - The libopenvas-config tool is required (part of " - "openvas-libraries).") + MESSAGE("The libopenvas-config tool is required (part of openvas-libraries).") ENDIF(NOT PATH_TO_LIBOPENVASCONFIG) + MESSAGE(FATAL_ERROR "One or more tools or libraries could not be found on " + "your system. Please check the logs above.") ENDIF(MANDATORY_TOOL_MISSING) # TODO: Check for libmicrohttpd, rats, flawfinder, splint, doxygen. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-07 14:16:33 UTC (rev 6079) +++ trunk/gsa/ChangeLog 2009-12-07 14:20:51 UTC (rev 6080) @@ -1,5 +1,11 @@ 2009-12-07 Felix Wolfsteller + * CMakeLists.txt: Improved checks for pkg-config and libopenvas-config, + Intention was to first collect missing tools and then report on them to + avoid configure-install cycles. + +2009-12-07 Felix Wolfsteller + * CMakeLists.txt: Added checks for pkg-config and libopenvas-config. 2009-12-03 Michael Wiegand From scm-commit at wald.intevation.org Mon Dec 7 16:17:14 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 16:17:14 +0100 (CET) Subject: [Openvas-commits] r6081 - in trunk/openvas-manager: . src Message-ID: <20091207151714.7A2C6861F2F7@pyrosoma.intevation.org> Author: timb Date: 2009-12-07 16:17:12 +0100 (Mon, 07 Dec 2009) New Revision: 6081 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/omp.c Log: Fixed up some free()s Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-12-07 14:20:51 UTC (rev 6080) +++ trunk/openvas-manager/ChangeLog 2009-12-07 15:17:12 UTC (rev 6081) @@ -1,3 +1,7 @@ +2009-12-07 Tim Brown + + * src/omp.c: Fixed up some free()s. + 2009-12-02 Michael Wiegand Fixed a bug which caused NVT selections in non-growing families to be Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-12-07 14:20:51 UTC (rev 6080) +++ trunk/openvas-manager/src/omp.c 2009-12-07 15:17:12 UTC (rev 6081) @@ -5414,7 +5414,7 @@ if (hosts == NULL) { request_delete_task (¤t_client_task); - g_free (description); + free (description); free (tsk_uuid); SEND_TO_CLIENT_OR_FAIL (XML_ERROR_SYNTAX @@ -5424,7 +5424,7 @@ set_client_state (CLIENT_AUTHENTIC); break; } - g_free (description); + free (description); target_name = g_strdup_printf ("Imported target for task %s", tsk_uuid); @@ -5947,7 +5947,7 @@ g_free (response); g_free (name); g_free (description64); - g_free (tsk_uuid); + free (tsk_uuid); if (ret) { error_send_to_client (error); @@ -6252,7 +6252,7 @@ g_free (last_report); g_free (second_last_report); free (name); - free (description64); + g_free (description64); free (tsk_uuid); if (send_to_client (line)) { From scm-commit at wald.intevation.org Mon Dec 7 16:57:00 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 16:57:00 +0100 (CET) Subject: [Openvas-commits] r6082 - in trunk/gsa: . src Message-ID: <20091207155700.B83D0861F2D5@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-07 16:57:00 +0100 (Mon, 07 Dec 2009) New Revision: 6082 Modified: trunk/gsa/ChangeLog trunk/gsa/src/gsad.c Log: Fixed a bug which caused the GSA to hang or crash when editing the configuration for a family containing ":". * src/gsad.c (init_validator): Added / fixed regular expressions for family names. (exec_omp_post): Repaired validator usage. Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-07 15:17:12 UTC (rev 6081) +++ trunk/gsa/ChangeLog 2009-12-07 15:57:00 UTC (rev 6082) @@ -1,3 +1,12 @@ +2009-12-07 Michael Wiegand + + Fixed a bug which caused the GSA to hang or crash when editing the + configuration for a family containing ":". + + * src/gsad.c (init_validator): Added / fixed regular expressions for + family names. + (exec_omp_post): Repaired validator usage. + 2009-12-07 Felix Wolfsteller * CMakeLists.txt: Improved checks for pkg-config and libopenvas-config, Modified: trunk/gsa/src/gsad.c =================================================================== --- trunk/gsa/src/gsad.c 2009-12-07 15:17:12 UTC (rev 6081) +++ trunk/gsa/src/gsad.c 2009-12-07 15:57:00 UTC (rev 6082) @@ -194,7 +194,7 @@ openvas_validator_add (validator, "boolean", "^0|1$"); openvas_validator_add (validator, "comment", "^[-_[:alnum:], \\./]{0,400}$"); openvas_validator_add (validator, "create_credentials_type", "^(gen|pass)$"); - openvas_validator_add (validator, "family", "^[-_[:alnum:] ]{1,200}$"); + openvas_validator_add (validator, "family", "^[-_[:alnum:] :]{1,200}$"); openvas_validator_add (validator, "first_result", "^[0-9]+$"); openvas_validator_add (validator, "format", "^(html)|(nbe)|(pdf)|(xml)$"); openvas_validator_add (validator, "hosts", "^[[:alnum:], \\./]{1,80}$"); @@ -204,6 +204,7 @@ openvas_validator_add (validator, "name", "^[-_[:alnum:], \\./]{1,80}$"); openvas_validator_add (validator, "oid", "^[0-9.]{1,80}$"); openvas_validator_add (validator, "page", "^[_[:alnum:] ]{1,40}$"); + openvas_validator_add (validator, "family_page", "^[_[:alnum:] :]{1,40}$"); openvas_validator_add (validator, "package_format", "^(key)|(rpm)|(deb)|(exe)$"); openvas_validator_add (validator, "password", "^[[:alnum:], \\./]{0,40}$"); /** @todo Better regex. */ @@ -1159,10 +1160,10 @@ free (con_info->req_parms.name); con_info->req_parms.name = NULL; } - if (openvas_validate (validator, "page", con_info->req_parms.submit)) + if (openvas_validate (validator, "family_page", con_info->req_parms.submit)) { free (con_info->req_parms.submit); - con_info->req_parms.name = NULL; + con_info->req_parms.submit = NULL; } con_info->response = save_config_omp (credentials, @@ -1183,8 +1184,8 @@ } if (openvas_validate (validator, "family", con_info->req_parms.family)) { - free (con_info->req_parms.name); - con_info->req_parms.name = NULL; + free (con_info->req_parms.family); + con_info->req_parms.family = NULL; } con_info->response = save_config_family_omp (credentials, @@ -1203,8 +1204,8 @@ } if (openvas_validate (validator, "family", con_info->req_parms.family)) { - free (con_info->req_parms.name); - con_info->req_parms.name = NULL; + free (con_info->req_parms.family); + con_info->req_parms.family = NULL; } if (openvas_validate (validator, "oid", con_info->req_parms.oid)) { From scm-commit at wald.intevation.org Mon Dec 7 18:08:46 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 18:08:46 +0100 (CET) Subject: [Openvas-commits] r6083 - in trunk/openvas-libraries: . misc Message-ID: <20091207170846.B622B861F2EE@pyrosoma.intevation.org> Author: timb Date: 2009-12-07 18:08:45 +0100 (Mon, 07 Dec 2009) New Revision: 6083 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/store.c Log: Fixed a potential memory leak Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-07 15:57:00 UTC (rev 6082) +++ trunk/openvas-libraries/ChangeLog 2009-12-07 17:08:45 UTC (rev 6083) @@ -1,3 +1,7 @@ +2009-12-07 Tim Brown + + * misc/store.c: Fixed a potential memory leak. + 2009-12-07 Michael Wiegand Post-release version bump. Modified: trunk/openvas-libraries/misc/store.c =================================================================== --- trunk/openvas-libraries/misc/store.c 2009-12-07 15:57:00 UTC (rev 6082) +++ trunk/openvas-libraries/misc/store.c 2009-12-07 17:08:45 UTC (rev 6083) @@ -323,7 +323,18 @@ g_free(dummy); - if (desc_file == NULL || path == NULL) return; // g_build_filename failed + if (desc_file == NULL || path == NULL) + { + if (desc_file != NULL) + { + g_free(desc_file); + } + if (path != NULL) + { + g_free(path); + } + return; // g_build_filename failed + } nvti_t * n = nvti_new(); From scm-commit at wald.intevation.org Mon Dec 7 18:48:14 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 18:48:14 +0100 (CET) Subject: [Openvas-commits] r6084 - trunk/doc Message-ID: <20091207174814.89F6F861F2EE@pyrosoma.intevation.org> Author: felix Date: 2009-12-07 18:48:13 +0100 (Mon, 07 Dec 2009) New Revision: 6084 Modified: trunk/doc/howto-release.txt Log: Added step about howto reenable svn revision numbers in tarballs after a release for cmake based projects. Modified: trunk/doc/howto-release.txt =================================================================== --- trunk/doc/howto-release.txt 2009-12-07 17:08:45 UTC (rev 6083) +++ trunk/doc/howto-release.txt 2009-12-07 17:48:13 UTC (rev 6084) @@ -117,3 +117,6 @@ and use CHANGES to fill in Release notes (general text of CHANGES) and ChangeLog (item list of CHANGES). Use the version number as "Release Name" and tick the "Preserve my pre-formatted text" Checkbox. + +10. Run $ cmake -DPREPARE_RELEASE=0 to reenable SVN revision numbers in tarball + file names when calling make package_source. From scm-commit at wald.intevation.org Mon Dec 7 19:02:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 7 Dec 2009 19:02:22 +0100 (CET) Subject: [Openvas-commits] r6085 - in trunk/openvas-libraries: . misc Message-ID: <20091207180222.6B9FA861EABF@pyrosoma.intevation.org> Author: felix Date: 2009-12-07 19:02:21 +0100 (Mon, 07 Dec 2009) New Revision: 6085 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/pcap.c Log: * misc/pcap.c: Cosmetics and docs. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-07 17:48:13 UTC (rev 6084) +++ trunk/openvas-libraries/ChangeLog 2009-12-07 18:02:21 UTC (rev 6085) @@ -1,3 +1,7 @@ +2009-12-07 Felix Wolfsteller + + * misc/pcap.c: Cosmetics and docs. + 2009-12-07 Tim Brown * misc/store.c: Fixed a potential memory leak. Modified: trunk/openvas-libraries/misc/pcap.c =================================================================== --- trunk/openvas-libraries/misc/pcap.c 2009-12-07 17:48:13 UTC (rev 6084) +++ trunk/openvas-libraries/misc/pcap.c 2009-12-07 18:02:21 UTC (rev 6085) @@ -57,7 +57,8 @@ struct interface_info *v6_getinterfaces(int *howmany); int getipv6routes(struct myroute *myroutes, int *numroutes); -static void ipv6addrmask(struct in6_addr *in6addr, int mask) +static void +ipv6addrmask (struct in6_addr *in6addr, int mask) { int wordmask; int word; @@ -256,15 +257,13 @@ bpf = bpf_open_live(iface, filter); - if(bpf < 0) - { - close(soc); - return -1; - } + if (bpf < 0) + { + close (soc); + return -1; + } - /* - * We only deal with ethernet - */ + /* We only deal with ethernet. */ if(bpf_datalink(bpf) != DLT_EN10MB) { bpf_close(bpf); @@ -523,8 +522,8 @@ { char dev[128]; - if(addr == NULL) - return -1; + if (addr == NULL) + return -1; /* If it is 0.0.0.0 or starts with 127.0.0.1 then it is probably localhost */ @@ -718,6 +717,10 @@ return mydevs; } +/** + * @param[out] howmany Return location for the number of interfaces found + * (might be NULL). + */ struct interface_info* getinterfaces (int *howmany) { @@ -731,55 +734,65 @@ struct ifreq *ifr; struct sockaddr_in *sin; - /* Dummy socket for ioctl */ - sd = socket(AF_INET, SOCK_DGRAM, 0); - bzero(buf, sizeof(buf)); - if (sd < 0) printf("socket in getinterfaces"); - ifc.ifc_len = sizeof(buf); - ifc.ifc_buf = buf; - if (ioctl(sd, SIOCGIFCONF, &ifc) < 0) { - printf("Failed to determine your configured interfaces!\n"); - } - close(sd); - ifr = (struct ifreq *) buf; - if (ifc.ifc_len == 0) - printf("getinterfaces: SIOCGIFCONF claims you have no network interfaces!\n"); + /* Dummy socket for ioctl. */ + sd = socket (AF_INET, SOCK_DGRAM, 0); + bzero (buf, sizeof(buf)); + if (sd < 0) + printf ("socket in getinterfaces"); + + ifc.ifc_len = sizeof (buf); + ifc.ifc_buf = buf; + if (ioctl (sd, SIOCGIFCONF, &ifc) < 0) + printf ("Failed to determine your configured interfaces!\n"); + + close (sd); + ifr = (struct ifreq *) buf; + if (ifc.ifc_len == 0) + printf ("getinterfaces: SIOCGIFCONF claims you have no network interfaces!\n"); + #ifdef HAVE_SOCKADDR_SA_LEN len = ifr->ifr_addr.sa_len; #else #ifdef HAVE_STRUCT_IFMAP - len = sizeof(struct ifmap); + len = sizeof (struct ifmap); #else - len = sizeof(struct sockaddr); + len = sizeof (struct sockaddr); #endif #endif - for(; ifr && *((char *)ifr) && ((char *)ifr) < buf + ifc.ifc_len; + + for ( ; ifr && *((char*) ifr) && ((char*) ifr) < buf + ifc.ifc_len; /* FIXME: for the next source code line the gentoo packaging process * reports the following problem (disregard the line number): * QA Notice: Package has poor programming practices which may compile * fine but exhibit random runtime failures. * pcap.c:342: warning: dereferencing type-punned pointer will break strict-aliasing rules */ - ((*(char **)&ifr) += sizeof(ifr->ifr_name) + len )) { + ((*(char **)&ifr) += sizeof (ifr->ifr_name) + len )) + { sin = (struct sockaddr_in *) &ifr->ifr_addr; - memcpy(&(mydevs[numinterfaces].addr), (char *) &(sin->sin_addr), sizeof(struct in_addr)); + memcpy (&(mydevs[numinterfaces].addr), (char *) &(sin->sin_addr), sizeof (struct in_addr)); /* In case it is a stinkin' alias */ - if ((p = strchr(ifr->ifr_name, ':'))) - *p = '\0'; - strncpy(mydevs[numinterfaces].name, ifr->ifr_name, 63); + if ((p = strchr (ifr->ifr_name, ':'))) + *p = '\0'; + strncpy (mydevs[numinterfaces].name, ifr->ifr_name, 63); mydevs[numinterfaces].name[63] = '\0'; numinterfaces++; - if (numinterfaces == 1023) { - printf("My god! You seem to have WAY too many interfaces! Things may not work right\n"); - break; - } + if (numinterfaces == 1023) + { + printf("You seem to have more than 1023 network interfaces. Things may not work right.\n"); + break; + } #if HAVE_SOCKADDR_SA_LEN /* len = MAX(sizeof(struct sockaddr), ifr->ifr_addr.sa_len);*/ len = ifr->ifr_addr.sa_len; #endif mydevs[numinterfaces].name[0] = '\0'; - } - if (howmany) *howmany = numinterfaces; + } + + // If output parameter given, set value + if (howmany) + *howmany = numinterfaces; + return mydevs; } From scm-commit at wald.intevation.org Tue Dec 8 05:49:27 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 05:49:27 +0100 (CET) Subject: [Openvas-commits] r6086 - in trunk/openvas-plugins: . scripts Message-ID: <20091208044927.AC001861F2E2@pyrosoma.intevation.org> Author: chandra Date: 2009-12-08 05:49:24 +0100 (Tue, 08 Dec 2009) New Revision: 6086 Added: trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl trunk/openvas-plugins/scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl trunk/openvas-plugins/scripts/gb_outreach_project_tool_detect.nasl trunk/openvas-plugins/scripts/gb_outreach_project_tool_rfi_vuln.nasl trunk/openvas-plugins/scripts/gb_serenity_player_code_exec_vuln.nasl trunk/openvas-plugins/scripts/gb_serenity_player_detect.nasl trunk/openvas-plugins/scripts/gb_yahoo_msg_actvx_ctrl_dos_vuln.nasl trunk/openvas-plugins/scripts/gb_yahoo_msg_detect.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/cpe.inc trunk/openvas-plugins/scripts/cutenews_detect.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/ChangeLog 2009-12-08 04:49:24 UTC (rev 6086) @@ -1,3 +1,19 @@ +2009-12-08 Chandrashekhar B + + * scripts/gb_yahoo_msg_detect.nasl, + scripts/gb_outreach_project_tool_rfi_vuln.nasl, + scripts/gb_apple_safari_css_bof_vuln.nasl, + scripts/gb_serenity_player_code_exec_vuln.nasl, + scripts/gb_yahoo_msg_actvx_ctrl_dos_vuln.nasl, + scripts/gb_serenity_player_detect.nasl, + scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl, + scripts/gb_outreach_project_tool_detect.nasl: + Added new plugins. + + * scripts/cutenews_detect.nasl: Include new search directory. + + * scripts/cpe.inc: Added new KB items. + 2009-12-07 Michael Wiegand * scripts/slad_fetch_results.nasl, scripts/slad_run.nasl: Fixed family. Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/cve_current.txt 2009-12-08 04:49:24 UTC (rev 6086) @@ -340,4 +340,16 @@ CVE-2009-4150 SecPod svn L CVE-2009-4194 SecPod svn R CVE-2009-4114 SecPod svn L +CVE-2009-4082 SecPod svn R +CVE-2009-4171 SecPod svn L +CVE-2009-4186 SecPod svn L +CVE-2009-4113 SecPod svn R +CVE-2009-4116 SecPod svn R +CVE-2009-4115 SecPod svn R +CVE-2009-4173 SecPod svn R +CVE-2009-4172 SecPod svn R +CVE-2009-4175 SecPod svn R +CVE-2009-4174 SecPod svn R +CVE-2009-4097 SecPod svn L + Modified: trunk/openvas-plugins/scripts/cpe.inc =================================================================== --- trunk/openvas-plugins/scripts/cpe.inc 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-08 04:49:24 UTC (rev 6086) @@ -676,6 +676,7 @@ "www/*/linkSpheric", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:dataspheric:linkspheric:", "www/*/flatpress", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:flatpress:flatpress:", "www/*/PHPGenealogie", "^([0-9.]+)", "cpe:/a:phpgenealogy:phpgenealogy:", +"www/*/OPT", "^([0-9.]+)", "cpe:/a:lanifex:outreach_project_tool:", "BackupPC/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:craig_barratt:backuppc:", "www/*/MRBS", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:john_beranek:meeting_room_booking_system:", "IBM/InstallMang/Win/Ver", "^([0-9.]+)", "cpe:/a:ibm:installation_manager:", @@ -740,7 +741,10 @@ "Robo/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?" , "cpe:/a:robo-ftp:robo-ftp:", "TYPSoft/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:typsoft:typsoft_ftp_server:", "Golden/FTP/Pro/Ver", "^([0-9.]+)", "cpe:/a:kmint21:golden_ftp_server:", -"Golden/FTP/Free/Ver", "^([0-9.]+)", "cpe:/a:kmint21:golden_ftp_server:" +"Golden/FTP/Free/Ver", "^([0-9.]+)", "cpe:/a:kmint21:golden_ftp_server:", +"YahooMessenger/Ver", "^([0-9.]+)", "cpe:/a:yahoo:messenger:", +"Serenity/Audio/Player/Ver", "^([0-9.]+)", "cpe:/a:malsmith:serenity_audio_player:", +"Mplay/Audio/Player/Ver", "^([0-9.]+)", "cpe:/a:malsmith:serenity_audio_player:" ); Modified: trunk/openvas-plugins/scripts/cutenews_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/cutenews_detect.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/cutenews_detect.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -7,6 +7,9 @@ # Authors: # Michael Meyer # +# Updated to detect UTF-8 CuteNews +# - By Antu Sanadi On 2009-12-05 #5990 +# # Copyright: # Copyright (c) 2009 Michael Meyer # @@ -29,7 +32,7 @@ Overview: This host is running CuteNews, a powerful and easy to use news - management system that uses flat files to store its database. + management system that uses flat files to store its database See also: http://cutephp.com/cutenews/ @@ -41,7 +44,7 @@ script_id(100105); script_version ("1.0"); - script_name("CuteNews Detection"); + script_name("CuteNews Detection"); script_description(desc); script_summary("Checks for the presence of CuteNews"); @@ -63,50 +66,55 @@ if(!get_port_state(port))exit(0); if(!can_host_php(port:port))exit(0); -dirs = make_list("/cutenews","/news",cgi_dirs()); +dirs = make_list("/cutenews","/utf-8", "/news", "/", cgi_dirs()); -foreach dir (dirs) { +foreach dir (dirs) +{ + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + if(egrep(pattern: "Powered by ]+>CuteNews", string: buf, icase: TRUE) || + egrep(pattern: "Powered by ]+>UTF-8 CuteNews", string: buf, icase: TRUE)) + { - url = string(dir, "/index.php"); - req = http_get(item:url, port:port); - buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); - if( buf == NULL )continue; - - if(egrep(pattern: "Powered by ]+>CuteNews", string: buf, icase: TRUE)) - { - if(strlen(dir)>0) { - install=dir; - } else { + if(strlen(dir)>0) { + install=dir; + } + else { install=string("/"); - } - - vers = string("unknown"); + } - ### try to get version - version = eregmatch(string: buf, pattern: "Powered by ]+>CuteNews v*([0-9.]+)",icase:TRUE); - - if ( !isnull(version[1]) ) { - vers=version[1]; - } - - set_kb_item(name: string("www/", port, "/cutenews"), value: string(vers," under ",install)); + vers = string("unknown"); - info = string("None\n\nCuteNews Version '"); - info += string(vers); - info += string("' was detected on the remote host in the following directory(s):\n\n"); - info += string(install, "\n"); + ### try to get version + if(version = eregmatch(string: buf, pattern: "Powered by ]+>CuteNews v*([0-9.]+)",icase:TRUE)) + { + if ( !isnull(version[1])) { + vers=version[1]; + } - desc = ereg_replace( - string:desc, - pattern:"None$", - replace:info - ); - - if(report_verbosity > 0) { + set_kb_item(name: string("www/", port, "/cutenews"), value: string(vers," under ",install)); + } + + else if("UTF-8 CuteNews" >< buf) + { + version = eregmatch(string: buf, pattern: "UTF-8 CuteNews (([0-9.]+)([a-z]+)?)", icase:TRUE); + if(!isnull(version[1])) { + vers=version[1]; + } + + set_kb_item(name: string("www/", port, "/UTF-8/cutenews"), value: string(vers," under ",install)); + } + + info = string("None\n\nCuteNews Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace(string:desc, pattern:"None$", replace:info); + if(report_verbosity > 0) { security_note(port:port,data:desc); - } - exit(0); - - } + } + } } -exit(0); Added: trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_apple_safari_css_bof_vuln.nasl 6048 2009-12-05 17:17:56Z dec $ +# +# Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09 +# +# Authors: +# Veerendra GG +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800155); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4186"); + script_bugtraq_id(37039); + script_name("Apple Safari 'CSS' Buffer Overflow Vulnerability (Win) - Dec09"); + desc = " + Overview: This host is installed with Apple Safari Web Browser and is prone + to Buffer Overflow vulnerability. + + Vulnerability Insight: + The flaw is due to improper bounds checking while processing Cascading Style Sheets + background images property. + + Impact: + Successful exploitation will let the attacker to execute arbitrary code or + cause the application to crash via long URI value in the CSS background + property. + + Impact Level: System/Application + + Affected Software/OS: + Apple Safari version 4.0.3 on Windows. + + Fix: + No solution or patch is available as on 05th December, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.apple.com/support/downloads + + References: + http://xforce.iss.net/xforce/xfdb/54487 + http://www.exploit-db.com/exploits/10102 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 8.4 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Apple Safari"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Buffer overlow"); + script_dependencies("secpod_apple_safari_detect_win_900003.nasl"); + script_require_keys("AppleSafari/Version"); + exit(0); +} + +include("version_func.inc"); + +safariVer = get_kb_item("AppleSafari/Version"); +if(safariVer != NULL) +{ + # Check for Apple Safari Version < 4.0.3 (4.31.9.1) + if(version_is_equal(version:safariVer, test_version:"4.31.9.1")){ + security_hole(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/gb_cutenews_n_utf8cutenews_mult_vuln.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -0,0 +1,153 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_cutenews_n_utf8cutenews_mult_vuln.nasl 5990 2009-12-05 15:11:27Z dec $ +# +# CuteNews/UTF-8 CuteNews Multiple Vulneablities +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801056); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4113", "CVE-2009-4116", "CVE-2009-4115", "CVE-2009-4174", + "CVE-2009-4175", "CVE-2009-4173", "CVE-2009-4172"); + script_bugtraq_id(36971); + script_name("CuteNews/UTF-8 CuteNews Multiple Vulneablities"); + desc = " + Overview: The host is running CuteNews/UTF-8 CuteNews and is prone to multiple + vulnerabilities. + + Vulnerability Insight: + - An improper validation of user-supplied input by the 'category.db.php' script + via the Category Access field or Icon URL fields + - An improper validation of user-supplied input by the 'data/ipban.php' script + via the add_ip paramete. + - An improper validation of user-supplied input by the 'Editnews module' via + list or editnews parameters and 'Options module' via save_con[skin] parameter. + - An error in 'editusers' module within 'index.php' allows attackers to hijack + the authentication of administrators for requests that create new users. + - An error in 'from_date_day' parameter to 'search.php' which reveals the + installation path in an error message. + - An error in 'modified id' parameter in a 'doeditnews' action allows remote + users with Journalist or Editor access to bypass administrative moderation + and edit previously submitted articles. + + Impact: + Successful exploitation could allow remote attackers to steal user credentials, + disclose file contents, disclose the file path of the application, execute + arbitrary commands. + + Impact Level: system/Application. + + Affected Software/OS: + CuteNews version 1.4.6 and UTF-8 CuteNews version prior to 8b + + Fix: + For UTF-8 CuteNews Upgrade to version 8b + http://korn19.ch/coding/utf8-cutenews/ + + For CuteNews: + No solution or patch is available as on 05th December, 2009, Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://cutephp.com/ + + References: + http://xforce.iss.net/xforce/xfdb/54243 + http://www.securityfocus.com/archive/1/archive/1/507782/100/0/threaded + http://www.morningstarsecurity.com/advisories/MORNINGSTAR-2009-02-CuteNews.txt + + CVSS Score: + CVSS Base Score : 6.5 (AV:N/AC:L/Au:SI/C:P/I:P/A:P) + CVSS Temporal Score : 5.1 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the CuteNews/UTF-8 CuteNews version"); + script_category(ACT_MIXED_ATTACK); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("cutenews_detect.nasl"); + script_family("Web application abuses"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +cnPort = get_http_port(default:80); +if(!cnPort){ + exit(0); +} + + +# Check for CuteNews version 1.4.6 +cnVer = get_kb_item("www/" + cnPort + "/cutenews"); +if(cnVer) +{ + cnVer = eregmatch(pattern:"^(.+) under (/.*)$", string:cnVer); + if(!safe_checks() && cnVer[2] != NULL) + { + request = http_get(item:cnVer[2] + "/index.php?lastusername='>", port:cnPort); + response = http_send_recv(port:cnPort, data:request); + if("" >< response) + { + security_hole(cnPort); + exit(0); + } + } + + if(cnVer[1] != NULL) + { + if(version_is_equal(version:cnVer[1], test_version:"1.4.6")) + { + security_hole(cnPort); + exit(0); + } + } +} + +# Checking for UTF-8 CuteNews version prior to 8b +ucnVer = get_kb_item("www/" + cnPort + "/UTF-8/cutenews"); +if(ucnVer) +{ + ucnVer = eregmatch(pattern:"^(.+) under (/.*)$", string:ucnVer); + if(!safe_checks() && ucnVer[2] != NULL) + { + request = http_get(item:string(ucnVer[2] + '/search.php?user=">'), port:cnPort); + response = http_send_recv(port:cnPort, data:request); + if("" >< response) + { + security_hole(cnPort); + exit(0); + } + } + + if(ucnVer[1] != NULL) + { + if(version_is_less(version:ucnVer[1], test_version:"8b")){ + security_hole(cnPort); + } + } +} Added: trunk/openvas-plugins/scripts/gb_outreach_project_tool_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_outreach_project_tool_detect.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/gb_outreach_project_tool_detect.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_outreach_project_tool_detect.nasl 5959 2009-12-05 16:25:36Z dec $ +# +# Outreach Project Tool Version Detection (OPT) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801069); + script_version("Revision: 1.0 "); + script_name("Outreach Project Tool Version Detection (OPT)"); + desc = " + Overview: This script finds the installed Outreach Project Tool version and + saves the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set the version of Outreach Project Tool(OPT) in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Service detection"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); + +optPort = get_http_port(default:80); +if(!optPort){ + exit(0); +} + +foreach path(make_list("/", "/OPT127MAX/opt", "/opt", cgi_dirs())) +{ + sndReq = http_get(item:string(path, "/index.php?OPT_Session=" + + " OpenVAS_Req"), port:optPort); + rcvRes = http_send_recv(port:optPort, data:sndReq); + if("Outreach Project Tool Login" >< rcvRes) + { + sndReq = http_get(item:string(path, "/include/init_OPT_lib.txt"), port:optPort); + rcvRes = http_send_recv(port:optPort, data:sndReq); + if(!isnull(rcvRes) && (optVer = egrep(pattern:"CRM_ver.*", string:rcvRes))) + { + optVer = eregmatch(pattern:"([0-9.]+)", string:optVer); + if(optVer[1] != NULL){ + set_kb_item(name:"www/" + optPort + "/OPT", value:optVer[1] + " under " + path); + } + } + } +} Added: trunk/openvas-plugins/scripts/gb_outreach_project_tool_rfi_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_outreach_project_tool_rfi_vuln.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/gb_outreach_project_tool_rfi_vuln.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_outreach_project_tool_rfi_vuln.nasl 5959 2009-12-04 15:11:27Z dec $ +# +# Outreach Project Tool 'CRM_path' Parameter Remote File Inclusion Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801070); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4082"); + script_bugtraq_id(37090); + script_name("Outreach Project Tool 'CRM_path' Parameter Remote File Inclusion Vulnerability"); + desc = " + Overview: The host is running Outreach Project Tool(OPT) and is prone to Remote + File Inclusion vulnerability. + + Vulnerability Insight: + Error is caused due to improper sanitization of user supplied input in + 'CRM_path' parameter in 'opt/forums/Forum_Include/index.php' while including + external files for processing. + + Impact: + Successful exploitation could allow the remote attackers to include arbitrary + files from local and remote resources to compromise a vulnerable server. + + Impact Level: Network. + + Affected Software/OS: + Outreach Project Tool(OPT) version 1.2.7 and prior. + + Fix: + No solution or patch is available as on 04th December, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://sourceforge.net/projects/outreach + + References: + http://secunia.com/advisories/37447 + http://xforce.iss.net/xforce/xfdb/54379 + http://packetstormsecurity.org/0911-exploits/opt-rfi.txt + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version Outreach Project Tool(OPT)"); + script_category(ACT_MIXED_ATTACK); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("gb_outreach_project_tool_detect.nasl"); + script_family("Web application abuses"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +optPort = get_http_port(default:80); +if(!optPort){ + exit(0); +} + +optVer = get_kb_item("www/" + optPort + "/OPT"); +if(!optVer){ + exit(0); +} + +optVer = eregmatch(pattern:"^(.