[Openvas-commits] r4133 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Jul 23 21:05:28 CEST 2009


Author: chandra
Date: 2009-07-23 21:05:26 +0200 (Thu, 23 Jul 2009)
New Revision: 4133

Added:
   trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl
   trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl
   trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl
   trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl
   trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl
   trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_hamster_audio_player_bof_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl
   trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_bof_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_detect.nasl
   trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl
   trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl
   trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/cve_current.txt
   trunk/openvas-plugins/scripts/secpod_sorinara_audio_player_bof_vuln.nasl
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/ChangeLog	2009-07-23 19:05:26 UTC (rev 4133)
@@ -1,13 +1,34 @@
+2009-07-23 Chandrashekhar B <bchandra at secpod.com>
+
+	* scripts/secpod_firefox_mult_vuln_jul09_win.nasl,
+	scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl,
+	scripts/secpod_hamster_audio_player_bof_vuln.nasl,
+	scripts/secpod_sorinara_audio_player_bof_vuln.nasl,
+	scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl,
+	scripts/secpod_google_chrome_mult_vuln_jul09.nasl,
+	scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl,
+	scripts/secpod_firefox_mult_vuln_jul09_lin.nasl,
+	scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl,
+	scripts/secpod_isc_dhcp_client_detect.nasl,
+	scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl,
+	scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl,
+	scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl,
+	scripts/secpod_opera_unicode_str_dos_vuln_win.nasl,
+	scripts/secpod_hamster_audio_player_detect.nasl,
+	scripts/secpod_isc_dhcp_client_bof_vuln.nasl:
+	Added new plugins.
+
+
 2009-07-22 Chandrashekhar B <bchandra at secpod.com>
 	
 	* scripts/gb_dm_filemanager_file_inc_vuln.nasl:
-	Fixed a bug to remove external site reference
+	Fixed a bug to remove external site reference.
 
 	* scripts/gb_nulllogic_groupware_mult_vuln_lin.nasl,
 	scripts/gb_nulllogic_groupware_detect_win.nasl,
 	scripts/gb_nulllogic_groupware_detect_lin.nasl,
 	scripts/gb_nulllogic_groupware_mult_vuln_win.nasl:
-	Updated to do remote check
+	Updated to do remote check.
 
 	* scripts/secpod_wireshark_infiniband_dos_vuln_win.nasl,
 	scripts/gb_sun_java_sys_web_serv_info_disc_vuln.nasl,
@@ -21,7 +42,7 @@
 	scripts/gb_mozilla_prdts_dos_vuln_jul09_lin.nasl,
 	scripts/secpod_wireshark_afs_dos_vuln_lin.nasl,
 	scripts/gb_opera_select_dos_vuln_win.nasl:
-	Added new plugins
+	Added new plugins.
