[Openvas-commits] r6162 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Dec 17 08:14:40 CET 2009


Author: chandra
Date: 2009-12-17 08:14:37 +0100 (Thu, 17 Dec 2009)
New Revision: 6162

Added:
   trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_lin.nasl
   trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_win.nasl
   trunk/openvas-plugins/scripts/gb_etrust_pestpatrol_actvx_ctrl_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_lin_dec09.nasl
   trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_win_dec09.nasl
   trunk/openvas-plugins/scripts/gb_ms_indeo_codec_mult_vuln.nasl
   trunk/openvas-plugins/scripts/gb_yabsoft_aihs_detect.nasl
   trunk/openvas-plugins/scripts/gb_yabsoft_aihs_xss_n_sql_inj_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/cpe.inc
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/ChangeLog	2009-12-17 07:14:37 UTC (rev 6162)
@@ -1,3 +1,17 @@
+1009-12-17  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/gb_etrust_pestpatrol_actvx_ctrl_bof_vuln.nasl,
+	scripts/gb_yabsoft_aihs_xss_n_sql_inj_vuln.nasl,
+	scripts/gb_firefox_mult_spoof_vuln_win_dec09.nasl,
+	scripts/gb_firefox_mult_spoof_vuln_lin_dec09.nasl,
+	scripts/gb_adobe_prdts_mult_vuln_dec09_lin.nasl,
+	scripts/gb_yabsoft_aihs_detect.nasl,
+	scripts/gb_ms_indeo_codec_mult_vuln.nasl,
+	scripts/gb_adobe_prdts_mult_vuln_dec09_win.nasl:
+	Added new plugins.
+
+	* scripts/cpe.inc: Added new CPE's.
+
 2009-12-16 Michael Meyer <michael.meyer at intevation.de>
 
 	* scripts/phpFaber_cms_37329.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/cve_current.txt	2009-12-17 07:14:37 UTC (rev 6162)
@@ -385,3 +385,15 @@
 CVE-2009-4034			Greenbone	svn		R
 CVE-2009-4136			Greenbone	svn		R
 37283				Greenbone	svn		R
+CVE-2009-3794			SecPod		svn		L
+CVE-2009-3796			SecPod		svn		L
+CVE-2009-3797			SecPod		svn		L
+CVE-2009-3799			SecPod		svn		L
+CVE-2009-3798			SecPod		svn		L
+CVE-2009-3951			SecPod		svn		L
+CVE-2009-3800			SecPod		svn		L
+CVE-2009-4266			SecPod		svn		R
+CVE-2009-4210			SecPod		svn		L
+CVE-2009-4225			SecPod		svn		L
+CVE-2009-4129			SecPod		svn		L
+CVE-2009-4130			SecPod		svn		L

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/cpe.inc	2009-12-17 07:14:37 UTC (rev 6162)
@@ -751,7 +751,8 @@
 "Panda/InternetSecurity/Ver", "^([0-9.]+)", "cpe:/a:pandasecurity:panda_internet_security:",
 "Panda/GlobalProtection/Ver", "^([0-9.]+)", "cpe:/a:pandasecurity:panda_global_protection:",
 "Panda/Antivirus/Ver", "^([0-9.]+)", "cpe:/a:pandasecurity:panda_antivirus:",
-"www/*/TestLink", "^([0-9.]+)", "cpe:/a:teamst:testlink:"
+"www/*/TestLink", "^([0-9.]+)", "cpe:/a:teamst:testlink:",
+"www/*/YABSoft/AIHS", "^([0-9.]+)", "cpe:/a:yabsoft:advanced_image_hosting_script:"
 );
 
 

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_lin.nasl	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_lin.nasl	2009-12-17 07:14:37 UTC (rev 6162)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_vuln_dec09_lin.nasl 6183 2009-12-11 13:24:34Z dec $
+#
+# Adobe Flash Player/Air Multiple Vulnerabilities - dec09 (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801084);
+  script_version("$Revision$");
+  script_cve_id("CVE-2009-3794", "CVE-2009-3796", "CVE-2009-3797", "CVE-2009-3798",
+                "CVE-2009-3799", "CVE-2009-3800", "CVE-2009-3951");
+  script_bugtraq_id(37266, 37270, 37273, 37275, 37267, 37269, 37272 );
+  script_name("Adobe Flash Player/Air Multiple Vulnerabilities - dec09 (Linux)");
+  desc = "
+  Overview: This host is installed with Adobe Flash Player/Air and is prone to
+  multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The multiple Flaws are due to:
+  - An error occured while parsing JPEG dimensions contained within an SWF file
+    can be exploited to cause a heap-based buffer overflow.
