[Openvas-commits] r2498 - in trunk/openvas-plugins: . scripts

Mon Feb 16 16:42:21 CET 2009

Author: chandra
Date: 2009-02-16 16:42:20 +0100 (Mon, 16 Feb 2009)
New Revision: 2498

Added:
   trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_detect.nasl
   trunk/openvas-plugins/scripts/gb_kaspersky_av_bof_vuln.nasl
   trunk/openvas-plugins/scripts/gb_kaspersky_av_detect.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================

--- trunk/openvas-plugins/ChangeLog	2009-02-16 15:22:52 UTC (rev 2497)
+++ trunk/openvas-plugins/ChangeLog	2009-02-16 15:42:20 UTC (rev 2498)
@@ -1,4 +1,11 @@
 2009-02-16 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_elecard_mpeg_player_detect.nasl,
+	scripts/gb_elecard_mpeg_player_bof_vuln.nasl,
+	scripts/gb_kaspersky_av_bof_vuln.nasl,
+	scripts/gb_kaspersky_av_detect.nasl:
+	Added new plugins
+
+2009-02-16 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/gb_fedora_2008_2868_mod_suphp_fc8.nasl,
 	scripts/gb_fedora_2008_2867_centerim_fc8.nasl,
 	scripts/gb_fedora_2008_2941_wireshark_fc7.nasl,	

Added: trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_bof_vuln.nasl	2009-02-16 15:22:52 UTC (rev 2497)
+++ trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_bof_vuln.nasl	2009-02-16 15:42:20 UTC (rev 2498)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_elecard_mpeg_player_bof_vuln.nasl 1001 2009-02-10 15:56:36Z feb $
+#
+# Elecard MPEG Player Buffer Overflow Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800511);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-0491");
+  script_bugtraq_id(33089);
+  script_name(english:"Elecard MPEG Player Buffer Overflow Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is running Elecard MPEG Player and is prone to Buffer
+  Overflow Vulnerability.
+
+  Vulnerability Insight:
+  Issue is with boundary error while processing playlist 'm3u' files, which
+  may contain crafted long URLs.
+
+  Impact: Successful exploitation will let the attacker execute arbitrary
+  codes in the context of the application and may cause stack overflow in
+  the application.
+
+  Affected Software/OS:
+  Elecard MPEG Player 5.5 build 15884.081218 and prior.
+
+  Fix:
+  No solution or patch is available as on 16th February, 2009.Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer,
+  http://www.elecard.com/products/products-pc/consumer/mpeg-player
+
+  References:
+  http://osvdb.org/51075
+  http://secunia.com/advisories/33355
+  http://www.milw0rm.com/exploits/7637
+
+  CVSS Score:
+    CVSS Base Score     : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 8.4
+  Risk factor: Critical";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Elecard MPEG Player");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Buffer overflow");
+  script_dependencies("gb_elecard_mpeg_player_detect.nasl");
+  script_require_keys("Elecard/Player/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+epVer = get_kb_item("Elecard/Player/Ver");
+if(epVer == NULL){
+  exit(0);
+}
+
+if(version_is_less_equal(version:epVer, test_version:"5.5.15884.081218")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_detect.nasl	2009-02-16 15:22:52 UTC (rev 2497)
+++ trunk/openvas-plugins/scripts/gb_elecard_mpeg_player_detect.nasl	2009-02-16 15:42:20 UTC (rev 2498)
@@ -0,0 +1,130 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_elecard_mpeg_player_detect.nasl 1001 2009-02-11 90:07:05Z feb $
+#
+# Elecard MPEG Player Application Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800510);
+  script_version("$Revision: 1.0 $");
+  script_name(english:"Elecard MPEG Player Application Version Detection");
+  desc["english"] = "
+  Overview: This script detects the installed version of Elecard MPEG
+  Player application and sets the version in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Sets KB for the version of Elecard MPEG Player");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"General");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\Elecard")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+keys = registry_enum_keys(key:key);
+
+foreach item(keys)
+{
+  appName = registry_get_sz(key:key + item, item:"DisplayName");
+  if(appName == "Elecard MPEG Player")
+  {
+    path = registry_get_sz(key:key + item, item:"InstallLocation");
+    share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$",string:path);
+    file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",string:path+ "\MpegPlayer.exe");
+  }
+}
+
+name = kb_smb_name();
+domain = kb_smb_domain();
+login = kb_smb_login();
+pass = kb_smb_password();
+port = kb_smb_transport();
+
+soc = open_sock_tcp(port);
+if(!soc){
+  exit(0);
+}
+
+r = smb_session_request(soc:soc, remote:name);
+if(!r)
+{
+  close(soc);
+  exit(0);
+}
+
+prot = smb_neg_prot(soc:soc);
+if(!prot)
+{
+  close(soc);
+  exit(0);
+}
+
+r = smb_session_setup(soc:soc, login:login, password:pass,
+                      domain:domain, prot:prot);
+if(!r)
+{
+  close(soc);
+  exit(0);
+}
+
+uid = session_extract_uid(reply:r);
+r = smb_tconx(soc:soc, name:name, uid:uid, share:share);
+
+tid = tconx_extract_tid(reply:r);
+if(!tid)
+{
+  close(soc);
+  exit(0);
+}
+
+fid = OpenAndX(socket:soc, uid:uid, tid:tid, file:file);
+if(!fid)
+{
+  close(soc);
+  exit(0);
+}
+
+eleVer = GetVersion(socket:soc, uid:uid, tid:tid, fid:fid, offset:1067429);
+close(soc);
+if(eleVer != NULL)
+{
+  set_kb_item(name:"Elecard/Player/Ver", value:eleVer);
+  exit(0);
+}

Added: trunk/openvas-plugins/scripts/gb_kaspersky_av_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_kaspersky_av_bof_vuln.nasl	2009-02-16 15:22:52 UTC (rev 2497)
+++ trunk/openvas-plugins/scripts/gb_kaspersky_av_bof_vuln.nasl	2009-02-16 15:42:20 UTC (rev 2498)
@@ -0,0 +1,95 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_kaspersky_av_bof_vuln.nasl 1010 2009-02-13 13:40:29Z feb $
+#
+# Kaspersky AntiVirus Buffer Overflow Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800242);
+  script_version("$Revision: 1.0 $");
+  script_bugtraq_id(33561);
+  script_cve_id("CVE-2009-0449");
+  script_name(english:"Kaspersky AntiVirus Buffer Overflow Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is running Kaspersky AntiVirus or Workstation and is
+  prone to Buffer Overflow Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to an error in the klim5.sys driver when handling Kernel
+  API calls IOCTL 0x80052110 which can overwrite callback function pointers
+  and execute arbitrary codes into the context of the application.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary codes in the
+  context of the application or may cause privilege escalation. 
+
+  Impact level: Application/System
+
+  Affected Software/OS:
+  Kaspersky AntiVirus version 7.0.1.325 and prior on Windows.
+  Kaspersky AntiVirus Workstation version 6.0.3.837 and prior on Windows.
+
+  Fix: No solution or patch is available as on 16th February, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.kaspersky.com/productupdates?chapter=146274385
+
+  References:
+  http://secunia.com/advisories/33788
+  http://www.wintercore.com/advisories/advisory_W020209.html
+
+  CVSS Score:
+    CVSS Base Score     : 7.2 (AV:L/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 6.4
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Kaspersky AV/Workstation");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Buffer overflow");
+  script_dependencies("gb_kaspersky_av_detect.nasl");
+  script_require_keys("Kaspersky/AV/Ver", "Kaspersky/AV-Workstation/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+kavVer = get_kb_item("Kaspersky/AV/Ver");
+if(kavVer != NULL)
+{
+  if(version_is_less_equal(version:kavVer, test_version:"7.0.1.325")){
+    security_hole(0);
+    exit(0);
+  }
+}
+
+kavwVer = get_kb_item("Kaspersky/AV-Workstation/Ver");
+if(kavwVer != NULL)
+{
+  if(version_is_less_equal(version:kavwVer, test_version:"6.0.3.837")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_kaspersky_av_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/gb_kaspersky_av_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_kaspersky_av_detect.nasl	2009-02-16 15:22:52 UTC (rev 2497)
+++ trunk/openvas-plugins/scripts/gb_kaspersky_av_detect.nasl	2009-02-16 15:42:20 UTC (rev 2498)
@@ -0,0 +1,81 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_kaspersky_av_detect.nasl 1010 2009-02-13 13:10:24Z feb $
+#
+# Kaspersky AntiVirus Version Detection
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http//intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800241);
+  script_version("$Revision: 1.0 $");
+  script_name(english:"Kaspersky AntiVirus Version Detection");
+  desc["english"] = "
+  Overview : This script finds the installed Kaspersky AntiVirus and
+  saves the version in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set Version of Kaspersky AntiVirus in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"General");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\KasperskyLab")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+  if(registry_get_sz(key:key + item, item:"DisplayName") =~
+     "Kaspersky Anti-Virus [0-9.]+ for Windows Workstations")
+  {
+    kavwVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(kavwVer != NULL){
+      set_kb_item(name:"Kaspersky/AV-Workstation/Ver", value:kavwVer);
+    }
+    exit(0);
+  }
+  if(registry_get_sz(key:key + item, item:"DisplayName") =~
+     "Kaspersky Anti-Virus [0-9.]+")
+  {
+    kavVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(kavVer != NULL){
+      set_kb_item(name:"Kaspersky/AV/Ver", value:kavVer);
+    }
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/gb_kaspersky_av_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

