[Openvas-commits] r2585 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Feb 26 08:57:10 CET 2009
Author: chandra
Date: 2009-02-26 08:57:06 +0100 (Thu, 26 Feb 2009)
New Revision: 2585
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/clamav-CB-A08-0001.nasl
trunk/openvas-plugins/scripts/default_account.inc
trunk/openvas-plugins/scripts/flash_player_CB-A08-0059.nasl
trunk/openvas-plugins/scripts/gnutls_CB-A08-0079.nasl
Log:
Addressed Bug [#871] and socket busy issues
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-02-26 06:06:40 UTC (rev 2584)
+++ trunk/openvas-plugins/ChangeLog 2009-02-26 07:57:06 UTC (rev 2585)
@@ -1,4 +1,13 @@
2009-02-26 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/default_account.inc:
+ Included ssh_func.inc to fix Bug [#871]
+
+ * scripts/flash_player_CB-A08-0059.nasl,
+ scripts/gnutls_CB-A08-0079.nasl,
+ scripts/clamav-CB-A08-0001.nasl:
+ Optimized find operations, to address ssh socket busy issue
+
+2009-02-26 Chandrashekhar B <bchandra at secpod.com>
* extra/lsc_generator/parser/centos.py:
script filename made unique
Modified: trunk/openvas-plugins/scripts/clamav-CB-A08-0001.nasl
===================================================================
--- trunk/openvas-plugins/scripts/clamav-CB-A08-0001.nasl 2009-02-26 06:06:40 UTC (rev 2584)
+++ trunk/openvas-plugins/scripts/clamav-CB-A08-0001.nasl 2009-02-26 07:57:06 UTC (rev 2585)
@@ -8,102 +8,90 @@
if(description)
{
- script_id(90000);
- script_version ("$Revision: 06 $");
- name["english"] = "ClamAV < 0.93.1 vulnerability";
- script_name(english:name["english"]);
+ script_id(90000);
+ script_version ("$Revision: 06 $");
+ script_name(english:"ClamAV < 0.93.1 vulnerability");
- desc["english"] = "The remote host is probably affected by the vulnerabilities described in
-CVE 2007-6335 CVE 2007-6336 CVE 2007-6337 CVE-2008-0318 CVE-2008-1100 CVE-2008-1387 CVE-2008-2713
+ desc["english"] = "The remote host is probably affected by the
+ vulnerabilities described in CVE 2007-6335 CVE 2007-6336 CVE 2007-6337
+ CVE-2008-0318 CVE-2008-1100 CVE-2008-1387 CVE-2008-2713
-Impact
- CVE 2008-2713
- libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to
- cause a denial of service via a crafted Petite file that triggers an
- out-of-bounds read.
- CVE 2008-1387
- ClamAV before 0.93 allows remote attackers to cause a denial of service
- (CPU consumption) via a crafted ARJ archive, as demonstrated by the
- PROTOS GENOME test suite for Archive Formats.
- CVE 2008-1100
- Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c)
- for ClamAV 0.92 and 0.92.1 allows remote attackers to execute
- arbitrary code via a crafted Upack PE file.
- CVE 2008-0318
- Integer overflow in the cli_scanpe function in libclamav in
- ClamAV before 0.92.1, as used in clamd, allows remote attackers
- to cause a denial of service and possibly execute arbitrary code
- via a crafted Petite packed PE file, which triggers a heap-based
- buffer overflow.
- CVE 2007-6337
- Unspecified vulnerability in the bzip2 decompression algorithm
- in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact
- and remote attack vectors.
- CVE 2007-6336
- Off-by-one error in ClamAV before 0.92 allows remote attackers
- to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
- CVE 2007-6335
- Integer overflow in libclamav in ClamAV before 0.92 allows remote
- attackers to execute arbitrary code via a crafted MEW packed
- PE file, which triggers a heap-based buffer overflow.
+ Impact
+ CVE 2008-2713
+ libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause
+ a denial of service via a crafted Petite file that triggers an out-of-bound
+ read.
