[Openvas-commits] r6207 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Dec 21 07:14:23 CET 2009
Author: chandra
Date: 2009-12-21 07:14:17 +0100 (Mon, 21 Dec 2009)
New Revision: 6207
Added:
trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl
trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl
trunk/openvas-plugins/scripts/secpod_alefmentor_detect.nasl
trunk/openvas-plugins/scripts/secpod_alefmentor_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl
trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl
trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl
trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/cpe.inc
trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/ChangeLog 2009-12-21 06:14:17 UTC (rev 6207)
@@ -1,3 +1,16 @@
+2009-12-21 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/secpod_alefmentor_sql_inj_vuln.nasl,
+ scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl,
+ scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl,
+ scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl,
+ scripts/secpod_alefmentor_detect.nasl,
+ scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl,
+ scripts/secpod_novell_prdts_detect_lin.nasl,
+ scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl,
+ scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl:
+ Added new plugins.
+
2009-12-18 Michael Meyer <michael.meyer at intevation.de>
* scripts/php_dec_2009.nasl:
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/cve_current.txt 2009-12-21 06:14:17 UTC (rev 6207)
@@ -402,3 +402,8 @@
37309 Greenbone svn R
CVE-2009-4143 Greenbone svn R
CVE-2009-4142 Greenbone svn R
+CVE-2009-4256 SecPod svn R
+CVE-2009-4324 SecPod svn L
+CVE-2009-1568 SecPod svn L
+CVE-2009-1569 SecPod svn L
+CVE-2009-3731 SecPod svn L
Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-21 06:14:17 UTC (rev 6207)
@@ -386,6 +386,7 @@
"Novell/eDir/Lin/Ver", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:novell:edirectory:",
"Novell/eDir/Win/Ver", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:novell:edirectory:",
"Novell/iPrint/Ver", "^([0-9]\.[0-9]+)", "cpe:/a:novell:iprint:",
+"Novell/iPrint/Client/Linux/Ver","^([0-9]\.[0-9]+)", "cpe:/a:novell:iprint_client:",
"NullLogic-Groupware/Ver", "^([0-9.]+)", "cpe:/a:nulllogic:groupware:",
"OpenJDK/Ver", "^([0-9.]+)", "cpe:/a:sun:openjdk:",
"OpenOffice/Linux/Ver", "^([0-9.]+)", "cpe:/a:openoffice:openoffice.org:",
@@ -764,7 +765,8 @@
"www/*/phpshop", "^([0-9.]+)", "cpe:/a:edikon:phpshop:",
"www/*/rt_tracker", "^([0-9.]+)", "cpe:/a:best_practical_solutions:request_tracker:",
"SSH/banner/", "^([0-9.]+)", "cpe:/a:openssh:openssh:",
-"www/*/phpldapadmin", "^([0-9.]+)", "cpe:/a:phpldapadmin:phpldapadmin:"
+"www/*/phpldapadmin", "^([0-9.]+)", "cpe:/a:phpldapadmin:phpldapadmin:",
+"www/*/AlefMentor", "^([0-9.]+)", "cpe:/a:findmysoft:alefmentor:"
);
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_media_obj_heap_spray_vuln_dec09_lin.nasl 6219 2009-12-15 10:30:34Z dec $
+#
+# Adobe Reader/Acrobat Multimeda Doc.media.newPlayer Remote Code Execution Vulnerability (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(801095);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-4324");
+ script_bugtraq_id(37331);
+ script_name("Adobe Reader/Acrobat Multimeda Doc.media.newPlayer Remote Code Execution Vulnerability (Linux)");
+ desc = "
+ Overview: This host is installed with Adobe Reader and is prone to
+ Doc.media.newPlayer Remote Code Execution vulnerability.
+
+ Vulnerability Insight:
+ There exists a flaw in the JavaScript module doc.media object while sending
+ a null argument to the newPlayer() method as the exploitation method makes
+ use of a vpointer that has not been initialized.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Adobe Reader version 9.2.0 and prior.
