[Openvas-commits] r4079 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Fri Jul 17 12:47:30 CEST 2009
Author: chandra
Date: 2009-07-17 12:47:28 +0200 (Fri, 17 Jul 2009)
New Revision: 4079
Added:
trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_lin.nasl
trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_win.nasl
trunk/openvas-plugins/scripts/gb_mysql_mult_format_string_vuln.nasl
trunk/openvas-plugins/scripts/gb_ruby_rails_auth_bypass_vuln.nasl
trunk/openvas-plugins/scripts/gb_ruby_rails_detect.nasl
trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_lin.nasl
trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_win.nasl
trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_lin.nasl
trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_win.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/gb_tor_detect_win.nasl
trunk/openvas-plugins/scripts/secpod_tor_detect_lin.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/ChangeLog 2009-07-17 10:47:28 UTC (rev 4079)
@@ -1,4 +1,22 @@
+2009-07-17 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/gb_firefox_js_compiler_code_exec_vuln_lin.nasl,
+ scripts/gb_tor_dns_spoofing_vuln_jul09_lin.nasl,
+ scripts/gb_tor_dos_vuln_jul09_win.nasl,
+ scripts/gb_ruby_rails_detect.nasl,
+ scripts/gb_ruby_rails_auth_bypass_vuln.nasl,
+ scripts/gb_firefox_js_compiler_code_exec_vuln_win.nasl,
+ scripts/gb_tor_dos_vuln_jul09_lin.nasl,
+ scripts/gb_tor_dns_spoofing_vuln_jul09_win.nasl,
+ scripts/gb_mysql_mult_format_string_vuln.nasl:
+ Added new plugins.
+
+ * scripts/secpod_tor_detect_lin.nasl,
+ scripts/gb_tor_detect_win.nasl:
+ Updated to include new product versions.
+
2009-07-16 Thomas Reinke <reinke at securityspace.com>
+
* scripts/gb_ms_ie_xss_vuln_jul09.nasl:
Fix false positives when kb entry not available.
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/cve_current.txt 2009-07-17 10:47:28 UTC (rev 4079)
@@ -20,12 +20,12 @@
CVE-2009-2336 SecPod
CVE-2009-2335 SecPod
CVE-2009-2334 SecPod
-CVE-2009-2426 SecPod
-CVE-2009-2425 SecPod
-CVE-2009-2446 SecPod
+CVE-2009-2426 SecPod svn L
+CVE-2009-2425 SecPod svn L
+CVE-2009-2446 SecPod svn R
CVE-2009-2445 SecPod
-CVE-2009-2422 SecPod
-CVE-2009-2477 SecPod
+CVE-2009-2422 SecPod svn L
+CVE-2009-2477 SecPod svn L
CVE-2009-1136 SecPod
CVE-2009-0692 SecPod
CVE-2009-0192 SecPod
Added: trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_lin.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_lin.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_js_compiler_code_exec_vuln_lin.nasl 3514 2009-07-16 15:35:33Z jul $
+#
+# Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800844);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2477");
+ script_bugtraq_id(35707);
+ script_name("Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Linux)");
+ desc = "
+
+ Overview: The host is installed with Mozilla Firefox browser and is prone
+ to Remote Code Execution vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error when processing JavaScript code handling
+ 'font' HTML tags and can be exploited to cause a memory corruption.
+
+ Impact:
+ Successful exploitation will let attackers to execute arbitrary code which
+ results in memory corruption.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Firefox version 3.5 and prior on Linux.
+
+ Fix: No solution or patch is available as on 16th July, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.mozilla.com/en-US/firefox/upgrade.html
+
+ References:
+ http://secunia.com/advisories/35798
+ http://www.milw0rm.com/exploits/9137
+ http://www.vupen.com/english/advisories/2009/1868
+
+ CVSS Score:
+ CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 6.1
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("gb_firefox_detect_lin.nasl");
+ script_require_keys("Firefox/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version <= 3.5
+if(version_is_less_equal(version:ffVer, test_version:"3.5")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_win.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_win.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_js_compiler_code_exec_vuln_win.nasl 3514 2009-07-16 13:45:33Z jul $
+#
+# Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800843);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2477");
+ script_bugtraq_id(35707);
+ script_name("Mozilla Firefox JavaScript Compiler Code Execution Vulnerability (Win)");
+ desc = "
+
+ Overview: The host is installed with Mozilla Firefox browser and is prone
+ to Remote Code Execution vulnerability.
