[Openvas-commits] r2583 - in trunk/openvas-plugins: . scripts

[scm-commit@wald.intevation.org]

Author: chandra
Date: 2009-02-26 05:27:20 +0100 (Thu, 26 Feb 2009)
New Revision: 2583

Added:
   trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_detect.nasl
   trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_xss_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_lin.nasl
   trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_jaws_cms_dir_traversal_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_ms_live_msngr_charset_dos_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_detect.nasl
   trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_dos_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_raidenftpd_server_detect.nasl
   trunk/openvas-plugins/scripts/secpod_raidenftpd_server_dos_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/ChangeLog	2009-02-26 04:27:20 UTC (rev 2583)
@@ -1,3 +1,16 @@
+2009-02-26 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/secpod_noticeware_mail_server_dos_vuln.nasl,
+	scripts/secpod_jaws_cms_dir_traversal_vuln.nasl,
+	scripts/secpod_eset_remote_administrator_xss_vuln.nasl,
+	scripts/secpod_noticeware_mail_server_detect.nasl,
+	scripts/secpod_firefox_url_spoof_vuln_lin.nasl,
+	scripts/secpod_ms_live_msngr_charset_dos_vuln.nasl,
+	scripts/secpod_eset_remote_administrator_detect.nasl,
+	scripts/secpod_firefox_url_spoof_vuln_win.nasl,
+	scripts/secpod_raidenftpd_server_dos_vuln.nasl,
+	scripts/secpod_raidenftpd_server_detect.nasl:
+	Added new plugins
+
 2009-02-25 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/oscommerce_detect.nasl,
 	scripts/joomla_mambo_gigcalendar_component_sql_injection.nasl,

Added: trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_detect.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_detect.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,74 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_eset_remote_administrator_detect.nasl 1028 2009-02-24 16:14:79Z feb $
+#
+# ESET Remote Administrator Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+################################################################################
+
+if(description)
+{
+  script_id(900508);
+  script_version("Revision: 1.0 $");
+  script_name(english:"ESET Remote Administrator Version Detection");
+  desc["english"] = "
+
+  Overview: This script detects the installed version of ESET Remote
+  Administrator and saves the version in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_family(english:"General");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod ");
+  script_summary(english:"Set Version of ESET Remote Administrator in KB");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(registry_key_exists(key:"SOFTWARE\ESET\ESET Remote Administrator\Console"))
+{
+  consoleVer = registry_get_sz(key:"SOFTWARE\ESET\ESET Remote Administrator" +
+                                   "\Console\CurrentVersion\Info",
+                               item:"ProductVersion");
+  if(consoleVer != NULL){
+    set_kb_item(name:"ESET/RemoteAdmin/Console/Ver", value:consoleVer);
+  }
+}
+
+if(registry_key_exists(key:"SOFTWARE\ESET\ESET Remote Administrator\Server"))
+{
+  servVer = registry_get_sz(key:"SOFTWARE\ESET\ESET Remote Administrator" +
+                                "\Server\CurrentVersion\Info",
+                            item:"ProductVersion");
+  if(servVer != NULL){
+    set_kb_item(name:"ESET/RemoteAdmin/Server/Ver", value:servVer);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_xss_vuln.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_xss_vuln.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,89 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_eset_remote_administrator_xss_vuln.nasl 1028 2009-02-24 17:10:42Z feb $
+#
+# ESET Remote Administrator XSS Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900509);
+  script_cve_id("CVE-2009-0548");
+  script_bugtraq_id(33633);
+  script_version("Revision: 1.0 $");
+  script_name(english:"ESET Remote Administrator XSS Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is running ESET Remote Administrator and is prone
+  to remote Cross-Site Scripting vulnerability.
+
+  Vulnerability Insight:
+  This vulnerability exists in the Additional Report Settings interface which
+  fails to properly sanitize user supplied input before using it in dynamically
+  generated content. As a result the host becomes vulnerable to arbitrary web
+  script or HTML code injection.
