[Openvas-commits] r6248 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Dec 24 14:02:02 CET 2009
Author: chandra
Date: 2009-12-24 14:01:59 +0100 (Thu, 24 Dec 2009)
New Revision: 6248
Added:
trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl
trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl
trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl
trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl
trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl
trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/cpe.inc
trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl
trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/ChangeLog 2009-12-24 13:01:59 UTC (rev 6248)
@@ -1,3 +1,18 @@
+2009-12-24 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/secpod_xoops_content_module_sql_inj_vuln.nasl
+ scripts/secpod_wireshark_smb_dos_vuln_lin.nasl
+ scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl
+ scripts/secpod_valarsoft_webmatic_detect.nasl
+ scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl
+ scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl:
+ Added new plugins.
+
+ * scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl,
+ scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl: Corrected the KB name.
+
+ * scripts/cpe.inc: Added new CPE's.
+
2009-12-23 Felix Wolfsteller <felix.wolfsteller at intevation.de>
Added "registry-kb-proxy" (see
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/cve_current.txt 2009-12-24 13:01:59 UTC (rev 6248)
@@ -435,3 +435,7 @@
CVE-2009-3997 SecPod svn L
CVE-2009-3996 SecPod svn L
CVE-2009-4356 SecPod svn L
+CVE-2009-4378 SecPod svn L
+CVE-2009-4376 SecPod svn L
+CVE-2009-4377 SecPod svn L
+CVE-2009-4360 SecPod svn R
Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/cpe.inc 2009-12-24 13:01:59 UTC (rev 6248)
@@ -767,7 +767,8 @@
"SSH/banner/", "^([0-9.]+)", "cpe:/a:openssh:openssh:",
"www/*/phpldapadmin", "^([0-9.]+)", "cpe:/a:phpldapadmin:phpldapadmin:",
"www/*/AlefMentor", "^([0-9.]+)", "cpe:/a:findmysoft:alefmentor:",
-"www/*/FamilyConnections", "^([0-9.]+)", "cpe:/a:haudenschilt:family_connections_cms:"
+"www/*/FamilyConnections", "^([0-9.]+)", "cpe:/a:haudenschilt:family_connections_cms:",
+"www/*/Valarsoft/Webmatic","^([0-9.]+)", "cpe:/a:valarsoft:webmatic:"
);
Modified: trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl 2009-12-24 13:01:59 UTC (rev 6248)
@@ -5,8 +5,11 @@
# IBM DB2 Multiple Vulnerabilities (Linux)
#
# Authors:
-# Antu Sanadi<santu at secpod.com>
+# Antu Sanadi <santu at secpod.com>
#
+# Updated KB Name
+# Antu Sanadi <santu at secpod.com> on 2009-12-21
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -27,13 +30,13 @@
if(description)
{
script_id(900678);
- script_version("$Revision: 1.0 $");
+ script_version("$Revision$: 1.1");
script_cve_id("CVE-2009-1905","CVE-2009-1906");
script_bugtraq_id(35171);
script_name("IBM DB2 Multiple Vulnerabilities (Linux)");
desc = "
- Overview: The host is installed with IBM DB2 and is prone to multiple
+ Overview: The host is installed with IBM DB2 and is prone to multiple
vulnerabilities.
