[Openvas-commits] r4133 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Thu Jul 23 21:05:28 CEST 2009
Author: chandra
Date: 2009-07-23 21:05:26 +0200 (Thu, 23 Jul 2009)
New Revision: 4133
Added:
trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl
trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl
trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl
trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl
trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl
trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl
trunk/openvas-plugins/scripts/secpod_hamster_audio_player_bof_vuln.nasl
trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl
trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_bof_vuln.nasl
trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_detect.nasl
trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl
trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl
trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl
trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl
trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/cve_current.txt
trunk/openvas-plugins/scripts/secpod_sorinara_audio_player_bof_vuln.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/ChangeLog 2009-07-23 19:05:26 UTC (rev 4133)
@@ -1,13 +1,34 @@
+2009-07-23 Chandrashekhar B <bchandra at secpod.com>
+
+ * scripts/secpod_firefox_mult_vuln_jul09_win.nasl,
+ scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl,
+ scripts/secpod_hamster_audio_player_bof_vuln.nasl,
+ scripts/secpod_sorinara_audio_player_bof_vuln.nasl,
+ scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl,
+ scripts/secpod_google_chrome_mult_vuln_jul09.nasl,
+ scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl,
+ scripts/secpod_firefox_mult_vuln_jul09_lin.nasl,
+ scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl,
+ scripts/secpod_isc_dhcp_client_detect.nasl,
+ scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl,
+ scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl,
+ scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl,
+ scripts/secpod_opera_unicode_str_dos_vuln_win.nasl,
+ scripts/secpod_hamster_audio_player_detect.nasl,
+ scripts/secpod_isc_dhcp_client_bof_vuln.nasl:
+ Added new plugins.
+
+
2009-07-22 Chandrashekhar B <bchandra at secpod.com>
* scripts/gb_dm_filemanager_file_inc_vuln.nasl:
- Fixed a bug to remove external site reference
+ Fixed a bug to remove external site reference.
* scripts/gb_nulllogic_groupware_mult_vuln_lin.nasl,
scripts/gb_nulllogic_groupware_detect_win.nasl,
scripts/gb_nulllogic_groupware_detect_lin.nasl,
scripts/gb_nulllogic_groupware_mult_vuln_win.nasl:
- Updated to do remote check
+ Updated to do remote check.
* scripts/secpod_wireshark_infiniband_dos_vuln_win.nasl,
scripts/gb_sun_java_sys_web_serv_info_disc_vuln.nasl,
@@ -21,7 +42,7 @@
scripts/gb_mozilla_prdts_dos_vuln_jul09_lin.nasl,
scripts/secpod_wireshark_afs_dos_vuln_lin.nasl,
scripts/gb_opera_select_dos_vuln_win.nasl:
- Added new plugins
+ Added new plugins.
2009-07-21 Michael Meyer <mime at gmx.de>
* scripts/snitz_forums_2000_35764.nasl,
Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/cve_current.txt 2009-07-23 19:05:26 UTC (rev 4133)
@@ -27,7 +27,7 @@
CVE-2009-2422 SecPod svn L
CVE-2009-2477 SecPod svn L
CVE-2009-1136 SecPod svn L
-CVE-2009-0692 SecPod
+CVE-2009-0692 SecPod svn
CVE-2009-0192 SecPod
CVE-2009-2457 SecPod
CVE-2009-2456 SecPod
@@ -44,7 +44,7 @@
CVE-2009-2542 SecPod
CVE-2009-2537 SecPod
CVE-2009-2544 SecPod
-CVE-2009-2556 SecPod
+CVE-2009-2556 SecPod svn
CVE-2009-2555 SecPod
CVE-2009-2561 SecPod svn L
CVE-2009-2560 SecPod svn L
@@ -58,19 +58,19 @@
CVE-2009-2535 SecPod svn L
CVE-2009-2536 SecPod svn L
CVE-2009-2540 SecPod svn L
-CVE-2009-2465
-CVE-2009-2464
-CVE-2009-2463
-CVE-2009-2462
-CVE-2009-2471
-CVE-2009-2469
-CVE-2009-2467
-CVE-2009-2466
-CVE-2009-2472
-CVE-2009-2576
-CVE-2009-2577
-CVE-2009-2578
-CVE-2009-2573
-CVE-2009-2574
-CVE-2009-2568
-
+CVE-2009-2465 SecPod svn
+CVE-2009-2464 SecPod
+CVE-2009-2463 SecPod svn
+CVE-2009-2462 SecPod svn
+CVE-2009-2471 SecPod svn
+CVE-2009-2469 SecPod svn
+CVE-2009-2467 SecPod svn
+CVE-2009-2466 SecPod svn
+CVE-2009-2472 SecPod svn
+CVE-2009-2576 SecPod svn
+CVE-2009-2577 SecPod svn
+CVE-2009-2578 SecPod svn
+CVE-2009-2573 SecPod
+CVE-2009-2574 SecPod
+CVE-2009-2568 SecPod svn
+CVE-2009-2566 SecPod
Added: trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_code_exec_vuln_jul09_lin.nasl 3622 2009-07-23 15:50:33Z jul $
+#
+# Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900399);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2467");
+ script_bugtraq_id(35767);
+ script_name("Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux)");
+ desc = "
+
+ Overview: The host is installed with Firefox browser and is prone to Remote
+ Code Execution vulnerabilities.