+ CVE 2008-1387
+ ClamAV before 0.93 allows remote attackers to cause a denial of service
+ (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS
+ GENOME test suite for Archive Formats.
+ CVE 2008-1100
+ Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c)
+ for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary
+ code via a crafted Upack PE file.
+ CVE 2008-0318
+ Integer overflow in the cli_scanpe function in libclamav in ClamAV before
+ 0.92.1, as used in clamd, allows remote attackers to cause a denial of
+ service and possibly execute arbitrary code via a crafted Petite packed
+ PE file, which triggers a heap-based buffer overflow.
+ CVE 2007-6337
+ Unspecified vulnerability in the bzip2 decompression algorithm in
+ nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote
+ attack vectors.
+ CVE 2007-6336
+ off-by-one error in ClamAV before 0.92 allows remote attackers to execute
+ arbitrary code via a crafted MS-ZIP compressed CAB file.
+ CVE 2007-6335
+ Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers
+ to execute arbitrary code via a crafted MEW packed PE file, which triggers
+ a heap-based buffer overflow.
+ References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335
-References:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1387
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1100
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-0318
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6337
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6336
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6335
+ Solution:
+ All ClamAV users should upgrade to the latest version:
-Solution:
- All ClamAV users should upgrade to the latest version:
+ Risk factor : High";
-
-Risk factor : High
-";
-
- script_description(english:desc["english"]);
- summary["english"] = "Determines the Version of ClamAV";
- script_summary(english:summary["english"]);
- script_category(ACT_GATHER_INFO);
- script_copyright(english:"This script is under GPLv2");
- family["english"] = "Local test";
- script_family(english:family["english"]);
- script_dependencies("ssh_authorization.nasl");
- exit(0);
+ script_description(english:desc["english"]);
+ script_summary["english"] = "Determines the Version of ClamAV";
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"This script is under GPLv2");
+ family["english"] = "Local test";
+ script_family(english:family["english"]);
+ exit(0);
}
#
# The code starts here
#
-
include("version_func.inc");
-clamavcnt = 0;
-r = find_bin(prog_name:"clamscan");
-foreach binary_name (r) {
- binary_name = chomp(binary_name);
- ver = get_bin_version(full_prog_name:binary_name, version_argv:"--version", ver_pattern:"([0-9\.]+)");
- if(ver != NULL) {
- clamavcnt++;
- if(version_is_less(version:ver[0], test_version:"0.93.1") ) {
- security_hole(port:0, proto:"ClamAV");
- report = string("\nFound : ") + binary_name + " Version : " + ver[max_index(ver)-1] + string("\n");
- security_hole(port:0, proto:"ClamAV", data:report);
- } else {
- report = "This host appears to be running ClamAV" + string("\n");
- report = report + string("\nFound : ") + binary_name + " Version : " + ver[max_index(ver)-1] + string("\n");
- security_note(port:0, proto:"ClamAV", data:report);
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+getPath = find_bin(prog_name:"clamscan", sock:sock);
+foreach binaryFile (getPath)
+{
+ avVer = get_bin_version(full_prog_name:chomp(binaryFile), version_argv:"-V",
+ ver_pattern:"ClamAV ([0-9.]+)", sock:sock);
+ if(avVer[1] != NULL)
+ {
+ # Check for < 0.93.1 version of ClamAV
+ if(version_is_less(version:avVer[1], test_version:"0.93.1")){
+ security_hole(0);
}
+ ssh_close_connection();
+ exit(0);
}
}
-
-if (report_verbosity > 1) {
- if(clamavcnt == 0) {
- report = "ClamAV not found or ssh login not possible on this host." + string("\n");
- security_note(port:0, proto:"ClamAV", data:report);
- }
-}
-exit(0);
+ssh_close_connection();
Modified: trunk/openvas-plugins/scripts/default_account.inc
===================================================================
