[Openvas-commits] r6207 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Dec 21 07:14:23 CET 2009


Author: chandra
Date: 2009-12-21 07:14:17 +0100 (Mon, 21 Dec 2009)
New Revision: 6207

Added:
   trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl
   trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl
   trunk/openvas-plugins/scripts/secpod_alefmentor_detect.nasl
   trunk/openvas-plugins/scripts/secpod_alefmentor_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl
   trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl
   trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/cpe.inc
   trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/ChangeLog	2009-12-21 06:14:17 UTC (rev 6207)
@@ -1,3 +1,16 @@
+2009-12-21  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/secpod_alefmentor_sql_inj_vuln.nasl,
+	scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl,
+	scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl,
+	scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl,
+	scripts/secpod_alefmentor_detect.nasl,
+	scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl,
+	scripts/secpod_novell_prdts_detect_lin.nasl,
+	scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl,
+	scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl:
+	Added new plugins.
+
 2009-12-18 Michael Meyer <michael.meyer at intevation.de>
 
 	* scripts/php_dec_2009.nasl:

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/cve_current.txt	2009-12-21 06:14:17 UTC (rev 6207)
@@ -402,3 +402,8 @@
 37309				Greenbone	svn		R
 CVE-2009-4143			Greenbone	svn		R
 CVE-2009-4142			Greenbone	svn		R
+CVE-2009-4256			SecPod		svn		R
+CVE-2009-4324			SecPod		svn		L
+CVE-2009-1568			SecPod		svn		L
+CVE-2009-1569			SecPod		svn		L
+CVE-2009-3731			SecPod		svn		L

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/cpe.inc	2009-12-21 06:14:17 UTC (rev 6207)
@@ -386,6 +386,7 @@
 "Novell/eDir/Lin/Ver", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:novell:edirectory:",
 "Novell/eDir/Win/Ver", "^([0-9.]+([a-z0-9]+)?)", "cpe:/a:novell:edirectory:",
 "Novell/iPrint/Ver", "^([0-9]\.[0-9]+)", "cpe:/a:novell:iprint:",
+"Novell/iPrint/Client/Linux/Ver","^([0-9]\.[0-9]+)", "cpe:/a:novell:iprint_client:",
 "NullLogic-Groupware/Ver", "^([0-9.]+)", "cpe:/a:nulllogic:groupware:",
 "OpenJDK/Ver", "^([0-9.]+)", "cpe:/a:sun:openjdk:",
 "OpenOffice/Linux/Ver", "^([0-9.]+)", "cpe:/a:openoffice:openoffice.org:",
@@ -764,7 +765,8 @@
 "www/*/phpshop", "^([0-9.]+)", "cpe:/a:edikon:phpshop:",
 "www/*/rt_tracker", "^([0-9.]+)", "cpe:/a:best_practical_solutions:request_tracker:",
 "SSH/banner/", "^([0-9.]+)", "cpe:/a:openssh:openssh:",
-"www/*/phpldapadmin", "^([0-9.]+)", "cpe:/a:phpldapadmin:phpldapadmin:"
+"www/*/phpldapadmin", "^([0-9.]+)", "cpe:/a:phpldapadmin:phpldapadmin:",
+"www/*/AlefMentor", "^([0-9.]+)", "cpe:/a:findmysoft:alefmentor:"
 );
 
 