+
+ Vulnerability Insight:
+ Error exists when a page contains a Flash object which presents a slow script
+ dialog, and the page is navigated while the dialog is still visible to the
+ user, the Flash plugin is unloaded resulting in a crash due to a call to the
+ deleted object.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary code
+ and results in Denial of Service condition.
+
+ Impact Level:System/Application
+
+ Affected Software/OS:
+ Mozilla Firefox version prior to 3.0.12 and 3.5.1 on Linux.
+
+ Fix: Upgrade to Firefox version 3.0.12 or 3.5.1 or later
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://secunia.com/advisories/35914
+ http://www.vupen.com/english/advisories/2009/1972
+ http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_firefox_detect_lin.nasl");
+ script_require_keys("Firefox/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version < 3.0.12 and < 3.5.1
+if(version_is_less(version:ffVer, test_version:"3.0.12") ||
+ version_is_equal(version:ffVer, test_version:"3.5")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_code_exec_vuln_jul09_win.nasl 3622 2009-07-23 14:12:33Z jul $
+#
+# Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900398);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2467");
+ script_bugtraq_id(35767);
+ script_name("Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Win)");
+ desc = "
+
+ Overview: The host is installed with Firefox browser and is prone to Remote
+ Code Execution vulnerabilities.
+
+ Vulnerability Insight:
+ Error exists when a page contains a Flash object which presents a slow script
+ dialog, and the page is navigated while the dialog is still visible to the
+ user, the Flash plugin is unloaded resulting in a crash due to a call to the
+ deleted object.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary code
+ and results in Denial of Service condition.
+
+ Impact Level:System/Application
+
+ Affected Software/OS:
+ Mozilla Firefox version prior to 3.0.12 and 3.5.1 on Windows.
+
+ Fix: Upgrade to Firefox version 3.0.12 or 3.5.1 or later
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://secunia.com/advisories/35914
+ http://www.vupen.com/english/advisories/2009/1972
+ http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version < 3.0.12 and < 3.5.1
+if(version_is_less(version:ffVer, test_version:"3.0.12") ||
+ version_is_equal(version:ffVer, test_version:"3.5")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_mult_vuln_jul09_lin.nasl 3622 2009-07-23 15:36:33Z jul $
+#
+# Mozilla Firefox Multiple Vulnerabilities July-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900397);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464",
+ "CVE-2009-2465", "CVE-2009-2466", "CVE-2009-2469",
+ "CVE-2009-2471", "CVE-2009-2472");
+ script_bugtraq_id(35765, 35769, 35775, 35770, 35776, 35772, 35766, 35773);
+ script_name("Mozilla Firefox Multiple Vulnerabilities July-09 (Linux)");
+ desc = "
+
+ Overview: The host is installed with Firefox browser and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are reported in Firefox, for more information refer below
+ reference links.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary code,
+ memory corruption, XSS attacks and results in Denial of Service condition.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Firefox version prior to 3.0.12 on Linux.