+
+ Workaround:
+ Disable JavaScript execution from the Adobe Acrobat/Reader product
+ configuration menu settings.
+
+ Fix:
+ No solution or patch is available as on 15th December, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.adobe.com
+
+ References:
+ http://www.f-secure.com/weblog/archives/00001836.html
+ http://extraexploit.blogspot.com/search/label/CVE-2009-4324
+ http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
+ http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
+ http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
+ http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 9.0
+ Risk factor: Critical";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Reader");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("gb_adobe_prdts_detect_lin.nasl");
+ script_require_keys("Adobe/Reader/Linux/Version", "");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+readerVer = get_kb_item("Adobe/Reader/Linux/Version");
+if(readerVer != NULL)
+{
+ # Check for Adobe Reader version 9.2.0 and prior
+ if(version_is_less_equal(version:readerVer, test_version:"9.2.0")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl 6219 2009-12-15 10:30:34Z dec $
+#
+# Adobe Reader/Acrobat Multimeda Doc.media.newPlayer Remote Code Execution Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(901096);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-4324");
+ script_bugtraq_id(37331);
+ script_name("Adobe Reader/Acrobat Multimeda Doc.media.newPlayer Remote Code Execution Vulnerability (Win)");
+ desc = "
+ Overview: This host is installed with Adobe Reader/Acrobat and is prone to
+ Doc.media.newPlayer Remote Code Execution vulnerability.
+
+ Vulnerability Insight:
+ There exists a flaw in the JavaScript module doc.media object while sending
+ a null argument to the newPlayer() method as the exploitation method makes
+ use of a vpointer that has not been initialized.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Adobe Acrobat version 9.2.0 and prior.
+ Adobe Acrobat version 9.2.0 and prior.
+
+ Workaround:
+ Disable JavaScript execution from the Adobe Acrobat/Reader product
+ configuration menu settings.
+
+ Fix:
+ No solution or patch is available as on 15th December, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.adobe.com
+
+ References:
+ http://www.f-secure.com/weblog/archives/00001836.html
+ http://extraexploit.blogspot.com/search/label/CVE-2009-4324
+ http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
+ http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
+ http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
+ http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 9.0
+ Risk factor: Critical";
+
+ script_description(desc);
+ script_summary("Check for the version of Adobe Reader/Acrobat");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+ script_family("Buffer overflow");
+ script_dependencies("secpod_adobe_prdts_detect_win.nasl");
+ script_require_keys("Adobe/Acrobat/Win/Ver", "Adobe/Reader/Win/Ver");
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+
+readerVer = get_kb_item("Adobe/Reader/Win/Ver");
+if(readerVer != NULL)
+{
+ # Check for Adobe Reader version 9.x to 9.2.0
+ if(version_is_less_equal(version:readerVer, test_version:"9.2.0"))
+ {
+ security_hole(0);
+ }
+}
+
+acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver");
+if(acrobatVer != NULL)
+{
+ # Check for Adobe Acrobat version 9.x to 9.2.0
+ if(version_is_less_equal(version:acrobatVer, test_version:"9.2.0")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_alefmentor_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_alefmentor_detect.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_alefmentor_detect.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_alefmentor_detect.nasl 6151 2009-12-16 16:25:36Z dec $
+#
+# AlefMentor Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(901084);
+ script_version("$Revision$: 1.0");
+ script_name("AlefMentor Version Detection");
+ desc = "
+ Overview: This script finds the running AlefMentor version and saves
+ the result in KB.