+) under (/.*)$", string:optVer); +if(!safe_checks() && optVer[2] != NULL) +{ + request = http_get(item:optVer[2] + "/forums/Forum_Include/index.php?"+ + "CRM_path=OpenVas-rfi.txt",port:optPort); + response = http_send_recv(port:optPort, data:request); + if("OpenVas-rfi.txt" >< response) + { + security_hole(optPort); + exit(0); + } +} + +if(optVer[1] != NULL) +{ + if(version_is_less_equal(version:optVer[1], test_version:"1.2.7")){ + security_hole(optPort); + } +} Added: trunk/openvas-plugins/scripts/gb_serenity_player_code_exec_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_serenity_player_code_exec_vuln.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/gb_serenity_player_code_exec_vuln.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_serenity_player_code_exec_vuln.nasl 5966 2009-12-07 12:11:24Z dec $ +# +# Serenity/Mplay Audio Player Code Execution Vulnerability +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800729); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4097"); + script_name("Serenity/Mplay Audio Player Code Execution Vulnerability"); + desc = " + Overview: This host is installed with Serenity/Mplay Audio Player and is prone + to code execution vulnerability. + + Vulnerability Insight: + There exists a stack overflow vulnerability within the 'MplayInputFile()' + function in 'src/plgui.c' that fails to sanitize user input while the user + crafts his/her own malicious playlist 'm3u' file. + + Impact: + Successful exploitation could allow local/remote attackers to trick the user + to access the crafted m3u playlist file, execute the crafted shellcode into the + context of the affected system memory registers to take control of the machine + running the affected application. + + Impact Level: System + + Affected Software/OS: + Serenity/Mplay Audio Player 3.2.3.0 and prior on Windows. + + Fix: + No solution or patch is available as on 07th February, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://malsmith.kyabram.biz/serenity + + References: + http://secunia.com/advisories/product/27998 + http://packetstormsecurity.org/0911-exploits/serenityaudio-overflow.txt + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 8.4 + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the Version of Serenity/Mplay Player"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Buffer overflow"); + script_dependencies("gb_serenity_player_detect.nasl"); + script_require_keys("Serenity/Audio/Player/Ver"); + exit(0); +} + + +include("version_func.inc"); + +if(appVer = get_kb_item("Serenity/Audio/Player/Ver")) +{ + if(version_is_less_equal(version:appVer, test_version:"3.2.3.0")){ + security_hole(0); + } +} + +else if(appVer2 = get_kb_item("Mplay/Audio/Player/Ver")) +{ + if(version_is_less_equal(version:appVer2, test_version:"3.2.3.0")){ + security_hole(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_serenity_player_code_exec_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_serenity_player_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_serenity_player_detect.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/gb_serenity_player_detect.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -0,0 +1,88 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_serenity_player_detect.nasl 5966 2009-12-07 21:47:29Z dec $ +# +# Serenity/Mplay Player Version Detection +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800728); + script_version("$Revision: 1.0 $"); + script_name("Serenity/Mplay Player Version Detection"); + desc = " + Overview: This script detects the installed version of Serenity/Mplay + Audio Player and sets the reuslt in KB. + + Risk Factor: Informational"; + + script_description(desc); + script_summary("Set KB for the version of Serenity/Mplay Audio Player"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +function find_version(path, file) +{ + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:path); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:file); + serenityVer = GetVer(file:file, share:share); + return serenityVer; +} + +appKey = "SOFTWARE\Serenity Audio Player"; +appKey2 = "SOFTWARE\Malx media player"; +if(!registry_key_exists(key:appKey) && !registry_key_exists(key:appKey2)){ + exit(0); +} + +appPath = registry_get_sz(key:appKey, item:"Install_Dir"); +appPath2 = registry_get_sz(key:appKey2, item:"Install_Dir"); + +if(appPath != NULL) +{ + serenityVer = find_version(path:appPath, file:appPath +"\serenity.exe"); + if(serenityVer != NULL){ + set_kb_item(name:"Serenity/Audio/Player/Ver", value:serenityVer); + } +} + +if(appPath2 != NULL) +{ + mplayVer = find_version(path:appPath2, file:appPath2 + "\mplay.exe"); + if(mplayVer != NULL){ + set_kb_item(name:"Mplay/Audio/Player/Ver", value:mplayVer); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_serenity_player_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_yahoo_msg_actvx_ctrl_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_yahoo_msg_actvx_ctrl_dos_vuln.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/gb_yahoo_msg_actvx_ctrl_dos_vuln.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_yahoo_msg_actvx_ctrl_dos_vuln.nasl 6032 2009-12-05 13:33:29Z dec $ +# +# Yahoo! Messenger 'YahooBridgeLib.dll' ActiveX Control DOS Vulnerability +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801150); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4171"); + script_bugtraq_id(37007); + script_name("Yahoo! Messenger 'YahooBridgeLib.dll' ActiveX Control DOS Vulnerability"); + desc = " + Overview: This host is installed with Yahoo! Messenger and is prone to Denial + of Service Vulnerability. + + Vulnerability Insight: + The flaw is due to a NULL pointer dereference error in 'RegisterMe()' method + in 'YahooBridgeLib.dll', which can be exploited by causing victim to visit a + specially crafted Web page. + + Impact: + Successful exploitation will let the remote attackers to cause Denial of + Service condition on the affected applicaion. + + Impact Level: Application + + Affected Software/OS: + Yahoo! Messenger version 9.x to 9.0.0.2162 on Windows. + + Fix: + No solution or patch is available as on 05th December, 2009, Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://messenger.yahoo.com/download/ + + References: + http://xforce.iss.net/xforce/xfdb/54263 + http://www.securityfocus.com/archive/1/archive/1/507818/100/0/threaded + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 3.9 + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Yahoo! Messenger"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Denial of Service"); + script_dependencies("gb_yahoo_msg_detect.nasl", "yahoo_msg_running.nasl"); + script_require_keys("YahooMessenger/Ver"); + script_require_ports("Services/yahoo_messenger"); + exit(0); +} + + +include("version_func.inc"); + +ymsgPort = get_kb_item("Services/yahoo_messenger"); +if(!ymsgPort){ + ymsgPort = 5101; +} + +if(!get_port_state(ymsgPort)){ + exit(0); +} + +ymsgVer = get_kb_item("YahooMessenger/Ver"); +if(!ymsgVer){ + exit(0); +} + +# Check for Yahoo! Messenger version 9.x to 9.0.0.2162 +if(version_in_range(version:ymsgVer, test_version:"9.0", test_version2:"9.0.0.2162")){ + security_warning(ymsgPort); +} Property changes on: trunk/openvas-plugins/scripts/gb_yahoo_msg_actvx_ctrl_dos_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_yahoo_msg_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_yahoo_msg_detect.nasl 2009-12-07 18:02:21 UTC (rev 6085) +++ trunk/openvas-plugins/scripts/gb_yahoo_msg_detect.nasl 2009-12-08 04:49:24 UTC (rev 6086) @@ -0,0 +1,76 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_yahoo_msg_detect.nasl 6032 2009-12-05 13:01:29Z dec $ +# +# Yahoo! Messenger Version Detection +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801149); + script_version("$Revision: 1.0 $"); + script_name("Yahoo! Messenger Version Detection"); + desc = " + Overview: This script detects the installed version of Yahoo! Messenger + and sets the result in KB. + + Risk Factor: Informational"; + + script_description(desc); + script_summary("Set KB for the version of Yahoo! Messenger"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Service detection"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + script_require_ports(139, 445); + return exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +path = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Messenger"; +ymsgName = registry_get_sz(key:path, item:"DisplayName"); + +if("Yahoo! Messenger" >< ymsgName) +{ + ymsgVer = registry_get_sz(key:"SOFTWARE\yahoo\pager", item:"ProductVersion"); + if(isnull(ymsgVer)) + { + ymsgPath = registry_get_sz(key:path, item:"DisplayIcon"); + ymsgPath = ymsgPath - ",-0"; + + share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ymsgPath); + file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ymsgPath); + ymsgVer = GetVer(share:share, file:file); + } + + if(ymsgVer){ + set_kb_item(name:"YahooMessenger/Ver", value:ymsgVer); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_yahoo_msg_detect.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Tue Dec 8 09:53:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 09:53:13 +0100 (CET) Subject: [Openvas-commits] r6087 - in trunk/openvas-manager: . doc Message-ID: <20091208085313.56ECB861F2ED@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 09:53:09 +0100 (Tue, 08 Dec 2009) New Revision: 6087 Modified: trunk/openvas-manager/CHANGES trunk/openvas-manager/ChangeLog trunk/openvas-manager/VERSION trunk/openvas-manager/doc/Doxyfile trunk/openvas-manager/doc/Doxyfile_full Log: Preparing the openvas-manager 0.9.7 release. * VERSION: Set to 0.9.7. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CHANGES: Updated. Modified: trunk/openvas-manager/CHANGES =================================================================== --- trunk/openvas-manager/CHANGES 2009-12-08 04:49:24 UTC (rev 6086) +++ trunk/openvas-manager/CHANGES 2009-12-08 08:53:09 UTC (rev 6087) @@ -1,3 +1,17 @@ +openvas-manager 0.9.7 (2009-12-08) + +This is the thirteenth development release of the openvas-manager module +for the Open Vulnerability Assessment System (OpenVAS). + +Many thanks to everyone who has contributed to this release: +Michael Wiegand and Tim Brown. + +Main changes since 0.9.6: + +* A bug which caused the number of selected NVTs within a family to be wrongly + calculated under certain circumstances has been fixed. + + openvas-manager 0.9.6 (2009-12-01) This is the twelfth development release of the openvas-manager module Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-12-08 04:49:24 UTC (rev 6086) +++ trunk/openvas-manager/ChangeLog 2009-12-08 08:53:09 UTC (rev 6087) @@ -1,3 +1,13 @@ +2009-12-01 Michael Wiegand + + Preparing the openvas-manager 0.9.7 release. + + * VERSION: Set to 0.9.7. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CHANGES: Updated. + 2009-12-07 Tim Brown * src/omp.c: Fixed up some free()s. Modified: trunk/openvas-manager/VERSION =================================================================== --- trunk/openvas-manager/VERSION 2009-12-08 04:49:24 UTC (rev 6086) +++ trunk/openvas-manager/VERSION 2009-12-08 08:53:09 UTC (rev 6087) @@ -1 +1 @@ -0.9.7.SVN +0.9.7 Modified: trunk/openvas-manager/doc/Doxyfile =================================================================== --- trunk/openvas-manager/doc/Doxyfile 2009-12-08 04:49:24 UTC (rev 6086) +++ trunk/openvas-manager/doc/Doxyfile 2009-12-08 08:53:09 UTC (rev 6087) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.7.SVN +PROJECT_NUMBER = 0.9.7 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-manager/doc/Doxyfile_full =================================================================== --- trunk/openvas-manager/doc/Doxyfile_full 2009-12-08 04:49:24 UTC (rev 6086) +++ trunk/openvas-manager/doc/Doxyfile_full 2009-12-08 08:53:09 UTC (rev 6087) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.7.SVN +PROJECT_NUMBER = 0.9.7 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Dec 8 09:57:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 09:57:22 +0100 (CET) Subject: [Openvas-commits] r6088 - tags Message-ID: <20091208085722.AE3CA861F2DD@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 09:57:07 +0100 (Tue, 08 Dec 2009) New Revision: 6088 Added: tags/openvas-manager-release-0.9.7/ Log: Tagging openvas-manager 0.9.7 release. Copied: tags/openvas-manager-release-0.9.7 (from rev 6087, trunk/openvas-manager) From scm-commit at wald.intevation.org Tue Dec 8 10:01:14 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 10:01:14 +0100 (CET) Subject: [Openvas-commits] r6089 - in trunk/openvas-manager: . doc Message-ID: <20091208090114.4DE8A861F2DD@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 10:00:12 +0100 (Tue, 08 Dec 2009) New Revision: 6089 Modified: trunk/openvas-manager/CMakeLists.txt trunk/openvas-manager/ChangeLog trunk/openvas-manager/VERSION trunk/openvas-manager/doc/Doxyfile trunk/openvas-manager/doc/Doxyfile_full Log: Post-release version bump. * VERSION: Set to 0.9.8.SVN. * CMakeLists.txt: CPACK_PACKAGE_VERSION_PATCH updated. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. Modified: trunk/openvas-manager/CMakeLists.txt =================================================================== --- trunk/openvas-manager/CMakeLists.txt 2009-12-08 08:57:07 UTC (rev 6088) +++ trunk/openvas-manager/CMakeLists.txt 2009-12-08 09:00:12 UTC (rev 6089) @@ -70,7 +70,7 @@ set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "0") set (CPACK_PACKAGE_VERSION_MINOR "9") -set (CPACK_PACKAGE_VERSION_PATCH "7${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_PATCH "8${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-12-08 08:57:07 UTC (rev 6088) +++ trunk/openvas-manager/ChangeLog 2009-12-08 09:00:12 UTC (rev 6089) @@ -1,3 +1,13 @@ +2009-12-01 Michael Wiegand + + Post-release version bump. + + * VERSION: Set to 0.9.8.SVN. + + * CMakeLists.txt: CPACK_PACKAGE_VERSION_PATCH updated. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + 2009-12-01 Michael Wiegand Preparing the openvas-manager 0.9.7 release. Modified: trunk/openvas-manager/VERSION =================================================================== --- trunk/openvas-manager/VERSION 2009-12-08 08:57:07 UTC (rev 6088) +++ trunk/openvas-manager/VERSION 2009-12-08 09:00:12 UTC (rev 6089) @@ -1 +1 @@ -0.9.7 +0.9.8.SVN Modified: trunk/openvas-manager/doc/Doxyfile =================================================================== --- trunk/openvas-manager/doc/Doxyfile 2009-12-08 08:57:07 UTC (rev 6088) +++ trunk/openvas-manager/doc/Doxyfile 2009-12-08 09:00:12 UTC (rev 6089) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.7 +PROJECT_NUMBER = 0.9.8.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-manager/doc/Doxyfile_full =================================================================== --- trunk/openvas-manager/doc/Doxyfile_full 2009-12-08 08:57:07 UTC (rev 6088) +++ trunk/openvas-manager/doc/Doxyfile_full 2009-12-08 09:00:12 UTC (rev 6089) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.9.7 +PROJECT_NUMBER = 0.9.8.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Dec 8 11:14:58 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 11:14:58 +0100 (CET) Subject: [Openvas-commits] r6090 - in trunk/openvas-administrator: . doc Message-ID: <20091208101458.D50D5861F2DD@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 11:14:57 +0100 (Tue, 08 Dec 2009) New Revision: 6090 Modified: trunk/openvas-administrator/CHANGES trunk/openvas-administrator/CMakeLists.txt trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/VERSION trunk/openvas-administrator/doc/Doxyfile trunk/openvas-administrator/doc/Doxyfile_full Log: Preparing for the 0.3.0 release. * VERSION: Set to 0.3.0. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CMakeLists.txt: Updated version number. * CHANGES: Updated. Modified: trunk/openvas-administrator/CHANGES =================================================================== --- trunk/openvas-administrator/CHANGES 2009-12-08 09:00:12 UTC (rev 6089) +++ trunk/openvas-administrator/CHANGES 2009-12-08 10:14:57 UTC (rev 6090) @@ -1,3 +1,19 @@ +openvas-administrator 0.3.0 (2009-12-08) + +This is the seventh development release of the openvas-administrator module for +the Open Vulnerability Assessment System (OpenVAS). + +Many thanks to everyone who has contributed to this release: +Matthew Mundell, Michael Wiegand and Felix Wolfsteller. + +Main changes since 0.2.2: + +* Pidfile handling has been made more robust. +* A number of possible resource leaks have been identified and fixed. +* The configuration and build process has been improved. +* Support for NVT feed synchronization has been added. + + openvas-administrator 0.2.2 (2009-10-26) This is the sixth developement release of the openvas-administrator module for Modified: trunk/openvas-administrator/CMakeLists.txt =================================================================== --- trunk/openvas-administrator/CMakeLists.txt 2009-12-08 09:00:12 UTC (rev 6089) +++ trunk/openvas-administrator/CMakeLists.txt 2009-12-08 10:14:57 UTC (rev 6090) @@ -71,8 +71,8 @@ set (CPACK_SYSTEM_NAME "") set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "0") -set (CPACK_PACKAGE_VERSION_MINOR "2") -set (CPACK_PACKAGE_VERSION_PATCH "3${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_MINOR "3") +set (CPACK_PACKAGE_VERSION_PATCH "0${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2009-12-08 09:00:12 UTC (rev 6089) +++ trunk/openvas-administrator/ChangeLog 2009-12-08 10:14:57 UTC (rev 6090) @@ -1,3 +1,15 @@ +2009-12-08 Michael Wiegand + + Preparing for the 0.3.0 release. + + * VERSION: Set to 0.3.0. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CMakeLists.txt: Updated version number. + + * CHANGES: Updated. + 2009-12-03 Michael Wiegand Improved locking during feed synchronization. Modified: trunk/openvas-administrator/VERSION =================================================================== --- trunk/openvas-administrator/VERSION 2009-12-08 09:00:12 UTC (rev 6089) +++ trunk/openvas-administrator/VERSION 2009-12-08 10:14:57 UTC (rev 6090) @@ -1 +1 @@ -0.2.3.SVN +0.3.0 Modified: trunk/openvas-administrator/doc/Doxyfile =================================================================== --- trunk/openvas-administrator/doc/Doxyfile 2009-12-08 09:00:12 UTC (rev 6089) +++ trunk/openvas-administrator/doc/Doxyfile 2009-12-08 10:14:57 UTC (rev 6090) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.2.3.SVN +PROJECT_NUMBER = 0.3.0 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-administrator/doc/Doxyfile_full =================================================================== --- trunk/openvas-administrator/doc/Doxyfile_full 2009-12-08 09:00:12 UTC (rev 6089) +++ trunk/openvas-administrator/doc/Doxyfile_full 2009-12-08 10:14:57 UTC (rev 6090) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.2.3.SVN +PROJECT_NUMBER = 0.3.0 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Dec 8 11:18:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 11:18:13 +0100 (CET) Subject: [Openvas-commits] r6091 - tags Message-ID: <20091208101813.B71F5861F2DD@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 11:18:13 +0100 (Tue, 08 Dec 2009) New Revision: 6091 Added: tags/openvas-administrator-release-0.3.0/ Log: Tagging openvas-administrator 0.3.0 release. Copied: tags/openvas-administrator-release-0.3.0 (from rev 6090, trunk/openvas-administrator) From scm-commit at wald.intevation.org Tue Dec 8 11:20:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 11:20:22 +0100 (CET) Subject: [Openvas-commits] r6092 - in trunk/openvas-administrator: . doc Message-ID: <20091208102022.C82A5861F2C8@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 11:20:22 +0100 (Tue, 08 Dec 2009) New Revision: 6092 Modified: trunk/openvas-administrator/CMakeLists.txt trunk/openvas-administrator/ChangeLog trunk/openvas-administrator/VERSION trunk/openvas-administrator/doc/Doxyfile trunk/openvas-administrator/doc/Doxyfile_full Log: Post release version bump. * VERSION: Set to 0.3.1.SVN. * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. * CMakeLists.txt: Updated version number. Modified: trunk/openvas-administrator/CMakeLists.txt =================================================================== --- trunk/openvas-administrator/CMakeLists.txt 2009-12-08 10:18:13 UTC (rev 6091) +++ trunk/openvas-administrator/CMakeLists.txt 2009-12-08 10:20:22 UTC (rev 6092) @@ -72,7 +72,7 @@ set (CPACK_TOPLEVEL_TAG "") set (CPACK_PACKAGE_VERSION_MAJOR "0") set (CPACK_PACKAGE_VERSION_MINOR "3") -set (CPACK_PACKAGE_VERSION_PATCH "0${SVN_REVISION}") +set (CPACK_PACKAGE_VERSION_PATCH "1${SVN_REVISION}") set (CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") set (CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") set (CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2009-12-08 10:18:13 UTC (rev 6091) +++ trunk/openvas-administrator/ChangeLog 2009-12-08 10:20:22 UTC (rev 6092) @@ -1,5 +1,15 @@ 2009-12-08 Michael Wiegand + Post release version bump. + + * VERSION: Set to 0.3.1.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Updated PROJECT_NUMBER. + + * CMakeLists.txt: Updated version number. + +2009-12-08 Michael Wiegand + Preparing for the 0.3.0 release. * VERSION: Set to 0.3.0. Modified: trunk/openvas-administrator/VERSION =================================================================== --- trunk/openvas-administrator/VERSION 2009-12-08 10:18:13 UTC (rev 6091) +++ trunk/openvas-administrator/VERSION 2009-12-08 10:20:22 UTC (rev 6092) @@ -1 +1 @@ -0.3.0 +0.3.1.SVN Modified: trunk/openvas-administrator/doc/Doxyfile =================================================================== --- trunk/openvas-administrator/doc/Doxyfile 2009-12-08 10:18:13 UTC (rev 6091) +++ trunk/openvas-administrator/doc/Doxyfile 2009-12-08 10:20:22 UTC (rev 6092) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.3.0 +PROJECT_NUMBER = 0.3.1.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-administrator/doc/Doxyfile_full =================================================================== --- trunk/openvas-administrator/doc/Doxyfile_full 2009-12-08 10:18:13 UTC (rev 6091) +++ trunk/openvas-administrator/doc/Doxyfile_full 2009-12-08 10:20:22 UTC (rev 6092) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 0.3.0 +PROJECT_NUMBER = 0.3.1.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Tue Dec 8 11:34:25 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 11:34:25 +0100 (CET) Subject: [Openvas-commits] r6093 - in trunk/gsa: . src/html/src Message-ID: <20091208103425.57A52865F4A2@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 11:34:23 +0100 (Tue, 08 Dec 2009) New Revision: 6093 Modified: trunk/gsa/CMakeLists.txt trunk/gsa/ChangeLog trunk/gsa/VERSION trunk/gsa/src/html/src/about.htm4 Log: Preparing the gsa 0.8.2 release. * VERSION: Set to 0.8.2. * CMakeLists.txt: Updated CPACK_PACKAGE_VERSION_PATCH. * src/html/src/about.htm4: Updated. Modified: trunk/gsa/CMakeLists.txt =================================================================== --- trunk/gsa/CMakeLists.txt 2009-12-08 10:20:22 UTC (rev 6092) +++ trunk/gsa/CMakeLists.txt 2009-12-08 10:34:23 UTC (rev 6093) @@ -86,7 +86,7 @@ # TODO: Parse version numbers from file VERSION (see also below) SET(CPACK_PACKAGE_VERSION_MAJOR "0") SET(CPACK_PACKAGE_VERSION_MINOR "8") -SET(CPACK_PACKAGE_VERSION_PATCH "2.SVN") +SET(CPACK_PACKAGE_VERSION_PATCH "2") SET(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") SET(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") SET(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-08 10:20:22 UTC (rev 6092) +++ trunk/gsa/ChangeLog 2009-12-08 10:34:23 UTC (rev 6093) @@ -1,3 +1,13 @@ +2009-12-08 Michael Wiegand + + Preparing the gsa 0.8.2 release. + + * VERSION: Set to 0.8.2. + + * CMakeLists.txt: Updated CPACK_PACKAGE_VERSION_PATCH. + + * src/html/src/about.htm4: Updated. + 2009-12-07 Michael Wiegand Fixed a bug which caused the GSA to hang or crash when editing the Modified: trunk/gsa/VERSION =================================================================== --- trunk/gsa/VERSION 2009-12-08 10:20:22 UTC (rev 6092) +++ trunk/gsa/VERSION 2009-12-08 10:34:23 UTC (rev 6093) @@ -1 +1 @@ -0.8.2.SVN +0.8.2 Modified: trunk/gsa/src/html/src/about.htm4 =================================================================== --- trunk/gsa/src/html/src/about.htm4 2009-12-08 10:20:22 UTC (rev 6092) +++ trunk/gsa/src/html/src/about.htm4 2009-12-08 10:34:23 UTC (rev 6093) @@ -4,7 +4,7 @@ -

      Greenbone Security Assistant Version 0.8.2.SVN

      +

      Greenbone Security Assistant Version 0.8.2

      The Greenbone Security Assistant is a web-based graphical From scm-commit at wald.intevation.org Tue Dec 8 11:46:41 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 11:46:41 +0100 (CET) Subject: [Openvas-commits] r6094 - tags Message-ID: <20091208104641.86958865F470@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 11:46:41 +0100 (Tue, 08 Dec 2009) New Revision: 6094 Added: tags/gsa-release-0.8.2/ Log: Tagging gsa 0.8.2 release. Copied: tags/gsa-release-0.8.2 (from rev 6093, trunk/gsa) From scm-commit at wald.intevation.org Tue Dec 8 11:48:49 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 11:48:49 +0100 (CET) Subject: [Openvas-commits] r6095 - in trunk/gsa: . src/html/src Message-ID: <20091208104849.34DAD865F470@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 11:48:48 +0100 (Tue, 08 Dec 2009) New Revision: 6095 Modified: trunk/gsa/CMakeLists.txt trunk/gsa/ChangeLog trunk/gsa/VERSION trunk/gsa/src/html/src/about.htm4 Log: Post release version bump. * VERSION: Set to 0.8.3.SVN. * CMakeLists.txt: Updated CPACK_PACKAGE_VERSION_PATCH. * src/html/src/about.htm4: Updated. Modified: trunk/gsa/CMakeLists.txt =================================================================== --- trunk/gsa/CMakeLists.txt 2009-12-08 10:46:41 UTC (rev 6094) +++ trunk/gsa/CMakeLists.txt 2009-12-08 10:48:48 UTC (rev 6095) @@ -86,7 +86,7 @@ # TODO: Parse version numbers from file VERSION (see also below) SET(CPACK_PACKAGE_VERSION_MAJOR "0") SET(CPACK_PACKAGE_VERSION_MINOR "8") -SET(CPACK_PACKAGE_VERSION_PATCH "2") +SET(CPACK_PACKAGE_VERSION_PATCH "3.SVN") SET(CPACK_PACKAGE_VERSION "${CPACK_PACKAGE_VERSION_MAJOR}.${CPACK_PACKAGE_VERSION_MINOR}.${CPACK_PACKAGE_VERSION_PATCH}") SET(CPACK_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") SET(CPACK_SOURCE_PACKAGE_FILE_NAME "${PROJECT_NAME}-${CPACK_PACKAGE_VERSION}") Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-08 10:46:41 UTC (rev 6094) +++ trunk/gsa/ChangeLog 2009-12-08 10:48:48 UTC (rev 6095) @@ -1,5 +1,15 @@ 2009-12-08 Michael Wiegand + Post release version bump. + + * VERSION: Set to 0.8.3.SVN. + + * CMakeLists.txt: Updated CPACK_PACKAGE_VERSION_PATCH. + + * src/html/src/about.htm4: Updated. + +2009-12-08 Michael Wiegand + Preparing the gsa 0.8.2 release. * VERSION: Set to 0.8.2. Modified: trunk/gsa/VERSION =================================================================== --- trunk/gsa/VERSION 2009-12-08 10:46:41 UTC (rev 6094) +++ trunk/gsa/VERSION 2009-12-08 10:48:48 UTC (rev 6095) @@ -1 +1 @@ -0.8.2 +0.8.3.SVN Modified: trunk/gsa/src/html/src/about.htm4 =================================================================== --- trunk/gsa/src/html/src/about.htm4 2009-12-08 10:46:41 UTC (rev 6094) +++ trunk/gsa/src/html/src/about.htm4 2009-12-08 10:48:48 UTC (rev 6095) @@ -4,7 +4,7 @@ -

      Greenbone Security Assistant Version 0.8.2

      +

      Greenbone Security Assistant Version 0.8.3.SVN

      The Greenbone Security Assistant is a web-based graphical From scm-commit at wald.intevation.org Tue Dec 8 12:03:16 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 12:03:16 +0100 (CET) Subject: [Openvas-commits] r6096 - trunk/doc/website Message-ID: <20091208110316.40C4585D9F75@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-08 12:03:15 +0100 (Tue, 08 Dec 2009) New Revision: 6096 Modified: trunk/doc/website/index.htm4 trunk/doc/website/template_header.m4 Log: Updated download links and status. Modified: trunk/doc/website/index.htm4 =================================================================== --- trunk/doc/website/index.htm4 2009-12-08 10:48:48 UTC (rev 6095) +++ trunk/doc/website/index.htm4 2009-12-08 11:03:15 UTC (rev 6096) @@ -43,13 +43,13 @@ The OpenVAS structure

      -Status: (as of November 30th, 2009) +Status: (as of December 8th, 2009)

      • The OpenVAS NVT Feed service offers more -than 15,200 signed scripts. -
      • The upcoming OpenVAS 3.0.0 release series is scheduled to be released in -December 2009. +than 15,300 signed scripts. +
      • The upcoming OpenVAS 3.0 release series is scheduled to be released in +December 2009. Release candidates for the 3.0.0 release are available for download.

      Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2009-12-08 10:48:48 UTC (rev 6095) +++ trunk/doc/website/template_header.m4 2009-12-08 11:03:15 UTC (rev 6096) @@ -182,8 +182,8 @@ -scanner 3.0.0-rc1
      -client 3.0.0-rc1
      Optional:
      - -manager 0.9.5
      - -administrator 0.2.2
      + -manager 0.9.7
      + -administrator 0.3.0

      More downloads...