+
+ Vulnerability Insight:
+ The flaw is caused due to an error when processing JavaScript code handling
+ 'font' HTML tags and can be exploited to cause memory corruption.
+
+ Impact:
+ Successful exploitation will let attackers to execute arbitrary code which
+ results in memory corruption.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Firefox version 3.5 and prior on Windows.
+
+ Fix: No solution or patch is available as on 16th July, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.mozilla.com/en-US/firefox/upgrade.html
+
+ References:
+ http://secunia.com/advisories/35798
+ http://www.milw0rm.com/exploits/9137
+ http://www.vupen.com/english/advisories/2009/1868
+
+ CVSS Score:
+ CVSS Base Score : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 6.1
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver");
+ script_require_ports("Services/www", 139, 445);
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version <= 3.5
+if(version_is_less_equal(version:ffVer, test_version:"3.5")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_firefox_js_compiler_code_exec_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_mysql_mult_format_string_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_mysql_mult_format_string_vuln.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_mysql_mult_format_string_vuln.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_mysql_mult_format_string_vuln.nasl 3418 2009-07-16 21:29:17Z jul $
+#
+# MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800842);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2446");
+ script_bugtraq_id(35609);
+ script_name("MySQL 'sql_parse.cc' Multiple Format String Vulnerabilities");
+ desc = "
+
+ Overview: The host is running MySQL and is prone to Multiple Format String
+ vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are due to error in the 'dispatch_command' function in sql_parse.cc
+ in libmysqld/ which can caused via format string specifiers in a database name
+ in a 'COM_CREATE_DB' or 'COM_DROP_DB' request.
+
+ Impact:
+ Successful exploitation could allow remote authenticated users to cause a Denial
+ of Service and possibly have unspecified other attacks.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ MySQL version 4.0.0 to 5.0.83 on all running platform.
+
+ Fix: Upgrade to MySQL version 5.1.36 or later
+ http://dev.mysql.com/downloads
+
+ References:
+ http://www.osvdb.org/55734
+ http://secunia.com/advisories/35767
+ http://xforce.iss.net/xforce/xfdb/51614
+ http://www.securityfocus.com/archive/1/archive/1/504799/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 8.5 (AV:N/AC:M/Au:SI/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.7
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of MySQL");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("mysql_version.nasl");
+ script_require_ports("Services/mysql", 3306);
+ exit(0);
+}
+
+
+include("misc_func.inc");
+include("version_func.inc");
+
+sqlPort = get_kb_item("Services/mysql");
+if(!sqlPort){
+ sqlPort = 3306;
+}
+
+if(!get_port_state(sqlPort)){
+ exit(0);
+}
+
+mysqlVer = get_mysql_version(port:sqlPort);
+if(mysqlVer != NULL)
+{
+ if(version_in_range(version:mysqlVer, test_version:"4.0",
+ test_version2:"5.0.83")){
+ security_hole(sqlPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_mysql_mult_format_string_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_ruby_rails_auth_bypass_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ruby_rails_auth_bypass_vuln.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_ruby_rails_auth_bypass_vuln.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,98 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ruby_rails_auth_bypass_vuln.nasl 3413 2009-07-16 18:05:55Z jul $
+#
+# Ruby on Rails Authentication Bypass Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800912);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-2422");
+ script_bugtraq_id(35579);
+ script_name("Ruby on Rails Authentication Bypass Vulnerability");
+ desc = "
+
+ Overview: The host is running Ruby on Rails, which is prone to Authentication
+ Bypass Vulnerability.
+
+ Vulnerability Insight:
+ This Flaw is caused During login process, the digest authentication functionality
+ (http_authentication.rb) returns a 'nil' instead of 'false' when the provided
+ username is not found and then proceeds to verify this value against the
+ provided password.