+
+  Impact: Successful explotiation will allow the attacker to execute arbitrary
+  code in the scope of the application and can compromise the way the site is
+  rendered to the user.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  ESET Remote Administrator version prior to 3.0.105 on Windows.
+
+  Fix: Upgrade to the version 3.0.105,
+  http://www.eset.eu/products/eset-remote-administrator-3
+
+  References:
+  http://secunia.com/advisories/33805
+  http://www.eset.eu/support/changelog-eset-remote-administrator-3
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.2
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the Version of ESET Remote Administrator");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Web application abuses");
+  script_dependencies("secpod_eset_remote_administrator_detect.nasl");
+  script_require_keys("ESET/RemoteAdmin/Console/Ver",
+                      "ESET/RemoteAdmin/Server/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+esetConsVer = get_kb_item("ESET/RemoteAdmin/Console/Ver");
+esetServVer = get_kb_item("ESET/RemoteAdmin/Server/Ver");
+
+if((esetConsVer != NULL) || (esetServVer != NULL))
+{
+  if(version_is_less(version:esetConsVer, test_version:"3.0.105") ||
+     version_is_less(version:esetServVer, test_version:"3.0.105")){
+    security_warning(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_eset_remote_administrator_xss_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_lin.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_lin.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_url_spoof_vuln_lin.nasl 1060 2009-02-25 15:05:33Z feb $
+#
+# Firefox URL Spoofing And Phising Vulnerability (Linux)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900512);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-0652");
+  script_bugtraq_id(33837);
+  script_name(english:"Firefox URL Spoofing And Phising Vulnerability (Linux)");
+  desc["english"] = "
+
+  Overview: The host is installed with Mozilla Firefox browser and is prone
+  to URL spoofing and phising vulnerability.
+
+  Vulnerability Insight:
+  Firefox doesn't properly prevent the literal rendering of homoglyph
+  characters in IDN domain names. This renders the user vulnerable to URL
+  spoofing and phising attacks as the atatcker may redirect the user to a
+  different arbitrary malformed website.
+
+  Impact: Successful remote exploitation will let the attacker spoof the URL
+  information by using homoglyphs of say the /(slash) and ?(question mark)and
+  can gain sensitive information by redirecting the user to any malicious URL.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Mozilla Firefox version 3.0.6 and prior on Linux.
+
+  Fix: No solution or patch is available as on 25th February, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.mozilla.com/en-US/firefox/
+
+  References:
+  http://www.mozilla.org/projects/security/tld-idn-policy-list.html
+  http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike
+
+  CVSS Score:
+    CVSS Base Score     : 5.8 (AV:N/AC:M/Au:NR/C:N/I:P/A:P)
+    CVSS Temporal Score : 4.9
+  Risk factor : Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Mozilla Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"General");
+  script_dependencies("gb_firefox_detect_lin.nasl");
+  script_require_keys("Firefox/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+firefoxVer = get_kb_item("Firefox/Linux/Ver");
+if(!firefoxVer){
+  exit(0);
+}
+
+if(version_is_less_equal(version:firefoxVer, test_version:"3.0.6")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_win.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_win.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_url_spoof_vuln_win.nasl 1060 2009-02-25 16:05:33Z feb $
+#
+# Firefox URL Spoofing And Phising Vulnerability (Win)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900513);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-0652");
+  script_bugtraq_id(33837);
+  script_name(english:"Firefox URL Spoofing And Phising Vulnerability (Win)");
+  desc["english"] = "
+
+  Overview: The host is installed with Mozilla Firefox browser and is prone
+  to URL spoofing and phising vulnerability.
+
+  Vulnerability Insight:
+  Firefox doesn't properly prevent the literal rendering of homoglyph
+  characters in IDN domain names. This renders the user vulnerable to URL
+  spoofing and phising attacks as the atatcker may redirect the user to a
+  different arbitrary malformed website.
