[Openvas-commits] r6219 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Mon Dec 21 12:36:31 CET 2009
Author: mime
Date: 2009-12-21 12:36:27 +0100 (Mon, 21 Dec 2009)
New Revision: 6219
Added:
trunk/openvas-plugins/scripts/serv_u_37414.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl
trunk/openvas-plugins/scripts/labview_www_DoS.nasl
trunk/openvas-plugins/scripts/linksys_empty_GET_DoS.nasl
trunk/openvas-plugins/scripts/netware_perl_overflow.nasl
trunk/openvas-plugins/scripts/oracle9iAS_slashdot_DoS.nasl
trunk/openvas-plugins/scripts/oracle9iAS_too_long_url.nasl
trunk/openvas-plugins/scripts/php_dec_2009.nasl
trunk/openvas-plugins/scripts/sambar_DoS.nasl
trunk/openvas-plugins/scripts/shoutcast_admin_cgi_overflow.nasl
trunk/openvas-plugins/scripts/simpleserverwww_dos.nasl
Log:
Added new plugin. Fixed FP
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/ChangeLog 2009-12-21 11:36:27 UTC (rev 6219)
@@ -1,3 +1,22 @@
+2009-12-21 Michael Meyer <michael.meyer at intevation.de>
+
+ * scripts/serv_u_37414.nasl:
+ Added new plugin.
+
+ * scripts/linksys_empty_GET_DoS.nasl,
+ scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl,
+ scripts/shoutcast_admin_cgi_overflow.nasl,
+ scripts/oracle9iAS_slashdot_DoS.nasl,
+ scripts/netware_perl_overflow.nasl,
+ scripts/sambar_DoS.nasl,
+ scripts/simpleserverwww_dos.nasl,
+ scripts/oracle9iAS_too_long_url.nasl,
+ scripts/labview_www_DoS.nasl:
+ Try to fix FP.
+
+ * scripts/php_dec_2009.nasl:
+ Fixed script_summary().
+
2009-12-21 Chandrashekhar B <bchandra at secpod.com>
* scripts/secpod_alefmentor_sql_inj_vuln.nasl,
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/cve_current.txt 2009-12-21 11:36:27 UTC (rev 6219)
@@ -407,3 +407,4 @@
CVE-2009-1568 SecPod svn L
CVE-2009-1569 SecPod svn L
CVE-2009-3731 SecPod svn L
+37414 Greenbone svn R
Modified: trunk/openvas-plugins/scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/Xeneo_Web_Server_2.2.9.0_DoS.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -54,6 +54,9 @@
{
if ( ! can_host_php(port:port) ) exit(0);
if(http_is_dead(port:port))exit(0);
+ banner = get_http_banner(port:port);
+ if(!banner)exit(0);
+ if("Xeneo" >!< banner)exit(0);
soc = http_open_socket(port);
if(soc)
{
Modified: trunk/openvas-plugins/scripts/labview_www_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/labview_www_DoS.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/labview_www_DoS.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -59,6 +59,10 @@
data = string("GET / HTTP/1.0\n\n");
port = get_http_port(default:80);
+if (http_is_dead(port: port)) exit(0);
+banner = get_http_banner(port:port);
+if(!banner)exit(0);
+if("Server: LabVIEW" >!< banner)exit(0);
if(get_port_state(port))
{
@@ -71,9 +75,6 @@
r = http_recv(socket:soc);
close(soc);
sleep(1);
- soc2 = open_sock_tcp(port);
- #display(string("Alive!\n"));
- if(!soc2)security_hole(port);
- else close(soc2);
+ if(http_is_dead(port: port,retry:2))security_hole(port);
}
}
Modified: trunk/openvas-plugins/scripts/linksys_empty_GET_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/linksys_empty_GET_DoS.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/linksys_empty_GET_DoS.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -58,4 +58,4 @@
http_recv(socket: soc);
http_close_socket(soc);
-if (http_is_dead(port: port)) security_hole(port);
+if (http_is_dead(port: port,retry:4)) security_hole(port);
Modified: trunk/openvas-plugins/scripts/netware_perl_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/netware_perl_overflow.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/netware_perl_overflow.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -60,6 +60,9 @@
if (! get_port_state(port)) exit(0);
if(http_is_dead(port:port))exit(0);
+banner = get_http_banner(port:port);
+if(!banner)exit(0);
+if("Novell" >!< banner && "Netware" >!< banner)exit(0);
soc = http_open_socket(port);
if (!soc) exit(0);
@@ -70,8 +73,7 @@
r = http_recv(socket:soc);
http_close_socket(soc);
-if(http_is_dead(port: port, retry:1))
+if(http_is_dead(port: port, retry:4))
{
security_hole(port);
- #set_kb_item(name:"www/too_long_url_crash", value:TRUE);
}
Modified: trunk/openvas-plugins/scripts/oracle9iAS_slashdot_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/oracle9iAS_slashdot_DoS.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/oracle9iAS_slashdot_DoS.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -71,6 +71,9 @@
local_var soc, r;
if (http_is_dead(port: port)) return;
+ banner = get_http_banner(port:port);
+ if(!banner)return;
+ if("OracleAS-Web-Cache" >!< banner)return;
soc = http_open_socket(port);
if(! soc) return;
Modified: trunk/openvas-plugins/scripts/oracle9iAS_too_long_url.nasl
===================================================================
--- trunk/openvas-plugins/scripts/oracle9iAS_too_long_url.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/oracle9iAS_too_long_url.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -61,6 +61,9 @@
{
if(!http_is_dead(port:port))
{
+ banner = get_http_banner(port:port);
+ if(!banner)exit(0);
+ if("Oracle" >!< banner)exit(0);
url = string("/", crap(data: "A", length: 3095), crap(data: "N", length: 4));
soc = http_open_socket(port);
if(soc)
@@ -70,7 +73,7 @@
a = http_recv(socket: soc);