+  - An unspecified error may allow injection of data and potentially lead to
+    execution of arbitrary code.
+  - An unspecified error possibly related to 'getProperty()' can be exploited
+    to corrupt memory and may allow execution of arbitrary code.
+  - An unspecified error can be exploited to corrupt memory and may allow
+    execution of arbitrary code.
+  - An integer overflow error when generating ActionScript exception handlers
+    in 'Verifier::parseExceptionHandlers()' can be exploited to corrupt memory.
+  - Various unspecified errors may potentially allow execution of arbitrary code.
+  - An error may disclose information about local file names.
+
+  Impact:
+  Successful exploitation will let the remote attackers to execute arbitrary code,
+  gain elevated privileges, gain knowledge of certain information and conduct
+  clickjacking attacks.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Adobe AIR version prior to 1.5.3
+  Adobe Flash Player 10 version prior to 10.0.42.34 on Linux
+
+  Fix: Update to Adobe Air 1.5.3 or Adobe Flash Player 10.0.42.34
+  http://get.adobe.com/air
+  http://www.adobe.com/support/flashplayer/downloads.html
+
+  References:
+  http://secunia.com/advisories/37584
+  http://www.vupen.com/english/advisories/2009/3456
+  http://www.adobe.com/support/security/bulletins/apsb09-19.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Flash Player/Air");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+  script_require_keys("AdobeFlashPlayer/Linux/Ver", "Adobe/Air/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Linux/Ver");
+if(playerVer != NULL)
+{
+  # Grep for version 10.x < 10.0.42.34
+  if(version_in_range(version:playerVer, test_version:"10.0", test_version2:"10.0.42.33")){
+    security_hole(0);
+  }
+}
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Linux/Ver");
+if(airVer != NULL)
+{
+  # Grep for version < 1.5.3
+  if(version_is_less(version:airVer, test_version:"1.5.3")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_lin.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_win.nasl	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_win.nasl	2009-12-17 07:14:37 UTC (rev 6162)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_mult_vuln_dec09_win.nasl 6183 2009-12-11 12:24:34Z dec $
+#
+# Adobe Flash Player/Air Multiple Vulnerabilities - dec09 (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801083);
+  script_version("$Revision$");
+  script_cve_id("CVE-2009-3794", "CVE-2009-3796", "CVE-2009-3797", "CVE-2009-3798",
+                "CVE-2009-3799", "CVE-2009-3800", "CVE-2009-3951");
+  script_bugtraq_id(37266, 37270, 37273, 37275, 37267, 37269, 37272 );
+  script_name("Adobe Flash Player/Air Multiple Vulnerabilities - dec09 (Win)");
+  desc = "
+  Overview: This host is installed with Adobe Flash Player/Air and is prone to
+  multiple vulnerabilities.
+
+  Vulnerability Insight:
+  The multiple Flaws are due to:
+  - An error occured while parsing JPEG dimensions contained within an SWF file
+    can be exploited to cause a heap-based buffer overflow.
+  - An unspecified error may allow injection of data and potentially lead to
+    execution of arbitrary code.
+  - An unspecified error possibly related to 'getProperty()' can be exploited
+    to corrupt memory and may allow execution of arbitrary code.