+
+ Fix: Upgrade to Firefox version 3.0.12 or 3.5 or later
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://www.vupen.com/english/advisories/2009/1972
+ http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_firefox_detect_lin.nasl");
+ script_require_keys("Firefox/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version < 3.0.12
+if(version_is_less(version:ffVer, test_version:"3.0.12")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_mult_vuln_jul09_win.nasl 3622 2009-07-23 12:52:33Z jul $
+#
+# Mozilla Firefox Multiple Vulnerabilities July-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900396);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464",
+ "CVE-2009-2465", "CVE-2009-2466", "CVE-2009-2469",
+ "CVE-2009-2471", "CVE-2009-2472");
+ script_bugtraq_id(35765, 35769, 35775, 35770, 35776, 35772, 35766, 35773);
+ script_name("Mozilla Firefox Multiple Vulnerabilities July-09 (Win)");
+ desc = "
+
+ Overview: The host is installed with Firefox browser and is prone to multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws are reported in Firefox, for more information refer below
+ reference links.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary code,
+ memory corruption, XSS attacks and results in Denial of Service condition.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Firefox version prior to 3.0.12 on Windows.
+
+ Fix: Upgrade to Firefox version 3.0.12 or 3.5 or later
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://www.vupen.com/english/advisories/2009/1972
+ http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version < 3.0.12
+if(version_is_less(version:ffVer, test_version:"3.0.12")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_google_chrome_mult_vuln_jul09.nasl 3595 2009-07-23 10:48:29Z jul $
+#
+# Google Chrome Multiple Vulnerabilities - Jul09
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900695);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-2555", "CVE-2009-2556");
+ script_bugtraq_id(35722, 35723);
+ script_name("Google Chrome Multiple Vulnerabilities - Jul09");
+ desc = "
+
+ Overview: This host has Google Chrome installed and is prone to Multiple
+ vulnerabilities.
+
+ Vulnerability Insight:
+ The multiple flaws are due to,
+ - Heap overflow error when evaluating a specially crafted regular expression
+ in Javascript within sandbox.
+ - Error while allocating memory buffers for a renderer (tab) process.
+
+ Impact:
+ Successful exploitation will let the remote attackers to execute arbitrary
+ code with the privileges of the logged on user by bypassing the sandbox
+ and may crash the browser.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Google Chrome version prior to 2.0.172.37
+
+
+ Fix:
+ Upgrade to Google Chrome version 2.0.172.37
+ For updates refer, http://www.google.com/chrome
+
+ References:
+ http://secunia.com/advisories/35844
+ http://xforce.iss.net/xforce/xfdb/51801
+ http://www.vupen.com/english/advisories/2009/1924
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the version of Google Chrome");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_google_chrome_detect_win.nasl");
+ script_require_keys("GoogleChrome/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(chromeVer != NULL)
+{
+ # Check for Google Chrome version < 2.0.172.37
+ if(version_is_less(version:chromeVer, test_version:"2.0.172.37")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_google_chrome_unicode_str_dos_vuln.nasl 3623 2009-07-23 19:16:29Z jul $
+#
+# Google Chrome Unicode String Denial Of Service Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900805);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2578");
+ script_name("Google Chrome Unicode String Denial Of Service Vulnerability");
+ desc = "
+
+ Overview: This host is installed with Google Chrome and is prone to Denial of
+ Service vulnerability.
+
+ Vulnerability Insight:
+ Error occurs when application fails to handle user supplied input into the
+ 'write' method via a long Unicode string argument.
+
+ Impact:
+ Successful exploitation lets the attacker cause memory or CPU consumption,
+ resulting in Denial of Service condition.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Google Chrome version 2.x to 2.0.172 on Windows.
+
+ Fix: No solution or patch is available as on 23rd July 2009, Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.google.com/chrome
+
+ References:
+ http://websecurity.com.ua/3338/
+ http://www.securityfocus.com/archive/1/archive/1/505092/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 4.2
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the Version of Google Chrome");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_google_chrome_detect_win.nasl");
+ script_require_keys("GoogleChrome/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+ exit(0);
+}
+
+# Check for Google Chrome version 2.x <= 2.0.172
+if(version_in_range(version:chromeVer, test_version:"2.0",
+ test_version2:"2.0.172")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_hamster_audio_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_hamster_audio_player_bof_vuln.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_hamster_audio_player_bof_vuln.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_hamster_audio_player_bof_vuln.nasl 3579 2009-07-22 16:52:02Z jul $
+#
+# Hamster Audio Player Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900693);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2550");
+ script_name("Hamster Audio Player Buffer Overflow Vulnerability");
+ desc = "
+
+ Overview: This host is installed with Hamster Audio player and is prone
+ to Stack Overflow Vulnerability.