 
 2009-07-21  Michael Meyer <mime at gmx.de>
 	* scripts/snitz_forums_2000_35764.nasl,

Modified: trunk/openvas-plugins/cve_current.txt
===================================================================
--- trunk/openvas-plugins/cve_current.txt	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/cve_current.txt	2009-07-23 19:05:26 UTC (rev 4133)
@@ -27,7 +27,7 @@
 CVE-2009-2422			SecPod		svn		L
 CVE-2009-2477 			SecPod		svn		L
 CVE-2009-1136 			SecPod		svn		L
-CVE-2009-0692 			SecPod
+CVE-2009-0692 			SecPod		svn
 CVE-2009-0192			SecPod
 CVE-2009-2457			SecPod
 CVE-2009-2456 			SecPod
@@ -44,7 +44,7 @@
 CVE-2009-2542 			SecPod		
 CVE-2009-2537 			SecPod
 CVE-2009-2544			SecPod
-CVE-2009-2556 			SecPod
+CVE-2009-2556 			SecPod		svn
 CVE-2009-2555 			SecPod
 CVE-2009-2561			SecPod		svn		L
 CVE-2009-2560			SecPod		svn		L
@@ -58,19 +58,19 @@
 CVE-2009-2535			SecPod		svn		L
 CVE-2009-2536			SecPod		svn		L
 CVE-2009-2540			SecPod		svn		L	
-CVE-2009-2465
-CVE-2009-2464
-CVE-2009-2463
-CVE-2009-2462
-CVE-2009-2471
-CVE-2009-2469
-CVE-2009-2467
-CVE-2009-2466
-CVE-2009-2472 
-CVE-2009-2576 
-CVE-2009-2577 
-CVE-2009-2578
-CVE-2009-2573
-CVE-2009-2574 
-CVE-2009-2568 
-
+CVE-2009-2465			SecPod		svn
+CVE-2009-2464			SecPod
+CVE-2009-2463			SecPod		svn
+CVE-2009-2462			SecPod		svn
+CVE-2009-2471			SecPod		svn	
+CVE-2009-2469			SecPod		svn	
+CVE-2009-2467			SecPod		svn
+CVE-2009-2466			SecPod		svn
+CVE-2009-2472 			SecPod		svn
+CVE-2009-2576 			SecPod		svn
+CVE-2009-2577 			SecPod		svn
+CVE-2009-2578			SecPod		svn
+CVE-2009-2573			SecPod
+CVE-2009-2574 			SecPod
+CVE-2009-2568 			SecPod		svn
+CVE-2009-2566 			SecPod

Added: trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_code_exec_vuln_jul09_lin.nasl 3622 2009-07-23 15:50:33Z jul $
+#
+# Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900399);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2467");
+  script_bugtraq_id(35767);
+  script_name("Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Linux)");
+  desc = "
+
+  Overview: The host is installed with Firefox browser and is prone to Remote
+  Code Execution vulnerabilities.
+
+  Vulnerability Insight:
+  Error exists when a page contains a Flash object which presents a slow script
+  dialog, and the page is navigated while the dialog is still visible to the
+  user, the Flash plugin is unloaded resulting in a crash due to a call to the
+  deleted object.
+
+  Impact:
+  Successful exploitation could allow remote attacker to execute arbitrary code
+  and results in Denial of Service condition.
+
+  Impact Level:System/Application
+
+  Affected Software/OS:
+  Mozilla Firefox version prior to 3.0.12 and 3.5.1 on Linux.
+
+  Fix: Upgrade to Firefox version 3.0.12 or 3.5.1 or later
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  References:
+  http://secunia.com/advisories/35914
+  http://www.vupen.com/english/advisories/2009/1972
+  http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the Version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_firefox_detect_lin.nasl");
+  script_require_keys("Firefox/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+  exit(0);
+}
+
+# Grep for Firefox version < 3.0.12 and < 3.5.1
+if(version_is_less(version:ffVer, test_version:"3.0.12") ||
+   version_is_equal(version:ffVer, test_version:"3.5")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_code_exec_vuln_jul09_win.nasl 3622 2009-07-23 14:12:33Z jul $
+#
+# Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900398);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2467");
+  script_bugtraq_id(35767);
+  script_name("Mozilla Firefox Remote Code Execution Vulnerabilities July-09 (Win)");
+  desc = "
+
+  Overview: The host is installed with Firefox browser and is prone to Remote
+  Code Execution vulnerabilities.
+
+  Vulnerability Insight:
+  Error exists when a page contains a Flash object which presents a slow script
+  dialog, and the page is navigated while the dialog is still visible to the
+  user, the Flash plugin is unloaded resulting in a crash due to a call to the
+  deleted object.
+
+  Impact:
+  Successful exploitation could allow remote attacker to execute arbitrary code
+  and results in Denial of Service condition.
+
+  Impact Level:System/Application
+
+  Affected Software/OS:
+  Mozilla Firefox version prior to 3.0.12 and 3.5.1 on Windows.