+  - An unspecified error can be exploited to corrupt memory and may allow
+    execution of arbitrary code.
+  - An integer overflow error when generating ActionScript exception handlers
+    in 'Verifier::parseExceptionHandlers()' can be exploited to corrupt memory.
+  - Various unspecified errors may potentially allow execution of arbitrary code.
+  - An error may disclose information about local file names.
+
+  Impact:
+  Successful exploitation will let the remote attackers to execute arbitrary code,
+  gain elevated privileges, gain knowledge of certain information and conduct
+  clickjacking attacks.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Adobe AIR version prior to 1.5.3
+  Adobe Flash Player 10 version prior to 10.0.42.34 on Windows
+
+  Fix: Update to Adobe Air 1.5.3 or Adobe Flash Player 10.0.42.34
+  http://get.adobe.com/air
+  http://www.adobe.com/support/flashplayer/downloads.html
+
+  References:
+  http://secunia.com/advisories/37584
+  http://www.vupen.com/english/advisories/2009/3456
+  http://www.adobe.com/support/security/bulletins/apsb09-19.html
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Flash Player/Air");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+  script_require_keys("AdobeFlashPlayer/Win/Ver", "Adobe/Air/Win/Ver");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player
+playerVer = get_kb_item("AdobeFlashPlayer/Win/Ver");
+if(playerVer != NULL)
+{
+  # Grep for version 10.x < 10.0.32.18
+  if(version_in_range(version:playerVer, test_version:"10.0", test_version2:"10.0.42.33")) {
+    security_hole(0);
+  }
+}
+
+# Check for Adobe Air
+airVer = get_kb_item("Adobe/Air/Win/Ver");
+if(airVer != NULL)
+{
+  # Grep for version < 1.5.3
+  if(version_is_less(version:airVer, test_version:"1.5.3")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_adobe_prdts_mult_vuln_dec09_win.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_etrust_pestpatrol_actvx_ctrl_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_etrust_pestpatrol_actvx_ctrl_bof_vuln.nasl	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/gb_etrust_pestpatrol_actvx_ctrl_bof_vuln.nasl	2009-12-17 07:14:37 UTC (rev 6162)
@@ -0,0 +1,110 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_etrust_pestpatrol_actvx_ctrl_bof_vuln.nasl 6122 2009-12-16 21:26:16Z dec $
+#
+# CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801098);
+  script_version("$Revision$");
+  script_cve_id("CVE-2009-4225");
+  script_bugtraq_id(37133);
+  script_name("CA eTrust PestPatrol Anti-Spyware 'ppctl.dll' ActiveX Control BOF Vulnerability");
+  desc = "
+  Overview: This host is installed with CA eTrust PestPatrol Anti-Spyware and
+  is prone to Buffer Overflow vulnerability.
+
+  Vulnerability Insight:
+  A Stack-based buffer overflow error in ActiveX control in 'ppctl.dll', which
+  can be caused by persuading a victim to visit a specially-crafted Web page
+  that passes an overly long string argument to the 'Initialize()' method.
+
+  Impact:
+  Successful exploitation could allow execution of arbitrary code, and cause the
+  victim's browser to crash.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  CA eTrust PestPatrol Anti-Spyware
+
+  Fix:
+  No solution or patch is available as on 16th December, 2009. Information
+  regarding this issue will updated once the solution details are available.