+
+  Impact: Successful remote exploitation will let the attacker spoof the URL
+  information by using homoglyphs of say the /(slash) and ?(question mark)and
+  can gain sensitive information by redirecting the user to any malicious URL.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Mozilla Firefox version 3.0.6 and prior on Windows.
+
+  Fix: No solution or patch is available as on 25th February, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.mozilla.com/en-US/firefox/
+
+  References:
+  http://www.mozilla.org/projects/security/tld-idn-policy-list.html
+  http://www.blackhat.com/html/bh-dc-09/bh-dc-09-speakers.html#Marlinspike
+
+  CVSS Score:
+    CVSS Base Score     : 5.8 (AV:N/AC:M/Au:NR/C:N/I:P/A:P)
+    CVSS Temporal Score : 4.9
+  Risk factor : Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Mozilla Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"General");
+  script_dependencies("gb_firefox_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+firefoxVer = get_kb_item("Firefox/Win/Ver");
+if(!firefoxVer){
+  exit(0);
+}
+
+if(version_is_less_equal(version:firefoxVer, test_version:"3.0.6")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_url_spoof_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_jaws_cms_dir_traversal_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_jaws_cms_dir_traversal_vuln.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_jaws_cms_dir_traversal_vuln.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,107 @@
+##############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_jaws_cms_dir_traversal_vuln.nasl 1041 2009-02-20 11:15:29Z feb $
+#
+# Jaws CMS Directory Traversal Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900460);
+  script_version("$Revision: 1.0 $");
+  script_bugtraq_id(33607);
+  script_cve_id("CVE-2009-0645");
+  script_name(english:"Jaws CMS Directory Traversal Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is running Jaws CMS and is prone to Directory
+  Traversal Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is caused due to error in file 'index.php' in 'language'
+  parameter which lets the attacker execute local file inclusion attacks.
+
+  Impact:
+  Successful exploitation will let the attacker execute local file inclusion
+  attacks and gain sensitive information about the remote system directories
+  where Jaws CMS runs.
+
+  Impact level: Application/System
+
+  Affected Software/OS:
+  Jaws CMS 0.8.8 and prior
+
+  Fix:
+  Upgrade to the latest version 0.8.9
+  http://www.jaws-project.com
+
+  References:
+  http://www.milw0rm.com/exploits/7976
+  http://xforce.iss.net/xforce/xfdb/48476
+
+  CVSS Score:
+    CVSS Base Score     : 6.5 (AV:N/AC:L/Au:SI/C:P/I:P/A:P)
+    CVSS Temporal Score : 5.1
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for version of Jaws CMS");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Web application abuses");
+  script_require_ports("Services/www", 80);
+  script_dependencies("http_version.nasl");
+  exit(0);
+}
+
+
+include("version_func.inc");
+include("http_func.inc");
+include("http_keepalive.inc");
+
+jawsPort = get_kb_item("Services/www");
+if(!get_port_state(jawsPort)){
+  exit(0);
+}
+
+foreach path(make_list("/", cgi_dirs()))
+{
+  request = http_get(item:"/jaws/index.php", port:jawsPort);
+  response = http_keepalive_send_recv(port:jawsPort, data:request);
+  if(response == NULL){
+    exit(0);
+  }
+  if("Jaws" >< response)
+  {
+    version = eregmatch(pattern:"Jaws ([0-9.]+)", string:response);
+    if(version[1] != NULL)
+    {
+      if(version_is_less_equal(version:version[1], test_version:"0.8.8"))
+      {
+        security_hole(jawsPort);
+        exit(0);
+      }
+    }
+    exit(0);
+  }
+}
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/secpod_jaws_cms_dir_traversal_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_ms_live_msngr_charset_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms_live_msngr_charset_dos_vuln.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_ms_live_msngr_charset_dos_vuln.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms_live_msngr_charset_dos_vuln.nasl 1044 2009-02-20 15:40:29Z feb $
+#
+# Microsoft MSN Live Messneger Denial of Service Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900461);
+  script_version("$Revision: 1.0 $");
+  script_bugtraq_id(33825);
+  script_cve_id("CVE-2009-0647");
+  script_name(english:"Microsoft MSN Live Messneger Denial of Service Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is running Microsoft MSN Live Messenger and is prone
+  to Denial of Service Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to failure in handling charset of the message which user
+  sends.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary codes in the
+  context of the application and can cause denial of service.