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_lin.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_media_obj_heap_spray_vuln_dec09_lin.nasl 6219 2009-12-15 10:30:34Z dec $
+#
+# Adobe Reader/Acrobat Multimeda Doc.media.newPlayer Remote Code Execution Vulnerability (Linux)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(801095);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-4324");
+  script_bugtraq_id(37331);
+  script_name("Adobe Reader/Acrobat Multimeda Doc.media.newPlayer Remote Code Execution Vulnerability (Linux)");
+  desc = "
+  Overview: This host is installed with Adobe Reader and is prone to
+  Doc.media.newPlayer Remote Code Execution vulnerability.
+
+  Vulnerability Insight:
+  There exists a flaw in the JavaScript module doc.media object while sending
+  a null argument to the newPlayer() method as the exploitation method makes
+  use of a vpointer that has not been initialized.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Adobe Reader version 9.2.0 and prior.
+
+  Workaround:
+  Disable JavaScript execution from the Adobe Acrobat/Reader product
+  configuration menu settings.
+
+  Fix:
+  No solution or patch is available as on 15th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.adobe.com
+
+  References:
+  http://www.f-secure.com/weblog/archives/00001836.html
+  http://extraexploit.blogspot.com/search/label/CVE-2009-4324
+  http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
+  http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
+  http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
+  http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 9.0
+  Risk factor: Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Reader");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("gb_adobe_prdts_detect_lin.nasl");
+  script_require_keys("Adobe/Reader/Linux/Version", "");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+readerVer = get_kb_item("Adobe/Reader/Linux/Version");
+if(readerVer != NULL)
+{
+  # Check for Adobe Reader version 9.2.0 and prior
+  if(version_is_less_equal(version:readerVer, test_version:"9.2.0")){
+    security_hole(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,102 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_prdts_media_obj_remote_code_exec_vuln_dec09_win.nasl 6219 2009-12-15 10:30:34Z dec $
+#
+# Adobe Reader/Acrobat Multimeda Doc.media.newPlayer Remote Code Execution Vulnerability (Win)
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901096);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4324");
+  script_bugtraq_id(37331);
+  script_name("Adobe Reader/Acrobat Multimeda Doc.media.newPlayer Remote Code Execution Vulnerability (Win)");
+  desc = "
+  Overview: This host is installed with Adobe Reader/Acrobat and is prone to
+  Doc.media.newPlayer Remote Code Execution vulnerability.
+
+  Vulnerability Insight:
+  There exists a flaw in the JavaScript module doc.media object while sending
+  a null argument to the newPlayer() method as the exploitation method makes
+  use of a vpointer that has not been initialized.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Adobe Acrobat version 9.2.0 and prior.
+  Adobe Acrobat version 9.2.0 and prior.
+
+  Workaround:
+  Disable JavaScript execution from the Adobe Acrobat/Reader product
+  configuration menu settings.
+
+  Fix:
+  No solution or patch is available as on 15th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.adobe.com
+
+  References:
+  http://www.f-secure.com/weblog/archives/00001836.html
+  http://extraexploit.blogspot.com/search/label/CVE-2009-4324
+  http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214
+  http://blogs.adobe.com/psirt/2009/12/new_adobe_reader_and_acrobat_v.html
+  http://downloads.securityfocus.com/vulnerabilities/exploits/adobe_media_newplayer.rb
+  http://vrt-sourcefire.blogspot.com/2009/12/adobe-reader-medianewplayer-analysis.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 9.0
+  Risk factor: Critical";
+
+  script_description(desc);
+  script_summary("Check for the version of Adobe Reader/Acrobat");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 Greenbone Networks GmbH");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_adobe_prdts_detect_win.nasl");
+  script_require_keys("Adobe/Acrobat/Win/Ver", "Adobe/Reader/Win/Ver");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("version_func.inc");
+
+readerVer = get_kb_item("Adobe/Reader/Win/Ver");
+if(readerVer != NULL)
+{
+  # Check for Adobe Reader version 9.x to 9.2.0
+  if(version_is_less_equal(version:readerVer, test_version:"9.2.0"))
+  {
+    security_hole(0);
+  }
+}
+
+acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver");
+if(acrobatVer != NULL)
+{
+  # Check for Adobe Acrobat version 9.x to 9.2.0
+  if(version_is_less_equal(version:acrobatVer, test_version:"9.2.0")){
+    security_hole(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_alefmentor_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_alefmentor_detect.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_alefmentor_detect.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_alefmentor_detect.nasl 6151 2009-12-16 16:25:36Z dec $
+#
+# AlefMentor Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901084);
+  script_version("$Revision$: 1.0");
+  script_name("AlefMentor Version Detection");
+  desc = "
+  Overview: This script finds the running AlefMentor version and saves
+  the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("AlefMentor version detection");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+amPort = get_http_port(default:80);
+if(!amPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/am", "/AM", cgi_dirs()))
+{
+  sndReq = http_get(item:string(path, "/index.php"), port:amPort);
+  rcvRes = http_send_recv(port:amPort, data:sndReq);
+
+  if("AlefMentor" >< rcvRes)
+  {
+    amVer = eregmatch(pattern:"AlefMentor ([0-9.]+)" , string:rcvRes);
+    if(amVer[1] != NULL){
+      set_kb_item(name:"www/" + amPort + "/AlefMentor", value:amVer[1] +