+  For updates refer, http://www.pestpatrol.com/
+
+  Workaround:
+  Set kill bit for the CLSID,
+  {5e644c49-f8b0-4e9a-a2ed-5f176bb18ce6}
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/54458
+  http://www.fortiguard.com/encyclopedia/vulnerability/ca.etrust.pestpatrol.ppctl.dll.activex.access.html
+  http://www.metasploit.com/redmine/projects/framework/repository/revisions/7167/entry/modules/exploits/windows/fileformat/etrust_pestscan.rb
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 8.0
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of ppctl.dll file and CLSID");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (c) 2009 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+include("secpod_activex.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+ppPath = registry_get_sz(key:"SOFTWARE\ComputerAssociates\eTrustPestPatrol",
+                         item:"InstallPath");
+if(ppPath)
+{
+  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:ppPath);
+  file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:ppPath +
+                      "\ppctl.dll");
+  ppVer = GetVer(file:file, share:share);
+
+  if(ppVer)
+  {
+    if(version_is_equal(version:ppVer, test_version:"5.6.7.9"))
+    {
+      if(is_killbit_set(clsid:"{5e644c49-f8b0-4e9a-a2ed-5f176bb18ce6}") == 0){
+        security_hole(0);
+      }
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_etrust_pestpatrol_actvx_ctrl_bof_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_lin_dec09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_lin_dec09.nasl	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_lin_dec09.nasl	2009-12-17 07:14:37 UTC (rev 6162)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_spoof_vuln_lin_dec09.nasl 6217 2009-12-15 12:48:33Z dec $
+#
+# Mozilla Firefox Multiple Spoofing Vulnerabilies - dec09 (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801094);
+  script_version("$Revision$");
+  script_cve_id("CVE-2009-4129", "CVE-2009-4130");
+  script_bugtraq_id(37230, 37232);
+  script_name("Mozilla Firefox Multiple Spoofing Vulnerabilies - dec09 (Linux)");
+  desc = "
+  Overview: The host is installed with Firefox browser and is prone to multiple
+  spoofing vulnerabilies.
+
+  Vulnerability Insight:
+  - A race condition error allows attackers to produce a JavaScript message with
+    a spoofed domain association by writing the message in between the document
+    request and document load for a web page in a different domain.
+  - Visual truncation vulnerability in the MakeScriptDialogTitle function in
+    nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the
+    origin domain name of a script via a long name.
+
+  Impact:
+  Successful exploitation will let the attackers to conduct spoofing attacks and
+  possibly launch further attacks on the system.
+
+  Impact Level:System/Application
+
+  Affected Software/OS:
+  Mozilla Firefox version 3.0 to 3.5.5 on Linux.
+
+  Fix:
+  No solution or patch is available as on 15th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.mozilla.com/en-US/firefox/firefox.html
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/54612
+  http://xforce.iss.net/xforce/xfdb/54611
+  http://securitytracker.com/alerts/2009/Dec/1023287.html
+
+  CVSS Score:
+    CVSS Base Score       : 5.8 (AV:N/AC:M/Au:NR/C:N/I:P/A:P)
+    CVSS Temporal Score   : 4.9
+  Risk factor : Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_lin.nasl");
+  script_require_keys("Firefox/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+  exit(0);
+}
+
+# Grep for Firefox version 3.0 to 3.5.5
+if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.5.5")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_lin_dec09.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_win_dec09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_win_dec09.nasl	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_win_dec09.nasl	2009-12-17 07:14:37 UTC (rev 6162)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_spoof_vuln_win_dec09.nasl 6217 2009-12-15 10:48:33Z dec $
+#
+# Mozilla Firefox Multiple Spoofing Vulnerabilies - dec09 (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801093);
+  script_version("$Revision$");
+  script_cve_id("CVE-2009-4129", "CVE-2009-4130");
+  script_bugtraq_id(37230, 37232);
+  script_name("Mozilla Firefox Multiple Spoofing Vulnerabilies - dec09 (Win)");
+  desc = "
+  Overview: The host is installed with Firefox browser and is prone to multiple
+  spoofing vulnerabilies.
+
+  Vulnerability Insight:
+  - A race condition error allows attackers to produce a JavaScript message with
+    a spoofed domain association by writing the message in between the document
+    request and document load for a web page in a different domain.
+  - Visual truncation vulnerability in the MakeScriptDialogTitle function in
+    nsGlobalWindow.cpp in Mozilla Firefox allows remote attackers to spoof the
+    origin domain name of a script via a long name.