+
+ Vulnerability Insight:
+ This flaw is due to improper bounds checking when processing .m3u files
+ and can be exploited by persuading a victim to open a specially-crafted
+ .m3u or .hpl playlist file containing an overly long string.
+
+ Impact:
+ Successful exploitation allows the attacker to execute arbitrary code on
+ the system or cause the application to crash.
+
+ Impact Level:System/Application
+
+ Affected Software/OS:
+ Hamster Audio Player 0.3a and prior on Windows.
+
+ Fix:
+ No solution or patch is available as on th 22nd July, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer,http://www.ondanera.net/eng/download.html
+
+ References:
+ http://secunia.com/advisories/35825
+ http://www.milw0rm.com/exploits/9172
+ http://xforce.iss.net/xforce/xfdb/51732
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 8.4
+ Risk factor: Critical";
+
+ script_description(desc);
+ script_summary("Check for the Version of Hamster Audio Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Buffer overflow");
+ script_dependencies("secpod_hamster_audio_player_detect.nasl");
+ script_require_keys("Hamster/Audio-Player/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+hamsterVer = get_kb_item("Hamster/Audio-Player/Ver");
+if(hamsterVer != NULL)
+{
+ if(version_is_less_equal(version:hamsterVer, test_version:"0.3a")){
+ security_hole(0);
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,73 @@
+#############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_hamster_audio_player_detect.nasl 3579 2009-07-09 14:30:24Z jul $
+#
+# Hamster Audio Player Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800692);
+ script_version("$ Revision: 1.0 $");
+ script_name("Hamster Audio Player Version Detection");
+ desc = "
+
+ Overview : This script finds the installed OpenSSL version and saves the
+ result in KB item.
+
+ Risk factor : Informational";
+
+ script_description(desc);
+ script_summary("Set Version of Hamster Audio player in KB");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Service detection");
+ script_dependencies("secpod_reg_enum.nasl");
+ script_require_keys("SMB/WindowsVersion");
+ script_require_keys(139,445);
+ exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+ exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+ hamsterName = registry_get_sz(key:key + item, item:"DisplayName");
+
+ if("Hamster" >< hamsterName)
+ {
+ hamsterVer = eregmatch(pattern:"Hamster ([0-9.]+([a-z]+)?)",
+ string:hamsterName);
+ if(hamsterVer[1] != NULL)
+ {
+ set_kb_item(name:"Hamster/Audio-Player/Ver", value:hamsterVer[1]);
+ exit(0);
+ }
+ }
+}
Added: trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_bof_vuln.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_bof_vuln.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,112 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_isc_dhcp_client_bof_vuln.nasl 3518 2009-07-22 15:05:27Z jul $
+#
+# ISC DHCP Client Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900694);
+ script_version("$Revision: 1.0$");
+ script_cve_id("CVE-2009-0692");
+ script_bugtraq_id(35668);
+ script_name("ISC DHCP Client Buffer Overflow Vulnerability");
+ desc = "
+
+ Overview: This host has installed ISC DHCP Client and is prone to Buffer
+ overflow Vulnerability.
+
+ Vulnerability Insight:
+ The flaw is due to a boundary error within the 'script_write_params()'
+ function in 'client/dhclient.c' which can be exploited to cause a stack-based
+ buffer overflow by sending an overly long subnet-mask option.
+
+ Impact:
+ Successful exploitation allows attackers to run arbitrary code, corrupt memory,
+ and can cause denial of service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ ISC DHCP dhclient 4.1 before 4.1.0p1
+ ISC DHCP dhclient 4.0 before 4.0.1p1
+ ISC DHCP dhclient 3.1 before 3.1.2p1
+ ISC DHCP dhclient all versions in 3.0
+ and 2.0 series.
