[Openvas-commits] r6248 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Dec 24 14:02:02 CET 2009


Author: chandra
Date: 2009-12-24 14:01:59 +0100 (Thu, 24 Dec 2009)
New Revision: 6248

Added:
   trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl
   trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl
   trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/cpe.inc
   trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl
   trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/ChangeLog	2009-12-24 13:01:59 UTC (rev 6248)
@@ -1,3 +1,18 @@
+2009-12-24  Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/secpod_xoops_content_module_sql_inj_vuln.nasl
+	scripts/secpod_wireshark_smb_dos_vuln_lin.nasl
+	scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl
+	scripts/secpod_valarsoft_webmatic_detect.nasl
+	scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl
+	scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl:
+	Added new plugins.
+
+	* scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl,
+	scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl: Corrected the KB name.
+
+	* scripts/cpe.inc: Added new CPE's.
+
 2009-12-23 Felix Wolfsteller <felix.wolfsteller at intevation.de>
 
 	Added "registry-kb-proxy" (see

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/cve_current.txt	2009-12-24 13:01:59 UTC (rev 6248)
@@ -435,3 +435,7 @@
 CVE-2009-3997			SecPod		svn		L
 CVE-2009-3996			SecPod		svn		L
 CVE-2009-4356			SecPod		svn		L
+CVE-2009-4378			SecPod		svn		L
+CVE-2009-4376			SecPod		svn		L
+CVE-2009-4377			SecPod		svn		L
+CVE-2009-4360			SecPod		svn		R

Modified: trunk/openvas-plugins/scripts/cpe.inc
===================================================================
--- trunk/openvas-plugins/scripts/cpe.inc	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/cpe.inc	2009-12-24 13:01:59 UTC (rev 6248)
@@ -767,7 +767,8 @@
 "SSH/banner/", "^([0-9.]+)", "cpe:/a:openssh:openssh:",
 "www/*/phpldapadmin", "^([0-9.]+)", "cpe:/a:phpldapadmin:phpldapadmin:",
 "www/*/AlefMentor", "^([0-9.]+)", "cpe:/a:findmysoft:alefmentor:",
-"www/*/FamilyConnections", "^([0-9.]+)", "cpe:/a:haudenschilt:family_connections_cms:"
+"www/*/FamilyConnections", "^([0-9.]+)", "cpe:/a:haudenschilt:family_connections_cms:",
+"www/*/Valarsoft/Webmatic","^([0-9.]+)", "cpe:/a:valarsoft:webmatic:"
 );
 
 

Modified: trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl	2009-12-24 13:01:59 UTC (rev 6248)
@@ -5,8 +5,11 @@
 # IBM DB2 Multiple Vulnerabilities (Linux)
 #
 # Authors:
-# Antu Sanadi<santu at secpod.com>
+# Antu Sanadi <santu at secpod.com>
 #
+# Updated KB Name
+# Antu Sanadi <santu at secpod.com> on 2009-12-21
+#
 # Copyright:
 # Copyright (c) 2009 SecPod, http://www.secpod.com
 #
@@ -27,13 +30,13 @@
 if(description)
 {
   script_id(900678);
-  script_version("$Revision: 1.0 $");
+  script_version("$Revision$: 1.1");
   script_cve_id("CVE-2009-1905","CVE-2009-1906");
   script_bugtraq_id(35171);
   script_name("IBM DB2 Multiple Vulnerabilities (Linux)");
   desc = "
 
-  Overview: The host is installed with IBM DB2 and is prone to multiple 
+  Overview: The host is installed with IBM DB2 and is prone to multiple
   vulnerabilities.
 
   Vulnerability Insight:
@@ -73,14 +76,14 @@
   script_copyright("Copyright (C) 2009 SecPod");
   script_family("General");
   script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
-  script_require_keys("Linux/IBM-db2/Ver");
+  script_require_keys("Linux/IBM_db2/Ver");
   exit(0);
 }
 
 
 include("version_func.inc");
 
-ibmVer = get_kb_item("Linux/IBM-db2/Ver");
+ibmVer = get_kb_item("Linux/IBM_db2/Ver");
 if(!ibmVer){
   exit(0);
 }
@@ -91,11 +94,8 @@
 # IBM DB2 9.1 FP6a => 9.1.0.6a
 # IBM DB2 9.5 FP3b => 9.5.0.3b
 