Vulnerability Insight:
@@ -73,14 +76,14 @@
script_copyright("Copyright (C) 2009 SecPod");
script_family("General");
script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
- script_require_keys("Linux/IBM-db2/Ver");
+ script_require_keys("Linux/IBM_db2/Ver");
exit(0);
}
include("version_func.inc");
-ibmVer = get_kb_item("Linux/IBM-db2/Ver");
+ibmVer = get_kb_item("Linux/IBM_db2/Ver");
if(!ibmVer){
exit(0);
}
@@ -91,11 +94,8 @@
# IBM DB2 9.1 FP6a => 9.1.0.6a
# IBM DB2 9.5 FP3b => 9.5.0.3b
-if(version_in_range(version:ibmVer, test_version:"8.0",
- test_version2:"8.1.16") ||
- version_in_range(version:ibmVer, test_version:"9.1",
- test_version2:"9.1.0.6a") ||
- version_in_range(version:ibmVer, test_version:"9.5",
- test_version2:"9.5.0.3b")){
+if(version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.16") ||
+ version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.6a") ||
+ version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.3b")){
security_warning(0);
}
Property changes on: trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Modified: trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl 2009-12-24 13:01:59 UTC (rev 6248)
@@ -7,6 +7,9 @@
# Authors:
# Antu Sanadi<santu at secpod.com>
#
+# Updated KB Name
+# Antu Sanadi <santu at secpod.com> on 2009-12-21
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -27,7 +30,7 @@
if(description)
{
script_id(900679);
- script_version("$Revision: 1.0 $");
+ script_version("$Revision$: 1.1");
script_cve_id("CVE-2008-6821", "CVE-2008-6820", "CVE-2008-2154");
script_bugtraq_id(31058, 35409);
script_name("IBM DB2 Multiple Vulnerabilities (Linux)");
@@ -78,14 +81,14 @@
script_copyright("Copyright (C) 2009 SecPod");
script_family("General");
script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
- script_require_keys("Linux/IBM-db2/Ver");
+ script_require_keys("Linux/IBM_db2/Ver");
exit(0);
}
include("version_func.inc");
-ibmVer = get_kb_item("Linux/IBM-db2/Ver");
+ibmVer = get_kb_item("Linux/IBM_db2/Ver");
if(!ibmVer){
exit(0);
}
@@ -96,11 +99,8 @@
# IBM DB2 9.1 FP4a =>9.1.0.4
# IBM DB2 9.5 FP1 =>9.5.0.1
-if(version_in_range(version:ibmVer, test_version:"8.0",
- test_version2:"8.1.16") ||
- version_in_range(version:ibmVer, test_version:"9.1",
- test_version2:"9.1.0.4") ||
- version_in_range(version:ibmVer, test_version:"9.5",
- test_version2:"9.5.0.1")){
+if(version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.16") ||
+ version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.4") ||
+ version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.1")){
security_hole(0);
}
Property changes on: trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl 2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_valarsoft_webmatic_detect.nasl 6367 2009-12-23 16:25:36Z dec $
+#
+# Valarsoft Webmatic Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(901087);
+ script_version("$Revision$: 1.0");
+ script_name("Valarsoft Webmatic Version Detection");
+ desc = "
+ Overview: This script finds the running Valarsoft Webmatic version and
+ saves the result in KB.
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("Set the version of Valarsoft Webmatic in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Service detection");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+webmaticPort = get_http_port(default:80);
+if(!webmaticPort){
+ exit(0);
+}
+
+foreach path (make_list("/", "/webmatic", "/web", cgi_dirs()))
+{
+ sndReq = http_get(item:string(path, "/index.php"), port:webmaticPort);
+ rcvRes = http_send_recv(port:webmaticPort, data:sndReq);
+ if("Welcome to Webmatic" >< rcvRes)
+ {
+ webmaticVer = eregmatch(pattern:"Webmatic ([0-9.]+)", string:rcvRes);
+ if(webmaticVer[1] != NULL)
+ {
+ set_kb_item(name:"www/" + webmaticPort + "/Valarsoft/Webmatic",
+ value:webmaticVer[1] + " under " + path);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl 2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl 6367 2009-12-23 24:10:29Z dec $
+#
+# Valarsoft Webmatic Multiple XSS and SQL Injection Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(901088);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-4379", "CVE-2009-4380");
+ script_bugtraq_id(37335);
+ script_name("Valarsoft Webmatic Multiple XSS and SQL Injection Vulnerabilities");
+ desc = "
+ Overview: This host is running Valarsoft Webmatic and is prone to multiple
+ Cross-Site Scripting and SQL Injection vulnerabilities.
+
+ Vulnerability Insight:
+ - Certain unspecified input is not properly sanitised before being returned to
+ the user. This can be exploited to execute arbitrary HTML and script code in
+ a user's browser session in the context of an affected site.
+ - Certain unspecified input is not properly sanitised before being used in SQL
+ queries. This can be exploited to manipulate SQL queries by injecting
+ arbitrary SQL code.
+
+ Impact:
+ Successful exploitation will let the attacker cause Cross-Site Scripting or
+ SQL Injection attacks by executing arbitrary codes within the context of the
+ affected application.
+
+ Impact Level: Application.
+
+ Affected Software/OS:
+ Valarsoft Webmatic prior to 3.0.3
+
+ Fix: Upgrade to Valarsoft Webmatic version 3.0.3.