+
+ Fix: Upgrade to version 4.1.0p1, 4.0.1p1, or 3.1.2p1 or later
+ For updates refer, https://www.isc.org/downloadables/
+
+ References:
+ https://www.isc.org/node/468
+ http://secunia.com/advisories/35785
+ http://www.kb.cert.org/vuls/id/410676
+ http://www.vupen.com/english/advisories/2009/1891
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.4
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Checks for the version of ISC DHCP Client");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Buffer overflow");
+ script_dependencies("secpod_isc_dhcp_client_detect.nasl");
+ script_require_keys("ISC/DHCP-Client/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+dhcpVer = get_kb_item("ISC/DHCP-Client/Ver");
+if(!dhcpVer){
+ exit(0);
+}
+
+if(dhcpVer =~ "^4\.1")
+{
+ if(version_is_less(version:dhcpVer, test_version:"4.1.0.p1")){
+ security_hole(0);
+ }
+}
+
+else if(dhcpVer =~ "^4\.0")
+{
+ if(version_is_less(version:dhcpVer, test_version:"4.0.1.p1")){
+ security_hole(0);
+ }
+}
+
+else if(dhcpVer =~ "^3\.1")
+{
+ if(version_is_less(version:dhcpVer, test_version:"3.1.2.p1")){
+ security_hole(0);
+ }
+}
+
+else if((dhcpVer =~ "^3\.0") || (dhcpVer =~ "^2\.0")){
+ security_hole(0);
+}
Added: trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_detect.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_detect.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,73 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_isc_dhcp_client_detect.nasl 3518 2009-07-22 15:21:24Z jul $
+#
+# ISC DHCP Client Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900696);
+ script_version("Revision: 1.0");
+ script_name("ISC DHCP Client Version Detection");
+ desc = "
+
+ Overview: This script detects the installed version of ISC DHCP Client
+ and sets the result in KB.
+
+ Risk factor: Informational";
+
+ script_description(desc);
+ script_summary("Sets KB for the version of DHCP Client");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Service detection");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+dhcp_sock = ssh_login_or_reuse_connection();
+if(!dhcp_sock){
+ exit(0);
+}
+
+paths = find_bin(prog_name:"dhclient", sock:dhcp_sock);
+foreach dhcpBin (paths)
+{
+ dhcpVer= get_bin_version(full_prog_name:chomp(dhcpBin),
+ sock:dhcp_sock, version_argv:"--version",
+ ver_pattern:"([0-9.]+)(-| )?((alpha|beta|rc|[a-z][0-9])?([0-9]+)?)");
+
+ if(("isc-dhclient" >< dhcpVer) && (dhcpVer[1] != NULL))
+ {
+ if(dhcpVer[3] != NULL){
+ dhcpVer = dhcpVer[1] + "." + dhcpVer[3];
+ }
+ else
+ dhcpVer = dhcpVer[1];
+
+ set_kb_item(name:"ISC/DHCP-Client/Ver", value:dhcpVer);
+ }
+}
+ssh_close_connection();
Added: trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms_ie_unicode_str_dos_vuln.nasl 3625 2009-07-23 17:29:29Z jul $
+#
+# Microsoft Internet Explorer Unicode String DoS Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900400);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2576");
+ script_name("Microsoft Internet Explorer Unicode String DoS Vulnerability");
+ desc = "
+
+ Overview: This host is installed with Internet Explorer and is prone to
+ Denial of Service vulnerability.
+
+ Vulnerability Insight:
+ Error exists when application fails to handle user supplied input into the
+ 'write' method via a long Unicode string argument.
+
+ Impact:
+ Successful exploitation lets the attacker to cause memory or CPU consumption,
+ resulting in Denial of Service condition.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Microsoft Internet Explorer version 6.0.2900.2180 and prior
+
+ Fix: No solution or patch is available as on 23rd July 2009, Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer,
+ http://www.microsoft.com/windows/internet-explorer/download-ie.aspx
+
+ References:
+ http://websecurity.com.ua/3338/
+ http://www.securityfocus.com/archive/1/archive/1/505122/100/0/threaded
+ http://www.securityfocus.com/archive/1/archive/1/505120/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 4.2
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the Version of Internet Explorer");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_ms_ie_detect.nasl");
+ script_require_keys("MS/IE/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ieVer = get_kb_item("MS/IE/Version");
+if(!ieVer){
+ exit(0);
+}
+
+if(version_is_less_equal(version:ieVer, test_version:"6.0.2900.2180")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_opera_unicode_str_dos_vuln_lin.nasl 3624 2009-07-23 18:43:29Z jul $
+#
+# Opera Unicode String Denial Of Service Vulnerability (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900804);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2577");
+ script_name("Opera Unicode String Denial Of Service Vulnerability (Linux)");
+ desc = "
+
+ Overview: This host is installed with Opera and is prone to Denial of Service
+ vulnerability.