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("AlefMentor version detection");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Service detection");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+amPort = get_http_port(default:80);
+if(!amPort){
+ exit(0);
+}
+
+foreach path (make_list("/", "/am", "/AM", cgi_dirs()))
+{
+ sndReq = http_get(item:string(path, "/index.php"), port:amPort);
+ rcvRes = http_send_recv(port:amPort, data:sndReq);
+
+ if("AlefMentor" >< rcvRes)
+ {
+ amVer = eregmatch(pattern:"AlefMentor ([0-9.]+)" , string:rcvRes);
+ if(amVer[1] != NULL){
+ set_kb_item(name:"www/" + amPort + "/AlefMentor", value:amVer[1] +
+ " under " + path);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_alefmentor_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_alefmentor_sql_inj_vuln.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_alefmentor_sql_inj_vuln.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,108 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_alefmentor_sql_inj_vuln.nasl 6151 2009-12-17 18:11:27Z dec $
+#
+# AlefMentor Multiple SQL Injection Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(901071);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-4256");
+ script_name("AlefMentor Multiple SQL Injection Vulnerabilities");
+ desc = "
+ Overview: The host is running AlefMentor and is prone to SQL Injection
+ Vulnerability.
+
+ Vulnerability Insight:
+ Input passed via the 'cont_id' and 'courc_id' parameters to 'cource.php' is
+ not properly sanitised before being used in a SQL query. This flaw can be
+ exploited to manipulate SQL queries by injecting arbitrary SQL code.
+
+ Impact:
+ Successful exploitation could allow remote attackers to conduct SQL injection
+ attacks.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ AlefMentor version 2.0 to 2.2 on all running platform.
+
+ Fix: No solution or patch is available as on 17th December, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.truesolution.net/downloads
+
+ References:
+ http://secunia.com/advisories/37626
+ http://xforce.iss.net/xforce/xfdb/54624
+ http://www.exploit-db.com/exploits/10358
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 6.7
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check the version AlefMentor and SQL Injection");
+ script_category(ACT_MIXED_ATTACK);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_dependencies("secpod_alefmentor_detect.nasl");
+ script_family("Web application abuses");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+amPort = get_http_port(default:80);
+if(!amPort){
+ exit(0);
+}
+
+amVer = get_kb_item("www/" + amPort + "/AlefMentor");
+if(!amVer){
+ exit(0);
+}
+
+amVer = eregmatch(pattern:"^(.+) under (/.*)$", string:amVer);
+if(!safe_checks() && amVer[2] != NULL)
+{
+ request = http_get(item:amVer[2] + "/cource.php?action=pregled&cont_id" +
+ "=[SQL]", port:amPort);
+ response = http_send_recv(port:amPort, data:request);
+ if("Da li si siguran da je to ta baza" >< response)
+ {
+ security_hole(amPort);
+ exit(0);
+ }
+}
+
+if(amVer[1] != NULL)
+{
+ if(version_in_range(version:amVer[1], test_version:"2.0",
+ test_version2:"2.2")){
+ security_hole(amPort);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_novell_iprint_client_mult_bof_vuln_lin.nasl 6124 2009-12-18 12:20:51Z dec $
+#
+# Novell iPrint Client Multiple BOF Vulnerabilities (Linux)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900728);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-1569", "CVE-2009-1568");
+ script_bugtraq_id(37242);
+ script_name("Novell iPrint Client Multiple BOF Vulnerabilities (Linux)");
+ desc = "
+ Overview: This host is installed with Novell iPrint Client and is prone to
+ multiple Buffer Overflow vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to inadequate boundary checks on user supplied
+ inputs while the application processes the input data into the application
+ context.