+
+ Impact:
+ Successful exploitation will let the attacker to bypass authentication by
+ providing an invalid username with an empty password and gain unauthorized
+ access to the system.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Ruby on Rails version 2.3.2 and prior
+
+ Fix: Apply the security patches
+ http://github.com/rails/rails/commit/056ddbdcfb07f0b5c7e6ed8a35f6c3b55b4ab489
+
+ *****
+ NOTE: Ignore this warning, if above mentioned patch is manually applied.
+ *****
+
+ References:
+ http://secunia.com/advisories/35702
+ http://www.vupen.com/english/advisories/2009/1802
+ http://weblog.rubyonrails.org/2009/6/3/security-problem-with-authenticate_with_http_digest
+
+ CVSS Score:
+ CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P)
+ CVSS Temporal Score : 5.5
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Ruby on Rails");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Web application abuses");
+ script_dependencies("gb_ruby_rails_detect.nasl");
+ script_require_keys("Ruby-Rails/Linux/Ver");
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+railsPort = 3000;
+
+if(!get_port_state(railsPort)){
+ exit(0);
+}
+
+railsVer = get_kb_item("Ruby-Rails/Linux/Ver");
+if(railsVer != NULL)
+{
+ if(version_is_less_equal(version:railsVer, test_version:"2.3.2")){
+ security_hole(railsPort);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_ruby_rails_auth_bypass_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_ruby_rails_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_ruby_rails_detect.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_ruby_rails_detect.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,66 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_ruby_rails_detect.nasl 3413 2009-07-16 17:21:24Z jul $
+#
+# Ruby On Rails Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800911);
+ script_version("Revision: 1.0 ");
+ script_name("Ruby On Rails Version Detection");
+ desc = "
+
+ Overview : This script detect the installed version of Ruby On Rails
+ and sets the result in KB.
+
+ Risk factor : Informational";
+
+ script_description(desc);
+ script_summary("Set KB for the version of Ruby On Rails");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+ exit(0);
+}
+
+rorPaths = find_file(file_name:"rails", file_path:"/", useregex:TRUE,
+ regexpar:"$", sock:sock);
+foreach rorBin (rorPaths)
+{
+ rorVer = get_bin_version(full_prog_name:chomp(rorBin), sock:sock,
+ version_argv:"-v",
+ ver_pattern:"Rails ([0-9.]+)");
+ if(rorVer[1] != NULL){
+ set_kb_item(name:"Ruby-Rails/Linux/Ver", value:rorVer[1]);
+ }
+}
+ssh_close_connection();
Property changes on: trunk/openvas-plugins/scripts/gb_ruby_rails_detect.nasl
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/openvas-plugins/scripts/gb_tor_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_tor_detect_win.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_tor_detect_win.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -10,6 +10,9 @@
# Copyright:
# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
#
+# Updated to detect for Beta and RC Versions
+# - By Sharath S <sharaths at secpod.com> on 2009-07-13
+#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
@@ -27,21 +30,23 @@
if(description)
{
script_id(800351);
- script_version("$Revision: 1.0 $");
- script_name(english:"Tor Version Detection (Win)");
+ script_version("$Revision: 1.1 $");
+ script_name("Tor Version Detection (Win)");
desc["english"] = "
- Overview: This script detects the installed version of Tor and sets
- the result in KB.
- Risk factor: Informational";
+ Overview: This script is detects the installed version of Tor and
+ sets the result in KB.
- script_description(english:desc["english"]);
- script_summary(english:"Set KB for the version of Tor");
+ Risk Factor: Informational";
+
+ script_description(desc);
+ script_summary("Set KB for the version of Tor");
script_category(ACT_GATHER_INFO);
- script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
- script_family(english:"General");
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Service detection");
script_dependencies("secpod_reg_enum.nasl");
script_require_keys("SMB/WindowsVersion");
+ script_require_ports(139, 445);
exit(0);
}
@@ -56,7 +61,7 @@
"\Uninstall\Tor", item:"DisplayName");
if("Tor" >< torName)
{
- torVer = eregmatch(pattern:"Tor ([0-9.]+)", string:torName);
+ torVer = eregmatch(pattern:"Tor ([0-9.]+-?([a-z0-9]+)?)", string:torName);
if(torVer[1] != NULL){
set_kb_item(name:"Tor/Win/Ver", value:torVer[1]);
}
Added: trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_lin.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_lin.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,108 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_tor_dns_spoofing_vuln_jul09_lin.nasl 3415 2009-07-16 21:50:29Z jul $
+#
+# Tor 'relay.c' DNS Spoofing Vulnerability - July09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800840);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2426");
+ script_bugtraq_id(35505);
+ script_name("Tor 'relay.c' DNS Spoofing Vulnerability - July09 (Linux)");
+ desc = "
+
+ Overview:
+ This host is installed with Tor and is prone to DNS Spoofing vulnerability.