+
+  Impact:
+  Successful exploitation will let the attackers to conduct spoofing attacks and
+  possibly launch further attacks on the system.
+
+  Impact Level: System/Application.
+
+  Affected Software/OS:
+  Mozilla Firefox version 3.0 to 3.5.5 on Windows.
+
+  Fix:
+  No solution or patch is available as on 15th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.mozilla.com/en-US/firefox/firefox.html
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/54612
+  http://xforce.iss.net/xforce/xfdb/54611
+  http://securitytracker.com/alerts/2009/Dec/1023287.html
+
+  CVSS Score:
+    CVSS Base Score       : 5.8 (AV:N/AC:M/Au:NR/C:N/I:P/A:P)
+    CVSS Temporal Score   : 4.9
+  Risk factor : Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("General");
+  script_dependencies("gb_firefox_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+  exit(0);
+}
+
+# Grep for Firefox version 3.0 to 3.5.5
+if(version_in_range(version:ffVer, test_version:"3.0", test_version2:"3.5.5")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_firefox_mult_spoof_vuln_win_dec09.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_ms_indeo_codec_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ms_indeo_codec_mult_vuln.nasl	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/gb_ms_indeo_codec_mult_vuln.nasl	2009-12-17 07:14:37 UTC (rev 6162)
@@ -0,0 +1,200 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ms_indeo_codec_mult_vuln.nasl 6203 2009-12-15 03:48:09Z dec $
+#
+# Microsoft Windows Indeo Codec Multiple Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801090);
+  script_version("$Revision$");
+  script_cve_id("CVE-2009-4210", "CVE-2009-4309", "CVE-2009-4310",
+                "CVE-2009-4311", "CVE-2009-4312", "CVE-2009-4313");
+  script_bugtraq_id(37251);
+  script_name("Microsoft Windows Indeo Codec Multiple Vulnerabilities");
+  desc = "
+  Overview: This host is insatlled with Microsoft Windows Indeo codec and pron to
+  Multiple Vulnerability
+
+  Vulnerability Insight:
+  The mltiple Flaws are due to:
+  - An error in the Indeo41 codec when processing a specific size within the
+    'movi' record of a IV41 stream can be exploited to cause a heap-based buffer
+    overflow.
+  - An error in the Indeo41 codec when decompressing a video stream can be
+    exploited to cause a stack-based buffer overflow.
+  - An unspecified error in the Indeo codec can be exploited to corrupt memory.
+  - An error in the Indeo32 codec when decoding a IV32 stream can be exploited
+    to cause memory corruption.
+  - Other vulnerabilities also exist and are caused due to unspecified errors
+    in the Indeo codec and can be exploited to corrupt memory by tricking a user
+    into viewing specially crafted media content.
+
+  Impact:
+  Successful exploitation will let the remote attackers compromise a vulnerable
+  system.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Microsoft Windows 2K  Service Pack 4 and prior.
+  Microsoft Windows XP  Service Pack 3 and prior.
+  Microsoft Windows 2K3 Service Pack 2 and prior.