      From scm-commit at wald.intevation.org Tue Dec 8 12:57:11 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 12:57:11 +0100 (CET) Subject: [Openvas-commits] r6097 - in trunk/openvas-plugins: . scripts Message-ID: <20091208115711.EC177865F470@pyrosoma.intevation.org> Author: mime Date: 2009-12-08 12:57:07 +0100 (Tue, 08 Dec 2009) New Revision: 6097 Added: trunk/openvas-plugins/scripts/CoreHTTP_37237.nasl trunk/openvas-plugins/scripts/iWeb_37228.nasl trunk/openvas-plugins/scripts/polipo_37226.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl trunk/openvas-plugins/scripts/ldap_null_base.nasl trunk/openvas-plugins/scripts/ldap_null_bind.nasl trunk/openvas-plugins/scripts/ldapsearch.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/ChangeLog 2009-12-08 11:57:07 UTC (rev 6097) @@ -1,3 +1,21 @@ +2009-12-08 Michael Meyer + + * scripts/iWeb_37228.nasl, + scripts/CoreHTTP_37237.nasl, + scripts/polipo_37226.nasl: + Added new Plugins. + + * scripts/gb_apple_safari_css_bof_vuln.nasl: + Fixed typo in script_family. + + * scripts/ldap_null_base.nasl, + scripts/ldap_null_bind.nasl: + Set KB entry on success. + + * scripts/ldapsearch.nasl: + Output of the reports consolidated. Only run if the + corresponding entries exist in KB. + 2009-12-08 Chandrashekhar B * scripts/gb_yahoo_msg_detect.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/cve_current.txt 2009-12-08 11:57:07 UTC (rev 6097) @@ -351,5 +351,8 @@ CVE-2009-4175 SecPod svn R CVE-2009-4174 SecPod svn R CVE-2009-4097 SecPod svn L +37228 Greenbone svn R +37226 Greenbone svn R +37237 Greenbone svn R Added: trunk/openvas-plugins/scripts/CoreHTTP_37237.nasl =================================================================== --- trunk/openvas-plugins/scripts/CoreHTTP_37237.nasl 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/scripts/CoreHTTP_37237.nasl 2009-12-08 11:57:07 UTC (rev 6097) @@ -0,0 +1,102 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100377); + script_bugtraq_id(37237); + script_cve_id("CVE-2009-3586"); + script_version ("1.0-$Revision$"); + + script_name("CoreHTTP 'src/http.c ' Buffer Overflow Vulnerability"); + +desc = "Overview: +CoreHTTP is prone to a buffer-overflow vulnerability because it fails +to adequately bounds-check user-supplied data. + +Attackers can exploit this issue to execute arbitrary code within the +context of the affected application. Failed exploit attempts will +result in a denial of service. + +This issue affects CoreHTTP 0.5.3.1. ; other versions may also +be affected. + +References: +http://www.securityfocus.com/bid/37237 +http://corehttp.sourceforge.net/ +http://www.securityfocus.com/archive/1/508272 + +Risk factor : High"; + + script_description(desc); + script_summary("Determine if CoreHTTP is prone to a buffer-overflow vulnerability"); + script_category(ACT_GATHER_INFO); + script_family("Web Servers"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 5555); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:5555); +if(!get_port_state(port))exit(0); + +banner = get_http_banner(port: port); +if(!banner)exit(0); + +if(egrep(pattern:"Server: corehttp", string:banner)) + { + if(safe_checks()) { + version = eregmatch(pattern: "Server: corehttp-([0-9.]+)", string: banner); + if(!isnull(version[1])) { + if(version_is_equal(version: version[1], test_version: "0.5.3.1")) { + security_hole(port:port); + exit(0); + } + } + + } else { + + soc = http_open_socket(port); + if(!soc)exit(0); + + crap_data = crap(length:400); + req = string(crap_data, "/index.html HTTP/1.1\r\n\r\n"); + send(socket:soc, data:req); + + if(http_is_dead(port:port)) { + security_hole(port:port); + exit(0); + } + } + } + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/CoreHTTP_37237.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/scripts/gb_apple_safari_css_bof_vuln.nasl 2009-12-08 11:57:07 UTC (rev 6097) @@ -67,7 +67,7 @@ script_summary("Check for the version of Apple Safari"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); - script_family("Buffer overlow"); + script_family("Buffer overflow"); script_dependencies("secpod_apple_safari_detect_win_900003.nasl"); script_require_keys("AppleSafari/Version"); exit(0); Added: trunk/openvas-plugins/scripts/iWeb_37228.nasl =================================================================== --- trunk/openvas-plugins/scripts/iWeb_37228.nasl 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/scripts/iWeb_37228.nasl 2009-12-08 11:57:07 UTC (rev 6097) @@ -0,0 +1,83 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# iWeb Server URL Directory Traversal Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100378); + script_bugtraq_id(37228); + script_cve_id("CVE-2009-4053"); + script_version ("1.0-$Revision$"); + + script_name("iWeb Server URL Directory Traversal Vulnerability"); + +desc = "Overview: +iWeb Server is prone to a directory-traversal vulnerability because +the application fails to sufficiently sanitize user-supplied input. + +Exploiting this issue allows an attacker to access files outside of +the web servers root directory. Successfully exploiting this issue +will allow attackers to gain access to sensitive information. + +References: +http://www.securityfocus.com/bid/37228 +http://www.ashleybrown.co.uk/iweb/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if iWeb Server is prone to a directory-traversal vulnerability"); + script_category(ACT_ATTACK); + script_family("Web Servers"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +banner = get_http_banner(port: port); +if(!banner)exit(0); + +if(egrep(pattern:"Server: iWeb", string:banner)) + { + url = string("/..%5C..%5C..%5Cboot.ini"); + req = http_get(item:url, port:port); + res = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); + if( res == NULL )exit(0); + + if( egrep(pattern: "\[boot loader\]", string: res, icase: TRUE) ) { + security_warning(port:port); + exit(0); + } + } + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/iWeb_37228.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/ldap_null_base.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldap_null_base.nasl 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/scripts/ldap_null_base.nasl 2009-12-08 11:57:07 UTC (rev 6097) @@ -70,7 +70,12 @@ if (l >= 7) { error_code = substr(rez, l - 7, l - 5); - if (hexstr(error_code) == "0a0100") security_note(port); + + if (hexstr(error_code) == "0a0100") { + security_note(port); + set_kb_item(name: string("LDAP/", port, "/NULL_BASE"), value: TRUE); + exit(0); + } } } Modified: trunk/openvas-plugins/scripts/ldap_null_bind.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldap_null_bind.nasl 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/scripts/ldap_null_bind.nasl 2009-12-08 11:57:07 UTC (rev 6097) @@ -71,8 +71,12 @@ result1 = send_stuff(myport:port); if(result1) { - error_code = substr(result1, strlen(result1) - 7, strlen(result1) - 5); - if (hexstr(error_code) == "0a0100") security_note(port); + error_code = substr(result1, strlen(result1) - 7, strlen(result1) - 5); + if (hexstr(error_code) == "0a0100") { + security_note(port); + set_kb_item(name: string("LDAP/", port, "/NULL_BIND"), value: TRUE); + exit(0); + } } } Modified: trunk/openvas-plugins/scripts/ldapsearch.nasl =================================================================== --- trunk/openvas-plugins/scripts/ldapsearch.nasl 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/scripts/ldapsearch.nasl 2009-12-08 11:57:07 UTC (rev 6097) @@ -32,11 +32,11 @@ script_copyright("This script is Copyright (C) 2006 Tarik El-Yassem/ITsec Security Services"); script_family("Remote file access"); - script_dependencies("find_service.nes", "doublecheck_std_services.nasl", "external_svc_ident.nasl"); + script_dependencies("find_service.nes", "doublecheck_std_services.nasl", "external_svc_ident.nasl","ldap_null_base.nasl","ldap_null_bind.nasl"); script_require_ports("Services/ldap", 389); script_add_preference(name:"Timeout value", type:"entry", value:"3"); - script_add_preference(name:"Buffersize", type:"entry", value:"20"); + script_add_preference(name:"Buffersize", type:"entry", value:"500"); exit(0); } @@ -45,6 +45,11 @@ if (! port) port = 389; if (! get_port_state(port)) exit(0); +if(! null_base = get_kb_item(string("LDAP/", port, "/NULL_BASE")) && + ! null_bind = get_kb_item(string("LDAP/", port, "/NULL_BIND"))) { + exit(0); +} + if (! find_in_path("ldapsearch")) { log_message(port:port, data: 'Command "ldapsearch" not available to scan server (not in search path).\nTherefore this test was not executed.'); @@ -122,28 +127,9 @@ s = ''; foreach x (args) s = s + x + ' '; + result = string("(Command was:'", s ,"')\n\n",results,"\n"); + return result; - if (type="null-base") - { - security_warning( - port: port, - data: 'The LDAPserver allows null-binds and null-base requests.\n\n' - ); - security_note( - port: port, - data: 'Grabbed the following information with a null-bind, null-base request: \n' + - '(Command was:' + s + ')\n' + - '--------------------------------------------------------------------------------------------------\n\n' + results - ); - } - - if (type="null-bind") - security_note( - port: port, - data: 'Grabbed the following information from the LDAP server: \n' + - '(Command was:' + s + ')\n' + - '----------------------------------------------------------------------------------------\n\n' + results - ); } } @@ -155,6 +141,8 @@ else return(0); } +if(!null_base)exit(0); + #first do ldapsearch -h x.x.x.x -b '' -x -C -s base type = "null-base"; value = ''; @@ -164,22 +152,41 @@ res = res_check(res); #this is insecure, but there's no other way to do this at the moment. if(res){ - makereport(res, type); +base_report = makereport(res, type); } -#then ldapsearch -h x.x.x.x -b dc=X,dc=Y -x -C -s base 'objectclass=*' -P3 -A -type = "null-bind"; -val = getdc(res); #this gets the dc values so we can use them for a ldapsearch down the branch.. -value = "dc=" + val[0] + "dc=" + val[1]; #get the first two dc values to pass it to LDAPsearch. -#note that for deeper searches we would want use the other values in the array. -#we could make this recursive so a user can specify how many branches we want to examine. -#but then we would need to grab other things like the cn values and use those in the requests. +if(null_bind && res) { + #then ldapsearch -h x.x.x.x -b dc=X,dc=Y -x -C -s base 'objectclass=*' -P3 -A + type = "null-bind"; + val = getdc(res); #this gets the dc values so we can use them for a ldapsearch down the branch.. + value = "dc=" + val[0] + "dc=" + val[1]; #get the first two dc values to pass it to LDAPsearch. + #note that for deeper searches we would want use the other values in the array. + #we could make this recursive so a user can specify how many branches we want to examine. + #but then we would need to grab other things like the cn values and use those in the requests. -args = scanopts(port,type,value); + args = scanopts(port,type,value); -res = pread(cmd:"ldapsearch", argv: args, nice: 5); -res = res_check(res); -#this is insecure, but unfortunately there's no other way to do this at the moment. -if(res){ - makereport(res, type); + res = pread(cmd:"ldapsearch", argv: args, nice: 5); + res = res_check(res); + #this is insecure, but unfortunately there's no other way to do this at the moment. + if(res){ + bind_report = makereport(res, type); + } } + +if(bind_report || base_report) { + + data = string("Grabbed the following information with a null-bind, null-base request:\n"); + + if(bind_report == base_report) { + data += bind_report; + } else { + data += bind_report + base_report; + } + + security_note(port:port,data:data); + exit(0); + +} + +exit(0); Added: trunk/openvas-plugins/scripts/polipo_37226.nasl =================================================================== --- trunk/openvas-plugins/scripts/polipo_37226.nasl 2009-12-08 11:03:15 UTC (rev 6096) +++ trunk/openvas-plugins/scripts/polipo_37226.nasl 2009-12-08 11:57:07 UTC (rev 6097) @@ -0,0 +1,88 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Polipo Malformed HTTP GET Request Memory Corruption Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100379); + script_bugtraq_id(37226); + script_version ("1.0-$Revision$"); + + script_name("Polipo Malformed HTTP GET Request Memory Corruption Vulnerability"); + +desc = "Overview: +Polipo is prone to a memory-corruption vulnerability. + +Successful exploits may allow remote attackers to execute arbitrary +code within the context of the affected application or crash the +application, denying service to legitimate users. + +Polipo 0.9.8 and 1.0.4 are vulnerable; other versions may also +be affected. + +References: +http://www.securityfocus.com/bid/37226 +http://www.pps.jussieu.fr/~jch/software/polipo/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Polipo is prone to a memory-corruption vulnerability"); + script_category(ACT_DENIAL); + script_family("Web Servers"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 8123); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); + +if(safe_checks())exit(0); + +port = get_http_port(default:8123); +if(!get_port_state(port))exit(0); + +banner = get_http_banner(port: port); +if(!banner)exit(0); + +if(egrep(pattern:"Server: Polipo", string:banner)) + { + + soc = http_open_socket(port); + req = string("GET / HTTP/1.1\r\nContent-Length: 2147483602\r\n\r\n"); + send(socket:soc, data:req); + + if(http_is_dead(port:port)) { + security_warning(port:port); + exit(0); + } + + } + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/polipo_37226.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Tue Dec 8 22:02:27 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 8 Dec 2009 22:02:27 +0100 (CET) Subject: [Openvas-commits] r6098 - in trunk/openvas-plugins: . scripts Message-ID: <20091208210227.B4790861F2EE@pyrosoma.intevation.org> Author: mime Date: 2009-12-08 22:02:24 +0100 (Tue, 08 Dec 2009) New Revision: 6098 Added: trunk/openvas-plugins/scripts/awstats_37157.nasl trunk/openvas-plugins/scripts/invision_power_board_37208.nasl trunk/openvas-plugins/scripts/phpshop_37227.nasl trunk/openvas-plugins/scripts/phpshop_detect.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/polipo_37226.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-08 11:57:07 UTC (rev 6097) +++ trunk/openvas-plugins/ChangeLog 2009-12-08 21:02:24 UTC (rev 6098) @@ -1,5 +1,16 @@ 2009-12-08 Michael Meyer + * scripts/phpshop_37227.nasl, + scripts/invision_power_board_37208.nasl, + scripts/phpshop_detect.nasl, + scripts/awstats_37157.nasl: + Added new plugins. + + * scripts/polipo_37226.nasl: + Exit if !soc. + +2009-12-08 Michael Meyer + * scripts/iWeb_37228.nasl, scripts/CoreHTTP_37237.nasl, scripts/polipo_37226.nasl: Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-08 11:57:07 UTC (rev 6097) +++ trunk/openvas-plugins/cve_current.txt 2009-12-08 21:02:24 UTC (rev 6098) @@ -354,5 +354,8 @@ 37228 Greenbone svn R 37226 Greenbone svn R 37237 Greenbone svn R +37227 Greenbone svn R +37208 Greenbone svn R +37157 Greenbone svn R Added: trunk/openvas-plugins/scripts/awstats_37157.nasl =================================================================== --- trunk/openvas-plugins/scripts/awstats_37157.nasl 2009-12-08 11:57:07 UTC (rev 6097) +++ trunk/openvas-plugins/scripts/awstats_37157.nasl 2009-12-08 21:02:24 UTC (rev 6098) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# AWStats Multiple Unspecified Security Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100380); + script_bugtraq_id(37157); + script_version ("1.0-$Revision$"); + + script_name("AWStats Multiple Unspecified Security Vulnerabilities"); + +desc = "Overview: +AWStats is prone to multiple security vulnerabilities. + +Very few details are available. We will update this BID as more +information emerges. + +The impact of these issues has not been disclosed. + +Solution: +Updates are available. Please see the references for details. + +References: +http://www.securityfocus.com/bid/37157 +http://awstats.sourceforge.net/docs/awstats_changelog.txt +http://awstats.sourceforge.net/ + +Risk factor : Low"; + + script_description(desc); + script_summary("Determine if AWStats version is < 6.95"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("awstats_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if(!version = get_kb_item(string("www/", port, "/awstats")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_less(version: vers, test_version: "6.95")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/awstats_37157.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/invision_power_board_37208.nasl =================================================================== --- trunk/openvas-plugins/scripts/invision_power_board_37208.nasl 2009-12-08 11:57:07 UTC (rev 6097) +++ trunk/openvas-plugins/scripts/invision_power_board_37208.nasl 2009-12-08 21:02:24 UTC (rev 6098) @@ -0,0 +1,95 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Invision Power Board Local File Include and SQL Injection Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100381); + script_bugtraq_id(37208); + script_version ("1.0-$Revision$"); + + script_name("Invision Power Board Local File Include and SQL Injection Vulnerabilities"); + +desc = "Overview: +Invision Power Board is prone to a local file-include vulnerability +and multiple SQL-injection vulnerabilities because it fails to +properly sanitize user-supplied input. + +An attacker can exploit the local file-include vulnerability using directory- +traversal strings to view and execute arbitrary local files within the +context of the webserver process. Information harvested may aid in +further attacks. + +The attacker can exploit the SQL-injection vulnerabilities to +compromise the application, access or modify data, or exploit latent +vulnerabilities in the underlying database. + +Invision Power Board 3.0.4 and 2.3.6 are vulnerable; other versions +may also be affected. + +References: +http://www.securityfocus.com/bid/37208 +http://www.invisionpower.com/community/board/index.html +http://www.securityfocus.com/archive/1/508207 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if Invision Power Board version is 3.0.4 or 2.3.6"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("invision_power_board_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/invision_power_board")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_equal(version: vers, test_version: "3.0.4") || + version_is_equal(version: vers, test_version: "2.3.6") + ) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/invision_power_board_37208.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/phpshop_37227.nasl =================================================================== --- trunk/openvas-plugins/scripts/phpshop_37227.nasl 2009-12-08 11:57:07 UTC (rev 6097) +++ trunk/openvas-plugins/scripts/phpshop_37227.nasl 2009-12-08 21:02:24 UTC (rev 6098) @@ -0,0 +1,89 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# PhpShop Cross-Site Scripting and SQL Injection Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100383); + script_bugtraq_id(37227); + script_version ("1.0-$Revision$"); + + script_name("PhpShop Cross-Site Scripting and SQL Injection Vulnerabilities"); + +desc = "Overview: +PhpShop is prone to a cross-site scripting vulnerability and multiple +SQL-injection vulnerabilities because it fails to adequately sanitize +user-supplied input. + +Exploiting these issues could allow an attacker to steal cookie- +based authentication credentials, compromise the application, +access or modify data, or exploit latent vulnerabilities in the +underlying database. + +PhpShop 0.8.1 is vulnerable; other versions may also be affected. + +References: +http://www.securityfocus.com/bid/37227 +http://www.phpshop.org/ +http://www.securityfocus.com/archive/1/508243 + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if PhpShop is prone to multiple vulnerabilities"); + script_category(ACT_ATTACK); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("phpshop_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/SET_ME")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +dir = matches[2]; +if(isnull(dir))exit(0); + +url = string(dir,"/?page=shop/flypage&product_id=1011%27/**/union/**/select/**/1,1,1,1,1,password,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,1,0x4f70656e5641532d53514c2d496e6a656374696f6e2d54657374/**/from/**/auth_user_md5--%20aaa"); +req = http_get(item:url, port:port); +buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); +if( buf == NULL )exit(0); + +if(egrep(pattern: "OpenVAS-SQL-Injection-Test", string: buf)) { + security_warning(port:port); + exit(0); +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/phpshop_37227.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/phpshop_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/phpshop_detect.nasl 2009-12-08 11:57:07 UTC (rev 6097) +++ trunk/openvas-plugins/scripts/phpshop_detect.nasl 2009-12-08 21:02:24 UTC (rev 6098) @@ -0,0 +1,123 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# PhpShop Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running PhpShop, a PHP-powered shopping cart application. + +See also: +http://www.phpshop.org/ + +Risk factor : None"; + +if (description) +{ + script_id(100382); + script_version ("1.0-$Revision$"); + + script_name("PhpShop Detection"); + script_description(desc); + script_summary("Checks for the presence of PhpShop"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/shop","/phpshop",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "Powered by ]+>phpShop", string: buf, icase: TRUE)) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + ### try to get version + version = eregmatch(string: buf, pattern: "Powered by ]+>phpShop ([0-9.]+)",icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + if(version_is_equal(version: vers, test_version: "0.8.0")) { # downloaded version 0.8.1 but /WEB-INF/etc/config.php contains "define("PHPSHOP_VERSION","0.8.0");". In README.txt -> "phpShop version 0.8.1". So if version is 0.8.0 check README.txt to make sure we got the real version. + url = string(dir, "/README.txt"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if(buf) { + version = eregmatch(string: buf, pattern:"phpShop version ([0-9.]+)"); + if(!isnull(version[1]) && version[1] != vers) { + vers = version[1]; + } + } + } + } + + + set_kb_item(name: string("www/", port, "/phpshop"), value: string(vers," under ",install)); + + info = string("None\n\nPhpShop Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} + +exit(0); + Property changes on: trunk/openvas-plugins/scripts/phpshop_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/polipo_37226.nasl =================================================================== --- trunk/openvas-plugins/scripts/polipo_37226.nasl 2009-12-08 11:57:07 UTC (rev 6097) +++ trunk/openvas-plugins/scripts/polipo_37226.nasl 2009-12-08 21:02:24 UTC (rev 6098) @@ -74,6 +74,8 @@ { soc = http_open_socket(port); + if(!soc)exit(0); + req = string("GET / HTTP/1.1\r\nContent-Length: 2147483602\r\n\r\n"); send(socket:soc, data:req); From scm-commit at wald.intevation.org Wed Dec 9 01:34:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 01:34:34 +0100 (CET) Subject: [Openvas-commits] r6099 - in trunk/openvas-libraries: . misc Message-ID: <20091209003434.1D864865F461@pyrosoma.intevation.org> Author: timb Date: 2009-12-09 01:34:32 +0100 (Wed, 09 Dec 2009) New Revision: 6099 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/network.c Log: Fixed a potential resource leak Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-08 21:02:24 UTC (rev 6098) +++ trunk/openvas-libraries/ChangeLog 2009-12-09 00:34:32 UTC (rev 6099) @@ -1,3 +1,7 @@ +2009-12-09 Tim Brown + + * misc/network.c: Fixed a potential resource leak. + 2009-12-07 Felix Wolfsteller * misc/pcap.c: Cosmetics and docs. Modified: trunk/openvas-libraries/misc/network.c =================================================================== --- trunk/openvas-libraries/misc/network.c 2009-12-08 21:02:24 UTC (rev 6098) +++ trunk/openvas-libraries/misc/network.c 2009-12-09 00:34:32 UTC (rev 6099) @@ -582,7 +582,6 @@ /** helper function copied from cli.c from GnuTLS Reads a file into a gnutls_datum - @todo Fix the resource leak of FILE *f **/ static gnutls_datum load_file (const char *file) @@ -592,18 +591,20 @@ long filelen; void *ptr; - if (!(f = fopen(file, "r")) - || fseek(f, 0, SEEK_END) != 0 + if (!(f = fopen(file, "r"))) return loaded_file; + if (fseek(f, 0, SEEK_END) != 0 || (filelen = ftell(f)) < 0 || fseek(f, 0, SEEK_SET) != 0 || !(ptr = emalloc((size_t) filelen)) || fread(ptr, 1, (size_t) filelen, f) < (size_t) filelen) { + fclose(f); return loaded_file; } loaded_file.data = ptr; loaded_file.size = (unsigned int) filelen; + fclose(f); return loaded_file; } From scm-commit at wald.intevation.org Wed Dec 9 01:55:25 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 01:55:25 +0100 (CET) Subject: [Openvas-commits] r6100 - in trunk/openvas-client: . openvas Message-ID: <20091209005525.B5585861F2EE@pyrosoma.intevation.org> Author: timb Date: 2009-12-09 01:55:24 +0100 (Wed, 09 Dec 2009) New Revision: 6100 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/read_target_file.c Log: Fixed potential resource leak Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-12-09 00:34:32 UTC (rev 6099) +++ trunk/openvas-client/ChangeLog 2009-12-09 00:55:24 UTC (rev 6100) @@ -1,3 +1,7 @@ +2009-12-09 Tim Brown + + * openvas/read_target_file.c: Fixed potential resource leak. + 2009-12-07 Michael Wiegand Post-release version bump. Modified: trunk/openvas-client/openvas/read_target_file.c =================================================================== --- trunk/openvas-client/openvas/read_target_file.c 2009-12-09 00:34:32 UTC (rev 6099) +++ trunk/openvas-client/openvas/read_target_file.c 2009-12-09 00:55:24 UTC (rev 6100) @@ -165,6 +165,7 @@ if (lstat (filename, &sb) != 0) { show_error(_("Cannot stat %s (%s)\n"), filename, strerror(errno)); + close(fd); return 0; } len = (int)sb.st_size; @@ -179,11 +180,11 @@ show_error(_("file mapping failed: unexpected end-of-file\n")); else show_error(_("file mapping failed: %s\n"), strerror(errno)); + close(fd); return 0; } } while (offs += n, (left -= n) > 0) ; - t = ret; while((t=strchr(t, '\n')))t[0]=','; t = ret; @@ -203,6 +204,7 @@ // Strip out the virtual hosts. result = translate_vhosts (ret); + close(fd); efree (&ret); return (result); } From scm-commit at wald.intevation.org Wed Dec 9 01:59:18 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 01:59:18 +0100 (CET) Subject: [Openvas-commits] r6101 - in trunk/openvas-client: . openvas/prefs_dialog Message-ID: <20091209005918.5482C861F2EE@pyrosoma.intevation.org> Author: timb Date: 2009-12-09 01:59:14 +0100 (Wed, 09 Dec 2009) New Revision: 6101 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c Log: Fixed potential resource leak Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-12-09 00:55:24 UTC (rev 6100) +++ trunk/openvas-client/ChangeLog 2009-12-09 00:59:14 UTC (rev 6101) @@ -2,6 +2,9 @@ * openvas/read_target_file.c: Fixed potential resource leak. + * openvas/prefs_dialog/prefs_scope_tree.c: Fixed potential resource + leak. + 2009-12-07 Michael Wiegand Post-release version bump. Modified: trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c =================================================================== --- trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-12-09 00:55:24 UTC (rev 6100) +++ trunk/openvas-client/openvas/prefs_dialog/prefs_scope_tree.c 2009-12-09 00:59:14 UTC (rev 6101) @@ -1144,6 +1144,7 @@ show_error (_("%s: failed to chdir to %s"), context->dir, __FUNCTION__); + close(pwd); return -6; } @@ -1151,6 +1152,7 @@ { show_error (_("%s: failed to symlink to parent NVT cache"), __FUNCTION__); + close(pwd); return -6; } @@ -1159,7 +1161,6 @@ __FUNCTION__); close (pwd); - return 0; } } From scm-commit at wald.intevation.org Wed Dec 9 02:52:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 02:52:45 +0100 (CET) Subject: [Openvas-commits] r6102 - trunk/tools Message-ID: <20091209015245.5463C861F2EE@pyrosoma.intevation.org> Author: timb Date: 2009-12-09 02:52:44 +0100 (Wed, 09 Dec 2009) New Revision: 6102 Modified: trunk/tools/code-analysis.sh Log: Added support for cppcheck Added verbose mode to display flawfinder and cppcheck output Noted openvas-server and openvas-libnasl are deprecated modules Added openvas-manager, openvas-administrator and gsa modules No longer terminates if no releases selected, to give trunk a chance Optimised flawfinder checks Modified: trunk/tools/code-analysis.sh =================================================================== --- trunk/tools/code-analysis.sh 2009-12-09 00:59:14 UTC (rev 6101) +++ trunk/tools/code-analysis.sh 2009-12-09 01:52:44 UTC (rev 6102) @@ -6,9 +6,11 @@ # # Authors: # Jan-Oliver Wagner +# Tim Brown # # Copyright: # Copyright (C) 2008 Intevation GmbH +# Copyright (C) 2009 Tim Brown # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2, @@ -22,6 +24,16 @@ # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# +# 2009-12-09 Tim Brown +# +# * Added support for cppcheck. +# * Added verbose mode to display flawfinder and cppcheck output. +# * Noted openvas-server and openvas-libnasl are deprecated modules. +# * Added openvas-manager, openvas-administrator and gsa modules. +# * No longer terminates if no releases selected, to give trunk a chance. +# * Optimised flawfinder checks. +# TMPDIR=/tmp/openvas-code-qa rm -rf $TMPDIR @@ -30,23 +42,30 @@ # uncomment the tests you want to run: FLAWFINDER=yes -GCCWALL=yes +CPPCHECK=yes +GCCWALL=no # set this to "yes" if you want to test trunk as well -TESTTRUNK=no +TESTTRUNK=yes +# set this to "yes" for verbose reporting + +VERBOSE=yes + # uncomment one of these pairs to analyse a module: +# note this module is deprecated, see openvas-scanner +#MODULE=openvas-server +#RELEASES="0.9.0 0.9.1 0.9.2" + #MODULE=openvas-libraries #RELEASES="0.9.0 0.9.1 1.0.0" +# note this module is deprecated, see openvas-libraries #MODULE=openvas-libnasl #RELEASES="0.9.0" "0.9.1" "0.9.2" "1.0.0" -#MODULE=openvas-server -#RELEASES="0.9.0 0.9.1 0.9.2" - # note these take a long time because if the many .nasl files #MODULE=openvas-plugins #RELEASES="0.9.1" @@ -54,8 +73,17 @@ #MODULE=openvas-client #RELEASES="0.9.1 1.0.0 1.0.1 1.0.2" +#MODULE=openvas-manager +#RELEASES="" + +#MODULE=openvas-administrator +#RELEASES="" + +#MODULE=gsa +#RELEASES="" + if [ -z "$MODULE" ] ; then echo "Error: You need to uncomment a module name" ; exit ; fi -if [ -z "$RELEASES" ] ; then echo "Error: You need to uncomment a releases list" ; exit ; fi +if [ -z "$RELEASES" ] ; then echo "Warning: Skipping releases" ; fi echo "Analysis of $MODULE:" for release in $RELEASES ; do @@ -63,9 +91,21 @@ svn export -q https://svn.wald.intevation.org/svn/openvas/tags/$MODULE-release-$release/ $TMPDIR/$MODULE-release-$release echo "$MODULE $release:" if [ $FLAWFINDER = "yes" ] ; then - flawfinder $TMPDIR/$MODULE-release-$release | grep "(SLOC)" ; - flawfinder $TMPDIR/$MODULE-release-$release | grep Hits + flawfinder $TMPDIR/$MODULE-release-$release > $TMPDIR/$MODULE-release-$release.flawfinder.$$ 2> /dev/null + grep "(SLOC)" $TMPDIR/$MODULE-release-$release.flawfinder.$$ + grep "Hits" $TMPDIR/$MODULE-release-$release.flawfinder.$$ + [ $VERBOSE = "yes" ] && cat $TMPDIR/$MODULE-release-$release.flawfinder.$$ + rm $TMPDIR/$MODULE-release-$release.flawfinder.$$ fi + if [ $CPPCHECK = "yes" ] ; then + cppcheck -q -f -a $TMPDIR/$MODULE-release-$release > $TMPDIR/$MODULE-release-$release.cppcheck.$$ 2>&1 + echo "cppcheck error counting..." + grep "(error)" $TMPDIR/$MODULE-release-$release.cppcheck.$$ 2>&1 | wc -l + echo "cppcheck possible error counting.." + grep "(possible error)" $TMPDIR/$MODULE-release-$release.cppcheck.$$ 2>&1 | wc -l + [ $VERBOSE = "yes" ] && cat $TMPDIR/$MODULE-release-$release.cppcheck.$$ + rm $TMPDIR/$MODULE-release-$release.cppcheck.$$ + fi if [ $GCCWALL = "yes" ] ; then echo "gcc -Wall counting ..."; ( cd $TMPDIR/$MODULE-release-$release ; CFLAGS=-Wall ./configure > stub 2>&1 && CFLAGS=-Wall make > log 2>&1 && grep "warning:" log | wc -l ) @@ -76,9 +116,21 @@ svn export -q https://svn.wald.intevation.org/svn/openvas/trunk/$MODULE $TMPDIR/$MODULE-trunk ; echo "$MODULE trunk:" ; if [ $FLAWFINDER = "yes" ] ; then - flawfinder $TMPDIR/$MODULE-trunk | grep "(SLOC)" ; - flawfinder $TMPDIR/$MODULE-trunk | grep Hits + flawfinder $TMPDIR/$MODULE-trunk > $TMPDIR/$MODULE-trunk.flawfinder.$$ 2> /dev/null + grep "(SLOC)" $TMPDIR/$MODULE-trunk.flawfinder.$$ + grep "Hits" $TMPDIR/$MODULE-trunk.flawfinder.$$ + [ $VERBOSE = "yes" ] && cat $TMPDIR/$MODULE-trunk.flawfinder.$$ + rm $TMPDIR/$MODULE-trunk.flawfinder.$$ fi + if [ $CPPCHECK = "yes" ] ; then + cppcheck -q -f -a $TMPDIR/$MODULE-trunk > $TMPDIR/$MODULE-trunk.cppcheck.$$ 2>&1 + echo "cppcheck error counting..." + grep "(error)" $TMPDIR/$MODULE-trunk.cppcheck.$$ 2>&1 | wc -l + echo "cppcheck possible error counting.." + grep "(possible error)" $TMPDIR/$MODULE-trunk.cppcheck.$$ 2>&1 | wc -l + [ $VERBOSE = "yes" ] && cat $TMPDIR/$MODULE-trunk.cppcheck.$$ + rm $TMPDIR/$MODULE-trunk.cppcheck.$$ + fi if [ $GCCWALL = "yes" ] ; then echo "gcc -Wall counting ..."; ( cd $TMPDIR/$MODULE-trunk ; CFLAGS=-Wall ./configure > stub 2>&1 && CFLAGS=-Wall make > log 2>&1 && grep "warning:" log | wc -l ) From scm-commit at wald.intevation.org Wed Dec 9 03:10:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 03:10:22 +0100 (CET) Subject: [Openvas-commits] r6103 - in trunk/openvas-client: . openvas Message-ID: <20091209021022.7EADC865F46E@pyrosoma.intevation.org> Author: timb Date: 2009-12-09 03:10:20 +0100 (Wed, 09 Dec 2009) New Revision: 6103 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/openvas/nbe_output.c Log: Fixed potential resource leak and spotted a couple more Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-12-09 01:52:44 UTC (rev 6102) +++ trunk/openvas-client/ChangeLog 2009-12-09 02:10:20 UTC (rev 6103) @@ -5,6 +5,8 @@ * openvas/prefs_dialog/prefs_scope_tree.c: Fixed potential resource leak. + * openvas/nbe_output.c: Fixed potential resource leak. + 2009-12-07 Michael Wiegand Post-release version bump. Modified: trunk/openvas-client/openvas/nbe_output.c =================================================================== --- trunk/openvas-client/openvas/nbe_output.c 2009-12-09 01:52:44 UTC (rev 6102) +++ trunk/openvas-client/openvas/nbe_output.c 2009-12-09 02:10:20 UTC (rev 6103) @@ -31,6 +31,8 @@ * @brief Initializes a backend with contents from a nbe report file (or stdin). * * I.e. copy file contents to backends file. + * + * @todo Where does befd get cleaned up? Also should check that initial open works * * @param filename Filename of nbe file to import from or "-" for stdin. * @@ -65,6 +67,8 @@ * * Does not handle the case where the backend is not * a file. + * + * @todo Where does befd get cleaned up? Also should check that initial open works. * * @param filename name of file or "-" for stdout. */ @@ -105,6 +109,7 @@ if(e < 0) { perror("read "); + close(fd); return -1; } write(fd, buf, e); From scm-commit at wald.intevation.org Wed Dec 9 03:18:50 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 03:18:50 +0100 (CET) Subject: [Openvas-commits] r6104 - trunk/sladinstaller Message-ID: <20091209021850.276BC865F46E@pyrosoma.intevation.org> Author: timb Date: 2009-12-09 03:18:48 +0100 (Wed, 09 Dec 2009) New Revision: 6104 Modified: trunk/sladinstaller/ChangeLog trunk/sladinstaller/tools.cpp Log: Fixed some memory leaks as reported by cppcheck Modified: trunk/sladinstaller/ChangeLog =================================================================== --- trunk/sladinstaller/ChangeLog 2009-12-09 02:10:20 UTC (rev 6103) +++ trunk/sladinstaller/ChangeLog 2009-12-09 02:18:48 UTC (rev 6104) @@ -1,3 +1,7 @@ +2009-12-09 Tim Brown + + * tools.cpp: Fixed some memory leaks as reported by cppcheck. + 2009-07-16 Michael Wiegand * gtk.cpp: Updated PROG_WEBSITE to point to the new SLAD URL. Modified: trunk/sladinstaller/tools.cpp =================================================================== --- trunk/sladinstaller/tools.cpp 2009-12-09 02:10:20 UTC (rev 6103) +++ trunk/sladinstaller/tools.cpp 2009-12-09 02:18:48 UTC (rev 6104) @@ -108,9 +108,10 @@ return 0; CURL *curl=curl_easy_init(); - if(!curl) + if(!curl) { fclose(f); return 0; + } curl_easy_setopt(curl, CURLOPT_URL, url.c_str()); curl_easy_setopt(curl, CURLOPT_WRITEDATA, f); // see curl_easy_setopt(3) for issues with Win32 dll @@ -213,8 +214,10 @@ PROGRESS(_("downloading package from server")); CURL *curl=curl_easy_init(); - if(!curl) + if(!curl) { + fclose(f); return std::string(SLAD_ERROR)+' '+_("could not init CURL library"); + } curl_easy_setopt(curl, CURLOPT_URL, package.c_str()); curl_easy_setopt(curl, CURLOPT_WRITEDATA, f); // see curl_easy_setopt(3) for issues with Win32 dll From scm-commit at wald.intevation.org Wed Dec 9 07:52:57 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 07:52:57 +0100 (CET) Subject: [Openvas-commits] r6105 - in trunk/openvas-plugins: . scripts Message-ID: <20091209065257.A5B71865F470@pyrosoma.intevation.org> Author: chandra Date: 2009-12-09 07:52:52 +0100 (Wed, 09 Dec 2009) New Revision: 6105 Added: trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/cpe.inc Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-09 02:18:48 UTC (rev 6104) +++ trunk/openvas-plugins/ChangeLog 2009-12-09 06:52:52 UTC (rev 6105) @@ -1,3 +1,13 @@ +2009-12-09 Chandrashekhar B + + * scripts/gb_ruby_rails_xss_vuln_lin.nasl, + scripts/gb_flashlight_detect.nasl, + scripts/gb_moziloCMS_mult_xss_vuln.nasl, + scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl: + Added new plugns. + + * scripts/cpe.inc: Added new KB items. + 2009-12-08 Michael Meyer * scripts/phpshop_37227.nasl, Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-09 02:18:48 UTC (rev 6104) +++ trunk/openvas-plugins/cve_current.txt 2009-12-09 06:52:52 UTC (rev 6105) @@ -357,5 +357,7 @@ 37227 Greenbone svn R 37208 Greenbone svn R 37157 Greenbone svn R +CVE-2009-4209 SecPod svn R +CVE-2009-4204 SecPod svn R +CVE-2009-4205 SecPod svn R - Modified: trunk/openvas-plugins/scripts/cpe.inc =================================================================== --- trunk/openvas-plugins/scripts/cpe.inc 2009-12-09 02:18:48 UTC (rev 6104) +++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-09 06:52:52 UTC (rev 6105) @@ -677,6 +677,7 @@ "www/*/flatpress", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:flatpress:flatpress:", "www/*/PHPGenealogie", "^([0-9.]