[Openvas-commits] r6065 - in trunk/openvas-plugins: . scripts

Sat Dec 5 12:49:19 CET 2009

Author: chandra
Date: 2009-12-05 12:49:16 +0100 (Sat, 05 Dec 2009)
New Revision: 6065

Added:
   trunk/openvas-plugins/scripts/gb_golden_ftp_server_detect.nasl
   trunk/openvas-plugins/scripts/gb_golden_ftp_server_dir_trav_vuln.nasl
   trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl
   trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/cpe.inc
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================

--- trunk/openvas-plugins/ChangeLog	2009-12-04 15:58:10 UTC (rev 6064)
+++ trunk/openvas-plugins/ChangeLog	2009-12-05 11:49:16 UTC (rev 6065)
@@ -1,3 +1,13 @@
+2009-12-05  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_golden_ftp_server_detect.nasl,
+	scripts/gb_golden_ftp_server_dir_trav_vuln.nasl,
+	scripts/gb_kaspersky_av_2010_dos_vuln.nasl,
+	scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl:
+	Added new plugins.
+
+	* scripts/cpe.inc: Added new CPE.
+
 2009-12-04  Thomas Reinke <reinke at securityspace.com>
 	* scripts/ubuntu_862_1.nasl:
 	Shortened description

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-12-04 15:58:10 UTC (rev 6064)
+++ trunk/openvas-plugins/cve_current.txt	2009-12-05 11:49:16 UTC (rev 6065)
@@ -337,3 +337,7 @@
 CVE-2009-4018			SecPod		svn		R
 CVE-2009-2626			SecPod		svn		R
 CVE-2009-3672			SecPod		svn		L
+CVE-2009-4150			SecPod		svn		L
+CVE-2009-4194			SecPod		svn		R
+CVE-2009-4114			SecPod		svn		L
+

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2009-12-04 15:58:10 UTC (rev 6064)
+++ trunk/openvas-plugins/scripts/cpe.inc	2009-12-05 11:49:16 UTC (rev 6065)
@@ -738,7 +738,9 @@
 "www/*/FrontAccounting", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?",  "cpe:/a:frontaccounting:frontaccounting:",
 "HomeFTPServer/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:downstairs.dnsalias:home_ftp_server:",
 "Robo/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?" , "cpe:/a:robo-ftp:robo-ftp:",
-"TYPSoft/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:typsoft:typsoft_ftp_server:"
+"TYPSoft/FTP/Ver", "^([0-9.]+\.[0-9])\.?([a-z0-9]+)?", "cpe:/a:typsoft:typsoft_ftp_server:",
+"Golden/FTP/Pro/Ver", "^([0-9.]+)", "cpe:/a:kmint21:golden_ftp_server:",
+"Golden/FTP/Free/Ver", "^([0-9.]+)", "cpe:/a:kmint21:golden_ftp_server:"
 );
 
 