+
+ Vulnerability Insight:
+ Error in 'connection_edge_process_relay_cell_not_open' function in 'relay.c'
+ in src/or/ allows exit relays to have an unspecified impact by causing
+ controllers to accept DNS responses that redirect to an internal IP address
+ via unknown vectors.
+
+ Impact:
+ Successful exploitation will let the attackers to conduct DNS spoofing
+ attacks.
+
+ Impact level: Application
+
+ Affected Software/OS:
+ Tor version 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta on Linux.
+
+ Fix: Upgrade to version 0.2.0.35 or 0.1.2.8-beta or later
+ http://www.torproject.org/download.html.en
+
+ References:
+ http://secunia.com/advisories/35546
+ http://xforce.iss.net/xforce/xfdb/51377
+ http://archives.seul.org/or/announce/Jun-2009/msg00000.html
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.7
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Tor");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("secpod_tor_detect_lin.nasl");
+ script_require_keys("Tor/Linux/Ver");
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foreach torPort (make_list(9050, 9051, 8118))
+{
+ if(get_port_state(torPort))
+ {
+ sndReq = string("GET / HTTP/1.1 \r\n\r\n");
+ rcvRes = http_send_recv(port:torPort, data:sndReq);
+
+ if(egrep(pattern:"<a\ href=?[^?]+:\/\/www\.torproject\.org",
+ string:rcvRes) && "Tor" >< rcvRes)
+ {
+ torVer = get_kb_item("Tor/Linux/Ver");
+ torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
+ if(torVer == NULL){
+ exit(0);
+ }
+
+ # Check for Tor version 0.2 < 0.2.0.35 and 0.1 < 0.1.2.8-beta
+ if(version_in_range(version:torVer, test_version:"0.1",
+ test_version2:"0.1.2.8.alpha")||
+ version_in_range(version:torVer, test_version:"0.2",
+ test_version2:"0.2.0.34.alpha"))
+ {
+ security_warning(torPort);
+ exit(0);
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_win.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_win.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_tor_dns_spoofing_vuln_jul09_win.nasl 3415 2009-07-16 19:59:29Z jul $
+#
+# Tor 'relay.c' DNS Spoofing Vulnerability - July09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800838);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2426");
+ script_bugtraq_id(35505);
+ script_name("Tor 'relay.c' DNS Spoofing Vulnerability - July09 (Win)");
+ desc = "
+
+ Overview:
+ This host is installed with Tor and is prone to DNS Spoofing vulnerability.
+
+ Vulnerability Insight:
+ Error in 'connection_edge_process_relay_cell_not_open' function in 'relay.c'
+ in src/or/ allows exit relays to have an unspecified impact by causing
+ controllers to accept DNS responses that redirect to an internal IP address
+ via unknown vectors.
+
+ Impact:
+ Successful exploitation will let the attackers to conduct DNS spoofing
+ attacks.
+
+ Impact level: Application
+
+ Affected Software/OS:
+ Tor version 0.2.x before 0.2.0.35 and 0.1.x before 0.1.2.8-beta on Windows.