--- trunk/openvas-plugins/scripts/default_account.inc 2009-02-26 06:06:40 UTC (rev 2584)
+++ trunk/openvas-plugins/scripts/default_account.inc 2009-02-26 07:57:06 UTC (rev 2585)
@@ -8,6 +8,7 @@
# $Id: default_account.inc,v 1.7 2004/07/30 01:03:02 renaud Exp $
#
+include("ssh_func.inc");
#
# Private functions
Modified: trunk/openvas-plugins/scripts/flash_player_CB-A08-0059.nasl
===================================================================
--- trunk/openvas-plugins/scripts/flash_player_CB-A08-0059.nasl 2009-02-26 06:06:40 UTC (rev 2584)
+++ trunk/openvas-plugins/scripts/flash_player_CB-A08-0059.nasl 2009-02-26 07:57:06 UTC (rev 2585)
@@ -6,119 +6,84 @@
if(description)
{
+ script_id(90018);
+ script_version ("$Revision: 01 $");
+ name["english"] = "Adobe Flash Player 9.0.115.0 and earlier vulnerability";
+ script_name(english:name["english"]);
- script_id(90018);
- script_version ("$Revision: 01 $");
- name["english"] = "Adobe Flash Player 9.0.115.0 and earlier vulnerability";
- script_name(english:name["english"]);
+ desc["english"] = "The remote host is probably affected by the vulnerabilities
+ described in CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637,
+ CVE-2008-1654, CVE-2008-1655
- desc["english"] = "The remote host is probably affected by the vulnerabilities described in
-CVE-2007-5275, CVE-2007-6019, CVE-2007-6243, CVE-2007-6637, CVE-2008-1654, CVE-2008-1655
+ Impact:
+ CVE 2007-5275
+ The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause
+ a victim machine to establish TCP sessions with arbitrary hosts via a
+ Flash (SWF) movie, related to lack of pinning of a hostname to a single
+ IP address after receiving an allow-access-from element in a
+ cross-domain-policy XML document, and the availability of a Flash Socket
+ class that does not use the browser's DNS pins, aka DNS rebinding attacks,
+ a different issue than CVE-2002-1467 and CVE-2007-4324.
+ CVE 2007-6019
+ Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier,
+ allows remote attackers to execute arbitrary code via an SWF file with
+ a modified DeclareFunction2 Actionscript tag, which prevents an object
+ from being instantiated properly.
+ CVE 2007-6243
+ Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x
+ up to 7.0.70.0 does not sufficiently restrict the interpretation and
+ usage of cross-domain policy files, which makes it easier for remote
+ attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
+ CVE 2007-6637
+ Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash
+ Player allow remote attackers to inject arbitrary web script or HTML
+ via a crafted SWF file, related to 'pre-generated SWF files' and Adobe
+ Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector
+ is already covered by CVE-2007-6244.1.
+ CVE 2008-1654
+ Interaction error between Adobe Flash and multiple Universal Plug and Play
+ (UPnP) services allow remote attackers to perform Cross-Site Request
+ Forgery (CSRF) style attacks by using the Flash navigateToURL function
+ to send a SOAP message to a UPnP control point, as demonstrated by changing
+ the primary DNS server.
+ CVE 2008-1655
+ Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier,
+ and 8.0.39.0 and earlier, makes it easier for remote attackers to
+ conduct DNS rebinding attacks via unknown vectors.
-Impact
- CVE 2007-5275
- The Adobe Macromedia Flash 9 plug-in allows remote attackers to cause
- a victim machine to establish TCP sessions with arbitrary hosts via a
- Flash (SWF) movie, related to lack of pinning of a hostname to a single
- IP address after receiving an allow-access-from element in a
- cross-domain-policy XML document, and the availability of a Flash Socket
- class that does not use the browser's DNS pins, aka DNS rebinding attacks,
- a different issue than CVE-2002-1467 and CVE-2007-4324.
- CVE 2007-6019
- Adobe Flash Player 9.0.115.0 and earlier, and 8.0.39.0 and earlier,
- allows remote attackers to execute arbitrary code via an SWF file with
- a modified DeclareFunction2 Actionscript tag, which prevents an object
- from being instantiated properly.