+
+  Fix: Upgrade to Firefox version 3.0.12 or 3.5.1 or later
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  References:
+  http://secunia.com/advisories/35914
+  http://www.vupen.com/english/advisories/2009/1972
+  http://www.mozilla.org/security/announce/2009/mfsa2009-35.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the Version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_firefox_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+  exit(0);
+}
+
+# Grep for Firefox version < 3.0.12 and < 3.5.1
+if(version_is_less(version:ffVer, test_version:"3.0.12") ||
+   version_is_equal(version:ffVer, test_version:"3.5")){
+   security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_code_exec_vuln_jul09_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_mult_vuln_jul09_lin.nasl 3622 2009-07-23 15:36:33Z jul $
+#
+# Mozilla Firefox Multiple Vulnerabilities July-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900397);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464",
+                "CVE-2009-2465", "CVE-2009-2466", "CVE-2009-2469",
+                "CVE-2009-2471", "CVE-2009-2472");
+  script_bugtraq_id(35765, 35769, 35775, 35770, 35776, 35772, 35766, 35773);
+  script_name("Mozilla Firefox Multiple Vulnerabilities July-09 (Linux)");
+  desc = "
+
+  Overview: The host is installed with Firefox browser and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are reported in Firefox, for more information refer below
+  reference links.
+
+  Impact:
+  Successful exploitation could allow remote attacker to execute arbitrary code,
+  memory corruption, XSS attacks and results in Denial of Service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Mozilla Firefox version prior to 3.0.12 on Linux.
+
+  Fix: Upgrade to Firefox version 3.0.12 or 3.5 or later
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  References:
+  http://www.vupen.com/english/advisories/2009/1972
+  http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
+  http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
+  http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
+  http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the Version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_firefox_detect_lin.nasl");
+  script_require_keys("Firefox/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+  exit(0);
+}
+
+# Grep for Firefox version < 3.0.12
+if(version_is_less(version:ffVer, test_version:"3.0.12")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_firefox_mult_vuln_jul09_win.nasl 3622 2009-07-23 12:52:33Z jul $
+#
+# Mozilla Firefox Multiple Vulnerabilities July-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900396);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464",
+                "CVE-2009-2465", "CVE-2009-2466", "CVE-2009-2469",
+                "CVE-2009-2471", "CVE-2009-2472");
+  script_bugtraq_id(35765, 35769, 35775, 35770, 35776, 35772, 35766, 35773);
+  script_name("Mozilla Firefox Multiple Vulnerabilities July-09 (Win)");
+  desc = "
+
+  Overview: The host is installed with Firefox browser and is prone to multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  Multiple flaws are reported in Firefox, for more information refer below
+  reference links.
+
+  Impact:
+  Successful exploitation could allow remote attacker to execute arbitrary code,
+  memory corruption, XSS attacks and results in Denial of Service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Mozilla Firefox version prior to 3.0.12 on Windows.
+
+  Fix: Upgrade to Firefox version 3.0.12 or 3.5 or later
+  http://www.mozilla.com/en-US/firefox/all.html
+
+  References:
+  http://www.vupen.com/english/advisories/2009/1972
+  http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
+  http://www.mozilla.org/security/announce/2009/mfsa2009-37.html
+  http://www.mozilla.org/security/announce/2009/mfsa2009-39.html
+  http://www.mozilla.org/security/announce/2009/mfsa2009-40.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the Version of Firefox");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_firefox_detect_win.nasl");
+  script_require_keys("Firefox/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+  exit(0);
+}
+
+# Grep for Firefox version < 3.0.12
+if(version_is_less(version:ffVer, test_version:"3.0.12")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_firefox_mult_vuln_jul09_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_google_chrome_mult_vuln_jul09.nasl 3595 2009-07-23 10:48:29Z jul $
+#
+# Google Chrome Multiple Vulnerabilities - Jul09
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900695);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2009-2555", "CVE-2009-2556");
+  script_bugtraq_id(35722, 35723);
+  script_name("Google Chrome Multiple Vulnerabilities - Jul09");
+  desc = "
+
+  Overview: This host has Google Chrome installed and is prone to Multiple
+  vulnerabilities.