+
+  Fix: For further updates refer,
+  http://www.microsoft.com/technet/security/advisory/954157.mspx
+
+  Workaround:
+  Apply workaround,
+  http://support.microsoft.com/kb/954157
+
+  References:
+  http://secunia.com/advisories/37592
+  http://support.microsoft.com/kb/976138
+  http://support.microsoft.com/kb/955759
+  http://www.microsoft.com/technet/security/advisory/954157.mspx
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of vulnerable file");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Windows");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_ports(139, 445);
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+function IndeoCodecVersion(filepath)
+{
+  share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:filepath);
+  file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:filepath);
+  fileVer = GetVer(file:file, share:share);
+  return fileVer;
+}
+
+if(hotfix_check_sp(xp:4, win2003:3, win2k:5) <= 0){
+  exit(0);
+}
+
+dllPath = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", item:"Install Path");
+if(!dllPath){
+  exit(0);
+}
+
+if((hotfix_missing(name:"976138") == 1))
+{
+  # Windows 2K and DirectX is installed
+  if(hotfix_check_sp(win2k:5) > 0)
+  {
+    directxVer = registry_get_sz(key:"SOFTWARE\Microsoft\DirectX", item:"Version");
+    if(egrep(pattern:"^4\.0[7-9]\..*", string:directxVer))
+    {
+      quartzVer = IndeoCodecVersion(filepath:dllPath + "\Quartz.dll");
+      if(quartzVer)
+      {
+        # Grep for Quartz.dll version <= 6.5.1.912
+        if(version_is_less(version:quartzVer, test_version:"6.5.1.912")){
+          security_hole(0);
+          exit(0);
+        }
+      }
+    }
+  }
+}
+
+axVer = IndeoCodecVersion(filepath:dllPath + "\ir41_32.ax");
+if(axVer)
+{
+  # Grep for ir41_32.ax version <= 4.51.16.3
+  if(version_is_less_equal(version:axVer, test_version:"4.51.16.3"))
+  {
+    security_hole(0);
+    exit(0);
+  }
+}
+
+if((hotfix_missing(name:"955759") == 1))
+{
+  aclayerPath = dllPath - "\system32" - "\System32" + "\AppPatch\Aclayers.dll";
+  aclayerVer = IndeoCodecVersion(filepath:aclayerPath);
+  if(aclayerVer)
+  {
+    # Windows 2K
+    if(hotfix_check_sp(win2k:5) > 0)
+    {
+      # Grep for Aclayers.dll version <= 5.0.2195.7358
+      if(version_is_less(version:aclayerVer, test_version:"5.0.2195.7358")){
+        security_hole(0);
+      }
+    }
+
+    # Windows XP
+    else if(hotfix_check_sp(xp:4) > 0)
+    {
+      SP = get_kb_item("SMB/WinXP/ServicePack");
+      if("Service Pack 2" >< SP)
+      {
+        # Grep for Aclayers.dll <= 5.1.2600.3647
+        if(version_is_less(version:aclayerVer, test_version:"5.1.2600.3647")){
+          security_hole(0);
+        }
+        exit(0);
+      }
+      else if("Service Pack 3" >< SP)
+      {
+        # Grep for Aclayers.dll <= 5.1.2600.5906
+        if(version_is_less(version:aclayerVer, test_version:"5.1.2600.5906")){
+          security_hole(0);
+        }
+        exit(0);
+      }
+      security_hole(0);
+    }
+
+    # Windows 2003
+    else if(hotfix_check_sp(win2003:3) > 0)
+    {
+      SP = get_kb_item("SMB/Win2003/ServicePack");
+      if("Service Pack 2" >< SP)
+      {
+        # Grep for Aclayers.dll <= 5.2.3790.4624
+        if(version_is_less(version:aclayerVer, test_version:"5.2.3790.4624")){
+          security_hole(0);
+        }
+        exit(0);
+      }
+      security_hole(0);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_ms_indeo_codec_mult_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_yabsoft_aihs_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_yabsoft_aihs_detect.nasl	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/gb_yabsoft_aihs_detect.nasl	2009-12-17 07:14:37 UTC (rev 6162)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_yabsoft_aihs_detect.nasl 6182 2009-12-15 16:25:36Z dec $
+#
+# YABSoft Advanced Image Hosting Script (AIHS) Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801091);
+  script_version("Revision: 1.0 ");