+)", "cpe:/a:phpgenealogy:phpgenealogy:", "www/*/OPT", "^([0-9.]+)", "cpe:/a:lanifex:outreach_project_tool:", +"www/*//Flashlight/Free", "^([0-9.]+)", "cpe:/a:ringsworld:flashlight_free_edition:", "BackupPC/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:craig_barratt:backuppc:", "www/*/MRBS", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:john_beranek:meeting_room_booking_system:", "IBM/InstallMang/Win/Ver", "^([0-9.]+)", "cpe:/a:ibm:installation_manager:", Added: trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl 2009-12-09 02:18:48 UTC (rev 6104) +++ trunk/openvas-plugins/scripts/gb_flashlight_detect.nasl 2009-12-09 06:52:52 UTC (rev 6105) @@ -0,0 +1,68 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: gb_flashlight_detect.nasl 6076 2009-12-07 16:25:36Z dec $ +# +# Flashlight Version Detection +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801074); + script_version("Revision: 1.0"); + script_name("Flashlight Version Detection"); + desc = " + Overview: This script finds the running Flashlight version and saves + the result in KB. + + Risk factor: Informational"; + + script_description(desc); + script_summary("Set the version of Flashlight in KB"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Service detection"); + script_dependencies("find_service.nes"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); + +flightPort = get_http_port(default:80); +if(!flightPort){ + exit(0); +} + +foreach path (make_list("/", "/flashlight", "/flash", cgi_dirs())) +{ + sndReq = http_get(item:string(path, "/README.txt"), port:flightPort); + rcvRes = http_send_recv(port:flightPort, data:sndReq); + if("Flashlight Free Edition" >< rcvRes) + { + flightVer = eregmatch(pattern:"[V|v]ersion: ([0-9.]+)", string:rcvRes); + if(flightVer[1] != NULL){ + set_kb_item(name:"www/" + flightPort + "/Flashlight/Free", + value:flightVer[1] + " under " + path); + } + } +} Added: trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl 2009-12-09 02:18:48 UTC (rev 6104) +++ trunk/openvas-plugins/scripts/gb_flashlight_sql_inj_n_dir_trav_vuln.nasl 2009-12-09 06:52:52 UTC (rev 6105) @@ -0,0 +1,99 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_flashlight_sql_inj_n_dir_trav_vuln.nasl 6076 2009-12-07 15:11:27Z dec $ +# +# Flashlight Free Edition SQL Injection and Directory Traversal Vulnerability +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801075); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4204","CVE-2009-4205"); + script_name("Flashlight Free Edition SQL Injection and Directory Traversal Vulnerability"); + desc = " + Overview: The host is running Flashlight Free Edition and is prone to SQL + Injection and Directory Traversal Vulnerability. + + Vulnerability Insight: + Flaws are due to: + - An error in 'read.php' which is not properly sanitizing user supplied input + before being used in SQL queries via 'id' parameter. + - An error in 'admin.php' which is not properly sanitizing user supplied input + before being used via a .. (dot dot) in the action 'parameter' which causes + directory traversal attacks in the application context. + + Impact: + Successful exploitation could allow remote attackers to view, add, modify + or delete information in the back end database or include arbitrary files + from local and remote resources to compromise a vulnerable server. + + Impact Level: Network/System. + + Affected Software/OS: + Flashlight Free version 1.0 on all running platform. + + Fix: + No solution or patch is available as on 07th December, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://scripts.ringsworld.com/communication-tools + + References: + http://www.milw0rm.com/exploits/8856 + http://xforce.iss.net/xforce/xfdb/50906 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version of Flashlight"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("gb_flashlight_detect.nasl"); + script_family("Web application abuses"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +fPort = get_http_port(default:80); +if(!fPort){ + exit(0); +} + +fVer = get_kb_item("www/" + fPort + "/Flashlight/Free"); +if(!fVer){ + exit(0); +} + +fVer = eregmatch(pattern:"^(.+) under (/.*)$", string:fVer); +if(fVer[1] != NULL) +{ + if(version_is_equal(version:fVer[1], test_version:"1.0")){ + security_hole(fPort); + } +} Added: trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl 2009-12-09 02:18:48 UTC (rev 6104) +++ trunk/openvas-plugins/scripts/gb_moziloCMS_mult_xss_vuln.nasl 2009-12-09 06:52:52 UTC (rev 6105) @@ -0,0 +1,98 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_moziloCMS_mult_xss_vuln.nasl 6078 2009-12-07 15:11:27Z dec $ +# +# moziloCMS Multiple Cross Site Scripting Vulnerabilities +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801076); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4209"); + script_bugtraq_id(35212); + script_name("moziloCMS Multiple Cross Site Scripting Vulnerabilities"); + desc = " + Overview: The host is running moziloCMS and is prone to Multiple Cross Site + Scripting Vulnerabilities + + Vulnerability Insight: + The flaws are due to an error in 'admin/index.php'. The input values are not + properly verified before being used via 'cat' and file parameters in an + 'editsite' action. + + Impact: + Successful exploitation will allow remote attackers to execute arbitrary HTML + and script code in a user's browser session in the context of an affected + site. + + Impact Level: Application. + + Affected Software/OS: + moziloCMS version 1.11.1 and prior on all running platform. + + Fix: + No solution or patch is available as on 07th December, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://cms.mozilo.de/index.php?cat=10_moziloCMS&page=50_Download + + References: + http://en.securitylab.ru/nvd/388498.php + http://downloads.securityfocus.com/vulnerabilities/exploits/35212.txt + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 6.7 + Risk factor : High"; + + script_description(desc); + script_summary("Check for the version of moziloCMS "); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("mozilloCMS_detect.nasl"); + script_family("Web application abuses"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +mzVer = get_http_port(default:80); +if(!mzVer){ + exit(0); +} + +mzVer = get_kb_item("www/" + mzVer + "/moziloCMS"); +if(!mzVer){ + exit(0); +} + +mzVer = eregmatch(pattern:"^(.+) under (/.*)$", string:mzVer); +if(mzVer[1] != NULL) +{ + if(version_is_less_equal(version:mzVer[1], test_version:"1.11.1")){ + security_hole(mzVer); + } +} + Added: trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl 2009-12-09 02:18:48 UTC (rev 6104) +++ trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl 2009-12-09 06:52:52 UTC (rev 6105) @@ -0,0 +1,98 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_ruby_rails_xss_vuln_lin.nasl 6090 2009-12-08 19:05:55Z dec $ +# +# Ruby on Rails 'strip_tags' Cross Site Scripting Vulnerability (Linux) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net +# +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(801078); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-4214"); + script_bugtraq_id(37142); + script_name("Ruby on Rails 'strip_tags' Cross Site Scripting Vulnerability (Linux)"); + desc = " + Overview: The host is running Ruby on Rails, which is prone to Cross Site + Scripting Vulnerability. + + Vulnerability Insight: + This issue is caused due to the error in 'strip_tagi()' function which is + not properly escaping non-printable ascii characters. + + Impact: + Successful exploitation will let the attacker to execute arbitrary script code + in the browser of an unsuspecting user in the context of the affected site or + steal cookie-based authentication credentials and launch other attacks. + + Impact Level: Application + + Affected Software/OS: + Ruby on Rails version before 2.3.5 + + Fix: + Apply the security patches or upgrade to Ruby on Rails version 2.3.5 + http://github.com/rails/rails/ + http://rubyonrails.org/download + + ***** + NOTE: Ignore this warning, if above mentioned patch is manually applied. + ***** + + References: + http://secunia.com/advisories/37446 + http://www.securitytracker.com/id?1023245 + http://www.vupen.com/english/advisories/2009/3352 + http://www.openwall.com/lists/oss-security/2009/11/27/2 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.5 + Risk factor: High"; + + script_description(desc); + script_summary("Check for the version of Ruby on Rails"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); + script_family("Web application abuses"); + script_dependencies("gb_ruby_rails_detect.nasl"); + script_require_keys("Ruby-Rails/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +railsPort = 3000; + +if(!get_port_state(railsPort)){ + exit(0); +} + +railsVer = get_kb_item("Ruby-Rails/Linux/Ver"); + +if(railsVer){ + if(version_is_less(version:railsVer, test_version:"2.3.5")){ + security_hole(railsPort); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_ruby_rails_xss_vuln_lin.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Wed Dec 9 09:42:30 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 09:42:30 +0100 (CET) Subject: [Openvas-commits] r6106 - in trunk/openvas-libraries: . nasl Message-ID: <20091209084230.5C3E0861F2F9@pyrosoma.intevation.org> Author: felix Date: 2009-12-09 09:42:28 +0100 (Wed, 09 Dec 2009) New Revision: 6106 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/nasl/nasl_host.c trunk/openvas-libraries/nasl/nasl_host.h Log: * nasl/nasl_host.c, nasl/nasl_host.h: Cosmetics, added missing includes. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-09 06:52:52 UTC (rev 6105) +++ trunk/openvas-libraries/ChangeLog 2009-12-09 08:42:28 UTC (rev 6106) @@ -1,3 +1,8 @@ +2009-12-09 Felix Wolfsteller + + * nasl/nasl_host.c, nasl/nasl_host.h: Cosmetics, added missing + includes. + 2009-12-09 Tim Brown * misc/network.c: Fixed a potential resource leak. @@ -4,6 +9,10 @@ 2009-12-07 Felix Wolfsteller + * base/pidfile.c: Added missing include. + +2009-12-07 Felix Wolfsteller + * misc/pcap.c: Cosmetics and docs. 2009-12-07 Tim Brown Modified: trunk/openvas-libraries/nasl/nasl_host.c =================================================================== --- trunk/openvas-libraries/nasl/nasl_host.c 2009-12-09 06:52:52 UTC (rev 6105) +++ trunk/openvas-libraries/nasl/nasl_host.c 2009-12-09 08:42:28 UTC (rev 6106) @@ -32,6 +32,7 @@ #include "plugutils.h" /* for plug_get_host_fqdn */ #include "resolve.h" /* for nn_resolve */ #include "system.h" /* for estrdup */ +#include "pcap_openvas.h" /* for v6_is_local_ip */ #include "nasl_tree.h" #include "nasl_global_ctxt.h" @@ -39,7 +40,7 @@ #include "nasl_var.h" #include "nasl_lex_ctxt.h" #include "nasl_debug.h" -#include "exec.h" +#include "exec.h" #include "nasl_host.h" @@ -50,7 +51,8 @@ extern char *v6_routethrough (struct in6_addr *dest, struct in6_addr *source); extern int v6_islocalhost(struct in6_addr *); -tree_cell * get_hostname(lex_ctxt * lexic) +tree_cell * +get_hostname (lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; char * hostname = (char*)plug_get_host_fqdn(script_infos); @@ -66,7 +68,8 @@ return retc; } -tree_cell * get_host_ip(lex_ctxt * lexic) +tree_cell * +get_host_ip (lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; struct in6_addr * ip = plug_get_host_ip(script_infos); @@ -95,7 +98,8 @@ return retc; } -tree_cell * get_host_open_port(lex_ctxt * lexic) +tree_cell * +get_host_open_port (lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; unsigned int port = plug_get_host_open_port(script_infos); @@ -108,7 +112,8 @@ return retc; } -tree_cell * get_port_state(lex_ctxt * lexic) +tree_cell * +get_port_state (lex_ctxt * lexic) { int open; struct arglist * script_infos = lexic->script_infos; @@ -146,7 +151,8 @@ } -tree_cell * nasl_islocalhost(lex_ctxt * lexic) +tree_cell * +nasl_islocalhost (lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; struct in6_addr * dst = plug_get_host_ip(script_infos); @@ -161,7 +167,8 @@ } -tree_cell * nasl_islocalnet(lex_ctxt * lexic) +tree_cell * +nasl_islocalnet (lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; struct in6_addr * ip = plug_get_host_ip(script_infos); @@ -176,7 +183,8 @@ } -tree_cell * nasl_this_host(lex_ctxt * lexic) +tree_cell * +nasl_this_host (lex_ctxt * lexic) { struct arglist * script_infos = lexic->script_infos; tree_cell * retc; @@ -258,17 +266,18 @@ } -tree_cell * nasl_this_host_name(lex_ctxt * lexic) +tree_cell * +nasl_this_host_name (lex_ctxt * lexic) { char * hostname; tree_cell * retc; - + retc = alloc_tree_cell(0, NULL); retc->type = CONST_DATA; - + hostname = emalloc(256); gethostname(hostname, 255); - + retc->x.str_val = hostname; retc->size = strlen(hostname); return retc; Modified: trunk/openvas-libraries/nasl/nasl_host.h =================================================================== --- trunk/openvas-libraries/nasl/nasl_host.h 2009-12-09 06:52:52 UTC (rev 6105) +++ trunk/openvas-libraries/nasl/nasl_host.h 2009-12-09 08:42:28 UTC (rev 6106) @@ -19,6 +19,9 @@ #ifndef NASL_HOST_H #define NASL_HOST_H +#include "nasl_lex_ctxt.h" /* for lex_ctxt */ +#include "nasl_tree.h" /* for tree_cell */ + tree_cell * get_hostname(lex_ctxt * ); tree_cell * get_host_ip(lex_ctxt * ); tree_cell * get_host_open_port(lex_ctxt * ); From scm-commit at wald.intevation.org Wed Dec 9 09:43:58 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 09:43:58 +0100 (CET) Subject: [Openvas-commits] r6107 - in trunk/openvas-libraries: . nasl Message-ID: <20091209084358.A00B0861F2C4@pyrosoma.intevation.org> Author: felix Date: 2009-12-09 09:43:58 +0100 (Wed, 09 Dec 2009) New Revision: 6107 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/nasl/nasl_host.c Log: * nasl/nasl_host.c: Removed extern function declarations. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-09 08:42:28 UTC (rev 6106) +++ trunk/openvas-libraries/ChangeLog 2009-12-09 08:43:58 UTC (rev 6107) @@ -1,5 +1,9 @@ 2009-12-09 Felix Wolfsteller + * nasl/nasl_host.c: Removed extern function declarations. + +2009-12-09 Felix Wolfsteller + * nasl/nasl_host.c, nasl/nasl_host.h: Cosmetics, added missing includes. Modified: trunk/openvas-libraries/nasl/nasl_host.c =================================================================== --- trunk/openvas-libraries/nasl/nasl_host.c 2009-12-09 08:42:28 UTC (rev 6106) +++ trunk/openvas-libraries/nasl/nasl_host.c 2009-12-09 08:43:58 UTC (rev 6107) @@ -44,13 +44,6 @@ #include "nasl_host.h" -extern int is_local_ip (struct in_addr addr); /* pcap.c */ -extern int islocalhost (struct in_addr *addr); /* pcap.c */ -extern char* routethrough (struct in_addr *dest, - struct in_addr *source); /* pcap.c */ -extern char *v6_routethrough (struct in6_addr *dest, struct in6_addr *source); -extern int v6_islocalhost(struct in6_addr *); - tree_cell * get_hostname (lex_ctxt * lexic) { From scm-commit at wald.intevation.org Wed Dec 9 10:00:59 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 10:00:59 +0100 (CET) Subject: [Openvas-commits] r6108 - in trunk/openvas-libraries: . misc Message-ID: <20091209090059.9E3A4861F2C4@pyrosoma.intevation.org> Author: felix Date: 2009-12-09 10:00:56 +0100 (Wed, 09 Dec 2009) New Revision: 6108 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/plugutils.c Log: * misc/plugutils.c: Added TODOs, lead to by compiler warnings of openvas-scanner/cnvts/find_service. Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-09 08:43:58 UTC (rev 6107) +++ trunk/openvas-libraries/ChangeLog 2009-12-09 09:00:56 UTC (rev 6108) @@ -1,5 +1,10 @@ 2009-12-09 Felix Wolfsteller + * misc/plugutils.c: Added TODOs, lead to by compiler warnings of + openvas-scanner/cnvts/find_service. + +2009-12-09 Felix Wolfsteller + * nasl/nasl_host.c: Removed extern function declarations. 2009-12-09 Felix Wolfsteller Modified: trunk/openvas-libraries/misc/plugutils.c =================================================================== --- trunk/openvas-libraries/misc/plugutils.c 2009-12-09 08:43:58 UTC (rev 6107) +++ trunk/openvas-libraries/misc/plugutils.c 2009-12-09 09:00:56 UTC (rev 6108) @@ -1658,10 +1658,19 @@ plug_set_ssl_item(args, "password", key); } +/** @TODO This function is only used in + * openvas-scanner/cnvts/find_service/find_service.c (and implicitely + * declared within there! -> compiler warning). Consider putting this + * function in header and include it from find_services or move + * functionality there if possible). */ +/** @TODO Also, all plug_set_ssl*-functions set values that are only accessed + * in network.c:open_stream_connection under specific conditions. + * Check whether these conditions can actually occur. Document the + * functions on the way. */ void plug_set_ssl_CA_file (struct arglist * args, char * key) { - plug_set_ssl_item(args, "CA", key); + plug_set_ssl_item (args, "CA", key); } char * From scm-commit at wald.intevation.org Wed Dec 9 10:16:17 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 10:16:17 +0100 (CET) Subject: [Openvas-commits] r6109 - in trunk/openvas-libraries: . misc Message-ID: <20091209091617.D3968861F2C4@pyrosoma.intevation.org> Author: chandra Date: 2009-12-09 10:16:14 +0100 (Wed, 09 Dec 2009) New Revision: 6109 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/ids_send.c trunk/openvas-libraries/misc/openvas_server.c trunk/openvas-libraries/misc/plugutils.c trunk/openvas-libraries/misc/www_funcs.c Log: Resolved compiler warnings Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-09 09:00:56 UTC (rev 6108) +++ trunk/openvas-libraries/ChangeLog 2009-12-09 09:16:14 UTC (rev 6109) @@ -1,3 +1,14 @@ +2009-12-09 Chandrashekhar B + + * misc/plugutils.c (mark_post): resolved compiler wanring + + * misc/openvas_server.c (openvas_server_open, openvas_server_connect, + openvas_server_attach): resolved compiler warnings. + + * misc/www_funcs.c (build_encode_URL): Enable IPv6. + + * misc/ids_send.c (ids_open_sock_tcp): resolved compiler warning. + 2009-12-09 Felix Wolfsteller * misc/plugutils.c: Added TODOs, lead to by compiler warnings of Modified: trunk/openvas-libraries/misc/ids_send.c =================================================================== --- trunk/openvas-libraries/misc/ids_send.c 2009-12-09 09:00:56 UTC (rev 6108) +++ trunk/openvas-libraries/misc/ids_send.c 2009-12-09 09:16:14 UTC (rev 6109) @@ -669,6 +669,7 @@ else { family = AF_INET6; + bzero(src6, sizeof(*src6)); iface = v6_routethrough(dst6, src6); src_host = estrdup(inet_ntop(AF_INET6,src6, hostname, sizeof(hostname))); dst_host = estrdup(inet_ntop(AF_INET6,dst6, hostname,sizeof(hostname))); Modified: trunk/openvas-libraries/misc/openvas_server.c =================================================================== --- trunk/openvas-libraries/misc/openvas_server.c 2009-12-09 09:00:56 UTC (rev 6108) +++ trunk/openvas-libraries/misc/openvas_server.c 2009-12-09 09:16:14 UTC (rev 6109) @@ -215,7 +215,7 @@ /* Complete setup of server session. */ gnutls_transport_set_ptr (*session, - (gnutls_transport_ptr_t) server_socket); + (gnutls_transport_ptr_t) GSIZE_TO_POINTER(server_socket)); new_action.sa_flags = 0; if (sigemptyset (&new_action.sa_mask)) @@ -344,7 +344,7 @@ /* Complete setup of server session. */ gnutls_transport_set_ptr (*server_session, - (gnutls_transport_ptr_t) server_socket); + (gnutls_transport_ptr_t) GSIZE_TO_POINTER(server_socket)); new_action.sa_flags = 0; if (sigemptyset (&new_action.sa_mask)) @@ -389,7 +389,7 @@ struct sigaction new_action, original_action; gnutls_transport_set_ptr (*session, - (gnutls_transport_ptr_t) socket); + (gnutls_transport_ptr_t) GSIZE_TO_POINTER(socket)); new_action.sa_flags = 0; if (sigemptyset (&new_action.sa_mask)) Modified: trunk/openvas-libraries/misc/plugutils.c =================================================================== --- trunk/openvas-libraries/misc/plugutils.c 2009-12-09 09:00:56 UTC (rev 6108) +++ trunk/openvas-libraries/misc/plugutils.c 2009-12-09 09:16:14 UTC (rev 6109) @@ -832,15 +832,16 @@ } static void -mark_post (struct arglist * desc, const char* action, char* content) +mark_post (struct arglist * desc, const char* action, const char* content) { char entry_name[255]; + char *ccontent = estrdup(content); if(strlen(action) > (sizeof(entry_name) - 20)) return; snprintf (entry_name, sizeof(entry_name), "SentData/%s/%s", plug_get_oid(desc), action); /* RATS: ignore */ - plug_set_key (desc, entry_name, ARG_STRING, content); + plug_set_key (desc, entry_name, ARG_STRING, ccontent); } Modified: trunk/openvas-libraries/misc/www_funcs.c =================================================================== --- trunk/openvas-libraries/misc/www_funcs.c 2009-12-09 09:00:56 UTC (rev 6108) +++ trunk/openvas-libraries/misc/www_funcs.c 2009-12-09 09:16:14 UTC (rev 6109) @@ -407,10 +407,19 @@ } else if (strcmp(abs_URI_host, "host IP") == 0) { - struct in_addr * ptr; + struct in6_addr * ptr; + char *asc; + char hostname[255]; + if ((ptr = plug_get_host_ip(data)) != NULL) { - char * asc = inet_ntoa(*ptr); + if(IN6_IS_ADDR_V4MAPPED(ptr)) + { + asc = estrdup(inet_ntop(AF_INET, (struct in_addr *)ptr->s6_addr32[3], hostname, sizeof(hostname))); + } + else + asc = estrdup(inet_ntop(AF_INET6, &ptr, hostname, sizeof(hostname))); + strncpy(h, asc, sizeof(h)); } h[sizeof(h)-1] = '\0'; From scm-commit at wald.intevation.org Wed Dec 9 10:18:18 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 10:18:18 +0100 (CET) Subject: [Openvas-commits] r6110 - trunk/openvas-administrator Message-ID: <20091209091818.1128B861F2C4@pyrosoma.intevation.org> Author: mwiegand Date: 2009-12-09 10:18:17 +0100 (Wed, 09 Dec 2009) New Revision: 6110 Modified: trunk/openvas-administrator/CMakeLists.txt trunk/openvas-administrator/ChangeLog Log: * CMakeLists.txt: Removed superfluous test for uuid library. Modified: trunk/openvas-administrator/CMakeLists.txt =================================================================== --- trunk/openvas-administrator/CMakeLists.txt 2009-12-09 09:16:14 UTC (rev 6109) +++ trunk/openvas-administrator/CMakeLists.txt 2009-12-09 09:18:17 UTC (rev 6110) @@ -188,13 +188,6 @@ message (FATAL_ERROR "The glib-2.0 library is required.") endif (NOT GLIB2) -message (STATUS "Looking for uuid...") -FIND_LIBRARY (UUID uuid) -message (STATUS "Looking for uuid... ${UUID}") -if (NOT UUID) - message (FATAL_ERROR "The uuid library is required.") -endif (NOT UUID) - ## Version file (READ VERSION _OPENVASAD_VERSION) Modified: trunk/openvas-administrator/ChangeLog =================================================================== --- trunk/openvas-administrator/ChangeLog 2009-12-09 09:16:14 UTC (rev 6109) +++ trunk/openvas-administrator/ChangeLog 2009-12-09 09:18:17 UTC (rev 6110) @@ -1,3 +1,7 @@ +2009-12-09 Michael Wiegand + + * CMakeLists.txt: Removed superfluous test for uuid library. + 2009-12-08 Michael Wiegand Post release version bump. From scm-commit at wald.intevation.org Wed Dec 9 10:19:42 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 10:19:42 +0100 (CET) Subject: [Openvas-commits] r6111 - in trunk/openvas-plugins: . scripts Message-ID: <20091209091942.BD3B285D9F48@pyrosoma.intevation.org> Author: chandra Date: 2009-12-09 10:19:40 +0100 (Wed, 09 Dec 2009) New Revision: 6111 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/cpe.inc Log: Fixed an issue Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-09 09:18:17 UTC (rev 6110) +++ trunk/openvas-plugins/ChangeLog 2009-12-09 09:19:40 UTC (rev 6111) @@ -1,5 +1,9 @@ 2009-12-09 Chandrashekhar B + * scripts/cpe.inc: removed double slash in an entry. + +2009-12-09 Chandrashekhar B + * scripts/gb_ruby_rails_xss_vuln_lin.nasl, scripts/gb_flashlight_detect.nasl, scripts/gb_moziloCMS_mult_xss_vuln.nasl, Modified: trunk/openvas-plugins/scripts/cpe.inc =================================================================== --- trunk/openvas-plugins/scripts/cpe.inc 2009-12-09 09:18:17 UTC (rev 6110) +++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-09 09:19:40 UTC (rev 6111) @@ -677,7 +677,7 @@ "www/*/flatpress", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:flatpress:flatpress:", "www/*/PHPGenealogie", "^([0-9.]+)", "cpe:/a:phpgenealogy:phpgenealogy:", "www/*/OPT", "^([0-9.]+)", "cpe:/a:lanifex:outreach_project_tool:", -"www/*//Flashlight/Free", "^([0-9.]+)", "cpe:/a:ringsworld:flashlight_free_edition:", +"www/*/Flashlight/Free", "^([0-9.]+)", "cpe:/a:ringsworld:flashlight_free_edition:", "BackupPC/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:craig_barratt:backuppc:", "www/*/MRBS", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:john_beranek:meeting_room_booking_system:", "IBM/InstallMang/Win/Ver", "^([0-9.]+)", "cpe:/a:ibm:installation_manager:", From scm-commit at wald.intevation.org Wed Dec 9 10:32:36 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 10:32:36 +0100 (CET) Subject: [Openvas-commits] r6112 - in trunk/openvas-scanner: . openvassd Message-ID: <20091209093236.3AD59861F2C4@pyrosoma.intevation.org> Author: felix Date: 2009-12-09 10:32:34 +0100 (Wed, 09 Dec 2009) New Revision: 6112 Modified: trunk/openvas-scanner/ChangeLog trunk/openvas-scanner/openvassd/ntp_11.c trunk/openvas-scanner/openvassd/utils.c Log: * openvassd/ntp_11.c: Cosmetics. * openvassd/utils.c (temp_file_name): Reformatted. Modified: trunk/openvas-scanner/ChangeLog =================================================================== --- trunk/openvas-scanner/ChangeLog 2009-12-09 09:19:40 UTC (rev 6111) +++ trunk/openvas-scanner/ChangeLog 2009-12-09 09:32:34 UTC (rev 6112) @@ -1,3 +1,9 @@ +2009-12-09 Felix Wolfsteller + + * openvassd/ntp_11.c: Cosmetics. + + * openvassd/utils.c (temp_file_name): Reformatted. + 2009-12-07 Michael Wiegand Post-release version bump. Modified: trunk/openvas-scanner/openvassd/ntp_11.c =================================================================== --- trunk/openvas-scanner/openvassd/ntp_11.c 2009-12-09 09:19:40 UTC (rev 6111) +++ trunk/openvas-scanner/openvassd/ntp_11.c 2009-12-09 09:32:34 UTC (rev 6112) @@ -96,15 +96,15 @@ { input = str + 5; str = strchr(input, ' '); - if(str != NULL ) - str[0] = '\0'; + if (str != NULL ) + str[0] = '\0'; - if(input[strlen(input) - 1] == '\n') - input[strlen(input) - 1] = '\0'; + if (input[strlen(input) - 1] == '\n') + input[strlen(input) - 1] = '\0'; switch(otp_1_0_get_client_request(input)) { case CREQ_ATTACHED_FILE: - ntp_11_recv_file(globals); + ntp_11_recv_file (globals); break; case CREQ_LONG_ATTACK: @@ -112,11 +112,11 @@ break; case CREQ_CERTIFICATES: - otp_1_0_server_send_certificates(globals); + otp_1_0_server_send_certificates (globals); break; case CREQ_OPENVAS_VERSION: - otp_1_0_server_openvas_version(globals); + otp_1_0_server_openvas_version (globals); break; case CREQ_PLUGIN_INFO: { @@ -172,7 +172,7 @@ log_write("user %s : stopping attack against %s\n", user, s); hosts_stop_host(globals, s); ntp_1x_timestamp_host_scan_interrupted(globals, s); - ntp_11_show_end(globals, s, 0); + ntp_11_show_end (globals, s, 0); break; } @@ -376,13 +376,13 @@ void ntp_11_show_end (struct arglist* globals, char * name, int internal) { - int soc = GPOINTER_TO_SIZE(arg_get_value( globals, "global_socket")); - char buf[1024]; - snprintf(buf, sizeof(buf), "SERVER <|> FINISHED <|> %s <|> SERVER\n", name); - if ( internal ) - internal_send(soc, buf, INTERNAL_COMM_MSG_TYPE_DATA); - else - auth_printf(globals, "%s", buf); + int soc = GPOINTER_TO_SIZE (arg_get_value (globals, "global_socket")); + char buf[1024]; + snprintf (buf, sizeof (buf), "SERVER <|> FINISHED <|> %s <|> SERVER\n", name); + if (internal) + internal_send (soc, buf, INTERNAL_COMM_MSG_TYPE_DATA); + else + auth_printf (globals, "%s", buf); } /** @@ -416,13 +416,13 @@ /** * @brief Reads in a hashtable from file that maps login-account names to host - * names. - * + * @brief names. + * * On client side the file is known as .host_logins (if defined, found in each * task directory). * The GHashTable will be available through the (global) arglist under the key * "MAP_HOST_SSHLOGIN_NAME". - * + * * @param globals Arglist to add the GHashTable to. * @param filepath Path to file with serialized GHashTable. */ @@ -488,10 +488,10 @@ int fd; #if 0 - fprintf(stderr, "ntp_11_recv_file\n"); + fprintf (stderr, "ntp_11_recv_file\n"); #endif - n = recv_line(soc, input, sizeof(input) - 1); + n = recv_line (soc, input, sizeof(input) - 1); if (n <= 0) return -1; @@ -523,7 +523,7 @@ /* We now know that we have to read bytes from the remote socket. */ - fd = open(localname, O_CREAT|O_WRONLY|O_TRUNC, 0600); + fd = open (localname, O_CREAT|O_WRONLY|O_TRUNC, 0600); if (fd < 0) { perror ("ntp_11_recv_file: open() "); @@ -532,7 +532,7 @@ #if 0 fprintf(stderr, "ntp_11_recv_file: localname=%s\n", localname); -#endif +#endif while (tot < bytes) { @@ -551,8 +551,8 @@ tot += n; } } - auth_printf (globals, "SERVER <|> FILE_ACCEPTED <|> SERVER\n"); - /* Add the fact that what the remote client calls is actually + auth_printf (globals, "SERVER <|> FILE_ACCEPTED <|> SERVER\n"); + /* Add the fact that what the remote client calls is actually * here. */ files_add_translation (globals, origname, localname); Modified: trunk/openvas-scanner/openvassd/utils.c =================================================================== --- trunk/openvas-scanner/openvassd/utils.c 2009-12-09 09:19:40 UTC (rev 6111) +++ trunk/openvas-scanner/openvassd/utils.c 2009-12-09 09:32:34 UTC (rev 6112) @@ -297,25 +297,26 @@ * Maybe this hashtable should instead carry the (uploaded) file itself. */ char* -temp_file_name() +temp_file_name () { - char* ret = emalloc(strlen(OPENVASSD_STATEDIR)+ strlen("tmp/") + strlen("tmp") + 40); - int fd = - 1; - do { - if(fd > 0){ - if(close(fd) < 0) - perror("close"); - } - sprintf(ret, "%s/tmp", OPENVASSD_STATEDIR); - mkdir(ret, 0700); - sprintf(ret, "%s/tmp/tmp.%d-%d", OPENVASSD_STATEDIR, getpid(), rand()%1024); - fd = open(ret, O_RDONLY); - } - while (fd >= 0); - if(close(fd) < 0) - perror("close"); + char* ret = emalloc (strlen (OPENVASSD_STATEDIR) + strlen ("tmp/") + + strlen ("tmp") + 40); + int fd = - 1; + do { + if (fd > 0 && close (fd) < 0) + perror("close"); - return ret; + sprintf (ret, "%s/tmp", OPENVASSD_STATEDIR); + mkdir (ret, 0700); + sprintf (ret, "%s/tmp/tmp.%d-%d", OPENVASSD_STATEDIR, getpid (), + rand () % 1024); + fd = open (ret, O_RDONLY); + } while (fd >= 0); + + if (close (fd) < 0) + perror ("close"); + + return ret; } From scm-commit at wald.intevation.org Wed Dec 9 11:03:59 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 11:03:59 +0100 (CET) Subject: [Openvas-commits] r6113 - in trunk/openvas-libraries: . misc Message-ID: <20091209100359.31A51861F2C4@pyrosoma.intevation.org> Author: felix Date: 2009-12-09 11:03:57 +0100 (Wed, 09 Dec 2009) New Revision: 6113 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/misc/openvas_ssh_login.c Log: * misc/openvas_ssh_login.c: Cosmetics (maily spaces). Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-12-09 09:32:34 UTC (rev 6112) +++ trunk/openvas-libraries/ChangeLog 2009-12-09 10:03:57 UTC (rev 6113) @@ -1,3 +1,7 @@ +2009-12-09 Felix Wolfsteller + + * misc/openvas_ssh_login.c: Cosmetics (maily spaces). + 2009-12-09 Chandrashekhar B * misc/plugutils.c (mark_post): resolved compiler wanring Modified: trunk/openvas-libraries/misc/openvas_ssh_login.c =================================================================== --- trunk/openvas-libraries/misc/openvas_ssh_login.c 2009-12-09 09:32:34 UTC (rev 6112) +++ trunk/openvas-libraries/misc/openvas_ssh_login.c 2009-12-09 10:03:57 UTC (rev 6113) @@ -47,12 +47,12 @@ * if OpenVAS and GTK are compiled with a different libc. * TODO: The windows issue needs verification and proper documentation. Maybe a * proper build could prohibit any problems. - * * + * * FIXME: handle symbolic links * FIXME: this one is a code duplicate of check_exists in * openvas-client/context.c, but needed in openvas-libraries as well. - * + * * @return 1 if file exists, 0 otherwise. */ int @@ -60,7 +60,7 @@ { struct stat sb; - if(stat(name, &sb)) + if (stat (name, &sb)) return 0; else return 1; @@ -68,13 +68,13 @@ /** * @brief Initializes a openvas_ssh_login. - * + * * Key and Info files have to be created separately. * However, it is tested if the keyfiles do exist and the 'valid' flag is set * accordingly. * Note that the parameter are not copied, so ensure they live as long as this * login. - * + * * @return A fresh openvas_ssh_login. */ openvas_ssh_login* @@ -89,17 +89,17 @@ loginfo->private_key_path = privkey_file; loginfo->ssh_key_passphrase = passphrase; loginfo->comment = comment; - + loginfo->valid = (file_check_exists(pubkey_file) == 1 && file_check_exists(privkey_file) == 1); - + return loginfo; } /** * @brief Frees data associated with a openvas_ssh_login. - * + * * @param loginfo openvas_ssh_login to free. */ void @@ -127,12 +127,12 @@ /** * @brief Creates a string to be sent to the server as value for a SSH_LOGIN * plugin preference. - * + * * It follows the pattern: * username|userpass|pubkeyfilepath|privkeyfilepath|passphrase . - * + * * @param loginfo openvas_ssh_login that will be used to assemble the string. - * + * * @return Freshly created string or NULL if loginfo == NULL. */ char* @@ -174,12 +174,12 @@ /** * @brief Writes information of all ssh logins found in a hashtable into a file. - * + * * To load the information again, openvas_ssh_login_file_read can be used. - * + * * @param ssh_logins Hashtable with pointers to openvas_ssh_login s as values. * @param filename Path to file to wtite to. - * + * * @return TRUE if file was written (success), FALSE if an error occured. */ gboolean @@ -190,7 +190,7 @@ gsize data_length; GError* err = NULL; int fd; - + g_key_file_set_comment(key_file, NULL, NULL, "This file was generated by OpenVAS and shall not be edited manually.", &err); @@ -207,7 +207,7 @@ { g_hash_table_foreach(ssh_logins, (GHFunc) add_sshlogin_to_file, key_file); } // (else file content is comment only) - + // Write GKeyFile to filesystem. fd = open(filename, O_RDWR|O_CREAT|O_TRUNC, 0600); if(!fd) @@ -238,18 +238,18 @@ /** * @brief Reads a ssh_login file and returns info in a GHashTable. - * + * * The GHashTable contains the names as keys and pointers to openvas_ssh_logins * as values. * If check_keyfiles TRUE, openvas_ssh_logins are checked before being * added to the hashtable: * if the public and private key files do not exist, the openvas_ssh_login would * not be added. - * + * * @param filename File to read from. * @param check_keyfiles If TRUE, checks if referenced keyfiles do exist, before * adding the openvas_ssh_login to the HashTable. - * + * * @return GHashTable, keys are names of openvas_ssh_logins, who are values. */ GHashTable* @@ -262,7 +262,7 @@ GHashTable* loginfos = g_hash_table_new_full(g_str_hash, g_str_equal, NULL, (GDestroyNotify) openvas_ssh_login_free); - g_key_file_load_from_file(key_file, filename, G_KEY_FILE_NONE, &err); + g_key_file_load_from_file (key_file, filename, G_KEY_FILE_NONE, &err); if(err != NULL) { @@ -326,8 +326,10 @@ passphrase = g_key_file_get_string (key_file, names[i], KEY_SSHLOGIN_PASSPHRASE, &err); - openvas_ssh_login* loginfo = openvas_ssh_login_new (name, pubkey, privkey, - passphrase, comment, username, userpass); + openvas_ssh_login* loginfo = openvas_ssh_login_new (name, + pubkey, privkey, + passphrase, comment, + username, userpass); // Discard if error or files do not exist (depending on check_keyfiles param) if (err != NULL) From scm-commit at wald.intevation.org Wed Dec 9 12:14:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 12:14:55 +0100 (CET) Subject: [Openvas-commits] r6114 - in trunk/openvas-plugins: . scripts Message-ID: <20091209111455.A799B861F2C2@pyrosoma.intevation.org> Author: mime Date: 2009-12-09 12:14:51 +0100 (Wed, 09 Dec 2009) New Revision: 6114 Added: trunk/openvas-plugins/scripts/moodle_37244.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt trunk/openvas-plugins/scripts/phpshop_37227.nasl Log: Added new plugin Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-09 10:03:57 UTC (rev 6113) +++ trunk/openvas-plugins/ChangeLog 2009-12-09 11:14:51 UTC (rev 6114) @@ -1,3 +1,11 @@ +2009-12-09 Michael Meyer + + * scripts/moodle_37244.nasl: + Added new plugin. + + * scripts/phpshop_37227.nasl: + Bugfix. + 2009-12-09 Chandrashekhar B * scripts/cpe.inc: removed double slash in an entry. Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-09 10:03:57 UTC (rev 6113) +++ trunk/openvas-plugins/cve_current.txt 2009-12-09 11:14:51 UTC (rev 6114) @@ -360,4 +360,5 @@ CVE-2009-4209 SecPod svn R CVE-2009-4204 SecPod svn R CVE-2009-4205 SecPod svn R +37244 Greenbone svn R Added: trunk/openvas-plugins/scripts/moodle_37244.nasl =================================================================== --- trunk/openvas-plugins/scripts/moodle_37244.nasl 2009-12-09 10:03:57 UTC (rev 6113) +++ trunk/openvas-plugins/scripts/moodle_37244.nasl 2009-12-09 11:14:51 UTC (rev 6114) @@ -0,0 +1,96 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Moodle Multiple Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100384); + script_bugtraq_id(37244); + script_version ("1.0-$Revision$"); + + script_name("Moodle Multiple Vulnerabilities"); + +desc = "Overview: +Moodle is prone to multiple vulnerabilities including cross-site +request-forgery, security bypass, information-disclosure and SQL- +injection issues. + +Attackers can exploit these issues to bypass certain security +restrictions, gain access to sensitive information, perform +unauthorized actions, compromise the application, access or modify +data, or exploit latent vulnerabilities in the underlying database. + +These issues affect Moodle versions prior to 1.8.11 and 1.9.7. + +Solution: +Updates are available. Please see the references for more information. + +References: +http://www.securityfocus.com/bid/37244 +http://www.moodle.org +http://moodle.org/security/ + +Risk factor : Medium"; + + script_description(desc); + script_summary("Determine if the Moodle version is < 1.8.11 or < 1.9.7"); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("gb_moodle_cms_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if (!can_host_php(port:port)) exit(0); + +if(!version = get_kb_item(string("www/", port, "/moodle")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + if(vers =~ "1\.8") { + if(version_is_less(version: vers, test_version: "1.8.11")) { + security_warning(port:port); + exit(0); + } + } else if(vers =~ "1\.9") { + if(version_is_less(version: vers, test_version: "1.9.7")) { + security_warning(port:port); + exit(0); + } + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/moodle_37244.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Modified: trunk/openvas-plugins/scripts/phpshop_37227.nasl =================================================================== --- trunk/openvas-plugins/scripts/phpshop_37227.nasl 2009-12-09 10:03:57 UTC (rev 6113) +++ trunk/openvas-plugins/scripts/phpshop_37227.nasl 2009-12-09 11:14:51 UTC (rev 6114) @@ -70,7 +70,7 @@ if(!get_port_state(port))exit(0); if (!can_host_php(port:port)) exit(0); -if(!version = get_kb_item(string("www/", port, "/SET_ME")))exit(0); +if(!version = get_kb_item(string("www/", port, "/phpshop")))exit(0); if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); dir = matches[2]; From scm-commit at wald.intevation.org Wed Dec 9 13:01:53 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 13:01:53 +0100 (CET) Subject: [Openvas-commits] r6115 - in trunk/gsa: . src/html Message-ID: <20091209120153.B0AA8861F2C4@pyrosoma.intevation.org> Author: felix Date: 2009-12-09 13:01:52 +0100 (Wed, 09 Dec 2009) New Revision: 6115 Modified: trunk/gsa/ChangeLog trunk/gsa/src/html/header.m4 Log: * src/html/header.m4: Adjusted menu to dynamic pages. (use plural "Scan Configs"). Modified: trunk/gsa/ChangeLog =================================================================== --- trunk/gsa/ChangeLog 2009-12-09 11:14:51 UTC (rev 6114) +++ trunk/gsa/ChangeLog 2009-12-09 12:01:52 UTC (rev 6115) @@ -1,3 +1,8 @@ +2009-12-09 Felix Wolfsteller + + * src/html/header.m4: Adjusted menu to dynamic pages. (use plural + "Scan Configs"). + 2009-12-08 Michael Wiegand Post release version bump. Modified: trunk/gsa/src/html/header.m4 =================================================================== --- trunk/gsa/src/html/header.m4 2009-12-09 11:14:51 UTC (rev 6114) +++ trunk/gsa/src/html/header.m4 2009-12-09 12:01:52 UTC (rev 6115) @@ -43,7 +43,7 @@