+ For Updates Refer, http://www.valarsoft.com
+
+ References:
+ http://secunia.com/advisories/37735
+ http://www.valarsoft.com/index.php?stage=0§ion=5&newsID=165&action=6
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Valarsoft Webmatic");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Web application abuses");
+ script_dependencies("secpod_valarsoft_webmatic_detect.nasl");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+webmaticPort = get_http_port(default:80);
+if(!webmaticPort){
+ exit(0);
+}
+
+webmaticVer = get_kb_item("www/"+ webmaticPort + "/Valarsoft/Webmatic");
+if(!webmaticVer){
+ exit(0);
+}
+
+webmaticVer = eregmatch(pattern:"^(.+) under (/.*)$", string:webmaticVer);
+if(webmaticVer[1])
+{
+ # Check for Volarsoft Webmatic prior to 3.0.3
+ if(version_is_less(version:webmaticVer[1], test_version:"3.0.3")){
+ security_hole(webmaticPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl 2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_daintree_sna_dos_vuln_lin.nasl 6340 2009-12-23 12:52:09Z dec $
+#
+# Wireshark Daintree SNA File Parser Denial of Service Vulnerability (Linux)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900989);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-4376");
+ script_bugtraq_id(37407);
+ script_name("Wireshark Daintree SNA File Parser Denial of Service Vulnerability (Linux)");
+ desc = "
+ Overview: This host is installed with Wireshark and is prone to Denial of
+ Service vulnerability.
+
+ Vulnerability Insight:
+ A boundary error occurs in the 'daintree_sna_read()' function in the Daintree
+ SNA file parser while processing malformed captured pcap files.
+
+ Impact:
+ Successful exploitation will allow attackers to cause Denial of Serivce
+ condition by tricking the user into opening a malformed packet trace file
+ through Wireshark.
+
+ Impact Level: System/Application.
+
+ Affected Software/OS:
+ Wireshark version 1.2.0 to 1.2.4 on Linux.
+
+ Fix: Upgrade to Wireshark version 1.2.5,
+ http://www.wireshark.org/download.html
+
+ References:
+ http://secunia.com/advisories/37842
+ http://www.vupen.com/english/advisories/2009/3596
+ http://www.wireshark.org/security/wnpa-sec-2009-09.html
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Wireshark");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_wireshark_detect_lin.nasl");
+ script_require_keys("Wireshark/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Linux/Ver");
+if(!sharkVer){
+ exit(0);
+}
+
+# Grep for Wireshark version 1.2.0 to 1.2.4
+if(version_in_range(version:sharkVer, test_version:"1.2.0",
+ test_version2:"1.2.4")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl 2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl 6340 2009-12-23 12:13:45Z dec $
+#
+# Wireshark IPMI Dissector Denial of Service Vulnerability (Win)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900988);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-4378");
+ script_bugtraq_id(37407);
+ script_name("Wireshark IPMI Dissector Denial of Service Vulnerability (Win)");
+ desc = "
+ Overview: This host is installed with Wireshark and is prone to IPMI Dissector
+ Denial of Service vulnerability.
+
+ Vulnerability Insight:
+ This flaw is caused due to an error in the IPMI dissector while formatting
+ date/time using strftime.
+
+ Impact:
+ Successful exploitation will allow attackers to cause Denial of Serivce
+ condition by tricking the user into reading a malformed packet trace file.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Wireshark version 1.2.0 to 1.2.4 on Windows.
+
+ Fix: Upgrade to Wireshark version 1.2.5,
+ http://www.wireshark.org/download.html
+
+ References:
+ http://secunia.com/advisories/37842
+ http://www.vupen.com/english/advisories/2009/3596
+ http://www.wireshark.org/security/wnpa-sec-2009-09.html
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.2
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Wireshark");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_wireshark_detect_win.nasl");
+ script_require_keys("Wireshark/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Win/Ver");
+if(!sharkVer){
+ exit(0);
+}
+
+# Grep for Wireshark version 1.2.0 to 1.2.4
+if(version_in_range(version:sharkVer, test_version:"1.2.0",
+ test_version2:"1.2.4")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl 2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_smb_dos_vuln_lin.nasl 6340 2009-12-23 13:49:51Z dec $
+#
+# Wireshark SMB Dissectors Denial of Service Vulnerability (Linux)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900991);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-4377");
+ script_bugtraq_id(37407);
+ script_name("Wireshark SMB Dissectors Denial of Service Vulnerability (Linux)");
+ desc = "
+ Overview: This host is installed with Wireshark and is prone to Denial of
+ Service vulnerability.