Added: trunk/openvas-plugins/scripts/gb_golden_ftp_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_golden_ftp_server_detect.nasl	2009-12-04 15:58:10 UTC (rev 6064)
+++ trunk/openvas-plugins/scripts/gb_golden_ftp_server_detect.nasl	2009-12-05 11:49:16 UTC (rev 6065)
@@ -0,0 +1,81 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_golden_ftp_server_detect.nasl 6053 2009-12-04 17:05:29Z dec $
+#
+# Golden FTP Server Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
+
+if(description)
+{
+  script_id(801072);
+  script_version ("$Revision: 1.0 $");
+  script_name("Golden FTP Server Version Detection");
+  desc = "
+  Overview: This script determines Golden FTP server version on the
+  remote host and sets the result in KB.
+
+  Risk factor : Informational";
+
+  script_description(desc);
+  script_summary("Sets KB for Golden FTP server version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/ftp", 21);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+
+port = get_kb_item("Services/ftp");
+if(!port){
+  port = 21;
+}
+
+if(!get_port_state(port)){
+  exit(0);
+}
+
+banner = get_ftp_banner(port:port);
+if(isnull(banner)){
+  exit(0);
+}
+
+if("220 Golden FTP Server Pro" >< banner)
+{
+  gftpVer = eregmatch(pattern:"v([0-9.]+)", string:banner);
+  if(gftpVer[1] != NULL)
+  {
+    set_kb_item(name:"Golden/FTP/Pro/Ver", value:gftpVer[1]);
+    break;
+  }
+}
+
+if(("220 Golden FTP Server" >< banner) && ("Pro"  >!<  banner))
+{
+  gfftpVer = eregmatch(pattern:"v([0-9.]+)", string:banner);
+  if(gfftpVer[1] != NULL){
+    set_kb_item(name:"Golden/FTP/Free/Ver", value:gfftpVer[1]);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_golden_ftp_server_dir_trav_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_golden_ftp_server_dir_trav_vuln.nasl	2009-12-04 15:58:10 UTC (rev 6064)
+++ trunk/openvas-plugins/scripts/gb_golden_ftp_server_dir_trav_vuln.nasl	2009-12-05 11:49:16 UTC (rev 6065)
@@ -0,0 +1,102 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_golden_ftp_server_dir_trav_vuln.nasl 5967 2009-12-04 17:12:58Z dec $
+#
+# Golden FTP Server 'DELE' Command Directory Traversal Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
+
+if(description)
+{
+  script_id(801073);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4194");
+  script_name("Golden FTP Server 'DELE' Command Directory Traversal Vulnerability");
+  desc = "
+  Overview: This host is running Golden FTP Server and is prone to Directory
+  Traversal vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to an input validation error in 'DELE' command. It is
+  possible to escape the FTP root and delete arbitrary files on the system via
+  directory traversal (../../) attack methods.
+
+  Impact:
+  Successful exploitation will allow the remote authenticated user to access
+  arbitrary folders and delete arbitrary files from the FTP directories.
+
+  Affected Software/OS:
+  Golden FTP Server Pro version 4.30 and prior.
+  Golden FTP Server Free version 4.30 and prior.
+
+  Fix:
+  No solution or patch is available as on 04th December 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For Updates Refer, http://www.goldenftpserver.com/download.html
+
+  References:
+  http://secunia.com/advisories/37527
+  http://xforce.iss.net/xforce/xfdb/54497
+  http://www.exploit-db.com/exploits/10258
+
+  CVSS Score:
+    CVSS Base Score      : 6.0 (AV:N/AC:M/Au:SI/C:P/I:P/A:P)
+    CVSS Temporal Score  : 5.4
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Golden FTP Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("FTP");
+  script_dependencies("gb_golden_ftp_server_detect.nasl");
+  script_require_ports("Services/ftp", 21);
+  script_require_keys("Golden/FTP/Pro/Ver","Golden/FTP/Free/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+port = get_kb_item("Services/ftp");
+if(!port){
+  port = 21;
+}
+
+if(!get_port_state(port)){
+  exit(0);
+}
+
+if(gftpVer = get_kb_item("Golden/FTP/Pro/Ver"))
+{
+  # Golden FTP server Pro v4.30 = v4.50
+  if(version_is_less_equal(version:gftpVer, test_version:"4.50")){
+    security_hole(port);
+  }
+}
+
+else if(gfftpVer = get_kb_item("Golden/FTP/Free/Ver"))
+{
+  # Golden FTP server Free v4.30 = v4.50
+  if(version_is_less_equal(version:gfftpVer, test_version:"4.50")){
+    security_hole(port);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl	2009-12-04 15:58:10 UTC (rev 6064)
+++ trunk/openvas-plugins/scripts/gb_ibm_db2_mult_vuln_lin_dec09.nasl	2009-12-05 11:49:16 UTC (rev 6065)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ibm_db2_mulptiple_vuln_lin_dec09.nasl 6030 2009-12-04 16:03:51Z dec $
+#
+# IBM DB2 Multiple Vulnerabilities - Dec09 (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801071);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4150");
+  script_name("IBM DB2 Multiple Vulnerabilities - Dec09 (Linux)");
+  desc = "
+  Overview: The host is installed with IBM DB2 and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are due to:
+  - Unspecified error exists related to a table function when the definer
+    loses required privileges.
+  - Unspecified error that can be exploited to insert, update, or delete rows
+    in a table without having required privileges.
+  - Unspecified error in the handling of 'SET SESSION AUTHORIZATION' statements.
+  - Error in 'DASAUTO' command, it can be run by non-privileged users.
+
+  Impact:
+  Successful exploitation allows the attacker to potentially perform certain
+  actions with escalated privileges or to bypass certain security restrictions.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  IBM DB2 version 8 prior to Fixpak 18
+  IBM DB2 version 9.1 prior to Fixpak 8
+  IBM DB2 version 9.5 prior to Fixpak 4
+  IBM DB2 version 9.7 prior to Fixpak 1
+
+  Fix:
+  Update DB2 8 Fixpak 18 or 9.1 Fixpak 8 or 9.5 Fixpak 4 or 9.7 Fixpak 1 or later.
+  For Updates Refer, http://www-01.ibm.com/support/docview.wss?rs=71&uid=swg27007053
+
+  References:
+  http://secunia.com/advisories/37454
+  http://securitytracker.com/id?1023242
+  http://www.vupen.com/english/advisories/2009/3340
+  http://www-01.ibm.com/support/docview.wss?uid=swg21386689
+  http://www-01.ibm.com/support/docview.wss?uid=swg21403619
+
+  CVSS Score:
+    CVSS Base Score      : 4.6 (AV:L/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score  : 3.4
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of IBM DB2");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
+  script_require_keys("Linux/IBM_db2/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ibmVer = get_kb_item("Linux/IBM_db2/Ver");
+if(!ibmVer){
+  exit(0);
+}
+
+# Check for IBM DB2 version 8 before FP18, 9.1 before FP8, 9.5 before FP4
+# 9.1 FP8 =>9.1.0.8, 9.5 FP4 =>9.5.0.4, 8 FP18 =>8.1.18, 9.7 FP1=> 9.7.0.1
+if(version_is_equal(version:ibmVer, test_version:"9.7.0.0")||
+   version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.17")||
+   version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.7")||
+   version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.3")){
+  security_warning(0);
+}