- CVE 2007-6243
- Adobe Flash Player 9.x up to 9.0.48.0, 8.x up to 8.0.35.0, and 7.x
- up to 7.0.70.0 does not sufficiently restrict the interpretation and
- usage of cross-domain policy files, which makes it easier for remote
- attackers to conduct cross-domain and cross-site scripting (XSS) attacks.
- CVE 2007-6637
- Multiple cross-site scripting (XSS) vulnerabilities in Adobe Flash
- Player allow remote attackers to inject arbitrary web script or HTML
- via a crafted SWF file, related to 'pre-generated SWF files' and Adobe
- Dreamweaver CS3 or Adobe Acrobat Connect. NOTE: the asfunction: vector
- is already covered by CVE-2007-6244.1.
- CVE 2008-1654
- Interaction error between Adobe Flash and multiple Universal Plug and Play
- (UPnP) services allow remote attackers to perform Cross-Site Request
- Forgery (CSRF) style attacks by using the Flash navigateToURL function
- to send a SOAP message to a UPnP control point, as demonstrated by changing
- the primary DNS server.
- CVE 2008-1655
- Unspecified vulnerability in Adobe Flash Player 9.0.115.0 and earlier,
- and 8.0.39.0 and earlier, makes it easier for remote attackers to
- conduct DNS rebinding attacks via unknown vectors.
+ References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
+ Solution:
+ All Adobe Flash Player users should upgrade to the latest version:
-References:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-5275
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6019
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6243
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6637
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1654
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1655
+ Risk factor : High";
-Solution:
- All Adobe Flash Player users should upgrade to the latest version:
-
-
-Risk factor : High
-";
-
- script_description(english:desc["english"]);
- summary["english"] = "Determines the Version of Flashplayer";
- script_summary(english:summary["english"]);
- script_category(ACT_GATHER_INFO);
- script_copyright(english:"This script is under GPLv2");
- family["english"] = "Local test";
- script_family(english:family["english"]);
- script_dependencies("ssh_authorization.nasl");
- exit(0);
+ script_description(english:desc["english"]);
+ summary["english"] = "Determines the Version of Flashplayer";
+ script_summary(english:summary["english"]);
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"This script is under GPLv2");
+ family["english"] = "Local test";
+ script_family(english:family["english"]);
+ script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+ script_require_keys("AdobeFlashPlayer/Linux/Ver");
+ exit(0);
}
-#
-# The code starts here
-#
include("version_func.inc");
-flashplcnt = 0;
-sec_hole = 0;
-grep = find_bin(prog_name:"grep");
-grep = chomp(grep[0]);
-r = find_bin(prog_name:"flashplayer");
-r = make_list(r,find_file(file_name:"/libflashplayer.so"));
-garg[0] = "-o";
-garg[1] = "-m1";
-garg[2] = "-a";
-garg[3] = string("[0-9]\\+,[0-9]\\+,[0-9]\\+,[0-9]\\+");
-foreach binary_name (r) {
- binary_name = chomp(binary_name);
- if (islocalhost()) {
- garg[4] = binary_name;
- arg = garg;
- } else {
- arg = garg[0]+" "+garg[1]+" "+garg[2]+" "+raw_string(0x22)+garg[3]+raw_string(0x22)+" "+binary_name;
- }
- ver = get_bin_version(full_prog_name:grep, version_argv:arg, ver_pattern:"([0-9]+,[0-9]+,[0-9]+,[0-9]+)");
- if(ver != NULL) {
- flashplcnt++;
- if(version_is_less_equal(version:ver[0], test_version:"9,0,115,0") ) {
- if(sec_hole == 0) {
- security_hole(port:0, proto:"Adobe Flash Player");
- sec_hole = 1;
- }
- security_hole(port:0, proto:"Adobe Flash Player", data:string("\nFound : ") + binary_name + " Version : " + ver[0] + string("\n"));
- }
- }
+flashVer = get_kb_item("AdobeFlashPlayer/Linux/Ver");
+if(!flashVer){
+ exit(0);
}
-if(report_verbosity > 1) {
- if(flashplcnt == 0) {
- report = "Adobe Flash Player not found or ssh login not possible on this host." + string("\n");
- security_note(port:0, proto:"Adobe Flash Player", data:report);