+
+ Vulnerability Insight:
+ Error occurs in the SMB and SMB2 dissectors while processing malformed
+ packets.
+
+ Impact:
+ Successful exploitation will allow attackers to trick the user to render the
+ crafted malicious capture packet thus causing Denial of Serivce attack.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Wireshark version 0.9.0 to 1.2.4 on Linux.
+
+ Fix: Upgrade to Wireshark version 1.2.5,
+ http://www.wireshark.org/download.html
+
+ References:
+ http://secunia.com/advisories/37842
+ http://www.vupen.com/english/advisories/2009/3596
+ http://www.wireshark.org/security/wnpa-sec-2009-09.html
+ https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301
+ http://www.wireshark.org/download/automated/captures/fuzz-2009-12-07-11141.pcap
+
+ CVSS Score:
+ CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.4
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Wireshark");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_wireshark_detect_lin.nasl");
+ script_require_keys("Wireshark/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Linux/Ver");
+if(!sharkVer){
+ exit(0);
+}
+
+# Grep for Wireshark version 0.9.0 to 1.2.4
+if(version_in_range(version:sharkVer, test_version:"0.9.0",
+ test_version2:"1.2.4")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
Added: trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl 2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl 2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xoops_content_module_sql_inj_vuln.nasl 6307 2009-12-24 16:07:29Z dec $
+#
+# Xoops Content Module SQL Injection Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900732);
+ script_version("$Revision$: 1.0");
+ script_cve_id("CVE-2009-4360");
+ script_bugtraq_id(37155);
+ script_name("Xoops Content Module SQL Injection Vulnerability");
+ desc = "
+ Overview: This host is running Xoops and is prone to SQL Injection
+ vulnerability.
+
+ Vulnerability Insight:
+ This flaw is caused due to improper sanitization of data inside 'Content'
+ module within the 'id' parameter which lets the remote unauthenticated
+ user to run arbitrary SQL Commands.
+
+ Impact:
+ Successful exploitation will let the remote attacker to execute arbitrary SQL
+ queires to compromise the remote machine running the vulnerable application.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Xoops 'Content' Module 0.5
+
+ Fix: Solution/Patch is not available as on 24th December 2009. For further
+ updates refer,
+ http://www.xoops.org/modules/repository/singlefile.php?cid=94&lid=1611
+
+ References:
+ http://xforce.iss.net/xforce/xfdb/54489
+ http://securityreason.com/exploitalert/7494
+ http://www.packetstormsecurity.org/0911-exploits/xoopscontent-sql.txt
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 6.7
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of XOOPS");
+ script_category(ACT_ATTACK);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Web application abuses");
+ script_dependencies("find_service.nes");
+ script_require_ports("Services/www", 80);
+ exit(0);
+}
+
+
+include("http_func.inc");
+
+xoopsPort = get_http_port(default:80);
+if(!xoopsPort){
+ exit(0);
+}
+
+if(!can_host_php(port:xoopsPort)){
+ exit(0);
+}
+
+if(safe_checks()){
+ exit(0);
+}
+
+foreach dir (make_list("/", "/xoops", "/cms", "/content", cgi_dirs()))
+{
+ sndReq = http_get(item: string(dir + "/modules/content/index.php?id=1"),
+ port: xoopsPort);
+ rcvRes = http_send_recv(port:xoopsPort, data:sndReq);
+
+ if("blockContent" >< rcvRes && "blockTitle" >< rcvRes)
+ {
+ request = http_get(item:dir+"/modules/content/index.php?id=-1+UNION+SELECT"+
+ "+1,2,3,@@version,5,6,7,8,9,10,11--", port:xoopsPort);
+ response = http_send_recv(port:xoopsPort, data:request);
+
+ if("Set-Cookie: " >< response && "PHPSESSID" >< response &&
+ "path=/" >< response)
+ {
+ security_hole(xoopsPort);
+ exit(0);
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:keywords
+ Revision
More information about the Openvas-commits
mailing list