+
+ Impact: Successful exploitation lets the remote attacker have a control over
+ the remote system registers allowing execution of malformed shellcode.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Novell iPrint Client version prior to 5.32
+
+ Fix:
+ Upgrade Novell iPrint Client version to 5.32
+ http://download.novell.com
+
+ References:
+ http://secunia.com/advisories/37169
+ http://secunia.com/secunia_research/2009-40/
+ http://www.vupen.com/english/advisories/2009/3429
+ http://download.novell.com/Download?buildid=29T3EFRky18~
+ http://www.securityfocus.com/archive/1/archive/1/508288/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Novell iPrint Client");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Buffer overflow");
+ script_dependencies("secpod_novell_prdts_detect_lin.nasl");
+ script_require_keys("Novell/iPrint/Client/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+iPrintVer = get_kb_item("Novell/iPrint/Client/Linux/Ver");
+if(iPrintVer == NULL){
+ exit(0);
+}
+
+if(version_is_less(version:iPrintVer, test_version:"5.32")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_novell_iprint_client_mult_bof_vuln_win.nasl 6124 2009-12-18 18:20:51Z dec $
+#
+# Novell iPrint Client Multiple BOF Vulnerabilities (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900729);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-1569", "CVE-2009-1568");
+ script_bugtraq_id(37242);
+ script_name("Novell iPrint Client Multiple BOF Vulnerabilities (Win)");
+ desc = "
+ Overview: This host is running Novell iPrint Client and is prone to multiple
+ Buffer Overflow vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are caused due to inadequate boundary checks on user supplied
+ inputs while the application processes the input data into the application
+ context.
+
+ Impact:
+ Successful exploitation lets the remote attacker have a control over the remote
+ system registers allowing execution of malformed shellcode.
+
+ Impact Level: System
+
+ Affected Software/OS:
+ Novell iPrint Client version prior to 5.32
+
+ Fix:
+ Upgrade Novell iPrint Client version to 5.32
+ http://download.novell.com
+
+ References:
+ http://secunia.com/advisories/37169
+ http://secunia.com/secunia_research/2009-40/
+ http://www.vupen.com/english/advisories/2009/3429
+ http://download.novell.com/Download?buildid=29T3EFRky18~
+ http://www.securityfocus.com/archive/1/archive/1/508288/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Novell iPrint Client");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Buffer overflow");
+ script_dependencies("secpod_novell_prdts_detect_win.nasl");
+ script_require_keys("Novell/Client/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+iPrintVer = get_kb_item("Novell/iPrint/Ver");
+if(!iPrintVer){
+ exit(0);
+}
+
+if(version_is_less(version:iPrintVer, test_version:"5.32")){
+ security_hole(0);
+}
Modified: trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -7,6 +7,10 @@
# Authors:
# Nikita MR <rnikita at secpod.com>
#
+# Updated :
+# Novell iPrint Client Detection
+# Sujit Ghosal <sghosal at secpod.com> on 2009-12-18 #6124
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -27,7 +31,7 @@
if(description)
{
script_id(900598);
- script_version("$Revision: 1.0 $");
+ script_version("$Revision$: 1.2");
script_name("Novell Products Version Detection (Linux)");
desc = "
@@ -53,6 +57,7 @@
exit(0);
}
+#Set Version KB for Novell eDir Client
eDirPath = find_bin(prog_name:"ndsd", sock:sock);
foreach eDirFile (eDirPath)
{
@@ -67,4 +72,17 @@
set_kb_item(name:"Novell/eDir/Lin/Ver", value:eDirVer);
}
+
+#Set Version KB for Novell iPrint Client
+iPrintPaths = find_file(file_name:"iprntcmd", file_path:"/", useregex:TRUE,
+ regexpar:"$", sock:sock);
+foreach iPrintBin (iPrintPaths)
+{
+ iPrintVer = get_bin_version(full_prog_name:chomp(iPrintBin), sock:sock,
+ version_argv:"-v", ver_pattern:" v([0-9.]+)");
+ if(iPrintVer[1] != NULL) {
+ set_kb_item(name:"Novell/iPrint/Client/Linux/Ver", value:iPrintVer[1]);
+ }
+}
ssh_close_connection();
+
Added: trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl 6251 2009-12-18 18:03:40Z dec $
+#
+# VMware Server Multiple Cross-Site Scripting Vulnerabilities (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900899);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-3731");
+ script_bugtraq_id(37346);
+ script_name("VMware Server Multiple Cross-Site Scripting Vulnerabilities (Linux)");
+ desc = "
+ Overview: The host is installed with VMWare Server that is vulnerable to
+ multiple Cross-Site Scripting vulnerabilities.