http_close_socket(soc);
- if(http_is_dead(port: port, retry:1)) {
+ if(http_is_dead(port: port, retry:4)) {
security_hole(port);
set_kb_item(name:"www/too_long_url_crash", value:TRUE);
}
Modified: trunk/openvas-plugins/scripts/php_dec_2009.nasl
===================================================================
--- trunk/openvas-plugins/scripts/php_dec_2009.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/php_dec_2009.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -2,7 +2,7 @@
# OpenVAS Vulnerability Test
# $Id$
#
-# PHP < 5.12 Multiple Vulnerabilities
+# PHP < 5.2.12 Multiple Vulnerabilities
#
# Authors:
# Michael Meyer
@@ -66,7 +66,7 @@
Risk factor : High";
script_description(desc);
- script_summary("Determine if php version is < 5.12");
+ script_summary("Determine if php version is < 5.2.12");
script_category(ACT_GATHER_INFO);
script_family("Web application abuses");
script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
Modified: trunk/openvas-plugins/scripts/sambar_DoS.nasl
===================================================================
--- trunk/openvas-plugins/scripts/sambar_DoS.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/sambar_DoS.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -72,13 +72,12 @@
port = get_http_port(default:80);
if(! get_port_state(port)) exit(0);
+if(http_is_dead(port:port))exit(0);
banner = get_http_banner(port: port);
if (! banner) exit(0);
+if(!egrep(pattern: "^Server:.*sambar", string: banner, icase: TRUE))exit(0);
-
-if(http_is_dead(port:port))exit(0);
-
# TBD: request each URL a few times...
function test_port(port, cgi)
{
Added: trunk/openvas-plugins/scripts/serv_u_37414.nasl
===================================================================
--- trunk/openvas-plugins/scripts/serv_u_37414.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/serv_u_37414.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -0,0 +1,100 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Serv-U File Server User Directory Information Disclosure Vulnerability
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Greenbone Networks GmbH
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100410);
+ script_bugtraq_id(37414);
+ script_version ("1.0-$Revision$");
+
+ script_name("Serv-U File Server User Directory Information Disclosure Vulnerability");
+
+desc = "Overview:
+Serv-U File Server is prone to an unspecified information-disclosure
+vulnerability.
+
+Attackers can exploit this issue to harvest sensitive information that
+may lead to further attacks.
+
+Versions prior to SERV-U File Server 9.2.0.1 are vulnerable.
+
+Solution:
+The vendor has released an update. Please see the references
+for details.
+
+References:
+http://www.securityfocus.com/bid/37414
+http://www.serv-u.com/releasenotes/
+http://www.serv-u.com/
+
+Risk factor : Medium";
+
+ script_description(desc);
+ script_summary("Determine if Serv-U FTP Server version is < 9.2.0.1");
+ script_category(ACT_GATHER_INFO);
+ script_family("FTP");
+ script_copyright("This script is Copyright (C) 2009 Greenbone Networks GmbH");
+ script_dependencies("gb_rhinosoft_serv-u_detect.nasl");
+ script_require_ports("Services/ftp", 21);
+ exit(0);
+}
+
+include("ftp_func.inc");
+include("version_func.inc");
+
+port = get_kb_item("Services/ftp");
+if(!port){
+ port = 21;
+}
+
+if(get_kb_item('ftp/'+port+'/broken'))exit(0);
+
+if(!get_port_state(port)){
+ exit(0);
+}
+
+if(!version = get_kb_item(string("ftp/", port, "/Serv-U"))) {
+ if(!version = get_kb_item(string("Serv-U/FTP/Ver"))) {
+ exit(0);
+ }
+}
+
+if(!isnull(version[1])) {
+ vers = version[1];
+}
+
+if(!isnull(vers)) {
+ if(vers =~ "^9\.") {
+ if(version_is_less(version:vers, test_version:"9.2.0.1") ) {
+ security_hole(port: port);
+ exit(0);
+ }
+ }
+}
+
+exit(0);
+
+
Property changes on: trunk/openvas-plugins/scripts/serv_u_37414.nasl
___________________________________________________________________
Name: svn:keywords
+ Id Revision
Modified: trunk/openvas-plugins/scripts/shoutcast_admin_cgi_overflow.nasl
===================================================================
--- trunk/openvas-plugins/scripts/shoutcast_admin_cgi_overflow.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/shoutcast_admin_cgi_overflow.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -66,6 +66,9 @@
{
if( get_port_state(port) && !get_kb_item("Services/www/" + port + "/embedded") && !http_is_dead(port:port, retry:0))
{
+ banner = get_http_banner(port:port);
+ if(!banner)continue;
+ if(!egrep(pattern:"shoutcast", string:banner, icase: TRUE))continue;
url = string("/admin.cgi?pass=", crap(length:4096, data:"\"));
req = http_get(item: url, port:port);
soc = http_open_socket(port);
Modified: trunk/openvas-plugins/scripts/simpleserverwww_dos.nasl
===================================================================
--- trunk/openvas-plugins/scripts/simpleserverwww_dos.nasl 2009-12-21 10:55:12 UTC (rev 6218)
+++ trunk/openvas-plugins/scripts/simpleserverwww_dos.nasl 2009-12-21 11:36:27 UTC (rev 6219)
@@ -58,6 +58,7 @@
banner = get_http_banner(port: port);
if (! banner) exit(0);
+if(!egrep(pattern:"^Server: *SimpleServer:WWW", string:banner))exit(0);
if (safe_checks())
{
More information about the Openvas-commits
mailing list