    • Configuration From scm-commit at wald.intevation.org Wed Dec 9 13:16:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 13:16:54 +0100 (CET) Subject: [Openvas-commits] r6116 - in trunk/openvas-plugins: . scripts Message-ID: <20091209121654.4B4C5861F2DB@pyrosoma.intevation.org> Author: mime Date: 2009-12-09 13:16:50 +0100 (Wed, 09 Dec 2009) New Revision: 6116 Added: trunk/openvas-plugins/scripts/rt_37162.nasl trunk/openvas-plugins/scripts/rt_detect.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/cve_current.txt Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-09 12:01:52 UTC (rev 6115) +++ trunk/openvas-plugins/ChangeLog 2009-12-09 12:16:50 UTC (rev 6116) @@ -1,3 +1,9 @@ +009-12-09 Michael Meyer + + * scripts/rt_37162.nasl, + scripts/rt_detect.nasl: + Added new plugins. + 2009-12-09 Michael Meyer * scripts/moodle_37244.nasl: Modified: trunk/openvas-plugins/cve_current.txt =================================================================== --- trunk/openvas-plugins/cve_current.txt 2009-12-09 12:01:52 UTC (rev 6115) +++ trunk/openvas-plugins/cve_current.txt 2009-12-09 12:16:50 UTC (rev 6116) @@ -361,4 +361,5 @@ CVE-2009-4204 SecPod svn R CVE-2009-4205 SecPod svn R 37244 Greenbone svn R +CVE-2009-3585 Greenbone svn R Added: trunk/openvas-plugins/scripts/rt_37162.nasl =================================================================== --- trunk/openvas-plugins/scripts/rt_37162.nasl 2009-12-09 12:01:52 UTC (rev 6115) +++ trunk/openvas-plugins/scripts/rt_37162.nasl 2009-12-09 12:16:50 UTC (rev 6116) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# RT Session Fixation Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100386); + script_bugtraq_id(37162); + script_cve_id("CVE-2009-3585"); + script_version ("1.0-$Revision$"); + + script_name("RT Session Fixation Vulnerability"); + +desc = "Overview: +RT is prone to a session-fixation vulnerability. + +Attackers can exploit this issue to hijack a user's session and gain +unauthorized access to the affected application. + +The issue affects RT 3.0.0 through 3.8.5. + +Solution: +Updates are available. Please see the references for more information. + +References: +http://www.securityfocus.com/bid/37162 +http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000177.html +http://lists.bestpractical.com/pipermail/rt-announce/2009-November/000176.html +http://www.bestpractical.com/rt/ + +Risk factor : Low"; + + script_description(desc); + script_summary("Determine if RT is prone to a session-fixation vulnerability."); + script_category(ACT_GATHER_INFO); + script_family("Web application abuses"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("rt_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); + +if(!version = get_kb_item(string("www/", port, "/rt_tracker")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_in_range(version: vers, test_version: "3", test_version2: "3.8.5")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/rt_37162.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision Added: trunk/openvas-plugins/scripts/rt_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/rt_detect.nasl 2009-12-09 12:01:52 UTC (rev 6115) +++ trunk/openvas-plugins/scripts/rt_detect.nasl 2009-12-09 12:16:50 UTC (rev 6116) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# RT: Request Tracker Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Greenbone Networks GmbH +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc = "Overview: +This host is running RT: Request Tracker, an open-source +issue-tracking system. + +See also: +http://www.bestpractical.com/ + +Risk factor : None"; + +if (description) +{ + script_id(100385); + script_version ("1.0-$Revision$"); + + script_name("RT: Request Tracker Detection"); + script_description(desc); + script_summary("Checks for the presence of RT: Request Tracker"); + script_category(ACT_GATHER_INFO); + script_family("Service detection"); + script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH"); + script_dependencies("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); + +dirs = make_list("/rt","/tracker",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/index.html"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "»|« RT.*Best Practical Solutions, LLC", string: buf, icase: TRUE)) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + ### try to get version + version = eregmatch(string: buf, pattern: "»|« RT ([0-9.]+)",icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + + set_kb_item(name: string("www/", port, "/rt_tracker"), value: string(vers," under ",install)); + + info = string("None\n\nRT: Request Tracker Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); + Property changes on: trunk/openvas-plugins/scripts/rt_detect.nasl ___________________________________________________________________ Name: svn:keywords + Id Revision From scm-commit at wald.intevation.org Wed Dec 9 14:31:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 14:31:54 +0100 (CET) Subject: [Openvas-commits] r6117 - in trunk/openvas-plugins: . scripts Message-ID: <20091209133154.BB8AF865F467@pyrosoma.intevation.org> Author: chandra Date: 2009-12-09 14:31:51 +0100 (Wed, 09 Dec 2009) New Revision: 6117 Added: trunk/openvas-plugins/scripts/secpod_ms09-071.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl Log: Added MS Bulletin - Dec09 plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-09 12:16:50 UTC (rev 6116) +++ trunk/openvas-plugins/ChangeLog 2009-12-09 13:31:51 UTC (rev 6117) @@ -1,3 +1,9 @@ +2009-12-09 Chandrashekhar B + + * scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl, + scripts/secpod_ms09-071.nasl: + Added MS Bulletin plugins - Dec09. + 009-12-09 Michael Meyer * scripts/rt_37162.nasl, Modified: trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl 2009-12-09 12:16:50 UTC (rev 6116) +++ trunk/openvas-plugins/scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl 2009-12-09 13:31:51 UTC (rev 6117) @@ -7,6 +7,10 @@ # Authors: # Sujit Ghosal # +# Updated By +# Antu Sanadi on 2009-12-09 +# Included the Microsoft Bulletin MS09-072 #6097 +# # Copyright: # Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net # @@ -28,56 +32,140 @@ { script_id(800727); script_version("$Revision: 1.0 $"); - script_cve_id("CVE-2009-3672"); + script_cve_id("CVE-2009-2493", "CVE-2009-3671", "CVE-2009-3672", + "CVE-2009-3673", "CVE-2009-3674"); script_bugtraq_id(37085); script_name("MS Internet Explorer 'Style' Object Remote Code Execution Vulnerability"); desc = " - Overview: This host has Microsoft Internet Explorer installed and is prone to - Remote Code Execution Vulnerability. + Overview: This host has critical security update missing according to + Microsoft Bulletin MS09-072. Vulnerability Insight: - This flaw is caused due to CSS information inside HTML rendering engine, - inside mshtml.dll library file. Malicious use of 'outerHTML' property - causes the remote browser to spray the heap memory allocated area. + Multiple flaws are due to: + - The 'tdc.ocx' ActiveX control being built with vulnerable Active Template + Library (ATL) headers, which could allow the instantiation of arbitrary objects + that can bypass certain security related policies. + - Memory corruption error occurs when the browser attempts to access an object + that has not been initialized or has been deleted, which could be exploited + to execute arbitrary code via a specially crafted web page. + - Memory corruption occurs when processing 'CSS' objects. + - Race condition occurs while repetitively clicking between two elements at + a fast rate, which could be exploited to execute arbitrary code via a + specially crafted web page. + - A dangling pointer during deallocation of a circular dereference for a + CAttrArray object, which could be exploited to execute arbitrary code via + a specially crafted web page. Impact: - Successful attack could allow malicious people to execute arbitrary code in the - context of the user running the application or compromise the application and - possibly the system. failed attacks may cause denial-of-service condition. + Successful exploitation will let the attacker execute arbitrary code via + specially crafted HTML page in the context of the affected system and cause + memory corruption thus causing remote machine compromise. - Impact Level: System/Application + Impact Level: System Affected Software/OS: - Microsoft Internet Explorer 6.x and 7.x + Microsoft Internet Explorer version 5.x/6.x/7.x/8.x Fix: - No solution or patch is available as on 04th December, 2009. Information - regarding this issue will be updated once the solution details are available. - For updates refer, http://www.microsoft.com/technet/security/advisory/977981.mspx + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx References: - http://www.securityfocus.com/archive/1/archive/1/507984/100/0/threaded - http://www.symantec.com/connect/blogs/zero-day-internet-explorer-exploit-published + http://www.vupen.com/english/advisories/2009/3437 + http://www.microsoft.com/technet/security/Bulletin/MS09-072.mspx - CVSS Score: - CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) - CVSS Temporal Score : 8.4 - Risk factor: Critical"; + Risk factor : Critical"; script_description(desc); - script_summary("Check for the version of Microsoft Internet Explorer"); + script_summary("Check for the vulnerable mshtml.dll file version"); script_category(ACT_GATHER_INFO); script_copyright("Copyright (C) 2009 Greenbone Networks GmbH"); - script_family("General"); + script_family("Windows : Microsoft Bulletins"); script_dependencies("gb_ms_ie_detect.nasl"); script_require_keys("MS/IE/Version"); + script_require_ports(139, 445); exit(0); } +include("smb_nt.inc"); +include("secpod_reg.inc"); include("version_func.inc"); +include("secpod_smb_func.inc"); +if(hotfix_check_sp(xp:4, win2k:5, win2003:3) <= 0){ + exit(0); +} + ieVer = get_kb_item("MS/IE/Version"); -if(ieVer =~ "^(6|7)\..*"){ +if(!ieVer){ + exit(0); +} + +# Check for MS09-072 Hotfix (976325) +if(hotfix_missing(name:"976325") == 0){ + exit(0); +} + +dllPath = registry_get_sz(item:"Install Path", + key:"SOFTWARE\Microsoft\COM3\Setup"); +dllPath += "\mshtml.dll"; +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath); + +vers = GetVer(file:file, share:share); +if(!vers){ + exit(0); +} + +if(hotfix_check_sp(win2k:5) > 0) +{ + if(version_in_range(version:vers, test_version:"5.0", test_version2:"5.0.3882.2699") || + version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1641")){ + security_hole(0); + } +} +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1641") || + version_in_range(version:vers, test_version:"6.0.2900.0000", test_version2:"6.0.2900.3639")|| + version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.21128")|| + version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18853")){ + security_hole(0); + } + exit(0); + } + else if("Service Pack 3" >< SP) + { + if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.2800.1641")|| + version_in_range(version:vers, test_version:"6.0.2900.0000", test_version2:"6.0.2900.5896")|| + version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16944") || + version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.00.6000.21128") || + version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18853")|| + version_in_range(version:vers, test_version:"8.0.6001.00000", test_version2:"8.00.6001.22927")){ + security_hole(0); + } + exit(0); + } security_hole(0); } +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + if(version_in_range(version:vers, test_version:"6.0", test_version2:"6.0.3790.4610") || + version_in_range(version:vers, test_version:"7.0", test_version2:"7.0.6000.16944") || + version_in_range(version:vers, test_version:"7.0.6000.20000", test_version2:"7.00.6000.21128")|| + version_in_range(version:vers, test_version:"8.0", test_version2:"8.0.6001.18853")|| + version_in_range(version:vers, test_version:"8.00.6001.00000", test_version2:"8.00.6001.22927")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Added: trunk/openvas-plugins/scripts/secpod_ms09-071.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-071.nasl 2009-12-09 12:16:50 UTC (rev 6116) +++ trunk/openvas-plugins/scripts/secpod_ms09-071.nasl 2009-12-09 13:31:51 UTC (rev 6117) @@ -0,0 +1,150 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms09-071.nasl 6096 2009-12-08 04:48:09Z dec $ +# +# Microsoft Windows IAS Remote Code Execution Vulnerability (974318) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(901065); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-2505","CVE-2009-3677"); + script_name("Microsoft Windows IAS Remote Code Execution Vulnerability (974318)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS09-071. + + Vulnerability Insight: + This issue is caused by an error when messages received by the Internet + Authentication Service server are being copied incorrectly into memory + while handling PEAP authentication attempts. + + Impact: + Successful exploitation will let the remote attackers take complete control + of an affected system. Servers using Internet Authentication Service are only + affected when using PEAP with MS-CHAP v2 authentication. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2k Service Pack 4 and prior. + Microsoft Windows Xp Service Pack 3 and prior. + Microsoft Windows 2k3 Service Pack 2 and prior. + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms09-071.mspx + + References: + http://support.microsoft.com/kb/974318 + http://www.microsoft.com/technet/security/bulletin/MS09-071.mspx + + Risk factor: Critical"; + + script_description(desc); + script_summary("Check for the version of Rastls.dll file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(xp:4, win2003:3, win2k:5) <= 0){ + exit(0); +} +# MS09-071 Hotfix check +if(hotfix_missing(name:"974318") == 0){ + exit(0); +} + +dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!dllPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:dllPath + "\Rastls.dll"); + +dllVer = GetVer(file:file, share:share); +if(!dllVer){ + exit(0); +} + +# Windows 2k +if(hotfix_check_sp(win2k:5) > 0) +{ + # Check for Rastls.dll version < 5.0.2195.7344 + if(version_is_less(version:dllVer, test_version:"5.0.2195.7344")){ + security_hole(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Check for Rastls.dll < 5.1.2600.3632 + if(version_is_less(version:dllVer, test_version:"5.1.2600.3632")){ + security_hole(0); + } + exit(0); + } + + else if("Service Pack 3" >< SP) + { + # Check for Rastls.dll < 5.1.2600.5886 + if(version_is_less(version:dllVer, test_version:"5.1.2600.5886")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +# Windows 2k3 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Check for Rastls.dll version < 5.2.3790.4600 + if(version_is_less(version:dllVer, test_version:"5.2.3790.4600")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-071.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Wed Dec 9 16:08:27 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 16:08:27 +0100 (CET) Subject: [Openvas-commits] r6118 - in trunk/openvas-plugins: . scripts Message-ID: <20091209150827.1C5E585D9F55@pyrosoma.intevation.org> Author: chandra Date: 2009-12-09 16:08:24 +0100 (Wed, 09 Dec 2009) New Revision: 6118 Added: trunk/openvas-plugins/scripts/secpod_ms09-069.nasl trunk/openvas-plugins/scripts/secpod_ms09-070.nasl trunk/openvas-plugins/scripts/secpod_ms09-073.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added MS Bulletin plugins - Dec09 Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-09 13:31:51 UTC (rev 6117) +++ trunk/openvas-plugins/ChangeLog 2009-12-09 15:08:24 UTC (rev 6118) @@ -1,5 +1,12 @@ 2009-12-09 Chandrashekhar B + * scripts/secpod_ms09-069.nasl, + scripts/secpod_ms09-073.nasl, + scripts/secpod_ms09-070.nasl: + Added MS Bulletin plugins - Dec09. + +2009-12-09 Chandrashekhar B + * scripts/gb_ms_ie_style_object_remote_code_exec_vuln.nasl, scripts/secpod_ms09-071.nasl: Added MS Bulletin plugins - Dec09. Added: trunk/openvas-plugins/scripts/secpod_ms09-069.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-069.nasl 2009-12-09 13:31:51 UTC (rev 6117) +++ trunk/openvas-plugins/scripts/secpod_ms09-069.nasl 2009-12-09 15:08:24 UTC (rev 6118) @@ -0,0 +1,153 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms09-069.nasl 6094 2009-12-09 03:48:09Z dec $ +# +# Microsoft Windows LSASS Denial of Service Vulnerability (974392) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(901063); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-3675"); + script_name("Microsoft Windows LSASS Denial of Service Vulnerability (975467)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS09-069. + + Vulnerability Insight: + This issue is caused by an error when communicating through Internet Protocol + security (IPsec), sending a specially crafted ISAKMP message to the Local + Security Authority Subsystem Service (LSASS) on an affected system. + + Impact: + Successful exploitation will let the remote attackers to cause a Denial of + Service on the victim's system. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2K Service Pack 4 and prior. + Microsoft Windows XP Service Pack 3 and prior. + Microsoft Windows 2K3 Service Pack 2 and prior. + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms09-069.mspx + + References: + http://secunia.com/advisories/37524/ + http://support.microsoft.com/kb/974392 + http://www.vupen.com/english/advisories/2009/3433 + http://www.microsoft.com/technet/security/bulletin/MS09-069.mspx + + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Oakley.dll file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2k:5, xp:4, win2003:3) <= 0){ + exit(0); +} + + +# MS09-069 Hotfix check +if(hotfix_missing(name:"974392") == 0){ + exit(0); +} + +dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!dllPath){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", + string:dllPath + "\Oakley.dll"); + +dllVer = GetVer(file:file, share:share); +if(!dllVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Oakley.dll version < 5.0.2195.7343 + if(version_is_less(version:dllVer, test_version:"5.0.2195.7343")){ + security_warning(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Oakley.dll < 5.1.2600.3632 + if(version_is_less(version:dllVer, test_version:"5.1.2600.3632")){ + security_warning(0); + } + exit(0); + } + + else if("Service Pack 3" >< SP) + { + # Grep for Oakley.dll < 5.1.2600.5886 + if(version_is_less(version:dllVer, test_version:"5.1.2600.5886")){ + security_warning(0); + } + exit(0); + } + security_warning(0); +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Oakley.dll version < 5.2.3790.4600 + if(version_is_less(version:dllVer, test_version:"5.2.3790.4600")){ + security_warning(0); + } + exit(0); + } + security_warning(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-069.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_ms09-070.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-070.nasl 2009-12-09 13:31:51 UTC (rev 6117) +++ trunk/openvas-plugins/scripts/secpod_ms09-070.nasl 2009-12-09 15:08:24 UTC (rev 6118) @@ -0,0 +1,118 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms09-070.nasl 6095 2009-12-09 03:48:09Z dec $ +# +# Microsoft Windows ADFS Remote Code Execution Vulnerability (971726) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(901064); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-2508", "CVE-2009-2509"); + script_name("Microsoft Windows ADFS Remote Code Execution Vulnerability (971726)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS09-070. + + Vulnerability Insight: + The vulnerability is due to incorrect validation of request headers when an + authenticated user connects to an ADFS enabled Web Server. An attacker who + successfully exploited this vulnerability could take complete control of an + affected system + + Impact: + Successful exploitation will let the remote attackers to take complete control + of the victim's system. + + Impact Level: System + + Affected Software/OS: + Microsoft Windows 2K3 Service Pack 2 and prior. + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms09-070.mspx + + References: + http://secunia.com/advisories/37542/ + http://support.microsoft.com/kb/971726 + http://www.vupen.com/english/advisories/2009/3434 + http://www.microsoft.com/technet/security/bulletin/MS09-070.mspx + + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Adfsreg.exe file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(win2003:3) <= 0){ + exit(0); +} + +# MS09-070 Hotfix check +if(hotfix_missing(name:"971726") == 0){ + exit(0); +} + +dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!dllPath){ + exit(0); +} + +dllPath = dllPath - "\system32" + "\adfs\Adfsreg.exe"; +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath); + +dllVer = GetVer(file:file, share:share); +if(!dllVer){ + exit(0); +} + +# Windows 2003 +if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Adfsreg.exe version < 5.2.3790.4578 + if(version_is_less(version:dllVer, test_version:"5.2.3790.4578")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-070.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_ms09-073.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms09-073.nasl 2009-12-09 13:31:51 UTC (rev 6117) +++ trunk/openvas-plugins/scripts/secpod_ms09-073.nasl 2009-12-09 15:08:24 UTC (rev 6118) @@ -0,0 +1,152 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms09-073.nasl 6098 2009-12-08 03:48:09Z dec $ +# +# WordPad and Office Text Converters Remote Code Execution Vulnerability (975539) +# +# Authors: +# Antu Sanadi +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(901068); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-2506 "); + script_name("WordPad and Office Text Converters Remote Code Execution Vulnerability (975539)"); + desc = " + Overview: This host has critical security update missing according to + Microsoft Bulletin MS09-073. + + Vulnerability Insight: + The issue is caused by a memory corruption error in the way that the text + converter for Word 97 (included as part of WordPad and as part of the Office + text converters) parses a specially crafted Word 97 document. + + Impact: + Successful exploitation will let the remote attackers to crash an affected + application or execute arbitrary code by tricking a user into opening a + specially crafted document. + + Impact Level: System/Apllication + + Affected Software/OS: + Microsoft Works 8.5 + Microsoft Office Converter Pack + Microsoft Office XP Service Pack 3 + Microsoft Office 2003 Service Pack 3 + Microsoft Office Word 2002 Service Pack 3 + Microsoft Office Word 2003 Service Pack 3 + Microsoft Windows XP Service Pack 3 and prior + Microsoft Windows 2K3 Service Pack 2 and prior + Microsoft Windows 2000 Service Pack 4 and prior + + Fix: + Run Windows Update and update the listed hotfixes or download and + update mentioned hotfixes in the advisory from the below link, + http://www.microsoft.com/technet/security/bulletin/ms09-073.mspx + + References: + http://support.microsoft.com/kb/973904 + http://support.microsoft.com/kb/975008 + http://support.microsoft.com/kb/974882 + http://support.microsoft.com/kb/977304 + http://www.vupen.com/english/advisories/2009/3438 + http://www.microsoft.com/technet/security/bulletin/MS09-073.mspx + + Risk factor: Medium"; + + script_description(desc); + script_summary("Check for the version of Msconv97.dll file"); + script_category(ACT_GATHER_INFO); + script_copyright("Copyright (C) 2009 SecPod"); + script_family("Windows : Microsoft Bulletins"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_ports(139, 445); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(hotfix_check_sp(xp:4, win2003:3, win2k:5) <= 0){ + exit(0); +} + +# MS09-073 Hotfix check +if(hotfix_missing(name:"973904") == 0){ + exit(0); +} + +dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\Windows" + + "\CurrentVersion", item:"ProgramFilesDir"); +if(!dllPath){ + exit(0); +} + +dllPath = dllPath + "\Common Files\Microsoft Shared\TextConv\Mswrd832.cnv"; +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:dllPath); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:dllPath); + +dllVer = GetVer(file:file, share:share); +if(!dllVer){ + exit(0); +} + +# Windows 2K +if(hotfix_check_sp(win2k:5) > 0) +{ + # Grep for Mswrd832.cnv version < 2003.1100.8313.0 + if(version_is_less(version:dllVer, test_version:"2003.1100.8313.0")){ + security_hole(0); + } +} + +# Windows XP +else if(hotfix_check_sp(xp:4) > 0) +{ + SP = get_kb_item("SMB/WinXP/ServicePack"); + if("Service Pack 3" >< SP) + { + # Grep for Mswrd832.cnv < 2003.1100.8313.0 + if(version_is_less(version:dllVer, test_version:"2003.1100.8313.0")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} + +# Windows 2003 +else if(hotfix_check_sp(win2003:3) > 0) +{ + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 2" >< SP) + { + # Grep for Mswrd832.cnv version < 2003.1100.8313.0 + if(version_is_less(version:dllVer, test_version:"2003.1100.8313.0")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms09-073.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Wed Dec 9 17:28:07 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 9 Dec 2009 17:28:07 +0100 (CET) Subject: [Openvas-commits] r6119 - in trunk/openvas-plugins: . scripts Message-ID: <20091209162807.501A285C721C@pyrosoma.intevation.org> Author: mime Date: 2009-12-09 17:28:02 +0100 (Wed, 09 Dec 2009) New Revision: 6119 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl Log: Added port to security_hole() Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-09 15:08:24 UTC (rev 6118) +++ trunk/openvas-plugins/ChangeLog 2009-12-09 16:28:02 UTC (rev 6119) @@ -1,3 +1,8 @@ +009-12-09 Michael Meyer + + * scripts/gb_php_mult_vuln_dec09.nasl: + Added port to security_hole(). + 2009-12-09 Chandrashekhar B * scripts/secpod_ms09-069.nasl, Modified: trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl 2009-12-09 15:08:24 UTC (rev 6118) +++ trunk/openvas-plugins/scripts/gb_php_mult_vuln_dec09.nasl 2009-12-09 16:28:02 UTC (rev 6119) @@ -95,13 +95,13 @@ } if(version_is_less(version:phpVer, test_version:"5.2.11")){ - security_hole(0); + security_hole(port: phpPort); exit(0); } else if(phpVer =~ "^5\.3") { if(version_is_less(version:phpVer, test_version:"5.3.1")){ - security_hole(0); + security_hole(port: phpPort); } } From scm-commit at wald.intevation.org Thu Dec 10 00:23:59 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 10 Dec 2009 00:23:59 +0100 (CET) Subject: [Openvas-commits] r6120 - in trunk/openvas-plugins: . scripts Message-ID: <20091209232359.BE897861F2F2@pyrosoma.intevation.org> Author: reinke Date: 2009-12-10 00:23:54 +0100 (Thu, 10 Dec 2009) New Revision: 6120 Added: trunk/openvas-plugins/scripts/RHSA_2009_1625.nasl trunk/openvas-plugins/scripts/RHSA_2009_1635.nasl trunk/openvas-plugins/scripts/RHSA_2009_1642.nasl trunk/openvas-plugins/scripts/deb_1942_1.nasl trunk/openvas-plugins/scripts/deb_1943_1.nasl trunk/openvas-plugins/scripts/deb_1944_1.nasl trunk/openvas-plugins/scripts/deb_1945_1.nasl trunk/openvas-plugins/scripts/deb_1946_1.nasl trunk/openvas-plugins/scripts/fcore_2009_10891.nasl trunk/openvas-plugins/scripts/fcore_2009_11062.nasl trunk/openvas-plugins/scripts/fcore_2009_11314.nasl trunk/openvas-plugins/scripts/fcore_2009_11499.nasl trunk/openvas-plugins/scripts/fcore_2009_11618.nasl trunk/openvas-plugins/scripts/fcore_2009_11739.nasl trunk/openvas-plugins/scripts/fcore_2009_11740.nasl trunk/openvas-plugins/scripts/fcore_2009_11836.nasl trunk/openvas-plugins/scripts/fcore_2009_12017.nasl trunk/openvas-plugins/scripts/fcore_2009_12348.nasl trunk/openvas-plugins/scripts/fcore_2009_12370.nasl trunk/openvas-plugins/scripts/fcore_2009_12395.nasl trunk/openvas-plugins/scripts/fcore_2009_12439.nasl trunk/openvas-plugins/scripts/fcore_2009_12444.nasl trunk/openvas-plugins/scripts/fcore_2009_12457.nasl trunk/openvas-plugins/scripts/fcore_2009_12481.nasl trunk/openvas-plugins/scripts/fcore_2009_12652.nasl trunk/openvas-plugins/scripts/fcore_2009_12663.nasl trunk/openvas-plugins/scripts/fcore_2009_12674.nasl trunk/openvas-plugins/scripts/fcore_2009_12690.nasl trunk/openvas-plugins/scripts/fcore_2009_12716.nasl trunk/openvas-plugins/scripts/fcore_2009_12737.nasl trunk/openvas-plugins/scripts/fcore_2009_12750.nasl trunk/openvas-plugins/scripts/fcore_2009_12775.nasl trunk/openvas-plugins/scripts/fcore_2009_12782.nasl trunk/openvas-plugins/scripts/fcore_2009_12786.nasl trunk/openvas-plugins/scripts/fcore_2009_12825.nasl trunk/openvas-plugins/scripts/fcore_2009_7998.nasl trunk/openvas-plugins/scripts/freebsd_expat2.nasl trunk/openvas-plugins/scripts/freebsd_expat20.nasl trunk/openvas-plugins/scripts/freebsd_opera19.nasl trunk/openvas-plugins/scripts/freebsdsa_freebsd.nasl trunk/openvas-plugins/scripts/freebsdsa_rtld.nasl trunk/openvas-plugins/scripts/freebsdsa_ssl.nasl trunk/openvas-plugins/scripts/mdksa_2008_233_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_103_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_106_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_107_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_108_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_112_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_113_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_121_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_128_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_130_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_132_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_142_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_157_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_158_3.nasl trunk/openvas-plugins/scripts/mdksa_2009_169_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_197_3.nasl trunk/openvas-plugins/scripts/mdksa_2009_199_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_200_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_201_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_203_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_206_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_208_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_211_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_212_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_213_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_215_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_217_3.nasl trunk/openvas-plugins/scripts/mdksa_2009_218_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_219_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_223_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_224_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_229_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_231_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_232_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_234_2.nasl trunk/openvas-plugins/scripts/mdksa_2009_243_2.nasl trunk/openvas-plugins/scripts/mdksa_2009_249_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_252_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_254_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_256_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_260_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_272_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_284_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_287_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_290_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_292_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_297_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_305.nasl trunk/openvas-plugins/scripts/mdksa_2009_307_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_308.nasl trunk/openvas-plugins/scripts/mdksa_2009_309.nasl trunk/openvas-plugins/scripts/mdksa_2009_310.nasl trunk/openvas-plugins/scripts/mdksa_2009_311.nasl trunk/openvas-plugins/scripts/mdksa_2009_312.nasl trunk/openvas-plugins/scripts/mdksa_2009_313_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_314.nasl trunk/openvas-plugins/scripts/mdksa_2009_315.nasl trunk/openvas-plugins/scripts/mdksa_2009_317.nasl trunk/openvas-plugins/scripts/mdksa_2009_318.nasl trunk/openvas-plugins/scripts/mdksa_2009_319.nasl trunk/openvas-plugins/scripts/mdksa_2009_320.nasl trunk/openvas-plugins/scripts/mdksa_2009_321.nasl trunk/openvas-plugins/scripts/mdksa_2009_322.nasl trunk/openvas-plugins/scripts/mdksa_2009_323.nasl trunk/openvas-plugins/scripts/mdksa_2009_324.nasl trunk/openvas-plugins/scripts/mdksa_2009_325.nasl trunk/openvas-plugins/scripts/mdksa_2009_326.nasl trunk/openvas-plugins/scripts/ovcesa2009_1625.nasl trunk/openvas-plugins/scripts/suse_sa_2009_059.nasl trunk/openvas-plugins/scripts/suse_sa_2009_060.nasl trunk/openvas-plugins/scripts/ubuntu_863_1.nasl trunk/openvas-plugins/scripts/ubuntu_865_1.nasl trunk/openvas-plugins/scripts/ubuntu_866_1.nasl Modified: trunk/openvas-plugins/ChangeLog Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/ChangeLog 2009-12-09 23:23:54 UTC (rev 6120) @@ -1,5 +1,124 @@ -009-12-09 Michael Meyer +2009-12-09 Thomas Reinke + * scripts/deb_1942_1.nasl, + scripts/deb_1943_1.nasl, + scripts/deb_1944_1.nasl, + scripts/deb_1945_1.nasl, + scripts/deb_1946_1.nasl, + scripts/freebsd_expat2.nasl, + scripts/freebsd_expat20.nasl, + scripts/freebsd_opera19.nasl, + scripts/freebsdsa_freebsd.nasl, + scripts/freebsdsa_rtld.nasl, + scripts/freebsdsa_ssl.nasl, + scripts/suse_sa_2009_059.nasl, + scripts/suse_sa_2009_060.nasl, + scripts/ubuntu_863_1.nasl, + scripts/ubuntu_865_1.nasl, + scripts/ubuntu_866_1.nasl, + scripts/mdksa_2008_233_1.nasl, + scripts/mdksa_2009_103_1.nasl, + scripts/mdksa_2009_106_1.nasl, + scripts/mdksa_2009_107_1.nasl, + scripts/mdksa_2009_108_1.nasl, + scripts/mdksa_2009_112_1.nasl, + scripts/mdksa_2009_113_1.nasl, + scripts/mdksa_2009_121_1.nasl, + scripts/mdksa_2009_128_1.nasl, + scripts/mdksa_2009_130_1.nasl, + scripts/mdksa_2009_132_1.nasl, + scripts/mdksa_2009_142_1.nasl, + scripts/mdksa_2009_157_1.nasl, + scripts/mdksa_2009_158_3.nasl, + scripts/mdksa_2009_169_1.nasl, + scripts/mdksa_2009_197_3.nasl, + scripts/mdksa_2009_199_1.nasl, + scripts/mdksa_2009_200_1.nasl, + scripts/mdksa_2009_201_1.nasl, + scripts/mdksa_2009_203_1.nasl, + scripts/mdksa_2009_206_1.nasl, + scripts/mdksa_2009_208_1.nasl, + scripts/mdksa_2009_211_1.nasl, + scripts/mdksa_2009_212_1.nasl, + scripts/mdksa_2009_213_1.nasl, + scripts/mdksa_2009_215_1.nasl, + scripts/mdksa_2009_217_3.nasl, + scripts/mdksa_2009_218_1.nasl, + scripts/mdksa_2009_219_1.nasl, + scripts/mdksa_2009_223_1.nasl, + scripts/mdksa_2009_224_1.nasl, + scripts/mdksa_2009_229_1.nasl, + scripts/mdksa_2009_231_1.nasl, + scripts/mdksa_2009_232_1.nasl, + scripts/mdksa_2009_234_2.nasl, + scripts/mdksa_2009_243_2.nasl, + scripts/mdksa_2009_249_1.nasl, + scripts/mdksa_2009_252_1.nasl, + scripts/mdksa_2009_254_1.nasl, + scripts/mdksa_2009_256_1.nasl, + scripts/mdksa_2009_260_1.nasl, + scripts/mdksa_2009_272_1.nasl, + scripts/mdksa_2009_284_1.nasl, + scripts/mdksa_2009_287_1.nasl, + scripts/mdksa_2009_290_1.nasl, + scripts/mdksa_2009_292_1.nasl, + scripts/mdksa_2009_297_1.nasl, + scripts/mdksa_2009_305.nasl, + scripts/mdksa_2009_307_1.nasl, + scripts/mdksa_2009_308.nasl, + scripts/mdksa_2009_309.nasl, + scripts/mdksa_2009_310.nasl, + scripts/mdksa_2009_311.nasl, + scripts/mdksa_2009_312.nasl, + scripts/mdksa_2009_313_1.nasl, + scripts/mdksa_2009_314.nasl, + scripts/mdksa_2009_315.nasl, + scripts/mdksa_2009_317.nasl, + scripts/mdksa_2009_318.nasl, + scripts/mdksa_2009_319.nasl, + scripts/mdksa_2009_320.nasl, + scripts/mdksa_2009_321.nasl, + scripts/mdksa_2009_322.nasl, + scripts/mdksa_2009_323.nasl, + scripts/mdksa_2009_324.nasl, + scripts/mdksa_2009_325.nasl, + scripts/mdksa_2009_326.nasl, + scripts/RHSA_2009_1625.nasl, + scripts/RHSA_2009_1635.nasl, + scripts/RHSA_2009_1642.nasl, + scripts/fcore_2009_10891.nasl, + scripts/fcore_2009_11062.nasl, + scripts/fcore_2009_11314.nasl, + scripts/fcore_2009_11499.nasl, + scripts/fcore_2009_11618.nasl, + scripts/fcore_2009_11739.nasl, + scripts/fcore_2009_11740.nasl, + scripts/fcore_2009_11836.nasl, + scripts/fcore_2009_12017.nasl, + scripts/fcore_2009_12348.nasl, + scripts/fcore_2009_12370.nasl, + scripts/fcore_2009_12395.nasl, + scripts/fcore_2009_12439.nasl, + scripts/fcore_2009_12444.nasl, + scripts/fcore_2009_12457.nasl, + scripts/fcore_2009_12481.nasl, + scripts/fcore_2009_12652.nasl, + scripts/fcore_2009_12663.nasl, + scripts/fcore_2009_12674.nasl, + scripts/fcore_2009_12690.nasl, + scripts/fcore_2009_12716.nasl, + scripts/fcore_2009_12737.nasl, + scripts/fcore_2009_12750.nasl, + scripts/fcore_2009_12775.nasl, + scripts/fcore_2009_12782.nasl, + scripts/fcore_2009_12786.nasl, + scripts/fcore_2009_12825.nasl, + scripts/fcore_2009_7998.nasl, + scripts/ovcesa2009_1625.nasl: + New scripts + +2009-12-09 Michael Meyer + * scripts/gb_php_mult_vuln_dec09.nasl: Added port to security_hole(). Added: trunk/openvas-plugins/scripts/RHSA_2009_1625.