- }
+if(version_is_less_equal(version:flashVer, test_version:"9,0,115,0")){
+ security_hole(0);
}
-exit(0);
Modified: trunk/openvas-plugins/scripts/gnutls_CB-A08-0079.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gnutls_CB-A08-0079.nasl 2009-02-26 06:06:40 UTC (rev 2584)
+++ trunk/openvas-plugins/scripts/gnutls_CB-A08-0079.nasl 2009-02-26 07:57:06 UTC (rev 2585)
@@ -7,125 +7,90 @@
if(description)
{
+ script_id(90026);
+ script_version ("$Revision: 01 $");
+ script_cve_id("CVE-2008-1948");
+ name["english"] = "GnuTLS < 2.2.5 vulnerability";
+ script_name(english:name["english"]);
- script_id(90026);
- script_version ("$Revision: 01 $");
- script_cve_id("CVE-2008-1948");
- name["english"] = "GnuTLS < 2.2.5 vulnerability";
- script_name(english:name["english"]);
+ desc["english"] = "The remote host is probably affected by the vulnerabilities
+ described in CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
- desc["english"] = "The remote host is probably affected by the vulnerabilities described in
-CVE-2008-1948, CVE-2008-1949, CVE-2008-1950
+ Impact:
+ CVE-2008-1948
+ The _gnutls_server_name_recv_params function in lib/ext_server_name.c
+ in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly
+ calculate the number of Server Names in a TLS 1.0 Client Hello
+ message during extension handling, which allows remote attackers
+ to cause a denial of service (crash) or possibly execute arbitrary
+ code via a zero value for the length of Server Names, which leads
+ to a buffer overflow in session resumption data in the
+ pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
-Impact
+ CVE-2008-1949
+ The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c
+ in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to
+ process Client Hello messages within a TLS message after one has
+ already been processed, which allows remote attackers to cause a
+ denial of service (NULL dereference and crash) via a TLS message
+ containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
- CVE-2008-1948
- The _gnutls_server_name_recv_params function in lib/ext_server_name.c
- in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly
- calculate the number of Server Names in a TLS 1.0 Client Hello
- message during extension handling, which allows remote attackers
- to cause a denial of service (crash) or possibly execute arbitrary
- code via a zero value for the length of Server Names, which leads
- to a buffer overflow in session resumption data in the
- pack_security_parameters function, aka GNUTLS-SA-2008-1-1.
+ CVE 2008-1950
+ Integer signedness error in the _gnutls_ciphertext2compressed
+ function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4
+ allows remote attackers to cause a denial of service (buffer over-read
+ and crash) via a certain integer value in the Random field in an
+ encrypted Client Hello message within a TLS record with an invalid
+ Record Length, which leads to an invalid cipher padding length,
+ aka GNUTLS-SA-2008-1-3.
- CVE-2008-1949
- The _gnutls_recv_client_kx_message function in lib/gnutls_kx.c
- in libgnutls in gnutls-serv in GnuTLS before 2.2.4 continues to
- process Client Hello messages within a TLS message after one has
- already been processed, which allows remote attackers to cause a
- denial of service (NULL dereference and crash) via a TLS message
- containing multiple Client Hello messages, aka GNUTLS-SA-2008-1-2.
+ References:
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
+ http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
- CVE 2008-1950
- Integer signedness error in the _gnutls_ciphertext2compressed
- function in lib/gnutls_cipher.c in libgnutls in GnuTLS before 2.2.4
- allows remote attackers to cause a denial of service (buffer over-read
- and crash) via a certain integer value in the Random field in an
- encrypted Client Hello message within a TLS record with an invalid
- Record Length, which leads to an invalid cipher padding length,
- aka GNUTLS-SA-2008-1-3.