+
+ Fix: Upgrade to version 0.2.0.35 or 0.1.2.8-beta or later
+ http://www.torproject.org/download.html.en
+
+ References:
+ http://secunia.com/advisories/35546
+ http://xforce.iss.net/xforce/xfdb/51377
+ http://archives.seul.org/or/announce/Jun-2009/msg00000.html
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.7
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Tor");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("General");
+ script_dependencies("gb_tor_detect_win.nasl");
+ script_require_keys("Tor/Win/Ver");
+ script_require_ports("Services/www");
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foreach torPort (make_list(9050, 9051, 8118))
+{
+ if(get_port_state(torPort))
+ {
+ sndReq = string("GET / HTTP/1.1 \r\n\r\n");
+ rcvRes = http_send_recv(port:torPort, data:sndReq);
+
+ if(egrep(pattern:"<a\ href=?[^?]+:\/\/www\.torproject\.org",
+ string:rcvRes) && "Tor" >< rcvRes)
+ {
+ torVer = get_kb_item("Tor/Win/Ver");
+ torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
+ if(torVer == NULL){
+ exit(0);
+ }
+
+ # Check for Tor version 0.2 < 0.2.0.35 and 0.1 < 0.1.2.8-beta
+ if(version_in_range(version:torVer, test_version:"0.1",
+ test_version2:"0.1.2.8.alpha")||
+ version_in_range(version:torVer, test_version:"0.2",
+ test_version2:"0.2.0.34.alpha"))
+ {
+ security_warning(torPort);
+ exit(0);
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_tor_dns_spoofing_vuln_jul09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_lin.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_lin.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,104 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_tor_dos_vuln_jul09_lin.nasl 3415 2009-07-16 22:02:29Z jul $
+#
+# Tor Denial Of Service Vulnerability - July09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800841);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2425");
+ script_bugtraq_id(35505);
+ script_name("Tor Denial Of Service Vulnerability - July09 (Linux)");
+ desc = "
+
+ Overview:
+ This host is installed with Tor and is prone to Denial Of Service
+ vulnerability.
+
+ Vulnerability Insight:
+ Error exists while parsing certain malformed router descriptors and can be
+ exploited to crash Tor via specially crafted router descriptors.
+
+ Impact:
+ Successful exploitation will let the attackers to cause Denial of Service.
+
+ Impact level: Application
+
+ Affected Software/OS:
+ Tor version 0.2.x before 0.2.0.35 on Linux.
+
+ Fix: Upgrade to version 0.2.0.35 or later
+ http://www.torproject.org/download.html.en
+
+ References:
+ http://secunia.com/advisories/35546
+ http://xforce.iss.net/xforce/xfdb/51376
+ http://archives.seul.org/or/announce/Jun-2009/msg00000.html
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.7
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Tor");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("secpod_tor_detect_lin.nasl");
+ script_require_keys("Tor/Linux/Ver");
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foreach torPort (make_list(9050, 9051, 8118))
+{
+ if(get_port_state(torPort))
+ {
+ sndReq = string("GET / HTTP/1.1 \r\n\r\n");
+ rcvRes = http_send_recv(port:torPort, data:sndReq);
+
+ if(egrep(pattern:"<a\ href=?[^?]+:\/\/www\.torproject\.org",
+ string:rcvRes) && "Tor" >< rcvRes)
+ {
+ torVer = get_kb_item("Tor/Linux/Ver");
+ torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
+ if(torVer == NULL){
+ exit(0);
+ }
+
+ # Check for Tor version 0.2 < 0.2.0.35
+ if(version_in_range(version:torVer, test_version:"0.2",
+ test_version2:"0.2.0.34.alpha"))
+ {
+ security_warning(torPort);
+ exit(0);
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_win.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_win.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -0,0 +1,105 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_tor_dos_vuln_jul09_win.nasl 3415 2009-07-16 20:49:29Z jul $
+#
+# Tor Denial Of Service Vulnerability - July09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800839);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2425");
+ script_bugtraq_id(35505);
+ script_name("Tor Denial Of Service Vulnerability - July09 (Win)");
+ desc = "
+
+ Overview:
+ This host is installed with Tor and is prone to Denial Of Service
+ vulnerability.
+
+ Vulnerability Insight:
+ Error exists while parsing certain malformed router descriptors and can be
+ exploited to crash Tor via specially crafted router descriptors.
+
+ Impact:
+ Successful exploitation will let the attackers to cause Denial of Service.