+
+ Vulnerability Insight:
+ Error exists when application fails to handle user supplied input into the
+ 'write' method via a long Unicode string argument.
+
+ Impact:
+ Successful exploitation lets the attacker cause memory or CPU consumption,
+ resulting in Denial of Service condition.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Opera version 9.52 and prior on Linux.
+
+ Fix: No solution or patch is available as on 23rd July 2009, Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.opera.com/
+
+ References:
+ http://websecurity.com.ua/3338/
+ http://www.securityfocus.com/archive/1/archive/1/505092/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 4.2
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the Version of Opera");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("secpod_opera_detection_linux_900037.nasl");
+ script_require_keys("Opera/Linux/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+operaVer = get_kb_item("Opera/Linux/Version");
+if(!operaVer){
+ exit(0);
+}
+
+# Check for Opera version <= 9.52
+if(version_is_less_equal(version:operaVer, test_version:"9.52")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_opera_unicode_str_dos_vuln_win.nasl 3624 2009-07-23 18:29:29Z jul $
+#
+# Opera Unicode String Denial Of Service Vulnerability (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900803);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2577");
+ script_name("Opera Unicode String Denial Of Service Vulnerability (Win)");
+ desc = "
+
+ Overview: This host is installed with Opera and is prone to Denial of Service
+ vulnerability.
+
+ Vulnerability Insight:
+ Error exists when application fails to handle user supplied input into the
+ 'write' method via a long Unicode string argument.
+
+ Impact:
+ Successful exploitation lets the attacker cause memory or CPU consumption,
+ resulting in Denial of Service condition.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ Opera version 9.52 and prior on Windows.
+
+ Fix: No solution or patch is available as on 23rd July 2009, Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.opera.com/
+
+ References:
+ http://websecurity.com.ua/3338/
+ http://www.securityfocus.com/archive/1/archive/1/505092/100/0/threaded
+
+ CVSS Score:
+ CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+ CVSS Temporal Score : 4.2
+ Risk factor: Medium";
+
+ script_description(desc);
+ script_summary("Check for the Version of Opera");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("secpod_opera_detection_win_900036.nasl");
+ script_require_keys("Opera/Win/Version");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+operaVer = get_kb_item("Opera/Win/Version");
+
+security_note(data:"versiona" +operaVer);
+if(!operaVer){
+ exit(0);
+}
+
+# Check for Opera version <= 9.52
+if(version_is_less_equal(version:operaVer, test_version:"9.52")){
+ security_warning(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Modified: trunk/openvas-plugins/scripts/secpod_sorinara_audio_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sorinara_audio_player_bof_vuln.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_sorinara_audio_player_bof_vuln.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -1,12 +1,16 @@
###############################################################################
# OpenVAS Vulnerability Test
-# $Id: secpod_sorinara_audio_player_bof_vuln.nasl 2344 2009-05-19 15:56:36Z may $
+# $Id: secpod_sorinara_audio_player_bof_vuln.nasl 2344 2009-07-23 14:58:36Z jul $
#
# Sorinara Streaming Audio Player Stack Overflow Vulnerability
#
# Authors:
# Antu Sanadi<santu at secpod.com>
#
+# Modified by: Nikita MR (rnikita at secpod.com)
+# Date: 23rd July 2009
+# Changes: Added CVE-2009-2568 and updated the vulnerability insight.
+#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
@@ -28,17 +32,17 @@
{
script_id(900649);
script_version("$Revision: 1.0 $");
- script_cve_id("CVE-2009-1644");
- script_bugtraq_id(34861);
- script_name(english:"Sorinara Streaming Audio Player Stack Overflow Vulnerability");
- desc["english"] = "
+ script_cve_id("CVE-2009-1644", "CVE-2009-2568");
+ script_bugtraq_id(34861, 34842);
+ script_name("Sorinara Streaming Audio Player Stack Overflow Vulnerability");
+ desc = "
Overview: This host is running Sorinara Streaming Audio Player and is prone
to Stack Overflow Vulnerability.