+                                                      " under " + path);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_alefmentor_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_alefmentor_sql_inj_vuln.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_alefmentor_sql_inj_vuln.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,108 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_alefmentor_sql_inj_vuln.nasl 6151 2009-12-17 18:11:27Z dec $
+#
+# AlefMentor Multiple SQL Injection Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901071);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4256");
+  script_name("AlefMentor Multiple SQL Injection Vulnerabilities");
+  desc = "
+  Overview: The host is running AlefMentor and is prone to SQL Injection
+  Vulnerability.
+
+  Vulnerability Insight:
+  Input passed via the 'cont_id' and 'courc_id' parameters to 'cource.php' is
+  not properly sanitised before being used in a SQL query. This flaw can be
+  exploited to manipulate SQL queries by injecting arbitrary SQL code.
+
+  Impact:
+  Successful exploitation could allow remote attackers to conduct SQL injection
+  attacks.
+
+  Impact Level: Application.
+
+  Affected Software/OS:
+  AlefMentor version 2.0 to 2.2 on all running platform.
+
+  Fix: No solution or patch is available as on 17th December, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.truesolution.net/downloads
+
+  References:
+  http://secunia.com/advisories/37626
+  http://xforce.iss.net/xforce/xfdb/54624
+  http://www.exploit-db.com/exploits/10358
+
+  CVSS Score:
+    CVSS Base Score      : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score  : 6.7
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check the version AlefMentor and SQL Injection");
+  script_category(ACT_MIXED_ATTACK);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_dependencies("secpod_alefmentor_detect.nasl");
+  script_family("Web application abuses");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+amPort = get_http_port(default:80);
+if(!amPort){
+  exit(0);
+}
+
+amVer = get_kb_item("www/" + amPort + "/AlefMentor");
+if(!amVer){
+  exit(0);
+}
+
+amVer = eregmatch(pattern:"^(.+) under (/.*)$", string:amVer);
+if(!safe_checks() && amVer[2] != NULL)
+{
+  request = http_get(item:amVer[2] + "/cource.php?action=pregled&cont_id" +
+                                     "=[SQL]", port:amPort);
+  response = http_send_recv(port:amPort, data:request);
+  if("Da li si siguran da je to ta baza" >< response)
+  {
+    security_hole(amPort);
+    exit(0);
+  }
+}
+
+if(amVer[1] != NULL)
+{
+  if(version_in_range(version:amVer[1], test_version:"2.0",
+                                       test_version2:"2.2")){
+   security_hole(amPort);
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_lin.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_novell_iprint_client_mult_bof_vuln_lin.nasl 6124 2009-12-18 12:20:51Z dec $
+#
+# Novell iPrint Client Multiple BOF Vulnerabilities (Linux)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900728);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-1569", "CVE-2009-1568");
+  script_bugtraq_id(37242);
+  script_name("Novell iPrint Client Multiple BOF Vulnerabilities (Linux)");
+  desc = "
+  Overview: This host is installed with Novell iPrint Client and is prone to
+  multiple Buffer Overflow vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to inadequate boundary checks on user supplied
+  inputs while the application processes the input data into the application
+  context.
+
+  Impact: Successful exploitation lets the remote attacker have a control over
+  the remote system registers allowing execution of malformed shellcode.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Novell iPrint Client version prior to 5.32
+
+  Fix:
+  Upgrade Novell iPrint Client version to 5.32
+  http://download.novell.com
+
+  References:
+  http://secunia.com/advisories/37169
+  http://secunia.com/secunia_research/2009-40/
+  http://www.vupen.com/english/advisories/2009/3429
+  http://download.novell.com/Download?buildid=29T3EFRky18~
+  http://www.securityfocus.com/archive/1/archive/1/508288/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Novell iPrint Client");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_novell_prdts_detect_lin.nasl");
+  script_require_keys("Novell/iPrint/Client/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+iPrintVer =  get_kb_item("Novell/iPrint/Client/Linux/Ver");
+if(iPrintVer == NULL){
+  exit(0);
+}
+
+if(version_is_less(version:iPrintVer, test_version:"5.32")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_novell_iprint_client_mult_bof_vuln_win.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_novell_iprint_client_mult_bof_vuln_win.nasl 6124 2009-12-18 18:20:51Z dec $
+#
+# Novell iPrint Client Multiple BOF Vulnerabilities (Win)
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900729);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-1569", "CVE-2009-1568");
+  script_bugtraq_id(37242);
+  script_name("Novell iPrint Client Multiple BOF Vulnerabilities (Win)");
+  desc = "
+  Overview: This host is running Novell iPrint Client and is prone to multiple
+  Buffer Overflow vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are caused due to inadequate boundary checks on user supplied
+  inputs while the application processes the input data into the application
+  context.
+
+  Impact:
+  Successful exploitation lets the remote attacker have a control over the remote
+  system registers allowing execution of malformed shellcode.
+
+  Impact Level: System
+
+  Affected Software/OS:
+  Novell iPrint Client version prior to 5.32
+
+  Fix:
+  Upgrade Novell iPrint Client version to 5.32
+  http://download.novell.com
+
+  References:
+  http://secunia.com/advisories/37169
+  http://secunia.com/secunia_research/2009-40/
+  http://www.vupen.com/english/advisories/2009/3429
+  http://download.novell.com/Download?buildid=29T3EFRky18~
+  http://www.securityfocus.com/archive/1/archive/1/508288/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Novell iPrint Client");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_novell_prdts_detect_win.nasl");
+  script_require_keys("Novell/Client/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+iPrintVer =  get_kb_item("Novell/iPrint/Ver");
+if(!iPrintVer){
+  exit(0);
+}
+
+if(version_is_less(version:iPrintVer, test_version:"5.32")){
+  security_hole(0);
+}