+
+ Impact level: Application
+
+ Affected Software/OS:
+ Tor version 0.2.x before 0.2.0.35 on Windows.
+
+ Fix: Upgrade to version 0.2.0.35 or later
+ http://www.torproject.org/download.html.en
+
+ References:
+ http://secunia.com/advisories/35546
+ http://xforce.iss.net/xforce/xfdb/51376
+ http://archives.seul.org/or/announce/Jun-2009/msg00000.html
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 3.7
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the version of Tor");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 Intevation GmbH");
+ script_family("Denial of Service");
+ script_dependencies("gb_tor_detect_win.nasl");
+ script_require_keys("Tor/Win/Ver");
+ script_require_ports("Services/www");
+ exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+foreach torPort (make_list(9050, 9051, 8118))
+{
+ if(get_port_state(torPort))
+ {
+ sndReq = string("GET / HTTP/1.1 \r\n\r\n");
+ rcvRes = http_send_recv(port:torPort, data:sndReq);
+
+ if(egrep(pattern:"<a\ href=?[^?]+:\/\/www\.torproject\.org",
+ string:rcvRes) && "Tor" >< rcvRes)
+ {
+ torVer = get_kb_item("Tor/Win/Ver");
+ torVer = ereg_replace(pattern:"-", replace:".", string:torVer);
+ if(torVer == NULL){
+ exit(0);
+ }
+
+ # Check for Tor version 0.2 < 0.2.0.35
+ if(version_in_range(version:torVer, test_version:"0.2",
+ test_version2:"0.2.0.34.alpha"))
+ {
+ security_warning(torPort);
+ exit(0);
+ }
+ }
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_tor_dos_vuln_jul09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/openvas-plugins/scripts/secpod_tor_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_tor_detect_lin.nasl 2009-07-17 10:14:14 UTC (rev 4078)
+++ trunk/openvas-plugins/scripts/secpod_tor_detect_lin.nasl 2009-07-17 10:47:28 UTC (rev 4079)
@@ -10,6 +10,9 @@
# Copyright:
# Copyright (c) SecPod http://www.secpod.com
#
+# Script Modified by Sharath S <sharaths at secpod.com> On 14th July 2009
+# NOTE: Patterns and variables used previously were wrong.
+#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
@@ -27,43 +30,44 @@
if(description)
{
script_id(900418);
- script_version("$Revision: 1.0 $");
- script_name(english:"Tor Version Detection (Linux)");
+ script_version("$Revision: 1.1 $");
+ script_name("Tor Version Detection (Linux)");
desc["english"] = "
- Overview: The script detects the version of Tor on remote host and
- sets the KB.
+ Overview: This script is detects the installed version of Tor and
+ sets the result in KB.
Risk Factor: Informational";
- script_description(english:desc["english"]);
- script_summary(english:"Check for Tor version");
+ script_description(desc);
+ script_summary("Check for Tor version");
script_category(ACT_GATHER_INFO);
- script_copyright(english:"Copyright (C) 2008 SecPod");
- script_family(english:"General");
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Service detection");
exit(0);
}
include("version_func.inc");
-sock = ssh_login_or_reuse_connection();
-if(!sock){
+tor_sock = ssh_login_or_reuse_connection();
+if(!tor_sock){
exit(0);
}
torName = find_file(file_name:"tor", file_path:"/", useregex:TRUE,
- regexpar:"$", sock:sock);
+ regexpar:"$", sock:tor_sock);
+
foreach binaryName (torName)
{
binaryName = chomp(binaryName);
- torVer = get_bin_version(full_prog_name:binaryName, version_argv:"--version",
- ver_pattern:"Tor v([0-9.]+)", sock:sock);
+ torVer = get_bin_version(full_prog_name:binaryName, sock:tor_sock,
+ version_argv:"--version",
+ ver_pattern:"Tor v([0-9.]+-?([a-z0-9]+)?)");
if(torVer[1] != NULL)
{
set_kb_item(name:"Tor/Linux/Ver", value:torVer[1]);
ssh_close_connection();
- exit(0);
}
}
ssh_close_connection();
More information about the Openvas-commits
mailing list