-if(version_in_range(version:ibmVer, test_version:"8.0",
-                    test_version2:"8.1.16") ||
-   version_in_range(version:ibmVer, test_version:"9.1",
-                    test_version2:"9.1.0.6a") ||
-   version_in_range(version:ibmVer, test_version:"9.5",
-                    test_version2:"9.5.0.3b")){
+if(version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.16") ||
+   version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.6a") ||
+   version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.3b")){
   security_warning(0);
 }


Property changes on: trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin01.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Modified: trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl	2009-12-24 13:01:59 UTC (rev 6248)
@@ -7,6 +7,9 @@
 # Authors:
 # Antu Sanadi<santu at secpod.com>
 #
+# Updated KB Name
+# Antu Sanadi <santu at secpod.com> on 2009-12-21
+#
 # Copyright:
 # Copyright (c) 2009 SecPod, http://www.secpod.com
 #
@@ -27,7 +30,7 @@
 if(description)
 {
   script_id(900679);
-  script_version("$Revision: 1.0 $");
+  script_version("$Revision$: 1.1");
   script_cve_id("CVE-2008-6821", "CVE-2008-6820", "CVE-2008-2154");
   script_bugtraq_id(31058, 35409);
   script_name("IBM DB2 Multiple Vulnerabilities (Linux)");
@@ -78,14 +81,14 @@
   script_copyright("Copyright (C) 2009 SecPod");
   script_family("General");
   script_dependencies("secpod_ibm_db2_detect_linux_900217.nasl");
-  script_require_keys("Linux/IBM-db2/Ver");
+  script_require_keys("Linux/IBM_db2/Ver");
   exit(0);
 }
 
 
 include("version_func.inc");
 
-ibmVer = get_kb_item("Linux/IBM-db2/Ver");
+ibmVer = get_kb_item("Linux/IBM_db2/Ver");
 if(!ibmVer){
   exit(0);
 }
@@ -96,11 +99,8 @@
 # IBM DB2 9.1 FP4a =>9.1.0.4
 # IBM DB2 9.5 FP1 =>9.5.0.1
 
-if(version_in_range(version:ibmVer, test_version:"8.0",
-                    test_version2:"8.1.16") ||
-   version_in_range(version:ibmVer, test_version:"9.1",
-                    test_version2:"9.1.0.4") ||
-   version_in_range(version:ibmVer, test_version:"9.5",
-                    test_version2:"9.5.0.1")){
+if(version_in_range(version:ibmVer, test_version:"8.0", test_version2:"8.1.16") ||
+   version_in_range(version:ibmVer, test_version:"9.1", test_version2:"9.1.0.4") ||
+   version_in_range(version:ibmVer, test_version:"9.5", test_version2:"9.5.0.1")){
   security_hole(0);
 }