+
+  Impact level: Application/System
+
+  Affected Software/OS:
+  Microsoft Live Messenger version 14.0.8064.206 and prior.
+
+  Fix: Solution/patch not available as on 20th February 2009. For updates
+  refer, http://www.messenger.live.com
+
+  References:
+  http://www.securityfocus.com/archive/1/501043
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.5
+  Risk factor: Medium ";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Live Messenger");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Denial of service");
+  script_dependencies("gb_ms_win_live_messenger_detect.nasl");
+  script_require_keys("MS/LiveMessenger/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+liveVer = get_kb_item("MS/LiveMessenger/Ver");
+if(!liveVer){
+  exit(0);
+}
+
+# Grep for 'msnmsgr.exe' version 14.0.8064.0206 or prior.
+if(version_is_less_equal(version:liveVer, test_version:"14.0.8064.0206")){
+  security_warning(0);
+}
+


Property changes on: trunk/openvas-plugins/scripts/secpod_ms_live_msngr_charset_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_detect.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_detect.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,74 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_noticeware_mail_server_detect.nasl 1045 2009-02-24 13:10:24Z feb $
+#
+# NoticeWare Email Server Version Detection
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900462);
+  script_version("Revision: 1.0 ");
+  script_name(english:"NoticeWare Email Server Version Detection");
+  desc["english"] = "
+  Overview : This script detects the installed NoticeWare Email Server and
+  saves the version in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_family(english:"General");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_summary(english:"Set Version of NoticeWare Email Server in KB");
+  script_dependencies("find_service.nes", "secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("smtp_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!registry_key_exists(key:"SOFTWARE\NoticeWare\EmailServer")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item(registry_enum_keys(key:key))
+{
+  name = registry_get_sz(key:key + item, item:"DisplayName");
+  if("NoticeWare Email Server" >< name)
+  {
+    ver = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(ver != NULL)
+    {
+      set_kb_item(name:"NoticeWare/Mail/Server/Ver", value:ver);
+      exit(0);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_dos_vuln.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_dos_vuln.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_noticeware_mail_server_dos_vuln.nasl 1045 2009-02-24 17:20:29Z feb $
+#
+# NoticeWare Email Server Denial of Service Vulnerability
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900463);
+  script_version("$Revision: 1.0 $");
+  script_bugtraq_id(31697);
+  script_cve_id("CVE-2008-6185");
+  script_name(english:"NoticeWare Mail Server Denial of Service Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is running NoticeWare Mail Server and is prone to Denial
+  of Service Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to an error when handling multiple POP3 connections. The
+  server can crash when handling large number of POP3 connections issuing
+  login requests.
+
+  Impact:
+  Successful exploitation will let the attacker cause denial of service.
+
+  Impact level: Application/Network
+
+  Affected Software/OS:
+  NoticeWare Mail Server version 5.1.2.2 and prior.