+
+  Vulnerability Insight:
+  The multiple flaws are due to,
+  - Heap overflow error when evaluating a specially crafted regular expression
+    in Javascript within sandbox.
+  - Error while allocating memory buffers for a renderer (tab) process.
+
+  Impact:
+  Successful exploitation will let the remote attackers to execute arbitrary
+  code with the  privileges of the logged on user by bypassing the sandbox
+  and may crash the browser.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Google Chrome version prior to 2.0.172.37
+
+
+  Fix:
+  Upgrade to Google Chrome version 2.0.172.37
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://secunia.com/advisories/35844
+  http://xforce.iss.net/xforce/xfdb/51801
+  http://www.vupen.com/english/advisories/2009/1924
+
+  CVSS Score:
+    CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 6.9
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(chromeVer != NULL)
+{
+  # Check for Google Chrome version < 2.0.172.37
+  if(version_is_less(version:chromeVer, test_version:"2.0.172.37")){
+    security_hole(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_google_chrome_mult_vuln_jul09.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_google_chrome_unicode_str_dos_vuln.nasl 3623 2009-07-23 19:16:29Z jul $
+#
+# Google Chrome Unicode String Denial Of Service Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900805);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2578");
+  script_name("Google Chrome Unicode String Denial Of Service Vulnerability");
+  desc = "
+
+  Overview: This host is installed with Google Chrome and is prone to Denial of
+  Service vulnerability.
+
+  Vulnerability Insight:
+  Error occurs when application fails to handle user supplied input into the
+  'write' method via a long Unicode string argument.
+
+  Impact:
+  Successful exploitation lets the attacker cause memory or CPU consumption,
+  resulting in Denial of Service condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Google Chrome version 2.x to 2.0.172 on Windows.
+
+  Fix: No solution or patch is available as on 23rd July 2009, Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.google.com/chrome
+
+  References:
+  http://websecurity.com.ua/3338/
+  http://www.securityfocus.com/archive/1/archive/1/505092/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.2
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the Version of Google Chrome");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_google_chrome_detect_win.nasl");
+  script_require_keys("GoogleChrome/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+chromeVer = get_kb_item("GoogleChrome/Win/Ver");
+if(!chromeVer){
+  exit(0);
+}
+
+# Check for Google Chrome version 2.x <= 2.0.172
+if(version_in_range(version:chromeVer, test_version:"2.0",
+                                       test_version2:"2.0.172")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_google_chrome_unicode_str_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_hamster_audio_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_hamster_audio_player_bof_vuln.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_hamster_audio_player_bof_vuln.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_hamster_audio_player_bof_vuln.nasl 3579 2009-07-22 16:52:02Z jul $
+#
+# Hamster Audio Player Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900693);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2550");
+  script_name("Hamster Audio Player Buffer Overflow Vulnerability");
+  desc = "
+
+  Overview: This host is installed with Hamster Audio player and is prone
+  to Stack Overflow Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to improper bounds checking when processing .m3u files
+  and can be exploited by persuading a victim to open a specially-crafted
+  .m3u or .hpl playlist file containing an overly long string.
+
+  Impact:
+  Successful exploitation allows the attacker to execute arbitrary code on
+  the system or cause the application to crash.
+
+  Impact Level:System/Application
+
+  Affected Software/OS:
+  Hamster Audio Player 0.3a and prior on Windows.
+
+  Fix:
+  No solution or patch is available as on th 22nd July, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer,http://www.ondanera.net/eng/download.html 
+
+  References:
+  http://secunia.com/advisories/35825
+  http://www.milw0rm.com/exploits/9172
+  http://xforce.iss.net/xforce/xfdb/51732
+  
+  CVSS Score:
+    CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) 
+    CVSS Temporal Score  : 8.4 
+  Risk factor: Critical"; 
+  
+  script_description(desc);
+  script_summary("Check for the Version of Hamster Audio Player");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_hamster_audio_player_detect.nasl");
+  script_require_keys("Hamster/Audio-Player/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+hamsterVer = get_kb_item("Hamster/Audio-Player/Ver");
+if(hamsterVer != NULL)
+{
+  if(version_is_less_equal(version:hamsterVer, test_version:"0.3a")){
+    security_hole(0);
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_hamster_audio_player_detect.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,73 @@
+#############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_hamster_audio_player_detect.nasl 3579 2009-07-09 14:30:24Z jul $
+#
+# Hamster Audio Player Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800692);
+  script_version("$ Revision: 1.0 $");
+  script_name("Hamster Audio Player Version Detection");
+  desc = "
+  
+  Overview : This script finds the installed OpenSSL version and saves the
+  result in KB item.