Vulnerability Insight:
This vulnerability is caused due to improper boundary checks when processing
- playlist 'pla' files.
+ playlist 'pla' and '.m3u' files.
Impact:
Successful exploitation will let the attacker execute arbitrary codes in
@@ -56,19 +60,23 @@
http://www.milw0rm.com/exploits/8640
http://www.milw0rm.com/exploits/8625
http://xforce.iss.net/xforce/xfdb/50369
+ http://www.milw0rm.com/exploits/8620
+ http://www.milw0rm.com/exploits/8617
+ http://xforce.iss.net/xforce/xfdb/50339
CVSS Score:
CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
CVSS Temporal Score : 8.4
Risk factor: Critical";
- script_description(english:desc["english"]);
- script_summary(english:"Check for version of Sorinara Streaming Audio Player");
+ script_description(desc);
+ script_summary("Check for version of Sorinara Streaming Audio Player");
script_category(ACT_GATHER_INFO);
- script_copyright(english:"Copyright (C) 2009 SecPod");
- script_family(english:"Buffer overflow");
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Buffer overflow");
script_dependencies("secpod_reg_enum.nasl");
script_require_keys("SMB/WindowsVersion");
+ script_require_keys(139,445);
exit(0);
}
Added: trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl 3622 2009-07-23 16:25:33Z jul $
+#
+# Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900802);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464",
+ "CVE-2009-2465", "CVE-2009-2466");
+ script_bugtraq_id(35765, 35769, 35775, 35770, 35776);
+ script_name("Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux)");
+ desc = "
+
+ Overview: The host is installed with Thunderbird and is prone to Remote Code
+ Execution vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to error in browser engine which can be exlpoited
+ via some of the known vectors and unspecified vectors.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary code,
+ memory corruption, and results in Denial of Service condition.
+
+ Impact Level:System/Application
+
+ Affected Software/OS:
+ Mozilla Thunderbird version 2.0.0.22 and prior on Linux.
+
+ Fix: No solution or patch is available as on 23rd, July 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.mozilla.com/
+
+ References:
+ http://secunia.com/advisories/35914
+ http://www.vupen.com/english/advisories/2009/1972
+ http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_thunderbird_detect_lin.nasl");
+ script_require_keys("Thunderbird/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+tbVer = get_kb_item("Thunderbird/Linux/Ver");
+if(!tbVer){
+ exit(0);
+}
+
+# Grep for Thunderbird version <= 2.0.0.22
+if(version_is_less_equal(version:tbVer, test_version:"2.0.0.22")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl 2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl 2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl 3622 2009-07-23 15:53:33Z jul $
+#
+# Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(900801);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464",
+ "CVE-2009-2465", "CVE-2009-2466");
+ script_bugtraq_id(35765, 35769, 35775, 35770, 35776);
+ script_name("Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Win)");
+ desc = "
+
+ Overview: The host is installed with Thunderbird and is prone to Remote Code
+ Execution vulnerabilities.
+
+ Vulnerability Insight:
+ The flaws are caused due to error in browser engine which can be exlpoited
+ via some of the known vectors and unspecified vectors.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary code,
+ memory corruption, and results in Denial of Service condition.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Mozilla Thunderbird version 2.0.0.22 and prior on Windows.
+
+ Fix: No solution or patch is available as on 23rd, July 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.mozilla.com/
+
+ References:
+ http://secunia.com/advisories/35914
+ http://www.vupen.com/english/advisories/2009/1972
+ http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
+
+ CVSS Score:
+ CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.8
+ Risk factor: High";
+
+ script_description(desc);
+ script_summary("Check for the Version of Thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright("Copyright (C) 2009 SecPod");
+ script_family("Denial of Service");
+ script_dependencies("gb_thunderbird_detect_win.nasl");
+ script_require_keys("Thunderbird/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+if(!tbVer){
+ exit(0);
+}
+
+# Grep for Thunderbird version <= 2.0.0.22
+if(version_is_less_equal(version:tbVer, test_version:"2.0.0.22")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list