+
+  Fix: Solution/patch not available as on 24th February 2009. For further
+  updates refer, http://www.noticeware.com/noticemail.htm
+
+  References:
+  http://secunia.com/advisories/32202
+  http://www.milw0rm.com/exploits/6719
+  http://xforce.iss.net/xforce/xfdb/45812
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.5
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of NoticeWare Mail Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Denial of service");
+  script_dependencies("secpod_noticeware_mail_server_detect.nasl");
+  script_require_ports("Services/smtp", 25);
+  script_require_keys("NoticeWare/Mail/Server/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+port = get_kb_item("Services/smtp");
+if(!port){
+  exit(0);
+}
+
+noticeVer = get_kb_item("NoticeWare/Mail/Server/Ver");
+if(noticeVer != NULL)
+{
+  # Grep for NoticeWare Email Server version 5.1.2.2 or prior
+  if(version_is_less_equal(version:noticeVer, test_version:"5.1.2.2"))
+  {
+    security_warning(port);
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_noticeware_mail_server_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_raidenftpd_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_raidenftpd_server_detect.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_raidenftpd_server_detect.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_raidenftpd_server_detect.nasl 1046 2009-02-25 15:21:24Z feb $
+#
+# RaidenFTPD Server Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900510);
+  script_version("$Revision: 1.0 $");
+  script_name(english:"RaidenFTPD Server Version Detection");
+  desc["english"] = "
+
+  Overview: This script finds the installed version of RaidenFTPD Server
+  and sets the result in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set KB for the version of RaidenFTPD Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"FTP");
+  script_dependencies("find_service.nes", "secpod_reg_enum.nasl");
+  script_require_ports("Services/ftp", 21);
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("ftp_func.inc");
+include("secpod_smb_func.inc");
+
+ftpPort = get_kb_item("Services/ftp");
+if(!ftpPort){
+  ftpPort = 21;
+}
+
+if(!get_port_state(ftpPort)){
+  exit(0);
+}
+
+if("RaidenFTPD" >!< get_ftp_banner(port:ftpPort)){
+  exit(0);
+}
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+exePath = registry_get_sz(key:"SYSTEM\CurrentControlSet\Services" +
+                              "\RaidenFTPDService", item:"ImagePath");
+if(!exePath){
+  exit(0);
+}
+
+exePath = exePath - "rftpdservice.exe" + "raidenftpd.exe";
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:exePath);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:exePath);
+
+rftpdVer = GetVer(file:file, share:share);
+if(rftpdVer != NULL){
+  set_kb_item(name:"RaidenFTPD/Ver", value:rftpdVer);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_raidenftpd_server_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_raidenftpd_server_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_raidenftpd_server_dos_vuln.nasl	2009-02-26 03:52:45 UTC (rev 2582)
+++ trunk/openvas-plugins/scripts/secpod_raidenftpd_server_dos_vuln.nasl	2009-02-26 04:27:20 UTC (rev 2583)
@@ -0,0 +1,93 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_raidenftpd_server_dos_vuln.nasl 1046 2009-02-25 11:50:29Z feb $
+#
+# RaidenFTPD Server CWD and MLST Command Denial of Service Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900511);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-6186");
+  script_bugtraq_id(31741);
+  script_name(english:"RaidenFTPD Server CWD and MLST Command Denial of Service Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is running RaidenFTPD Server and is prone to Denial of
+  Service Vulnerability.
+
+  Vulnerability Insight:
+  The flaw is due to a boundary error when handling overly long requested
+  directory names. As a result buffer overflow can be caused using specially
+  crafted CWD and MLST commands.
+
+  Impact:
+  Successful exploitation will let the user crash the application to cause
+  denial of service.
+
+  Affected Software/OS:
+  RaidenFTPD Server version 2.4.3620 and prior.
+
+  Fix:Upgrade to the latest version.
+  http://www.raidenftpd.com/en/
+
+  References:
+  http://secunia.com/advisories/32216
+  http://www.milw0rm.com/exploits/6742
+
+  CVSS Score:
+    CVSS Base Score     : 9.0 (AV:N/AC:L/Au:SI/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.7
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of RaidenFTPD Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_raidenftpd_server_detect.nasl");
+  script_require_ports("Services/ftp", 21);
+  script_require_keys("RaidenFTPD/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ftpPort = get_kb_item("Services/ftp");
+if(!ftpPort){
+  exit(0);
+}
+
+if(!get_port_state(ftpPort)){
+  exit(0);
+}
+
+rftpdVer = get_kb_item("RaidenFTPD/Ver");
+if(!rftpdVer){
+  exit(0);
+}
+
+if(version_is_less_equal(version:rftpdVer, test_version:"2.4.3620")){
+  security_hole(ftpPort);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_raidenftpd_server_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *