[Openvas-commits] r6219 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Dec 21 12:36:31 CET 2009


Author: mime
Date: 2009-12-21 12:36:27 +0100 (Mon, 21 Dec 2009)
New Revision: 6219

Added:
   trunk/openvas-plugins/scripts/serv_u_37414.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl
   trunk/openvas-plugins/scripts/labview_www_DoS.nasl
   trunk/openvas-plugins/scripts/linksys_empty_GET_DoS.nasl
   trunk/openvas-plugins/scripts/netware_perl_overflow.nasl
   trunk/openvas-plugins/scripts/oracle9iAS_slashdot_DoS.nasl
   trunk/openvas-plugins/scripts/oracle9iAS_too_long_url.nasl
   trunk/openvas-plugins/scripts/php_dec_2009.nasl
   trunk/openvas-plugins/scripts/sambar_DoS.nasl
   trunk/openvas-plugins/scripts/shoutcast_admin_cgi_overflow.nasl
   trunk/openvas-plugins/scripts/simpleserverwww_dos.nasl
Log:
Added new plugin. Fixed FP

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/ChangeLog	2009-12-21 11:36:27 UTC (rev 6219)
@@ -1,3 +1,22 @@
+2009-12-21 Michael Meyer <michael.meyer at intevation.de>
+
+	* scripts/serv_u_37414.nasl:
+	Added new plugin.
+
+	* scripts/linksys_empty_GET_DoS.nasl,
+	scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl,
+	scripts/shoutcast_admin_cgi_overflow.nasl,
+	scripts/oracle9iAS_slashdot_DoS.nasl,
+	scripts/netware_perl_overflow.nasl,
+	scripts/sambar_DoS.nasl,
+	scripts/simpleserverwww_dos.nasl,
+	scripts/oracle9iAS_too_long_url.nasl,
+	scripts/labview_www_DoS.nasl:
+	Try to fix FP.
+
+	* scripts/php_dec_2009.nasl:
+	Fixed script_summary().
+
 2009-12-21  Chandrashekhar B <bchandra at secpod.com>
 
 	* scripts/secpod_alefmentor_sql_inj_vuln.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/cve_current.txt	2009-12-21 11:36:27 UTC (rev 6219)
@@ -407,3 +407,4 @@
 CVE-2009-1568			SecPod		svn		L
 CVE-2009-1569			SecPod		svn		L
 CVE-2009-3731			SecPod		svn		L
+37414				Greenbone	svn		R

Modified: trunk/openvas-plugins/scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -54,6 +54,9 @@
 {
  if ( ! can_host_php(port:port) ) exit(0);
  if(http_is_dead(port:port))exit(0);
+ banner = get_http_banner(port:port);
+ if(!banner)exit(0);
+ if("Xeneo" >!< banner)exit(0);
  soc = http_open_socket(port);
  if(soc)
  {

Modified: trunk/openvas-plugins/scripts/labview_www_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/labview_www_DoS.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/labview_www_DoS.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -59,6 +59,10 @@
 data = string("GET / HTTP/1.0\n\n");
 
 port = get_http_port(default:80);
+if (http_is_dead(port: port)) exit(0);
+banner = get_http_banner(port:port);
+if(!banner)exit(0);
+if("Server: LabVIEW" >!< banner)exit(0);
 
 if(get_port_state(port))
 {
@@ -71,9 +75,6 @@
   r = http_recv(socket:soc);
   close(soc);
   sleep(1);
-  soc2 = open_sock_tcp(port);
-  #display(string("Alive!\n"));
-  if(!soc2)security_hole(port);
-  else close(soc2);
+  if(http_is_dead(port: port,retry:2))security_hole(port);
   }
 }

Modified: trunk/openvas-plugins/scripts/linksys_empty_GET_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/linksys_empty_GET_DoS.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/linksys_empty_GET_DoS.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -58,4 +58,4 @@
 http_recv(socket: soc);
 http_close_socket(soc);
 
-if (http_is_dead(port: port)) security_hole(port);
+if (http_is_dead(port: port,retry:4)) security_hole(port);

Modified: trunk/openvas-plugins/scripts/netware_perl_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/netware_perl_overflow.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/netware_perl_overflow.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -60,6 +60,9 @@
 if (! get_port_state(port)) exit(0);
 
 if(http_is_dead(port:port))exit(0);
+banner = get_http_banner(port:port);
+if(!banner)exit(0);
+if("Novell" >!< banner && "Netware" >!< banner)exit(0);
 
 soc = http_open_socket(port);
 if (!soc) exit(0);
@@ -70,8 +73,7 @@
 r = http_recv(socket:soc);
 http_close_socket(soc);
 
-if(http_is_dead(port: port, retry:1))
+if(http_is_dead(port: port, retry:4))
 {
   security_hole(port);
-  #set_kb_item(name:"www/too_long_url_crash", value:TRUE);
 }

Modified: trunk/openvas-plugins/scripts/oracle9iAS_slashdot_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/oracle9iAS_slashdot_DoS.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/oracle9iAS_slashdot_DoS.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -71,6 +71,9 @@
   local_var	soc, r;
 
  if (http_is_dead(port: port)) return;
+ banner = get_http_banner(port:port);
+ if(!banner)return;
+ if("OracleAS-Web-Cache" >!< banner)return;
 
  soc = http_open_socket(port);
   if(! soc) return;

Modified: trunk/openvas-plugins/scripts/oracle9iAS_too_long_url.nasl
===================================================================
--- trunk/openvas-plugins/scripts/oracle9iAS_too_long_url.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/oracle9iAS_too_long_url.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -61,6 +61,9 @@
 {
  if(!http_is_dead(port:port))
  {
+ banner = get_http_banner(port:port);
+ if(!banner)exit(0);
+ if("Oracle" >!< banner)exit(0);
  url = string("/", crap(data: "A", length: 3095), crap(data: "N", length: 4));
  soc = http_open_socket(port);
  if(soc)
@@ -70,7 +73,7 @@
   a = http_recv(socket: soc);
   http_close_socket(soc);
 
-  if(http_is_dead(port: port, retry:1)) {
+  if(http_is_dead(port: port, retry:4)) {
 	security_hole(port);
 	set_kb_item(name:"www/too_long_url_crash", value:TRUE);
    }

Modified: trunk/openvas-plugins/scripts/php_dec_2009.nasl
===================================================================
--- trunk/openvas-plugins/scripts/php_dec_2009.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/php_dec_2009.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -2,7 +2,7 @@
 # OpenVAS Vulnerability Test
 # $Id$
 #
-# PHP < 5.12 Multiple Vulnerabilities
+# PHP < 5.2.12 Multiple Vulnerabilities
 #
 # Authors:
 # Michael Meyer
@@ -66,7 +66,7 @@
 Risk factor : High";
 
  script_description(desc);
- script_summary("Determine if php version is < 5.12");
+ script_summary("Determine if php version is < 5.2.12");
  script_category(ACT_GATHER_INFO);
  script_family("Web application abuses");
  script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");

Modified: trunk/openvas-plugins/scripts/sambar_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sambar_DoS.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/sambar_DoS.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -72,13 +72,12 @@
 port = get_http_port(default:80);
 
 if(! get_port_state(port)) exit(0);
+if(http_is_dead(port:port))exit(0);
 
 banner = get_http_banner(port: port);
 if (! banner) exit(0);
+if(!egrep(pattern: "^Server:.*sambar", string: banner, icase: TRUE))exit(0);
 
-
-if(http_is_dead(port:port))exit(0);
-
 # TBD: request each URL a few times...
 function test_port(port, cgi)
 {

Added: trunk/openvas-plugins/scripts/serv_u_37414.nasl
===================================================================
--- trunk/openvas-plugins/scripts/serv_u_37414.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/serv_u_37414.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Serv-U File Server User Directory Information Disclosure Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100410);
+ script_bugtraq_id(37414);
+ script_version ("1.0-$Revision$");
+
+ script_name("Serv-U File Server User Directory Information Disclosure Vulnerability");
+
+desc = "Overview:
+Serv-U File Server is prone to an unspecified information-disclosure
+vulnerability.
+
+Attackers can exploit this issue to harvest sensitive information that
+may lead to further attacks.
+
+Versions prior to SERV-U File Server 9.2.0.1 are vulnerable.
+
+Solution:
+The vendor has released an update. Please see the references
+for details.
+
+References:
+http://www.securityfocus.com/bid/37414
+http://www.serv-u.com/releasenotes/
+http://www.serv-u.com/
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if Serv-U FTP Server version is < 9.2.0.1");
+ script_category(ACT_GATHER_INFO);
+ script_family("FTP");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("gb_rhinosoft_serv-u_detect.nasl");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+port = get_kb_item("Services/ftp");
+if(!port){
+  port = 21;
+}
+
+if(get_kb_item('ftp/'+port+'/broken'))exit(0);
+
+if(!get_port_state(port)){
+  exit(0);
+}
+
+if(!version = get_kb_item(string("ftp/", port, "/Serv-U"))) {
+ if(!version = get_kb_item(string("Serv-U/FTP/Ver"))) {
+  exit(0);
+ }  
+}  
+
+if(!isnull(version[1])) {
+  vers = version[1];
+}  
+
+if(!isnull(vers)) {
+   if(vers =~ "^9\.") {
+     if(version_is_less(version:vers, test_version:"9.2.0.1") ) {
+         security_hole(port: port);
+         exit(0);
+     }
+   }
+}
+
+exit(0);
+
+


Property changes on: trunk/openvas-plugins/scripts/serv_u_37414.nasl
___________________________________________________________________
Name: svn:keywords
   + Id Revision

Modified: trunk/openvas-plugins/scripts/shoutcast_admin_cgi_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/shoutcast_admin_cgi_overflow.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/shoutcast_admin_cgi_overflow.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -66,6 +66,9 @@
 {
  if( get_port_state(port)  && !get_kb_item("Services/www/" + port + "/embedded") && !http_is_dead(port:port, retry:0))
  {
+  banner = get_http_banner(port:port);
+  if(!banner)continue;
+  if(!egrep(pattern:"shoutcast", string:banner, icase: TRUE))continue;
   url = string("/admin.cgi?pass=", crap(length:4096, data:"\"));
   req = http_get(item: url, port:port);
   soc = http_open_socket(port);

Modified: trunk/openvas-plugins/scripts/simpleserverwww_dos.nasl
===================================================================
--- trunk/openvas-plugins/scripts/simpleserverwww_dos.nasl	2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/simpleserverwww_dos.nasl	2009-12-21 11:36:27 UTC (rev 6219)
@@ -58,6 +58,7 @@
 
 banner = get_http_banner(port: port);
 if (! banner) exit(0);
+if(!egrep(pattern:"^Server: *SimpleServer:WWW", string:banner))exit(0);
 
 if (safe_checks())
 {



More information about the Openvas-commits mailing list