Added: trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl	2009-12-04 15:58:10 UTC (rev 6064)
+++ trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl	2009-12-05 11:49:16 UTC (rev 6065)
@@ -0,0 +1,84 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_kaspersky_av_2010_dos_vuln.nasl 5989 2009-12-05 12:03:46Z dec $
+#
+# Kaspersky Anti-Virus 2010 'kl1.sys' Driver DoS Vulnerability
+#
+# Authors:
+# Veerendra GG <veernedragg at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800154);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4114");
+  script_bugtraq_id(37044);
+  script_name("Kaspersky Anti-Virus 2010 'kl1.sys' Driver DoS Vulnerability");
+  desc = "
+  Overview: The host is installed with Kaspersky Anti-Virus 2010 and is prone
+  to Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  The flaw is due to NULL pointer dereference in 'kl1.sys' driver via a
+  specially-crafted IOCTL 0x0022c008 call.
+
+  Impact:
+  Successful exploitation will let the attacker to execute arbitrary code with
+  elevated privileges or cause the kernel to crash.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Kaspersky Anti-Virus 2010 before 9.0.0.736 on Windows.
+
+  Fix: Update to version 9.0.0.736 or later,
+  For Updates Refer, http://www.kaspersky.com/downloads
+
+  References:
+  http://secunia.com/advisories/37398
+  http://xforce.iss.net/xforce/xfdb/54309
+  http://www.securityfocus.com/archive/1/archive/1/507933/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score      : 4.9 (AV:L/AC:L/Au:NR/C:N/I:N/A:C)
+    CVSS Temporal Score  : 3.9
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Kaspersky Anti-Virus");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Denial of Service");
+  script_dependencies("gb_kaspersky_av_detect.nasl");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+## Get Version from KB
+kavVer = get_kb_item("Kaspersky/AV/Ver");
+if(kavVer != NULL)
+{
+  ## Kaspersky Anti-Virus 2010 before 9.0.0.736
+  if(version_in_range(version:kavVer, test_version:"9.0", test_version2:"9.0.0.735")){
+    security_warning(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_kaspersky_av_2010_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