+  script_name("YABSoft Advanced Image Hosting Script (AIHS) Version Detection");
+  desc = "
+  Overview: This script finds the version of running Advanced Image Hosting
+  Script (AIHS) and saves the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("YABSoft AIHS Version Detection");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+aihsPort = get_http_port(default:80);
+if(!aihsPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/aihs", "/gallery", cgi_dirs()))
+{
+  sndReq = http_get(item:string(path, "/index.php"), port:aihsPort);
+  rcvRes = http_send_recv(port:aihsPort, data:sndReq);
+
+  if("yabsoft" >< rcvRes && "AIH" >< rcvRes)
+  {
+    aihsVer = eregmatch(pattern:"AIH v([0-9.]+)" , string:rcvRes);
+    if(aihsVer[1] != NULL){
+      set_kb_item(name:"www/" + aihsPort + "/YABSoft/AIHS",
+                  value:aihsVer[1] + " under " + path);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_yabsoft_aihs_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/gb_yabsoft_aihs_xss_n_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_yabsoft_aihs_xss_n_sql_inj_vuln.nasl	2009-12-17 07:07:02 UTC (rev 6161)
+++ trunk/openvas-plugins/scripts/gb_yabsoft_aihs_xss_n_sql_inj_vuln.nasl	2009-12-17 07:14:37 UTC (rev 6162)
@@ -0,0 +1,112 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_yabsoft_aihs_xss_n_sql_inj_vuln.nasl 6182 2009-12-15 18:11:27Z dec $
+#
+# YABSoft AIHS Cross Site Scripting and SQL Injection Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801092);
+  script_version("$Revision$");
+  script_cve_id("CVE-2009-4266", "CVE-2009-1032");
+  script_bugtraq_id(37233, 34176);
+  script_name("YABSoft AIHS Cross Site Scripting and SQL Injection Vulnerabilities");
+  desc = "
+  Overview: The host is running YABSoft AIHS and is prone to Cross-Site Scripting
+  and SQL Injection vulnerabilities
+
+  Vulnerability Insight:
+  The flaws are due to:
+  - Input passed to the 'gal' parameter in 'gallery_list.php' is not properly
+    sanitised before being used in SQL queries.
+  - Input passed to the 'text' parameter in 'search.php' is not properly
+    sanitised before being returned to the user.
+
+  Impact:
+  Successful exploitation could allow remote attackers to conduct cross-site
+  scripting and SQL injection attacks.
+
+  Impact Level: Application.
+
+  Affected Software/OS:
+  YABSoft AIHS version 2.3 and prior on all running platform.
+
+  Fix: No solution or patch is available as on 15th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://yabsoft.com/aihs-feature.php
+
+  References:
+  http://secunia.com/advisories/34366
+  http://xforce.iss.net/xforce/xfdb/49316
+  http://xforce.iss.net/xforce/xfdb/54582
+  http://www.exploit-db.com/exploits/10336
+
+  CVSS Score:
+    CVSS Base Score       : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score   : 6.9
+  Risk factor : High";
+
+  script_description(desc);
+  script_summary("Check the version of YABSoft AIHS and XSS attack string");
+  script_category(ACT_MIXED_ATTACK);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_dependencies("gb_yabsoft_aihs_detect.nasl");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+aihsPort = get_http_port(default:80);
+if(!aihsPort){
+  exit(0);
+}
+
+aihsVer = get_kb_item("www/" + aihsPort + "/YABSoft/AIHS");
+if(!aihsVer){
+  exit(0);
+}
+
+aihsVer = eregmatch(pattern:"^(.+) under (/.*)$", string:aihsVer);
+if(!safe_checks() && aihsVer[2] != NULL)
+{
+  request = http_get(item:aihsVer[2] + "/search.php?text=%3Cscript%3E"+
+          "alert(123456)%3C/script%3E&dosearch=Search", port:aihsPort);
+  response = http_send_recv(port:aihsPort, data:request);
+
+  if("alert(123456)" >< response)
+  {
+    security_hole(aihsPort);
+    exit(0);
+  }
+}
+
+if(aihsVer[1] != NULL)
+{
+  if(version_is_less_equal(version:aihsVer[1], test_version:"2.3")){
+    security_hole(aihsPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_yabsoft_aihs_xss_n_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision



More information about the Openvas-commits mailing list