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1625.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/RHSA_2009_1625.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,111 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1625 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66357); + script_cve_id("CVE-2009-3560", "CVE-2009-3720"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1625"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1625. + +Expat is a C library written by James Clark for parsing XML documents. + +Two buffer over-read flaws were found in the way Expat handled malformed +UTF-8 sequences when processing XML files. A specially-crafted XML file +could cause applications using Expat to crash while parsing the file. +(CVE-2009-3560, CVE-2009-3720) + +All expat users should upgrade to these updated packages, which contain +backported patches to correct these issues. After installing the updated +packages, applications using the Expat library must be restarted for the +update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1625.html +http://www.redhat.com/security/updates/classification/#moderate + +Risk factor : Medium"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1625"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"expat", rpm:"expat~1.95.5~6.2", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~1.95.5~6.2", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~1.95.5~6.2", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat", rpm:"expat~1.95.7~4.el4_8.2", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~1.95.7~4.el4_8.2", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~1.95.7~4.el4_8.2", rls:"RHENT_4")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat", rpm:"expat~1.95.8~8.3.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~1.95.8~8.3.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~1.95.8~8.3.el5_4.2", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1635.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1635.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/RHSA_2009_1635.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,136 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1635 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66356); + script_cve_id("CVE-2009-3726", "CVE-2009-3889", "CVE-2009-3939"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1635"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1635. + +The kernel-rt packages contain the Linux kernel, the core of any Linux +operating system. + +These updated packages fix the following security issues: + +* a NULL pointer dereference flaw was found in the NFSv4 implementation in +the Linux kernel. Several of the NFSv4 file locking functions failed to +check whether a file had been opened on the server before performing +locking operations on it. A local user on a system with an NFSv4 share +mounted could possibly use this flaw to cause a denial of service or +escalate their privileges. (CVE-2009-3726, Important) + +* permission issues were found in the megaraid_sas driver (for SAS based +RAID controllers) in the Linux kernel. The dbg_lvl and poll_mode_io +files on the sysfs file system (/sys/) had world-writable permissions. +This could allow local, unprivileged users to change the behavior of the +driver. (CVE-2009-3889, CVE-2009-3939, Moderate) + +Users should upgrade to these updated packages, which contain backported +patches to correct these issues and add these enhancements. The system must +be rebooted for this update to take effect. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1635.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1635"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel-rt", rpm:"kernel-rt~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debug", rpm:"kernel-rt-debug~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debug-debuginfo", rpm:"kernel-rt-debug-debuginfo~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debug-devel", rpm:"kernel-rt-debug-devel~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debuginfo", rpm:"kernel-rt-debuginfo~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-debuginfo-common", rpm:"kernel-rt-debuginfo-common~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-devel", rpm:"kernel-rt-devel~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-trace", rpm:"kernel-rt-trace~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-trace-debuginfo", rpm:"kernel-rt-trace-debuginfo~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-trace-devel", rpm:"kernel-rt-trace-devel~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-vanilla", rpm:"kernel-rt-vanilla~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-vanilla-debuginfo", rpm:"kernel-rt-vanilla-debuginfo~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-vanilla-devel", rpm:"kernel-rt-vanilla-devel~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-rt-doc", rpm:"kernel-rt-doc~2.6.24.7~139.el5rt", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_1642.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_1642.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/RHSA_2009_1642.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:1642 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66358); + script_cve_id("CVE-2009-4033"); + script_version ("$Revision$"); + script_name("RedHat Security Advisory RHSA-2009:1642"); + + desc = " +The remote host is missing updates announced in +advisory RHSA-2009:1642. + +acpid is a daemon that dispatches ACPI (Advanced Configuration and Power +Interface) events to user-space programs. + +It was discovered that acpid could create its log file (/var/log/acpid) +with random permissions on some systems. A local attacker could use this +flaw to escalate their privileges if the log file was created as +world-writable and with the setuid or setgid bit set. (CVE-2009-4033) + +Please note that this flaw was due to a Red Hat-specific patch +(acpid-1.0.4-fd.patch) included in the Red Hat Enterprise Linux 5 acpid +package. + +Users are advised to upgrade to this updated package, which contains a +backported patch to correct this issue. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-1642.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(desc); + + script_summary("Redhat Security Advisory RHSA-2009:1642"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"acpid", rpm:"acpid~1.0.4~9.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"acpid-debuginfo", rpm:"acpid-debuginfo~1.0.4~9.el5_4.1", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1942_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1942_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/deb_1942_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,137 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1942-1 (wireshark) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66454); + script_cve_id("CVE-2009-1268", "CVE-2008-1829", "CVE-2009-2560", "CVE-2009-2562", "CVE-2009-3241", "CVE-2009-3550", "CVE-2009-3829"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1942-1 (wireshark)"); + + desc = " +The remote host is missing an update to wireshark +announced via advisory DSA 1942-1. + +Several remote vulnerabilities have been discovered in the Wireshark +network traffic analyzer, which may lead to the execution of arbitrary +code or denial of service. The Common Vulnerabilities and Exposures +project identifies the following problems: + +CVE-2009-2560 + +A NULL pointer dereference was found in the RADIUS dissector. + +CVE-2009-3550 + +A NULL pointer dereference was found in the DCERP/NT dissector. + +CVE-2009-3829 + +An integer overflow was discovered in the ERF parser. + +This update also includes fixes for three minor issues, which were +scheduled for the next stable point update. (CVE-2008-1829, +CVE-2009-2562, CVE-2009-3241). Also CVE-2009-1268 was fixed for Etch. +Since this security update was issued prior to the release of the +point update, the fixes were included. + +For the old stable distribution (etch), this problem has been fixed in +version 0.99.4-5.etch.4. + +For the stable distribution (lenny), this problem has been fixed in +version 1.0.2-3+lenny7. + +For the unstable distribution (sid) these problems have been fixed in +version 1.2.3-1. + +We recommend that you upgrade your Wireshark packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201942-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1942-1 (wireshark)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"ethereal-common", ver:"0.99.4-5.etch.4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark-dev", ver:"0.99.4-5.etch.4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ethereal", ver:"0.99.4-5.etch.4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"tshark", ver:"0.99.4-5.etch.4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark-common", ver:"0.99.4-5.etch.4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark", ver:"0.99.4-5.etch.4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ethereal-dev", ver:"0.99.4-5.etch.4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"tethereal", ver:"0.99.4-5.etch.4", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"tshark", ver:"1.0.2-3+lenny7", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark", ver:"1.0.2-3+lenny7", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark-common", ver:"1.0.2-3+lenny7", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"wireshark-dev", ver:"1.0.2-3+lenny7", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1943_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1943_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/deb_1943_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1943-1 (openldap openldap2.3) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66455); + script_cve_id("CVE-2009-3767"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1943-1 (openldap openldap2.3)"); + + desc = " +The remote host is missing an update to openldap openldap2.3 +announced via advisory DSA 1943-1. + +It was discovered that OpenLDAP, a free implementation of the Lightweight +Directory Access Protocol, when OpenSSL is used, does not properly handle a '\0' +character in a domain name in the subject's Common Name (CN) field of an X.509 +certificate, which allows man-in-the-middle attackers to spoof arbitrary SSL +servers via a crafted certificate issued by a legitimate Certification Authority. + +For the oldstable distribution (etch), this problem has been fixed in version +2.3.30-5+etch3 for openldap2.3. + +For the stable distribution (lenny), this problem has been fixed in version +2.4.11-1+lenny1 for openldap. + +For the testing distribution (squeeze), and the unstable distribution (sid), +this problem has been fixed in version 2.4.17-2.1 for openldap. + + +We recommend that you upgrade your openldap2.3/openldap packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201943-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1943-1 (openldap openldap2.3)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libldap-2.3-0", ver:"2.3.30-5+etch3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"slapd", ver:"2.3.30-5+etch3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ldap-utils", ver:"2.3.30-5+etch3", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"slapd-dbg", ver:"2.4.11-1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libldap-2.4-2", ver:"2.4.11-1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"ldap-utils", ver:"2.4.11-1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"slapd", ver:"2.4.11-1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libldap2-dev", ver:"2.4.11-1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libldap-2.4-2-dbg", ver:"2.4.11-1+lenny1", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1944_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1944_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/deb_1944_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,129 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1944-1 (request-tracker3.4/request-tracker3.6) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66456); + script_cve_id("CVE-2009-3585"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1944-1 (request-tracker3.4/request-tracker3.6)"); + + desc = " +The remote host is missing an update to request-tracker3.4/request-tracker3.6 +announced via advisory DSA 1944-1. + + +Mikal Gule discovered that request-tracker, an extensible trouble-ticket +tracking system, is prone to an attack, where an attacker with access +to the same domain can hijack a user's RT session. + + +For the stable distribution (lenny), this problem has been fixed in +version 3.6.7-5+lenny3. + +For the oldstable distribution (etch), this problem has been fixed in +version 3.6.1-4+etch1 of request-tracker3.6 and version 3.4.5-2+etch1 +of request-tracker3.4. + +For the testing distribution (squeeze), this problem will be fixed soon. + +For the unstable distribution (sid), this problem has been fixed in +version 3.6.9-2. + +We recommend that you upgrade your request-tracker packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201944-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1944-1 (request-tracker3.4/request-tracker3.6)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"rt3.6-apache2", ver:"3.6.1-4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.6-apache", ver:"3.6.1-4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.4-clients", ver:"3.4.5-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"request-tracker3.4", ver:"3.4.5-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.4-apache", ver:"3.4.5-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"request-tracker3.6", ver:"3.6.1-4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.6-clients", ver:"3.6.1-4+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.4-apache2", ver:"3.4.5-2+etch1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.6-db-mysql", ver:"3.6.7-5+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.6-db-sqlite", ver:"3.6.7-5+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.6-apache2", ver:"3.6.7-5+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.6-db-postgresql", ver:"3.6.7-5+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"request-tracker3.6", ver:"3.6.7-5+lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"rt3.6-clients", ver:"3.6.7-5+lenny3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1945_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1945_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/deb_1945_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,173 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1945-1 (gforge) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66457); + script_cve_id("CVE-2009-3304"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1945-1 (gforge)"); + + desc = " +The remote host is missing an update to gforge +announced via advisory DSA 1945-1. + +Sylvain Beucler discovered that gforge, a collaborative development +tool, is prone to a symlink attack, which allows local users to perform +a denial of service attack by overwriting arbitrary files. + + +For the stable distribution (lenny), this problem has been fixed in +version 4.7~rc2-7lenny3. + +The oldstable distribution (etch), this problem has been fixed in +version 4.5.14-22etch13. + +For the testing distribution (squeeze), this problem will be fixed soon. + +For the unstable distribution (sid), this problem has been fixed in +version 4.8.2-1. + + +We recommend that you upgrade your gforge packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201945-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1945-1 (gforge)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"gforge-shell-ldap", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-common", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-db-postgresql", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-web-apache", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-ftp-proftpd", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-mta-postfix", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-mta-courier", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-mta-exim4", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-shell-postgresql", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-mta-exim", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-lists-mailman", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-ldap-openldap", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-dns-bind9", ver:"4.5.14-22etch13", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-plugin-mediawiki", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-dns-bind9", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-mta-courier", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-shell-postgresql", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-common", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-db-postgresql", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-mta-postfix", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-mta-exim4", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-web-apache", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-plugin-scmsvn", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-web-apache2", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-lists-mailman", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-ftp-proftpd", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"gforge-plugin-scmcvs", ver:"4.7~rc2-7lenny3", rls:"DEB5.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/deb_1946_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/deb_1946_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/deb_1946_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,103 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory DSA 1946-1 (belpic) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66458); + script_cve_id("CVE-2009-0049"); + script_version ("$Revision$"); + script_name("Debian Security Advisory DSA 1946-1 (belpic)"); + + desc = " +The remote host is missing an update to belpic +announced via advisory DSA 1946-1. + +It was discovered that belpic, the belgian eID PKCS11 library, does not +properly check the result of an OpenSSL function for verifying +cryptographic signatures, which could be used to bypass the certificate +validation. + + +For the oldstable distribution (etch), this problem has been fixed in +version 2.5.9-7.etch.1. + +For the stable distribution (lenny), this problem has been fixed in +version 2.6.0-6, which was already included in the lenny release. + +For the testing distribution (squeeze) and the unstable distribution +(sid), this problem has been fixed in version 2.6.0-6. + + +We recommend that you upgrade your belpic packages. + +Solution: +https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201946-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Debian Security Advisory DSA 1946-1 (belpic)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Debian Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"libbeid2-dev", ver:"2.5.9-7.etch.1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"beid-tools", ver:"2.5.9-7.etch.1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"beidgui", ver:"2.5.9-7.etch.1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libbeidlibopensc2", ver:"2.5.9-7.etch.1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libbeid2", ver:"2.5.9-7.etch.1", rls:"DEB4.0")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"libbeidlibopensc2-dev", ver:"2.5.9-7.etch.1", rls:"DEB4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_10891.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_10891.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_10891.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,127 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-10891 (cups) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66426); + script_cve_id("CVE-2009-2820", "CVE-2009-3553", "CVE-2009-0163", "CVE-2009-0164"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-10891 (cups)"); + + desc = " +The remote host is missing an update to cups +announced via advisory FEDORA-2009-10891. + +Updated to 1.4.2 including XSS security fix (CVE-2009-2820). + +Fixed improper reference counting in abstract file descriptors +handling interface (CVE-2009-3553). + +ChangeLog: + +* Thu Nov 19 2009 Tim Waugh 1:1.4.2-7 +- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). +* Tue Nov 17 2009 Tim Waugh 1:1.4.2-6 +- Fixed display of current driver (bug #537182, STR #3418). +- Fixed out-of-memory handling when loading jobs (bug #538054, +STR #3407). +* Mon Nov 16 2009 Tim Waugh 1:1.4.2-5 +- Fixed typo in admin web template (bug #537884, STR #3403). +- Reset SIGPIPE handler for child processes (bug #537886, STR #3399). +* Mon Nov 16 2009 Tim Waugh 1:1.4.2-4 +- Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381). +* Wed Nov 11 2009 Jiri Popelka 1:1.4.2-3 +- Fixed lspp-patch to avoid memory leak (bug #536741). +* Tue Nov 10 2009 Tim Waugh 1:1.4.2-2 +- Added explicit version dependency on cups-libs to cups-lpd +(bug #502205). +* Tue Nov 10 2009 Tim Waugh 1:1.4.2-1 +- 1.4.2. No longer need str3380, str3332, str3356, str3396 patches. +- Removed postscript.ppd.gz (bug #533371). +* Tue Nov 3 2009 Tim Waugh 1:1.4.1-8 +- Removed stale patch from STR #2831 which was causing problems with +number-up (bug #532516). +References: + +[ 1 ] Bug #529833 - CVE-2009-2820 cups: Several XSS flaws in forms processed by CUPS web interface +https://bugzilla.redhat.com/show_bug.cgi?id=529833 +[ 2 ] Bug #530111 - CVE-2009-3553 cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface +https://bugzilla.redhat.com/show_bug.cgi?id=530111 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update cups' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-10891 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-10891 (cups)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"cups", rpm:"cups~1.4.2~7.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.4.2~7.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.4.2~7.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-lpd", rpm:"cups-lpd~1.4.2~7.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-php", rpm:"cups-php~1.4.2~7.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-debuginfo", rpm:"cups-debuginfo~1.4.2~7.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11062.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11062.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_11062.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11062 (cups) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66435); + script_cve_id("CVE-2009-2820", "CVE-2008-5183", "CVE-2008-5286", "CVE-2008-1722"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-11062 (cups)"); + + desc = " +The remote host is missing an update to cups +announced via advisory FEDORA-2009-11062. + +Update Information: + +This fixes CVE-2009-2820, an XSS vulnerability in the web interface. This +also updates cups to the latest stable release on the 1.3 branch, and fixes a +problem with number-up handling. + +ChangeLog: + +* Tue Nov 10 2009 Tim Waugh 1:1.3.11-2 +- Added fix for CVE-2009-2820 (bug #529833). +* Tue Nov 3 2009 Tim Waugh 1:1.3.11-1 +- 1.3.11. +* Tue Nov 3 2009 Tim Waugh 1:1.3.10-7 +- Removed stale patch from STR #2831 which was causing problems with +number-up (bug #532516). + +References: + +[ 1 ] Bug #529833 - CVE-2009-2820 cups: Several XSS flaws in forms processed by CUPS web interface +https://bugzilla.redhat.com/show_bug.cgi?id=529833 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update cups' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11062 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-11062 (cups)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"cups", rpm:"cups~1.3.11~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.3.11~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.3.11~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-lpd", rpm:"cups-lpd~1.3.11~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-php", rpm:"cups-php~1.3.11~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-debuginfo", rpm:"cups-debuginfo~1.3.11~2.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11314.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11314.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_11314.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,127 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11314 (cups) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66430); + script_cve_id("CVE-2009-2820", "CVE-2009-3553"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-11314 (cups)"); + + desc = " +The remote host is missing an update to cups +announced via advisory FEDORA-2009-11314. + +Update Information: + +New release, including fix for XSS vulnerability in web interface +(CVE-2009-2820) and for improper reference counting in abstract file descriptors +handling interface (CVE-2009-3553). + +ChangeLog: + +* Thu Nov 19 2009 Tim Waugh 1:1.4.2-7 +- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). +* Tue Nov 17 2009 Tim Waugh 1:1.4.2-6 +- Fixed display of current driver (bug #537182, STR #3418). +- Fixed out-of-memory handling when loading jobs (bug #538054, +STR #3407). +* Mon Nov 16 2009 Tim Waugh 1:1.4.2-5 +- Fixed typo in admin web template (bug #537884, STR #3403). +- Reset SIGPIPE handler for child processes (bug #537886, STR #3399). +* Mon Nov 16 2009 Tim Waugh 1:1.4.2-4 +- Upstream fix for GNU TLS error handling bug (bug #537883, STR #3381). +* Wed Nov 11 2009 Jiri Popelka 1:1.4.2-3 +- Fixed lspp-patch to avoid memory leak (bug #536741). +* Tue Nov 10 2009 Tim Waugh 1:1.4.2-2 +- Added explicit version dependency on cups-libs to cups-lpd +(bug #502205). +* Tue Nov 10 2009 Tim Waugh 1:1.4.2-1 +- 1.4.2. No longer need str3380, str3332, str3356, str3396 patches. +- Removed postscript.ppd.gz (bug #533371). +- Renumbered patches and sources. + +References: + +[ 1 ] Bug #529833 - CVE-2009-2820 cups: Several XSS flaws in forms processed by CUPS web interface +https://bugzilla.redhat.com/show_bug.cgi?id=529833 +[ 2 ] Bug #530111 - CVE-2009-3553 cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface +https://bugzilla.redhat.com/show_bug.cgi?id=530111 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update cups' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11314 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-11314 (cups)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"cups", rpm:"cups~1.4.2~7.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.4.2~7.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.4.2~7.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-lpd", rpm:"cups-lpd~1.4.2~7.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-php", rpm:"cups-php~1.4.2~7.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-debuginfo", rpm:"cups-debuginfo~1.4.2~7.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11499.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11499.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_11499.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,113 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11499 (libsndfile) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66438); + script_cve_id("CVE-2009-0186", "CVE-2009-1788", "CVE-2009-1791"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-11499 (libsndfile)"); + + desc = " +The remote host is missing an update to libsndfile +announced via advisory FEDORA-2009-11499. + +Update Information: + +Version 1.0.20 (2009-03-14) +* Fix potential heap overflow in VOC file parser + (Tobias Klein, http://www.trapkit.de/). +Version 1.0.19 (2009-03-02) +* Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research). +* Huge number of minor bug fixes as a result of static analysis. +Version 1.0.18 (2009-02-07) +* Add Ogg/Vorbis support (thanks to John ffitch). +* Remove captive FLAC library. +* Many new features and bug fixes. + +ChangeLog: + +* Sat Nov 14 2009 Orcan Ogetbil - 1.0.20-3 +- Add FLAC/Ogg/Vorbis support (BR: libvorbis-devel) +- Make build verbose +- Remove rpath +- Fix ChangeLog encoding +- Move the big Changelog to the devel package + +References: + +[ 1 ] Bug #488361 - CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code +https://bugzilla.redhat.com/show_bug.cgi?id=488361 +[ 2 ] Bug #502657 - CVE-2009-1788 libsndfile VOC file heap based buffer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=502657 +[ 3 ] Bug #502658 - CVE-2009-1791 libsndfile AIFF file heap based buffer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=502658 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update libsndfile' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11499 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-11499 (libsndfile)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libsndfile", rpm:"libsndfile~1.0.20~3.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsndfile-devel", rpm:"libsndfile-devel~1.0.20~3.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsndfile-debuginfo", rpm:"libsndfile-debuginfo~1.0.20~3.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11618.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11618.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_11618.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,117 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11618 (libsndfile) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66439); + script_cve_id("CVE-2009-0186", "CVE-2009-1788", "CVE-2009-1791"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-11618 (libsndfile)"); + + desc = " +The remote host is missing an update to libsndfile +announced via advisory FEDORA-2009-11618. + +Update Information: + +Version 1.0.20 (2009-03-14) +* Fix potential heap overflow in VOC file parser + (Tobias Klein, http://www.trapkit.de/). +Version 1.0.19 (2009-03-02) +* Fix for CVE-2009-0186 (Alin Rad Pop, Secunia Research). +* Huge number of minor bug fixes as a result of static analysis. +Version 1.0.18 (2009-02-07) +* Add Ogg/Vorbis support (thanks to John ffitch). +* Remove captive FLAC library. +* Many new features and bug fixes. + +ChangeLog: + +* Sat Nov 14 2009 Orcan Ogetbil - 1.0.20-3 +- Add FLAC/Ogg/Vorbis support (BR: libvorbis-devel) +- Make build verbose +- Remove rpath +- Fix ChangeLog encoding +- Move the big Changelog to the devel package +* Sat Jul 25 2009 Fedora Release Engineering - 1.0.20-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild +* Sat Jun 6 2009 Lennart Poettering - 1.0.20-1 +- Updated to 1.0.20 + +References: + +[ 1 ] Bug #488361 - CVE-2009-0186 libsndfile: overflows may lead to execution of arbitrary code +https://bugzilla.redhat.com/show_bug.cgi?id=488361 +[ 2 ] Bug #502657 - CVE-2009-1788 libsndfile VOC file heap based buffer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=502657 +[ 3 ] Bug #502658 - CVE-2009-1791 libsndfile AIFF file heap based buffer overflow +https://bugzilla.redhat.com/show_bug.cgi?id=502658 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update libsndfile' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11618 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-11618 (libsndfile)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libsndfile", rpm:"libsndfile~1.0.20~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsndfile-devel", rpm:"libsndfile-devel~1.0.20~3.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsndfile-debuginfo", rpm:"libsndfile-debuginfo~1.0.20~3.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11739.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11739.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_11739.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11739 (wget) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66440); + script_cve_id("CVE-2009-3490"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-11739 (wget)"); + + desc = " +The remote host is missing an update to wget +announced via advisory FEDORA-2009-11739. + +ChangeLog: + +* Wed Nov 18 2009 Karsten Hopp 1.12-2 +- don't provide /usr/share/info/dir +* Tue Nov 17 2009 Karsten Hopp 1.12-1 +- update to wget-1.12 +- fixes CVE-2009-3490 wget: incorrect verification of SSL certificate +with NUL in name + +References: + +[ 1 ] Bug #520454 - CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name +https://bugzilla.redhat.com/show_bug.cgi?id=520454 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update wget' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11739 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-11739 (wget)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"wget", rpm:"wget~1.12~2.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.12~2.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11740.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11740.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_11740.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11740 (wget) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66437); + script_cve_id("CVE-2009-3490"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-11740 (wget)"); + + desc = " +The remote host is missing an update to wget +announced via advisory FEDORA-2009-11740. + +ChangeLog: + +* Wed Nov 18 2009 Karsten Hopp 1.12-2 +- don't provide /usr/share/info/dir +* Tue Nov 17 2009 Karsten Hopp 1.12-1 +- update to wget-1.12 +- fixes CVE-2009-3490 wget: incorrect verification of SSL certificate +with NUL in name + +References: + +[ 1 ] Bug #520454 - CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name +https://bugzilla.redhat.com/show_bug.cgi?id=520454 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update wget' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11740 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-11740 (wget)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"wget", rpm:"wget~1.12~2.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.12~2.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_11836.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_11836.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_11836.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,92 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-11836 (wget) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66436); + script_cve_id("CVE-2009-3490"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-11836 (wget)"); + + desc = " +The remote host is missing an update to wget +announced via advisory FEDORA-2009-11836. + +ChangeLog: + +* Wed Nov 18 2009 Karsten Hopp 1.12-2 +- don't provide /usr/share/info/dir +* Tue Nov 17 2009 Karsten Hopp 1.12-1 +- update to wget-1.12 +- CVE-2009-3490 : incorrect verification of SSL certificate with NUL in name + +References: + +[ 1 ] Bug #520454 - CVE-2009-3490 wget: incorrect verification of SSL certificate with NUL in name +https://bugzilla.redhat.com/show_bug.cgi?id=520454 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update wget' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-11836 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-11836 (wget)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"wget", rpm:"wget~1.12~2.