Modified: trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_novell_prdts_detect_lin.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -7,6 +7,10 @@
 # Authors:
 # Nikita MR <rnikita at secpod.com>
 #
+# Updated :
+# Novell iPrint Client Detection
+# Sujit Ghosal <sghosal at secpod.com>  on 2009-12-18 #6124
+#
 # Copyright:
 # Copyright (c) 2009 SecPod, http://www.secpod.com
 #
@@ -27,7 +31,7 @@
 if(description)
 {
   script_id(900598);
-  script_version("$Revision: 1.0 $");
+  script_version("$Revision$: 1.2");
   script_name("Novell Products Version Detection (Linux)");
   desc = "
 
@@ -53,6 +57,7 @@
   exit(0);
 }
 
+#Set Version KB for Novell eDir Client
 eDirPath = find_bin(prog_name:"ndsd", sock:sock);
 foreach eDirFile (eDirPath)
 {
@@ -67,4 +72,17 @@
 
   set_kb_item(name:"Novell/eDir/Lin/Ver", value:eDirVer);
 }
+
+#Set Version KB for Novell iPrint Client
+iPrintPaths = find_file(file_name:"iprntcmd", file_path:"/", useregex:TRUE,
+                       regexpar:"$", sock:sock);
+foreach iPrintBin (iPrintPaths)
+{
+  iPrintVer = get_bin_version(full_prog_name:chomp(iPrintBin), sock:sock,
+                              version_argv:"-v", ver_pattern:" v([0-9.]+)");
+  if(iPrintVer[1] != NULL) {
+    set_kb_item(name:"Novell/iPrint/Client/Linux/Ver", value:iPrintVer[1]);
+  }
+}
 ssh_close_connection();
+