+ Solution:
+ All GnuTLS users should upgrade to the latest version:
-References:
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1948
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1949
- http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1950
+ Risk factor : High";
-Solution:
- All GnuTLS users should upgrade to the latest version:
-
-
-Risk factor : High
-";
-
- script_description(english:desc["english"]);
- summary["english"] = "Determines GnuTLS < 2.2.5 vulnerability";
- script_summary(english:summary["english"]);
- script_category(ACT_GATHER_INFO);
- script_copyright(english:"This script is under GPLv2");
- family["english"] = "Local test";
- script_family(english:family["english"]);
- script_dependencies("ssh_authorization.nasl");
- exit(0);
+ script_description(english:desc["english"]);
+ summary["english"] = "Determines GnuTLS < 2.2.5 vulnerability";
+ script_summary(english:summary["english"]);
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"This script is under GPLv2");
+ family["english"] = "Local test";
+ script_family(english:family["english"]);
+ exit(0);
}
#
# The code starts here
#
+
include("version_func.inc");
-local_var ver, sec_hole, sec_proto, grep, r, i, t, l;
-sec_hole = 0;
-sec_proto = "GnuTLS";
-ver = NULL;
-r = NULL;
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
- r = find_bin(prog_name:"libgnutls-config");
- if( isnull(r) ) {
- r = find_bin(prog_name:"gnutls-cli");
- }
- if( ! isnull(r) ) {
- r[0] = chomp(r[0]);
- ver = get_bin_version(full_prog_name:r[0], version_argv:"--version", ver_pattern:"([0-9\.]+)");
- }
- r = NULL;
- if(isnull(ver) || version_is_less(version:ver[0], test_version:"2.2.5") ) {
- grep = find_bin(prog_name:"grep");
- grep = chomp(grep[0]);
- l = find_file(file_path:"/usr/lib64/", file_name:"libgnutls.so.*.*");
- i = 0;
- foreach t (l) {
- if( "libgnutls.so" >< t ) {
- r[i++] = t;
- }
+gnuPath = find_file(file_name:"gnutls-cli", file_path:"/", useregex:TRUE,
+ regexpar:"$", sock:sock);
+foreach gnutlsBin (gnuPath)
+{
+ gnutlsVer = get_bin_version(full_prog_name:chomp(gnutlsBin), sock:sock,
+ version_argv:"--version",
+ ver_pattern:"version ([0-9.]+)");
+ if(gnutlsVer[1] != NULL)
+ {
+ # Grep for GnuTLS Version prior to 2.2.4
+ if(version_is_less(version:gnutlsVer[1], test_version:"2.2.4")){
+ security_hole(0);
}
- l = find_file(file_path:"/usr/lib/", file_name:"libgnutls.so.*.*");
- foreach t (l) {
- if( "libgnutls.so" >< t ) {
- r[i++] = t;
- }
- }
- garg[0] = "-o";
- garg[1] = "-m1";
- garg[2] = "-a";
- garg[3] = string("Received zero size server name");
- foreach binary_name (r) {
- binary_name = chomp(binary_name);
- if (islocalhost()) {
- garg[4] = binary_name;
- arg = garg;
- } else {
- arg = garg[0]+" "+garg[1]+" "+garg[2]+" "+raw_string(0x22)+garg[3]+raw_string(0x22)+" "+binary_name;
- }
- ver = get_bin_version(full_prog_name:grep, version_argv:arg, ver_pattern:"(Received zero size server name)");
- if( isnull(ver) ) {
- if(sec_hole == 0) {
- security_hole(port:0, proto:sec_proto);
- sec_hole = 1;
- }
- security_hole(port:0, proto:sec_proto, data:string("\nFound : ") + binary_name + string("\n"));
- }
- }
+ ssh_close_connection();
+ exit(0);
}
-exit(0);
+}
+ssh_close_connection();
More information about the Openvas-commits
mailing list