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wget-debuginfo", rpm:"wget-debuginfo~1.12~2.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12017.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12017.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12017.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,97 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12017 (maniadrive) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66441); + script_cve_id("CVE-2009-3546"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-12017 (maniadrive)"); + + desc = " +The remote host is missing an update to maniadrive +announced via advisory FEDORA-2009-12017. + +Update Information: + +Update to upstream PHP version 5.3.1 + +References: + +[ 1 ] Bug #529213 - CVE-2009-3546 gd: insufficient input validation in _gdGetColors() +https://bugzilla.redhat.com/show_bug.cgi?id=529213 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update maniadrive' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12017 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-12017 (maniadrive)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"maniadrive", rpm:"maniadrive~1.2~19.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"maniadrive-track-editor", rpm:"maniadrive-track-editor~1.2~19.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"raydium", rpm:"raydium~1.2~19.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"raydium-devel", rpm:"raydium-devel~1.2~19.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"maniadrive-debuginfo", rpm:"maniadrive-debuginfo~1.2~19.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12348.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12348.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12348.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,98 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12348 (php-pear-Mail) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66427); + script_cve_id("CVE-2009-4023", "CVE-2009-4111"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-12348 (php-pear-Mail)"); + + desc = " +The remote host is missing an update to php-pear-Mail +announced via advisory FEDORA-2009-12348. + +Update Information: + +Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape +content of mail header fields, when using the sendmail backend. A remote +attacker could send an email message, with specially-crafted headers to local +user, leading to disclosure of content and potentially, to modification of +arbitrary system file, once the email message was processed by the PEAR's Mail +class. + +ChangeLog: + +* Fri Nov 27 2009 Remi Collet 1.1.14-5 +- Fix CVE-2009-4023 (#540842) +- rename Mail.xml to php-pear-Mail.xml +* Sun Jul 26 2009 Fedora Release Engineering - 1.1.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild + +References: + +[ 1 ] Bug #540842 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields +https://bugzilla.redhat.com/show_bug.cgi?id=540842 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update php-pear-Mail' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12348 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-12348 (php-pear-Mail)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"php-pear-Mail", rpm:"php-pear-Mail~1.1.14~5.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12370.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12370.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12370.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,91 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12370 (awstats) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66428); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-12370 (awstats)"); + + desc = " +The remote host is missing an update to awstats +announced via advisory FEDORA-2009-12370. + +Update Information: + +- Fix security in awredir.pl script by adding security key required by default. +- Enhance security of parameter sanitizing function. + +ChangeLog: + +* Thu Nov 26 2009 Aurelien Bompard - 6.95-1 +- version 6.95 (security fix) +- drop patch0 + +References: + +[ 1 ] Bug #540404 - Awstats: awredir.pl - require security key by default and enhance security of parameter sanitizing function +https://bugzilla.redhat.com/show_bug.cgi?id=540404 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update awstats' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12370 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-12370 (awstats)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"awstats", rpm:"awstats~6.95~1.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12395.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12395.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12395.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,96 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12395 (php-pear-Mail) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66429); + script_cve_id("CVE-2009-4023", "CVE-2009-4111"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)"); + + desc = " +The remote host is missing an update to php-pear-Mail +announced via advisory FEDORA-2009-12395. + +Update Information: + +Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape +content of mail header fields, when using the sendmail backend. A remote +attacker could send an email message, with specially-crafted headers to local +user, leading to disclosure of content and potentially, to modification of +arbitrary system file, once the email message was processed by the PEAR's Mail +class. + +ChangeLog: + +* Fri Nov 27 2009 Remi Collet 1.1.14-5 +- Fix CVE-2009-4023 (#540842) +- rename Mail.xml to php-pear-Mail.xml + +References: + +[ 1 ] Bug #540842 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields +https://bugzilla.redhat.com/show_bug.cgi?id=540842 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update php-pear-Mail' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12395 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-12395 (php-pear-Mail)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"php-pear-Mail", rpm:"php-pear-Mail~1.1.14~5.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12439.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12439.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12439.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,100 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12439 (php-pear-Mail) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66431); + script_cve_id("CVE-2009-4023", "CVE-2009-4111"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-12439 (php-pear-Mail)"); + + desc = " +The remote host is missing an update to php-pear-Mail +announced via advisory FEDORA-2009-12439. + +Update Information: + +Fix CVE-2009-4023, CVE-2009-4111 PEAR's Mail class did not properly escape +content of mail header fields, when using the sendmail backend. A remote +attacker could send an email message, with specially-crafted headers to local +user, leading to disclosure of content and potentially, to modification of +arbitrary system file, once the email message was processed by the PEAR's Mail +class. + +ChangeLog: + +* Fri Nov 27 2009 Remi Collet 1.1.14-5 +- Fix CVE-2009-4023 (#540842) +- rename Mail.xml to php-pear-Mail.xml +* Sun Jul 26 2009 Fedora Release Engineering - 1.1.14-4 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild +* Thu Feb 26 2009 Fedora Release Engineering - 1.1.14-3 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild + +References: + +[ 1 ] Bug #540842 - CVE-2009-4023 php-pear-Mail: Absent sanitization of mail header fields +https://bugzilla.redhat.com/show_bug.cgi?id=540842 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update php-pear-Mail' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12439 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-12439 (php-pear-Mail)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"php-pear-Mail", rpm:"php-pear-Mail~1.1.14~5.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12444.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12444.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12444.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,87 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12444 (awstats) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66432); + script_cve_id("CVE-2008-3714"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-12444 (awstats)"); + + desc = " +The remote host is missing an update to awstats +announced via advisory FEDORA-2009-12444. + +Update Information: + +- Fix security in awredir.pl by adding a security key required by default. +- Enhance security of parameter sanitizing function. + +ChangeLog: + +* Thu Nov 26 2009 Aurelien Bompard - 6.95-1 +- version 6.95 (security fix) +- drop patch0 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update awstats' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12444 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-12444 (awstats)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"awstats", rpm:"awstats~6.95~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12457.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12457.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12457.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,86 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12457 (awstats) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66433); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-12457 (awstats)"); + + desc = " +The remote host is missing an update to awstats +announced via advisory FEDORA-2009-12457. + +Update Information: + +- Fix security in awredir.pl by adding a security key required by default. +- Enhance security of parameter sanitizing function. + +ChangeLog: + +* Thu Nov 26 2009 Aurelien Bompard - 6.95-1 +- version 6.95 (security fix) +- drop patch0 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update awstats' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12457 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-12457 (awstats)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"awstats", rpm:"awstats~6.95~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12481.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12481.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12481.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,90 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12481 (roundcubemail) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66434); + script_cve_id("CVE-2009-4076", "CVE-2009-4077", "CVE-2009-0413"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-12481 (roundcubemail)"); + + desc = " +The remote host is missing an update to roundcubemail +announced via advisory FEDORA-2009-12481. + +Update Information: + +Fixes for CVE-2009-4076 and CVE-2009-4077. + +ChangeLog: + +* Mon Nov 30 2009 Jon Ciesla = 0.2.2-4 +- Fix for CVE-2009-4076 and CVE-2009-4077. + +References: + +[ 1 ] Bug #541558 - CVE-2009-4076 CVE-2009-4077 RoundCube Webmail: Multiple CSRF flaws +https://bugzilla.redhat.com/show_bug.cgi?id=541558 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update roundcubemail' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12481 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-12481 (roundcubemail)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"roundcubemail", rpm:"roundcubemail~0.2.2~4.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12652.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12652.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12652.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,118 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12652 (cups) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66443); + script_cve_id("CVE-2009-3553", "CVE-2009-2820", "CVE-2008-5183", "CVE-2008-5286", "CVE-2008-1722"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-12652 (cups)"); + + desc = " +The remote host is missing an update to cups +announced via advisory FEDORA-2009-12652. + +Update Information: + +This update include a fix for improper reference counting in abstract file +descriptors handling interface (CVE-2009-3553), and for a memory leak in the +LSPP support. + +ChangeLog: + +* Thu Dec 3 2009 Tim Waugh - 1:1.3.11-4 +- Applied patch to fix CVE-2009-3553 (bug #530111, STR #3200). +* Wed Nov 11 2009 Jiri Popelka 1:1.3.11-3 +- Fixed lspp-patch to avoid memory leak (bug #536741). +* Tue Nov 10 2009 Tim Waugh 1:1.3.11-2 +- Added fix for CVE-2009-2820 (bug #529833). +* Tue Nov 3 2009 Tim Waugh 1:1.3.11-1 +- 1.3.11. +* Tue Nov 3 2009 Tim Waugh 1:1.3.10-7 +- Removed stale patch from STR #2831 which was causing problems with +number-up (bug #532516). +* Tue Oct 20 2009 Jiri Popelka 1:1.3.10-6 +- Fix cups-lpd to create unique temporary data files (bug #529838, STR #3382). + +References: + +[ 1 ] Bug #530111 - CVE-2009-3553 cups: Use-after-free (crash) due improper reference counting in abstract file descriptors handling interface +https://bugzilla.redhat.com/show_bug.cgi?id=530111 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update cups' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12652 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-12652 (cups)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"cups", rpm:"cups~1.3.11~4.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.3.11~4.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.3.11~4.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-lpd", rpm:"cups-lpd~1.3.11~4.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-php", rpm:"cups-php~1.3.11~4.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"cups-debuginfo", rpm:"cups-debuginfo~1.3.11~4.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12663.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12663.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12663.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,86 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12663 (dstat) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66444); + script_cve_id("CVE-2009-3894"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-12663 (dstat)"); + + desc = " +The remote host is missing an update to dstat +announced via advisory FEDORA-2009-12663. + +ChangeLog: + +* Thu Dec 3 2009 Jan Zeleny - 0.6.9-5 +- added patch fixing security issue CVE-2009-3894 + +References: + +[ 1 ] Bug #538459 - CVE-2009-3894 dstat insecure module search path +https://bugzilla.redhat.com/show_bug.cgi?id=538459 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update dstat' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12663 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-12663 (dstat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"dstat", rpm:"dstat~0.6.9~5.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12674.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12674.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12674.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,91 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12674 (dstat) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66445); + script_cve_id("CVE-2009-3894"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-12674 (dstat)"); + + desc = " +The remote host is missing an update to dstat +announced via advisory FEDORA-2009-12674. + +Update Information: + +This release fixes above mentioned security issue, adds several enhancements and +fixes few other bugs. For complete information, please see changelog. + +ChangeLog: + +* Thu Dec 3 2009 Jan Zeleny - 0.7.0-1 +- rebased to 0.7.0 + +References: + +[ 1 ] Bug #538459 - CVE-2009-3894 dstat insecure module search path +https://bugzilla.redhat.com/show_bug.cgi?id=538459 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update dstat' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12674 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-12674 (dstat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"dstat", rpm:"dstat~0.7.0~1.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12690.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12690.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12690.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,101 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12690 (expat) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66446); + script_cve_id("CVE-2009-3560", "CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-12690 (expat)"); + + desc = " +The remote host is missing an update to expat +announced via advisory FEDORA-2009-12690. + +Update Information: + +A buffer over-read flaw was found in the way Expat handles malformed UTF-8 +sequences when processing XML files. A specially-crafted XML file could cause +applications using Expat to crash while parsing the file. (CVE-2009-3560) + +ChangeLog: + +* Tue Dec 1 2009 Joe Orton - 2.0.1-8 +- add security fix for CVE-2009-3560 (#533174) +- run the test suite +* Fri Oct 30 2009 Joe Orton - 2.0.1-5.1 +- add security fix for CVE-2009-3720 + +References: + +[ 1 ] Bug #533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=533174 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update expat' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12690 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-12690 (expat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~8.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~2.0.1~8.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~2.0.1~8.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12716.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12716.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12716.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,101 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12716 (expat) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66447); + script_cve_id("CVE-2009-3560", "CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-12716 (expat)"); + + desc = " +The remote host is missing an update to expat +announced via advisory FEDORA-2009-12716. + +Update Information: + +A buffer over-read flaw was found in the way Expat handles malformed UTF-8 +sequences when processing XML files. A specially-crafted XML file could cause +applications using Expat to crash while parsing the file. (CVE-2009-3560) + +ChangeLog: + +* Tue Dec 1 2009 Joe Orton - 2.0.1-8 +- add security fix for CVE-2009-3560 (#533174) +- run the test suite +* Fri Oct 30 2009 Joe Orton - 2.0.1-6.1 +- add security fix for CVE-2009-3720 + +References: + +[ 1 ] Bug #533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=533174 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update expat' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12716 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-12716 (expat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~8.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~2.0.1~8.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~2.0.1~8.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12737.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12737.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12737.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,103 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12737 (expat) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66448); + script_cve_id("CVE-2009-3560", "CVE-2009-3720"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-12737 (expat)"); + + desc = " +The remote host is missing an update to expat +announced via advisory FEDORA-2009-12737. + +Update Information: + +Two buffer over-read flaws were found in the way Expat handled malformed UTF-8 +sequences when processing XML files. A specially-crafted XML file could cause +applications using Expat to crash while parsing the file. (CVE-2009-3560, +CVE-2009-3720) + +ChangeLog: + +* Tue Dec 1 2009 Joe Orton - 2.0.1-8 +- add security fix for CVE-2009-3560 (#533174) +- add security fix for CVE-2009-3720 (#531697) +- run the test suite + +References: + +[ 1 ] Bug #533174 - CVE-2009-3560 expat: buffer over-read and crash in big2_toUtf8() on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=533174 +[ 2 ] Bug #531697 - CVE-2009-3720 expat: buffer over-read and crash on XML with malformed UTF-8 sequences +https://bugzilla.redhat.com/show_bug.cgi?id=531697 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update expat' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12737 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-12737 (expat)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"expat", rpm:"expat~2.0.1~8.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-devel", rpm:"expat-devel~2.0.1~8.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"expat-debuginfo", rpm:"expat-debuginfo~2.0.1~8.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12750.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12750.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12750.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,92 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12750 (nginx) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66449); + script_cve_id("CVE-2009-3555", "CVE-2009-3896", "CVE-2009-2629"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-12750 (nginx)"); + + desc = " +The remote host is missing an update to nginx +announced via advisory FEDORA-2009-12750. + +ChangeLog: + +* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1 +- Update to new stable 0.7.64 +* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1 +- Update to new stable 0.7.63 +- reinstate zlib dependency + +References: + +[ 1 ] Bug #539573 - CVE-2009-3555 CVE-2009-3896 CVE-2009-2629 Multiple nginx vulnerabilities [Fedora all] +https://bugzilla.redhat.com/show_bug.cgi?id=539573 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update nginx' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12750 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-12750 (nginx)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"nginx", rpm:"nginx~0.7.64~1.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nginx-debuginfo", rpm:"nginx-debuginfo~0.7.64~1.fc12", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12775.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12775.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12775.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,91 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12775 (nginx) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66450); + script_cve_id("CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-12775 (nginx)"); + + desc = " +The remote host is missing an update to nginx +announced via advisory FEDORA-2009-12775. + +ChangeLog: + +* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1 +- update to 0.7.64 +* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1 +- update to 0.7.63 + +References: + +[ 1 ] Bug #539573 - CVE-2009-3555 CVE-2009-3896 CVE-2009-2629 Multiple nginx vulnerabilities [Fedora all] +https://bugzilla.redhat.com/show_bug.cgi?id=539573 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update nginx' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12775 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-12775 (nginx)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"nginx", rpm:"nginx~0.7.64~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nginx-debuginfo", rpm:"nginx-debuginfo~0.7.64~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12782.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12782.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12782.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,91 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12782 (nginx) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66451); + script_cve_id("CVE-2009-2629", "CVE-2009-3555", "CVE-2009-3896"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-12782 (nginx)"); + + desc = " +The remote host is missing an update to nginx +announced via advisory FEDORA-2009-12782. + +ChangeLog: + +* Fri Dec 4 2009 Jeremy Hinegardner - 0.7.64-1 +- update to 0.7.64 +* Thu Oct 29 2009 Jeremy Hinegardner - 0.7.63-1 +- update to 0.7.63 + +References: + +[ 1 ] Bug #539573 - CVE-2009-3555 CVE-2009-3896 CVE-2009-2629 Multiple nginx vulnerabilities [Fedora all] +https://bugzilla.redhat.com/show_bug.cgi?id=539573 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update nginx' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12782 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-12782 (nginx)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"nginx", rpm:"nginx~0.7.64~1.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nginx-debuginfo", rpm:"nginx-debuginfo~0.7.64~1.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12786.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12786.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12786.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,153 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12786 (kernel) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66452); + script_cve_id("CVE-2009-1298", "CVE-2009-3547", "CVE-2009-3638", "CVE-2009-3624", "CVE-2009-3621", "CVE-2009-3620", "CVE-2009-3612", "CVE-2009-2909", "CVE-2009-2908", "CVE-2009-2903", "CVE-2009-3290", "CVE-2009-2847"); + script_version ("$Revision$"); + script_name("Fedora Core 11 FEDORA-2009-12786 (kernel)"); + + desc = " +The remote host is missing an update to the Linux kernel +announced via advisory FEDORA-2009-12786. + +For details on the issues addressed with this update, please +visit the referenced security advisories. + +References: + +[ 1 ] Bug #544144 - CVE-2009-1298 kernel: ip_frag_reasm() NULL pointer dereference +https://bugzilla.redhat.com/show_bug.cgi?id=544144 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update kernel' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12786 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 11 FEDORA-2009-12786 (kernel)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i586~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i686~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc64~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~x86_64~2.6.30.9", rls:"FC11")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.30.9~102.fc11", rls:"FC11")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_12825.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_12825.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_12825.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,153 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-12825 (kernel) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66453); + script_cve_id("CVE-2009-1298"); + script_version ("$Revision$"); + script_name("Fedora Core 12 FEDORA-2009-12825 (kernel)"); + + desc = " +The remote host is missing an update to the linux kernel +announced via advisory FEDORA-2009-12825. + +For details on the issues addressed with this update, please +visit the referenced security advisories. + +References: + +[ 1 ] Bug #544144 - CVE-2009-1298 kernel: ip_frag_reasm() NULL pointer dereference +https://bugzilla.redhat.com/show_bug.cgi?id=544144 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update kernel' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-12825 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 12 FEDORA-2009-12825 (kernel)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug", rpm:"kernel-PAEdebug~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-devel", rpm:"kernel-PAEdebug-devel~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~i686~2.6.31.6", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAEdebug-debuginfo", rpm:"kernel-PAEdebug-debuginfo~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-firmware", rpm:"kernel-firmware~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"perf", rpm:"perf~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-bootwrapper", rpm:"kernel-bootwrapper~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc~2.6.31.6", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-smp-debuginfo", rpm:"kernel-smp-debuginfo~2.6.31.6~162.fc12", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~ppc64~2.6.31.6", rls:"FC12")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~x86_64~2.6.31.6", rls:"FC12")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_7998.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_7998.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/fcore_2009_7998.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,107 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-7998 (wireshark) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66442); + script_cve_id("CVE-2009-1210", "CVE-2009-1268", "CVE-2009-1269", "CVE-2009-2559", "CVE-2009-2560", "CVE-2009-2561", "CVE-2009-2562", "CVE-2009-2563"); + script_version ("$Revision$"); + script_name("Fedora Core 10 FEDORA-2009-7998 (wireshark)"); + + desc = " +The remote host is missing an update to wireshark +announced via advisory FEDORA-2009-7998. + +Update Information: + +Rebased to 1.2.x, fixing several security flaws, see the security advisory for +details: http://www.wireshark.org/security/wnpa-sec-2009-04.html + +ChangeLog: + +* Wed Jul 22 2009 Radek Vokal 1.2.1-1 +- upgrade to 1.2.1 +- fixes several security flaws +- http://www.wireshark.org/docs/relnotes/wireshark-1.2.1.html + +References: + +[ 1 ] Bug #512953 - CVE-2009-2559 Wireshark-1.2.0: DoS (crash) due array index error in IPMI dissector +https://bugzilla.redhat.com/show_bug.cgi?id=512953 +[ 2 ] Bug #513008 - CVE-2009-2560 Wireshark: Null-ptr dereference in the RADIUS dissector +https://bugzilla.redhat.com/show_bug.cgi?id=513008 +[ 3 ] Bug #513033 - CVE-2009-2561 Wireshark: Dos (excessive CPU and memory use) via large amount of tree items in the sFlow dissector +https://bugzilla.redhat.com/show_bug.cgi?id=513033 +[ 4 ] Bug #512987 - CVE-2009-2562 Wireshark: Integer overflow in the AFS dissector +https://bugzilla.redhat.com/show_bug.cgi?id=512987 +[ 5 ] Bug #512992 - CVE-2009-2563 Wireshark: Null-ptr dereference in the InfiniBand dissector +https://bugzilla.redhat.com/show_bug.cgi?id=512992 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update wireshark' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-7998 + +Risk factor : High"; + + script_description(desc); + + script_summary("Fedora Core 10 FEDORA-2009-7998 (wireshark)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Fedora Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.2.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-gnome", rpm:"wireshark-gnome~1.2.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-debuginfo", rpm:"wireshark-debuginfo~1.2.1~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_expat2.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_expat2.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/freebsd_expat2.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,77 @@ +# +#VID 5f030587-e39a-11de-881e-001aa0166822 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 5f030587-e39a-11de-881e-001aa0166822 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66465); + script_cve_id("CVE-2009-3720"); + script_version ("$Revision$"); + script_name("FreeBSD Ports: expat2"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: expat2 + +Solution: +Update your system with the appropriate patches or +software upgrades. + + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: expat2"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"expat2"); +if(!isnull(bver) && revcomp(a:bver, b:"2.0.1_1")<0) { + security_note(0, data:"Package expat2 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_expat20.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_expat20.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/freebsd_expat20.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,77 @@ +# +#VID e9fca207-e399-11de-881e-001aa0166822 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID e9fca207-e399-11de-881e-001aa0166822 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66466); + script_cve_id("CVE-2009-3560"); + script_version ("$Revision$"); + script_name("FreeBSD Ports: expat2"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following package is affected: expat2 + +Solution: +Update your system with the appropriate patches or +software upgrades. + + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: expat2"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"expat2"); +if(!isnull(bver) && revcomp(a:bver, b:"2.0.1_1")<0) { + security_note(0, data:"Package expat2 version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsd_opera19.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsd_opera19.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/freebsd_opera19.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,86 @@ +# +#VID 6431c4db-deb4-11de-9078-0030843d3802 +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from VID 6431c4db-deb4-11de-9078-0030843d3802 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66467); + script_version ("$Revision$"); + script_name("FreeBSD Ports: opera"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory. + +The following packages are affected: + opera + linux-opera + +Solution: +Update your system with the appropriate patches or +software upgrades. + +http://www.opera.com/support/kb/view/942/ +http://www.opera.com/support/kb/view/941/ +http://www.vuxml.org/freebsd/6431c4db-deb4-11de-9078-0030843d3802.html + +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Ports: opera"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdrel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +bver = portver(pkg:"opera"); +if(!isnull(bver) && revcomp(a:bver, b:"10.10.20091120")<0) { + security_note(0, data:"Package opera version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} +bver = portver(pkg:"linux-opera"); +if(!isnull(bver) && revcomp(a:bver, b:"10.10")<0) { + security_note(0, data:"Package linux-opera version " + bver + " is installed which is known to be vulnerable."); + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsdsa_freebsd.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsdsa_freebsd.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/freebsdsa_freebsd.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,99 @@ +# +#ADV FreeBSD-SA-09:17.freebsd.asc +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from ADV FreeBSD-SA-09:17.freebsd.asc +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66355); + script_version ("$Revision$"); + script_name("FreeBSD Security Advisory (FreeBSD-SA-09:17.freebsd.asc)"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory FreeBSD-SA-09:17.freebsd.asc + +The freebsd-update(8) utility is used to fetch, install, and rollback +updates to the FreeBSD base system, and also to upgrade from one FreeBSD +release to another. + +When downloading updates to FreeBSD via 'freebsd-update fetch' or +'freebsd-update upgrade', the freebsd-update(8) utility copies currently +installed files into its working directory (/var/db/freebsd-update by +default) both for the purpose of merging changes to configuration files +and in order to be able to roll back installed updates. + +The default working directory used by freebsd-update(8) is normally +created during the installation of FreeBSD with permissions which allow +all local users to see its contents, and freebsd-update(8) does not take +any steps to restrict access to files stored in said directory. + +Solution: +Upgrade your system to the appropriate stable release +or security branch dated after the correction date + +https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:17.freebsd.asc +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Security Advisory (FreeBSD-SA-09:17.freebsd.asc)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdpatchlevel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +if(patchlevelcmp(rel:"8.0", patchlevel:"1")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"7.2", patchlevel:"5")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"7.1", patchlevel:"9")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"6.4", patchlevel:"8")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"6.3", patchlevel:"14")<0) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsdsa_rtld.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsdsa_rtld.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/freebsdsa_rtld.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,88 @@ +# +#ADV FreeBSD-SA-09:16.rtld.asc +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from ADV FreeBSD-SA-09:16.rtld.asc +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66354); + script_cve_id("CVE-2009-4146"); + script_version ("$Revision$"); + script_name("FreeBSD Security Advisory (FreeBSD-SA-09:16.rtld.asc)"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory FreeBSD-SA-09:16.rtld.asc + +The run-time link-editor, rtld, links dynamic executable with their +needed libraries at run-time. It also allows users to explicitly +load libraries via various LD_ environmental variables. + +When running setuid programs rtld will normally remove potentially +dangerous environment variables. Due to recent changes in FreeBSD +environment variable handling code, a corrupt environment may +result in attempts to unset environment variables failing. + +Solution: +Upgrade your system to the appropriate stable release +or security branch dated after the correction date + +https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:16.rtld.asc +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Security Advisory (FreeBSD-SA-09:16.rtld.asc)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdpatchlevel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +if(patchlevelcmp(rel:"8.0", patchlevel:"1")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"7.2", patchlevel:"5")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"7.1", patchlevel:"9")<0) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/freebsdsa_ssl.nasl =================================================================== --- trunk/openvas-plugins/scripts/freebsdsa_ssl.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/freebsdsa_ssl.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,96 @@ +# +#ADV FreeBSD-SA-09:15.ssl.asc +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from ADV FreeBSD-SA-09:15.ssl.asc +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66353); + script_cve_id("CVE-2009-3555"); + script_version ("$Revision$"); + script_name("FreeBSD Security Advisory (FreeBSD-SA-09:15.ssl.asc)"); + + desc = " +The remote host is missing an update to the system +as announced in the referenced advisory FreeBSD-SA-09:15.ssl.asc + +The SSL (Secure Sockets Layer) and TLS (Transport Layer Security) protocols +provide a secure communications layer over which other protocols can be +utilized. The most widespread use of SSL/TLS is to add security to the +HTTP protocol, thus producing HTTPS. + +FreeBSD includes software from the OpenSSL Project which implements SSL +and TLS. + +The SSL version 3 and TLS protocols support session renegotiation without +cryptographically tying the new session parameters to the old parameters. + +Solution: +Upgrade your system to the appropriate stable release +or security branch dated after the correction date + +https://secure1.securityspace.com/smysecure/catid.html?in=FreeBSD-SA-09:15.ssl.asc +Risk factor : High"; + + script_description(desc); + + script_summary("FreeBSD Security Advisory (FreeBSD-SA-09:15.ssl.asc)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("FreeBSD Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/freebsdpatchlevel"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-bsd.inc"); +vuln = 0; +if(patchlevelcmp(rel:"8.0", patchlevel:"1")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"7.2", patchlevel:"5")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"7.1", patchlevel:"9")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"6.4", patchlevel:"8")<0) { + vuln = 1; +} +if(patchlevelcmp(rel:"6.3", patchlevel:"14")<0) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2008_233_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2008_233_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2008_233_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,100 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2008:233-1 (libcdaudio) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66417); + script_cve_id("CVE-2008-5030", "CVE-2005-0706"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2008:233-1 (libcdaudio)"); + + desc = " +The remote host is missing an update to libcdaudio +announced via advisory MDVSA-2008:233-1. + +A heap overflow was found in the CDDB retrieval code of libcdaudio, +which could result in the execution of arbitrary code (CVE-2008-5030). + +In addition, the fixes for CVE-2005-0706 were not applied to newer +libcdaudio packages as shipped with Mandriva Linux, so the patch to fix +that issue has been applied to 2008.1 and 2009.0 (this was originally +fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found +by Joseph VanAndel. Corporate 3.0 has this fix already applied. + +The updated packages have been patched to prevent these issues. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2008:233-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2008:233-1 (libcdaudio)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libcdaudio1", rpm:"libcdaudio1~0.99.12~4.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libcdaudio1-devel", rpm:"libcdaudio1-devel~0.99.12~4.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64cdaudio1", rpm:"lib64cdaudio1~0.99.12~4.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64cdaudio1-devel", rpm:"lib64cdaudio1-devel~0.99.12~4.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_103_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_103_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_103_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,111 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:103-1 (udev) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66367); + script_cve_id("CVE-2009-1185", "CVE-2009-1186"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:103-1 (udev)"); + + desc = " +The remote host is missing an update to udev +announced via advisory MDVSA-2009:103-1. + +Security vulnerabilities have been identified and fixed in udev. + +udev before 1.4.1 does not verify whether a NETLINK message originates +from kernel space, which allows local users to gain privileges by +sending a NETLINK message from user space (CVE-2009-1185). + +Buffer overflow in the util_path_encode function in +udev/lib/libudev-util.c in udev before 1.4.1 allows local users to +cause a denial of service (service outage) via vectors that trigger +a call with crafted arguments (CVE-2009-1186). + +The updated packages have been patched to prevent this. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:103-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:103-1 (udev)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libvolume_id0", rpm:"libvolume_id0~114~7.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libvolume_id0-devel", rpm:"libvolume_id0-devel~114~7.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"udev", rpm:"udev~114~7.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"udev-doc", rpm:"udev-doc~114~7.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"udev-tools", rpm:"udev-tools~114~7.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64volume_id0", rpm:"lib64volume_id0~114~7.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64volume_id0-devel", rpm:"lib64volume_id0-devel~114~7.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_106_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_106_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_106_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:106-1 (libwmf) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66365); + script_cve_id("CVE-2009-1364"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:106-1 (libwmf)"); + + desc = " +The remote host is missing an update to libwmf +announced via advisory MDVSA-2009:106-1. + +Use-after-free vulnerability in the embedded GD library in libwmf +0.2.8.4 allows context-dependent attackers to cause a denial of service +(application crash) or possibly execute arbitrary code via a crafted +WMF file (CVE-2009-1364). + +The updated packages have been patched to prevent this. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:106-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:106-1 (libwmf)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libwmf0.2_7", rpm:"libwmf0.2_7~0.2.8.4~14.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libwmf0.2_7-devel", rpm:"libwmf0.2_7-devel~0.2.8.4~14.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libwmf", rpm:"libwmf~0.2.8.4~14.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64wmf0.2_7", rpm:"lib64wmf0.2_7~0.2.8.4~14.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64wmf0.2_7-devel", rpm:"lib64wmf0.2_7-devel~0.2.8.4~14.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_107_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_107_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_107_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,87 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:107-1 (acpid) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66363); + script_cve_id("CVE-2009-0798"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:107-1 (acpid)"); + + desc = " +The remote host is missing an update to acpid +announced via advisory MDVSA-2009:107-1. + +The daemon in acpid before 1.0.10 allows remote attackers to cause a +denial of service (CPU consumption and connectivity loss) by opening +a large number of UNIX sockets without closing them, which triggers +an infinite loop (CVE-2009-0798). + +The updated packages have been patched to prevent this. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:107-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:107-1 (acpid)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"acpid", rpm:"acpid~1.0.6~1.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_108_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_108_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_108_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,89 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:108-1 (zsh) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66366); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:108-1 (zsh)"); + + desc = " +The remote host is missing an update to zsh +announced via advisory MDVSA-2009:108-1. + +A stack-based buffer overflow was found in the zsh command +interpreter. An attacker could use this flaw to cause a denial of +service (zsh crash), when providing a specially-crafted string as +input to the zsh shell. + +The updated packages have been patched to prevent this. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:108-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:108-1 (zsh)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"zsh", rpm:"zsh~4.3.4~4.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"zsh-doc", rpm:"zsh-doc~4.3.4~4.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_112_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_112_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_112_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,110 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:112-1 (ipsec-tools) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66364); + script_cve_id("CVE-2009-1574"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:112-1 (ipsec-tools)"); + + desc = " +The remote host is missing an update to ipsec-tools +announced via advisory MDVSA-2009:112-1. + +racoon/isakmp_frag.c in ipsec-tools before 0.7.2 allows remote +attackers to cause a denial of service (crash) via crafted fragmented +packets without a payload, which triggers a NULL pointer dereference +(CVE-2009-1574). + +Updated packages are available that brings ipsec-tools to version +0.7.2 for Mandriva Linux 2008.1/2009.0/2009.1 which provides numerous +bugfixes over the previous 0.7.1 version, and also corrects this +issue. ipsec-tools for Mandriva Linux Corporate Server 4 has been +patched to address this issue. + +Additionally the flex package required for building ipsec-tools has +been fixed due to ipsec-tools build problems and is also available +with this update. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:112-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:112-1 (ipsec-tools)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"flex", rpm:"flex~2.5.33~2.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ipsec-tools", rpm:"ipsec-tools~0.7.2~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libipsec0", rpm:"libipsec0~0.7.2~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libipsec-devel", rpm:"libipsec-devel~0.7.2~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64ipsec0", rpm:"lib64ipsec0~0.7.2~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64ipsec-devel", rpm:"lib64ipsec-devel~0.7.2~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_113_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_113_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_113_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,165 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:113-1 (cyrus-sasl) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66369); + script_cve_id("CVE-2009-0688"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:113-1 (cyrus-sasl)"); + + desc = " +The remote host is missing an update to cyrus-sasl +announced via advisory MDVSA-2009:113-1. + +Multiple buffer overflows in the CMU Cyrus SASL library before 2.1.23 +might allow remote attackers to execute arbitrary code or cause a +denial of service application crash) via strings that are used as +input to the sasl_encode64 function in lib/saslutil.c (CVE-2009-0688). + +The updated packages have been patched to prevent this. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:113-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:113-1 (cyrus-sasl)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"cyrus-sasl", rpm:"cyrus-sasl~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2", rpm:"libsasl2~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-devel", rpm:"libsasl2-devel~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-anonymous", rpm:"libsasl2-plug-anonymous~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-crammd5", rpm:"libsasl2-plug-crammd5~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-digestmd5", rpm:"libsasl2-plug-digestmd5~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-gssapi", rpm:"libsasl2-plug-gssapi~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-ldapdb", rpm:"libsasl2-plug-ldapdb~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-login", rpm:"libsasl2-plug-login~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-ntlm", rpm:"libsasl2-plug-ntlm~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-otp", rpm:"libsasl2-plug-otp~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-plain", rpm:"libsasl2-plug-plain~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-sasldb", rpm:"libsasl2-plug-sasldb~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsasl2-plug-sql", rpm:"libsasl2-plug-sql~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2", rpm:"lib64sasl2~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-devel", rpm:"lib64sasl2-devel~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-anonymous", rpm:"lib64sasl2-plug-anonymous~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-crammd5", rpm:"lib64sasl2-plug-crammd5~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-digestmd5", rpm:"lib64sasl2-plug-digestmd5~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-gssapi", rpm:"lib64sasl2-plug-gssapi~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-ldapdb", rpm:"lib64sasl2-plug-ldapdb~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-login", rpm:"lib64sasl2-plug-login~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-ntlm", rpm:"lib64sasl2-plug-ntlm~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-otp", rpm:"lib64sasl2-plug-otp~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-plain", rpm:"lib64sasl2-plug-plain~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-sasldb", rpm:"lib64sasl2-plug-sasldb~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sasl2-plug-sql", rpm:"lib64sasl2-plug-sql~2.1.22~23.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_121_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_121_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_121_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,116 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:121-1 (lcms) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66360); + script_cve_id("CVE-2009-0581", "CVE-2009-0723", "CVE-2009-0733", "CVE-2009-0793"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:121-1 (lcms)"); + + desc = " +The remote host is missing an update to lcms +announced via advisory MDVSA-2009:121-1. + +Multiple security vulnerabilities has been identified and fixed in +Little cms: + +A memory leak flaw allows remote attackers to cause a denial of service +(memory consumption and application crash) via a crafted image file +(CVE-2009-0581). + +Multiple integer overflows allow remote attackers to execute arbitrary +code via a crafted image file that triggers a heap-based buffer +overflow (CVE-2009-0723). + +Multiple stack-based buffer overflows allow remote attackers to +execute arbitrary code via a crafted image file associated with a large +integer value for the (1) input or (2) output channel (CVE-2009-0733). + +A flaw in the transformations of monochrome profiles allows remote +attackers to cause denial of service triggered by a NULL pointer +dereference via a crafted image file (CVE-2009-0793). + +This update provides fixes for these issues. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:121-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:121-1 (lcms)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"lcms", rpm:"lcms~1.18~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"liblcms1", rpm:"liblcms1~1.18~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"liblcms-devel", rpm:"liblcms-devel~1.18~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"python-lcms", rpm:"python-lcms~1.18~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64lcms1", rpm:"lib64lcms1~1.18~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64lcms-devel", rpm:"lib64lcms-devel~1.18~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_128_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_128_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_128_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,105 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:128-1 (libmodplug) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66397); + script_cve_id("CVE-2009-1438", "CVE-2009-1513"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:128-1 (libmodplug)"); + + desc = " +The remote host is missing an update to libmodplug +announced via advisory MDVSA-2009:128-1. + +Multiple security vulnerabilities has been identified and fixed +in libmodplug: + +Integer overflow in the CSoundFile::ReadMed function (src/load_med.cpp) +in libmodplug before 0.8.6, as used in gstreamer-plugins and other +products, allows context-dependent attackers to execute arbitrary +code via a MED file with a crafted (1) song comment or (2) song name, +which triggers a heap-based buffer overflow (CVE-2009-1438). + +Buffer overflow in the PATinst function in src/load_pat.cpp in +libmodplug before 0.8.7 allows user-assisted remote attackers to +cause a denial of service and possibly execute arbitrary code via a +long instrument name (CVE-2009-1513). + +The updated packages have been patched to prevent this. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:128-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:128-1 (libmodplug)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libmodplug0", rpm:"libmodplug0~0.8.4~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libmodplug0-devel", rpm:"libmodplug0-devel~0.8.4~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64modplug0", rpm:"lib64modplug0~0.8.4~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64modplug0-devel", rpm:"lib64modplug0-devel~0.8.4~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_130_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_130_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_130_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,112 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66393); + script_cve_id("CVE-2009-1932"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good)"); + + desc = " +The remote host is missing an update to gstreamer0.10-plugins-good +announced via advisory MDVSA-2009:130-1. + +Multiple integer overflows in the (1) user_info_callback, +(2) user_endrow_callback, and (3) gst_pngdec_task functions +(ext/libpng/gstpngdec.c) in GStreamer Good Plug-ins (aka +gst-plugins-good or gstreamer-plugins-good) 0.10.15 allow remote +attackers to cause a denial of service and possibly execute arbitrary +code via a crafted PNG file, which triggers a buffer overflow +(CVE-2009-1932). + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:130-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:130-1 (gstreamer0.10-plugins-good)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"gstreamer0.10-aalib", rpm:"gstreamer0.10-aalib~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer0.10-caca", rpm:"gstreamer0.10-caca~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer0.10-dv", rpm:"gstreamer0.10-dv~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer0.10-esound", rpm:"gstreamer0.10-esound~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer0.10-flac", rpm:"gstreamer0.10-flac~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer0.10-plugins-good", rpm:"gstreamer0.10-plugins-good~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer0.10-raw1394", rpm:"gstreamer0.10-raw1394~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer0.10-speex", rpm:"gstreamer0.10-speex~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer0.10-wavpack", rpm:"gstreamer0.10-wavpack~0.10.6~3.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_132_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_132_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_132_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,114 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:132-1 (libsndfile) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66372); + script_cve_id("CVE-2009-1788", "CVE-2009-1791"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:132-1 (libsndfile)"); + + desc = " +The remote host is missing an update to libsndfile +announced via advisory MDVSA-2009:132-1. + +Multiple vulnerabilities has been found and corrected in libsndfile: + +Heap-based buffer overflow in voc_read_header in libsndfile 1.0.15 +through 1.0.19, as used in Winamp 5.552 and possibly other media +programs, allows remote attackers to cause a denial of service +(application crash) and possibly execute arbitrary code via a VOC +file with an invalid header value (CVE-2009-1788). + +Heap-based buffer overflow in aiff_read_header in libsndfile 1.0.15 +through 1.0.19, as used in Winamp 5.552 and possibly other media +programs, allows remote attackers to cause a denial of service +(application crash) and possibly execute arbitrary code via an AIFF +file with an invalid header value (CVE-2009-1791). + +This update provides fixes for these vulnerabilities. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:132-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:132-1 (libsndfile)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libsndfile1", rpm:"libsndfile1~1.0.18~0.pre20.0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsndfile-devel", rpm:"libsndfile-devel~1.0.18~0.pre20.0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsndfile-progs", rpm:"libsndfile-progs~1.0.18~0.pre20.0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsndfile-static-devel", rpm:"libsndfile-static-devel~1.0.18~0.pre20.0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sndfile1", rpm:"lib64sndfile1~1.0.18~0.pre20.0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sndfile-devel", rpm:"lib64sndfile-devel~1.0.18~0.pre20.0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64sndfile-static-devel", rpm:"lib64sndfile-static-devel~1.0.18~0.pre20.0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_142_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_142_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_142_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,124 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:142-1 (jasper) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66379); + script_cve_id("CVE-2007-2721", "CVE-2008-3520", "CVE-2008-3521", "CVE-2008-3522"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:142-1 (jasper)"); + + desc = " +The remote host is missing an update to jasper +announced via advisory MDVSA-2009:142-1. + +Multiple security vulnerabilities has been identified and fixed +in jasper: + +The jpc_qcx_getcompparms function in jpc/jpc_cs.c for the JasPer +JPEG-2000 library (libjasper) before 1.900 allows remote user-assisted +attackers to cause a denial of service (crash) and possibly corrupt +the heap via malformed image files, as originally demonstrated using +imagemagick convert (CVE-2007-2721). + +Multiple integer overflows in JasPer 1.900.1 might allow +context-dependent attackers to have an unknown impact via a crafted +image file, related to integer multiplication for memory allocation +(CVE-2008-3520). + +The jas_stream_tmpfile function in libjasper/base/jas_stream.c in +JasPer 1.900.1 allows local users to overwrite arbitrary files via +a symlink attack on a tmp.XXXXXXXXXX temporary file (CVE-2008-3521). + +Buffer overflow in the jas_stream_printf function in +libjasper/base/jas_stream.c in JasPer 1.900.1 might allow +context-dependent attackers to have an unknown impact via +vectors related to the mif_hdr_put function and use of vsprintf +(CVE-2008-3522). + +The updated packages have been patched to prevent this. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:142-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:142-1 (jasper)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"jasper", rpm:"jasper~1.900.1~2.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libjasper1", rpm:"libjasper1~1.900.1~2.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libjasper1-devel", rpm:"libjasper1-devel~1.900.1~2.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libjasper1-static-devel", rpm:"libjasper1-static-devel~1.900.1~2.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64jasper1", rpm:"lib64jasper1~1.900.1~2.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64jasper1-devel", rpm:"lib64jasper1-devel~1.900.1~2.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64jasper1-static-devel", rpm:"lib64jasper1-static-devel~1.900.1~2.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_157_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_157_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_157_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,92 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:157-1 (perl-Compress-Raw-Zlib) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66382); + script_cve_id("CVE-2009-1391"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:157-1 (perl-Compress-Raw-Zlib)"); + + desc = " +The remote host is missing an update to perl-Compress-Raw-Zlib +announced via advisory MDVSA-2009:157-1. + +A vulnerability has been found and corrected in perl-Compress-Raw-Zlib: + +Off-by-one error in the inflate function in Zlib.xs in +Compress::Raw::Zlib Perl module before 2.017, as used in AMaViS, +SpamAssassin, and possibly other products, allows context-dependent +attackers to cause a denial of service (hang or crash) via a crafted +zlib compressed stream that triggers a heap-based buffer overflow, +as exploited in the wild by Trojan.Downloader-71014 in June 2009 +(CVE-2009-1391). + +This update provides fixes for this vulnerability. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:157-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:157-1 (perl-Compress-Raw-Zlib)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"perl-Compress-Raw-Zlib", rpm:"perl-Compress-Raw-Zlib~2.006~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_158_3.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_158_3.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_158_3.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,109 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:158-3 (pango) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66378); + script_cve_id("CVE-2009-1194"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:158-3 (pango)"); + + desc = " +The remote host is missing an update to pango +announced via advisory MDVSA-2009:158-3. + +Integer overflow in the pango_glyph_string_set_size function in +pango/glyphstring.c in Pango before 1.24 allows context-dependent +attackers to cause a denial of service (application crash) or possibly +execute arbitrary code via a long glyph string that triggers a +heap-based buffer overflow. + +This update corrects the issue. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:158-3 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:158-3 (pango)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libpango1.0_0", rpm:"libpango1.0_0~1.18.2~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpango1.0_0-modules", rpm:"libpango1.0_0-modules~1.18.2~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpango1.0-devel", rpm:"libpango1.0-devel~1.18.2~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pango", rpm:"pango~1.18.2~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pango-doc", rpm:"pango-doc~1.18.2~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64pango1.0_0", rpm:"lib64pango1.0_0~1.18.2~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64pango1.0_0-modules", rpm:"lib64pango1.0_0-modules~1.18.2~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64pango1.0-devel", rpm:"lib64pango1.0-devel~1.18.2~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_169_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_169_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_169_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,111 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:169-1 (libtiff) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66375); + script_cve_id("CVE-2008-2327", "CVE-2009-2285", "CVE-2009-2347"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:169-1 (libtiff)"); + + desc = " +The remote host is missing an update to libtiff +announced via advisory MDVSA-2009:169-1. + +Multiple vulnerabilities has been found and corrected in libtiff: + +Buffer underflow in the LZWDecodeCompat function in libtiff 3.8.2 +allows context-dependent attackers to cause a denial of service (crash) +via a crafted TIFF image, a different vulnerability than CVE-2008-2327 +(CVE-2009-2285). + +Fix several places in tiff2rgba and rgb2ycbcr that were being careless +about possible integer overflow in calculation of buffer sizes +(CVE-2009-2347). + +This update provides fixes for these vulnerabilities. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:169-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:169-1 (libtiff)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libtiff3", rpm:"libtiff3~3.8.2~8.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libtiff3-devel", rpm:"libtiff3-devel~3.8.2~8.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libtiff3-static-devel", rpm:"libtiff3-static-devel~3.8.2~8.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libtiff-progs", rpm:"libtiff-progs~3.8.2~8.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64tiff3", rpm:"lib64tiff3~3.8.2~8.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64tiff3-devel", rpm:"lib64tiff3-devel~3.8.2~8.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64tiff3-static-devel", rpm:"lib64tiff3-static-devel~3.8.2~8.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_197_3.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_197_3.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_197_3.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,119 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:197-3 (nss) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66362); + script_cve_id("CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2404"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:197-3 (nss)"); + + desc = " +The remote host is missing an update to nss +announced via advisory MDVSA-2009:197-3. + +Security issues in nss prior to 3.12.3 could lead to a +man-in-the-middle attack via a spoofed X.509 certificate +(CVE-2009-2408) and md2 algorithm flaws (CVE-2009-2409), and also +cause a denial-of-service and possible code execution via a long +domain name in X.509 certificate (CVE-2009-2404). + +This update provides the latest versions of NSS and NSPR libraries +which are not vulnerable to those attacks. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:197-3 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:197-3 (nss)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libnspr4", rpm:"libnspr4~4.7.5~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnspr-devel", rpm:"libnspr-devel~4.7.5~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnss3", rpm:"libnss3~3.12.3.1~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnss-devel", rpm:"libnss-devel~3.12.3.1~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnss-static-devel", rpm:"libnss-static-devel~3.12.3.1~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nss", rpm:"nss~3.12.3.1~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64nspr4", rpm:"lib64nspr4~4.7.5~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64nspr-devel", rpm:"lib64nspr-devel~4.7.5~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64nss3", rpm:"lib64nss3~3.12.3.1~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64nss-devel", rpm:"lib64nss-devel~3.12.3.1~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64nss-static-devel", rpm:"lib64nss-static-devel~3.12.3.1~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_199_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_199_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_199_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,140 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:199-1 (subversion) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66423); + script_cve_id("CVE-2009-2412", "CVE-2009-2411"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:199-1 (subversion)"); + + desc = " +The remote host is missing an update to subversion +announced via advisory MDVSA-2009:199-1. + +A vulnerability has been found and corrected in subversion: + +Multiple integer overflows in the libsvn_delta library in Subversion +before 1.5.7, and 1.6.x before 1.6.4, allow remote authenticated users +and remote Subversion servers to execute arbitrary code via an svndiff +stream with large windows that trigger a heap-based buffer overflow, +a related issue to CVE-2009-2412 (CVE-2009-2411). + +This update provides a solution to this vulnerability and in turn +upgrades subversion where possible to provide additional features +and upstream bugfixes and adds required dependencies where needed. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:199-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:199-1 (subversion)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"apache-mod_dav_svn", rpm:"apache-mod_dav_svn~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"apache-mod_dontdothat", rpm:"apache-mod_dontdothat~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libsvn0", rpm:"libsvn0~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"perl-SVN", rpm:"perl-SVN~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"perl-SVN-devel", rpm:"perl-SVN-devel~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"python-svn", rpm:"python-svn~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"python-svn-devel", rpm:"python-svn-devel~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ruby-svn", rpm:"ruby-svn~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ruby-svn-devel", rpm:"ruby-svn-devel~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"subversion", rpm:"subversion~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"subversion-devel", rpm:"subversion-devel~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"subversion-doc", rpm:"subversion-doc~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"subversion-server", rpm:"subversion-server~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"subversion-tools", rpm:"subversion-tools~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"svn-javahl", rpm:"svn-javahl~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"svn-javahl-javadoc", rpm:"svn-javahl-javadoc~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64svn0", rpm:"lib64svn0~1.4.6~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_200_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_200_1.nasl 2009-12-09 16:28:02 UTC (rev 6119) +++ trunk/openvas-plugins/scripts/mdksa_2009_200_1.nasl 2009-12-09 23:23:54 UTC (rev 6120) @@ -0,0 +1,124 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:200-1 (libxml) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(66392); + script_cve_id("CVE-2009-2414", "CVE-2009-2416"); + script_version ("$Revision$"); + script_name("Mandriva Security Advisory MDVSA-2009:200-1 (libxml)"); + + desc = " +The remote host is missing an update to libxml +announced via advisory MDVSA-2009:200-1. + +Multiple vulnerabilities has been found and corrected in libxml: + +Stack consumption vulnerability in libxml2 2.5.10, 2.6.16, 2.6.26, +2.6.27, and 2.6.32, and libxml 1.8.17, allows context-dependent +attackers to cause a denial of service (application crash) via a +large depth of element declarations in a DTD, related to a function +recursion, as demonstrated by the Codenomicon XML fuzzing framework +(CVE-2009-2414). + +Multiple use-after-free vulnerabilities in libxml2 2.5.10, 2.6.16, +2.6.26, 2.6.27, and 2.6.32, and libxml 1.8.17, allow context-dependent +attackers to cause a denial of service (application crash) via crafted +(1) Notation or (2) Enumeration attribute types in an XML file, as +demonstrated by the Codenomicon XML fuzzing framework (CVE-2009-2416). + +This update provides a solution to these vulnerabilities. + +Update: + +Packages for 2008.0 are being provided due to extended support for +Corporate products. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:200-1 + +Risk factor : High"; + + script_description(desc); + + script_summary("Mandriva Security Advisory MDVSA-2009:200-1 (libxml)"); + + script_category(ACT_GATHER_INFO); + + script_copyright("Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + script_family("Mandrake Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libxml1"