Added: trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_vmware_server_mult_xss_vuln_dec09_lin.nasl 6251 2009-12-18 18:03:40Z dec $
+#
+# VMware Server Multiple Cross-Site Scripting Vulnerabilities (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900899);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-3731");
+  script_bugtraq_id(37346);
+  script_name("VMware Server Multiple Cross-Site Scripting Vulnerabilities (Linux)");
+  desc = "
+  Overview: The host is installed with VMWare Server that is vulnerable to
+  multiple Cross-Site Scripting vulnerabilities.
+
+  Vulnerability Insight:
+  - Multiple vulnerabilities can be exploited to disclose sensitive information,
+    conduct cross-site scripting attacks, manipulate certain data, bypass certain
+    security restrictions, cause a DoS, or compromise a user's system.
+  - Certain unspecified input passed to WebWorks help pages is not properly
+    sanitised before being returned to the user. This can be exploited to execute
+    arbitrary HTML and script code in a user's browser session in context of an
+    affected site.
+
+  Impact:
+  Successful exploitation will lets attackers to cause a Denial of Service, or
+  compromise a user's system.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  VMware Server version 2.0.2 on Linux.
+
+  Fix:
+  Apply patch,
+  http://kb.vmware.com/kb/1016594
+
+  *****
+  NOTE: Ignore this warning, if above mentioned patch is manually applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/37460/
+  http://www.webworks.com/Security/2009-0001/
+  http://www.vmware.com/security/advisories/VMSA-2009-0017.html
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.4
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of VMware Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_vmware_prdts_detect_lin.nasl");
+  script_require_keys("VMware/Server/Linux/Ver", "VMware/Linux/Installed");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Linux/Installed")){
+  exit(0);
+}
+
+# VMware Server
+vmserVer = get_kb_item("VMware/Server/Linux/Ver");
+if(vmserVer)
+{
+  if(version_is_equal(version:vmserVer, test_version:"2.0.2")){
+    security_warning(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl	2009-12-18 17:31:49 UTC (rev 6206)
+++ trunk/openvas-plugins/scripts/secpod_vmware_server_mult_xss_vuln_dec09_win.nasl	2009-12-21 06:14:17 UTC (rev 6207)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_vmware_server_mult_xss_vuln_dec09_win.nasl 6251 2009-12-18 18:03:40Z dec $
+#
+# VMware Server Multiple Cross-Site Scripting Vulnerabilities (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900896);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-3731");
+  script_bugtraq_id(37346);
+  script_name("VMware Server Multiple Cross-Site Scripting Vulnerabilities (Win)");
+  desc = "
+  Overview: This host is installed with VMWare Server that is vulnerable to
+  multiple Cross-Site Scripting vulnerabilities.
+
+  Vulnerability Insight:
+  - Multiple vulnerabilities can be exploited to disclose sensitive information,
+    conduct cross-site scripting attacks, manipulate certain data, bypass certain
+    security restrictions, cause a DoS, or compromise a user's system.
+  - Certain unspecified input passed to WebWorks help pages is not properly
+    sanitised before being returned to the user. This can be exploited to execute
+    arbitrary HTML and script code in a user's browser session in the context of an
+    affected site.
+
+  Impact:
+  Successful exploitation will lets attackers to cause a Denial of Service, or
+  compromise a user's system.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  VMware Server version 2.0.2 on Windows.
+
+  Fix:
+  Apply patch,
+  http://kb.vmware.com/kb/1016594
+
+  *****
+  NOTE: Ignore this warning, if above mentioned patch is manually applied.
+  *****
+
+  References:
+  http://secunia.com/advisories/37460/
+  http://www.webworks.com/Security/2009-0001/
+  http://www.vmware.com/security/advisories/VMSA-2009-0017.html
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.4
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of VMware Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_vmware_prdts_detect_win.nasl");
+  script_require_keys("VMware/Server/Win/Ver", "VMware/Win/Installed");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+if(!get_kb_item("VMware/Win/Installed")){
+  exit(0);
+}
+
+# VMware Server
+vmserVer = get_kb_item("VMware/Server/Win/Ver");
+if(vmserVer)
+{
+  if(version_is_equal(version:vmserVer, test_version:"2.0.2")){
+    security_warning(0);
+  }
+}



More information about the Openvas-commits mailing list