Property changes on: trunk/openvas-plugins/scripts/secpod_ibm_db2_mult_dos_vuln_lin02.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl	2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_valarsoft_webmatic_detect.nasl 6367 2009-12-23 16:25:36Z dec $
+#
+# Valarsoft Webmatic Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901087);
+  script_version("$Revision$: 1.0");
+  script_name("Valarsoft Webmatic Version Detection");
+  desc = "
+  Overview: This script finds the running Valarsoft Webmatic version and
+  saves the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Set the version of Valarsoft Webmatic in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+webmaticPort = get_http_port(default:80);
+if(!webmaticPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/webmatic", "/web", cgi_dirs()))
+{
+  sndReq = http_get(item:string(path, "/index.php"), port:webmaticPort);
+  rcvRes = http_send_recv(port:webmaticPort, data:sndReq);
+  if("Welcome to Webmatic" >< rcvRes)
+  {
+    webmaticVer = eregmatch(pattern:"Webmatic ([0-9.]+)", string:rcvRes);
+    if(webmaticVer[1] != NULL)
+    {
+      set_kb_item(name:"www/" + webmaticPort + "/Valarsoft/Webmatic",
+                  value:webmaticVer[1] + " under " + path);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_valarsoft_webmatic_detect.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl	2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,99 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl 6367 2009-12-23 24:10:29Z dec $
+#
+# Valarsoft Webmatic Multiple XSS and SQL Injection Vulnerabilities
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(901088);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4379", "CVE-2009-4380");
+  script_bugtraq_id(37335);
+  script_name("Valarsoft Webmatic Multiple XSS and SQL Injection Vulnerabilities");
+  desc = "
+  Overview: This host is running Valarsoft Webmatic and is prone to multiple
+  Cross-Site Scripting and SQL Injection vulnerabilities.
+
+  Vulnerability Insight:
+  - Certain unspecified input is not properly sanitised before being returned to
+    the user. This can be exploited to execute arbitrary HTML and script code in
+    a user's browser session in the context of an affected site.
+  - Certain unspecified input is not properly sanitised before being used in SQL
+    queries. This can be exploited to manipulate SQL queries by injecting
+    arbitrary SQL code.
+
+  Impact:
+  Successful exploitation will let the attacker cause Cross-Site Scripting or
+  SQL Injection attacks by executing arbitrary codes within the context of the
+  affected application.
+
+  Impact Level: Application.
+
+  Affected Software/OS:
+  Valarsoft Webmatic prior to 3.0.3
+
+  Fix: Upgrade to Valarsoft Webmatic version 3.0.3.
+  For Updates Refer, http://www.valarsoft.com
+
+  References:
+  http://secunia.com/advisories/37735
+  http://www.valarsoft.com/index.php?stage=0&section=5&newsID=165&action=6
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.5
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Valarsoft Webmatic");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Web application abuses");
+  script_dependencies("secpod_valarsoft_webmatic_detect.nasl");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+webmaticPort = get_http_port(default:80);
+if(!webmaticPort){
+  exit(0);
+}
+
+webmaticVer = get_kb_item("www/"+ webmaticPort + "/Valarsoft/Webmatic");
+if(!webmaticVer){
+  exit(0);
+}
+
+webmaticVer = eregmatch(pattern:"^(.+) under (/.*)$", string:webmaticVer);
+if(webmaticVer[1])
+{
+  # Check for Volarsoft Webmatic prior to 3.0.3
+  if(version_is_less(version:webmaticVer[1], test_version:"3.0.3")){
+    security_hole(webmaticPort);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_vsoft_webmatic_xss_n_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl	2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_daintree_sna_dos_vuln_lin.nasl 6340 2009-12-23 12:52:09Z dec $
+#
+# Wireshark Daintree SNA File Parser Denial of Service Vulnerability (Linux)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900989);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4376");
+  script_bugtraq_id(37407);
+  script_name("Wireshark Daintree SNA File Parser Denial of Service Vulnerability (Linux)");
+  desc = "
+  Overview: This host is installed with Wireshark and is prone to Denial of
+  Service vulnerability.
+
+  Vulnerability Insight:
+  A boundary error occurs in the 'daintree_sna_read()' function in the Daintree
+  SNA file parser while processing malformed captured pcap files.
+
+  Impact:
+  Successful exploitation will allow attackers to cause Denial of Serivce
+  condition by tricking the user into opening a malformed packet trace file
+  through Wireshark.
+
+  Impact Level: System/Application.
+
+  Affected Software/OS:
+  Wireshark version 1.2.0 to 1.2.4 on Linux.
+
+  Fix: Upgrade to Wireshark version 1.2.5,
+  http://www.wireshark.org/download.html
+
+  References:
+  http://secunia.com/advisories/37842
+  http://www.vupen.com/english/advisories/2009/3596
+  http://www.wireshark.org/security/wnpa-sec-2009-09.html
+  https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4294
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_wireshark_detect_lin.nasl");
+  script_require_keys("Wireshark/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Linux/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Grep for Wireshark version 1.2.0 to 1.2.4
+if(version_in_range(version:sharkVer, test_version:"1.2.0",
+                                     test_version2:"1.2.4")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_daintree_sna_dos_vuln_lin.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl	2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl 6340 2009-12-23 12:13:45Z dec $
+#
+# Wireshark IPMI Dissector Denial of Service Vulnerability (Win)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900988);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4378");
+  script_bugtraq_id(37407);
+  script_name("Wireshark IPMI Dissector Denial of Service Vulnerability (Win)");
+  desc = "
+  Overview: This host is installed with Wireshark and is prone to IPMI Dissector
+  Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused due to an error in the IPMI dissector while formatting
+  date/time using strftime.
+
+  Impact:
+  Successful exploitation will allow attackers to cause Denial of Serivce
+  condition by tricking the user into reading a malformed packet trace file.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Wireshark version 1.2.0 to 1.2.4 on Windows.
+
+  Fix: Upgrade to Wireshark version 1.2.5,
+  http://www.wireshark.org/download.html
+
+  References:
+  http://secunia.com/advisories/37842
+  http://www.vupen.com/english/advisories/2009/3596
+  http://www.wireshark.org/security/wnpa-sec-2009-09.html
+  https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4319
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 3.2
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_wireshark_detect_win.nasl");
+  script_require_keys("Wireshark/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Win/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Grep for Wireshark version 1.2.0 to 1.2.4
+if(version_in_range(version:sharkVer, test_version:"1.2.0",
+                                     test_version2:"1.2.4")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_ipmi_dissector_dos_vuln_win.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl	2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_wireshark_smb_dos_vuln_lin.nasl 6340 2009-12-23 13:49:51Z dec $
+#
+# Wireshark SMB Dissectors Denial of Service Vulnerability (Linux)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900991);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4377");
+  script_bugtraq_id(37407);
+  script_name("Wireshark SMB Dissectors Denial of Service Vulnerability (Linux)");
+  desc = "
+  Overview: This host is installed with Wireshark and is prone to Denial of
+  Service vulnerability.
+
+  Vulnerability Insight:
+  Error occurs in the SMB and SMB2 dissectors while processing malformed
+  packets.
+
+  Impact:
+  Successful exploitation will allow attackers to trick the user to render the
+  crafted malicious capture packet thus causing Denial of Serivce attack.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Wireshark version 0.9.0 to 1.2.4 on Linux.
+
+  Fix: Upgrade to Wireshark version 1.2.5,
+  http://www.wireshark.org/download.html
+
+  References:
+  http://secunia.com/advisories/37842
+  http://www.vupen.com/english/advisories/2009/3596
+  http://www.wireshark.org/security/wnpa-sec-2009-09.html
+  https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=4301
+  http://www.wireshark.org/download/automated/captures/fuzz-2009-12-07-11141.pcap
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 3.4
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the version of Wireshark");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_wireshark_detect_lin.nasl");
+  script_require_keys("Wireshark/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sharkVer = get_kb_item("Wireshark/Linux/Ver");
+if(!sharkVer){
+  exit(0);
+}
+
+# Grep for Wireshark version 0.9.0 to 1.2.4
+if(version_in_range(version:sharkVer, test_version:"0.9.0",
+                                     test_version2:"1.2.4")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_wireshark_smb_dos_vuln_lin.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision

Added: trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl	2009-12-23 11:15:24 UTC (rev 6247)
+++ trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl	2009-12-24 13:01:59 UTC (rev 6248)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xoops_content_module_sql_inj_vuln.nasl 6307 2009-12-24 16:07:29Z dec $
+#
+# Xoops Content Module SQL Injection Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900732);
+  script_version("$Revision$: 1.0");
+  script_cve_id("CVE-2009-4360");
+  script_bugtraq_id(37155);
+  script_name("Xoops Content Module SQL Injection Vulnerability");
+  desc = "
+  Overview: This host is running Xoops and is prone to SQL Injection
+  vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused due to improper sanitization of data inside 'Content'
+  module within the 'id' parameter which lets the remote unauthenticated
+  user to run arbitrary SQL Commands.
+
+  Impact:
+  Successful exploitation will let the remote attacker to execute arbitrary SQL
+  queires to compromise the remote machine running the vulnerable application.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Xoops 'Content' Module 0.5
+
+  Fix: Solution/Patch is not available as on 24th December 2009. For further
+  updates refer,
+  http://www.xoops.org/modules/repository/singlefile.php?cid=94&lid=1611
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/54489
+  http://securityreason.com/exploitalert/7494
+  http://www.packetstormsecurity.org/0911-exploits/xoopscontent-sql.txt
+
+  CVSS Score:
+    CVSS Base Score     : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 6.7
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of XOOPS");
+  script_category(ACT_ATTACK);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Web application abuses");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+xoopsPort = get_http_port(default:80);
+if(!xoopsPort){
+  exit(0);
+}
+
+if(!can_host_php(port:xoopsPort)){
+  exit(0);
+}
+
+if(safe_checks()){
+  exit(0);
+}
+
+foreach dir (make_list("/", "/xoops", "/cms", "/content", cgi_dirs()))
+{
+  sndReq = http_get(item: string(dir + "/modules/content/index.php?id=1"),
+                    port: xoopsPort);
+  rcvRes = http_send_recv(port:xoopsPort, data:sndReq);
+
+  if("blockContent" >< rcvRes && "blockTitle" >< rcvRes)
+  {
+    request = http_get(item:dir+"/modules/content/index.php?id=-1+UNION+SELECT"+
+                       "+1,2,3,@@version,5,6,7,8,9,10,11--", port:xoopsPort);
+    response = http_send_recv(port:xoopsPort, data:request);
+
+    if("Set-Cookie: " >< response && "PHPSESSID" >< response &&
+                                          "path=/" >< response)
+    {
+      security_hole(xoopsPort);
+      exit(0);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_xoops_content_module_sql_inj_vuln.nasl
___________________________________________________________________
Name: svn:keywords
   + Revision



More information about the Openvas-commits mailing list