+
+ Vulnerability Insight:
+ - Multiple vulnerabilities can be exploited to disclose sensitive information,
+ conduct cross-site scripting attacks, manipulate certain data, bypass certain
+ security restrictions, cause a DoS, or compromise a user's system.
+ - Certain unspecified input passed to WebWorks help pages is not properly
+ sanitised before being returned to the user. This can be exploited to execute
+ arbitrary HTML and script code in a user's browser session in context of an
+ affected site.
+
+ Impact:
+ Successful exploitation will lets attackers to cause a Denial of Service, or
+ compromise a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ VMware Server version 2.0.2 on Linux.
+
+ Fix:
+ Apply patch,
+ http://kb.vmware.com/kb/1016594
+
+ *****
+ NOTE: Ignore this warning, if above mentioned patch is manually applied.
+ *****
+
+ References:
+ http://secunia.com/advisories/37460/
+ http://www.webworks.com/Security/2009-0001/
+ http://www.vmware.com/security/advisories/VMSA-2009-0017.html
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+ CVSS Temporal Score : 3.4
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of VMware Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_vmware_prdts_detect_lin.nasl");
+ script_require_keys("VMware/Server/Linux/Ver", "VMware/Linux/Installed");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Linux/Installed")){
+ exit(0);
+}
+
+# VMware Server
+vmserVer = get_kb_item("VMware/Server/Linux/Ver");
+if(vmserVer)
+{
+ if(version_is_equal(version:vmserVer, test_version:"2.0.2")){
+ security_warning(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl 2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl 2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_vmware_server_mult_xss_vuln_dec09_win.nasl 6251 2009-12-18 18:03:40Z dec $
+#
+# VMware Server Multiple Cross-Site Scripting Vulnerabilities (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900896);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-3731");
+ script_bugtraq_id(37346);
+ script_name("VMware Server Multiple Cross-Site Scripting Vulnerabilities (Win)");
+ desc = "
+ Overview: This host is installed with VMWare Server that is vulnerable to
+ multiple Cross-Site Scripting vulnerabilities.
+
+ Vulnerability Insight:
+ - Multiple vulnerabilities can be exploited to disclose sensitive information,
+ conduct cross-site scripting attacks, manipulate certain data, bypass certain
+ security restrictions, cause a DoS, or compromise a user's system.
+ - Certain unspecified input passed to WebWorks help pages is not properly
+ sanitised before being returned to the user. This can be exploited to execute
+ arbitrary HTML and script code in a user's browser session in the context of an
+ affected site.
+
+ Impact:
+ Successful exploitation will lets attackers to cause a Denial of Service, or
+ compromise a user's system.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ VMware Server version 2.0.2 on Windows.
+
+ Fix:
+ Apply patch,
+ http://kb.vmware.com/kb/1016594
+
+ *****
+ NOTE: Ignore this warning, if above mentioned patch is manually applied.
+ *****
+
+ References:
+ http://secunia.com/advisories/37460/
+ http://www.webworks.com/Security/2009-0001/
+ http://www.vmware.com/security/advisories/VMSA-2009-0017.html
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+ CVSS Temporal Score : 3.4
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of VMware Server");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_vmware_prdts_detect_win.nasl");
+ script_require_keys("VMware/Server/Win/Ver", "VMware/Win/Installed");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Win/Installed")){
+ exit(0);
+}
+
+# VMware Server
+vmserVer = get_kb_item("VMware/Server/Win/Ver");
+if(vmserVer)
+{
+ if(version_is_equal(version:vmserVer, test_version:"2.0.2")){
+ security_warning(0);
+ }
+}
More information about the Openvas-commits
mailing list