+
+  Risk factor : Informational";
+
+  script_description(desc);
+  script_summary("Set Version of Hamster Audio player in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Service detection");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  script_require_keys(139,445); 
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+  hamsterName = registry_get_sz(key:key + item, item:"DisplayName");
+  
+  if("Hamster" >< hamsterName)
+  {
+    hamsterVer = eregmatch(pattern:"Hamster ([0-9.]+([a-z]+)?)",
+                                             string:hamsterName);
+    if(hamsterVer[1] != NULL)
+    {
+      set_kb_item(name:"Hamster/Audio-Player/Ver", value:hamsterVer[1]);
+      exit(0);
+    }
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_bof_vuln.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_bof_vuln.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,112 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_isc_dhcp_client_bof_vuln.nasl 3518 2009-07-22 15:05:27Z jul $
+#
+# ISC DHCP Client Buffer Overflow Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900694);
+  script_version("$Revision: 1.0$");
+  script_cve_id("CVE-2009-0692");
+  script_bugtraq_id(35668);
+  script_name("ISC DHCP Client Buffer Overflow Vulnerability");
+  desc = "
+
+  Overview: This host has installed ISC DHCP Client and is prone to Buffer
+  overflow Vulnerability.
+
+  Vulnerability Insight:
+  The flaw is due to a boundary error within the 'script_write_params()'
+  function in 'client/dhclient.c' which can be exploited to cause a stack-based
+  buffer overflow by sending an overly long subnet-mask option.
+
+  Impact:
+  Successful exploitation allows attackers to run arbitrary code, corrupt memory,
+  and can cause denial of service.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  ISC DHCP dhclient 4.1 before 4.1.0p1
+  ISC DHCP dhclient 4.0 before 4.0.1p1
+  ISC DHCP dhclient 3.1 before 3.1.2p1
+  ISC DHCP dhclient all versions in 3.0
+  and 2.0 series.
+
+  Fix: Upgrade to version 4.1.0p1, 4.0.1p1, or 3.1.2p1 or later
+  For updates refer, https://www.isc.org/downloadables/
+
+  References:
+  https://www.isc.org/node/468
+  http://secunia.com/advisories/35785
+  http://www.kb.cert.org/vuls/id/410676
+  http://www.vupen.com/english/advisories/2009/1891
+
+  CVSS Score:
+    CVSS Base Score      : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score  : 7.4
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Checks for the version of ISC DHCP Client");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Buffer overflow");
+  script_dependencies("secpod_isc_dhcp_client_detect.nasl");
+  script_require_keys("ISC/DHCP-Client/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+dhcpVer = get_kb_item("ISC/DHCP-Client/Ver");
+if(!dhcpVer){
+  exit(0);
+}
+
+if(dhcpVer =~ "^4\.1")
+{
+  if(version_is_less(version:dhcpVer, test_version:"4.1.0.p1")){
+    security_hole(0);
+  }
+}
+
+else if(dhcpVer =~ "^4\.0")
+{
+  if(version_is_less(version:dhcpVer, test_version:"4.0.1.p1")){
+    security_hole(0);
+  }
+}
+
+else if(dhcpVer =~ "^3\.1")
+{
+  if(version_is_less(version:dhcpVer, test_version:"3.1.2.p1")){
+    security_hole(0);
+  }
+}
+
+else if((dhcpVer =~ "^3\.0") || (dhcpVer =~ "^2\.0")){
+  security_hole(0);
+}

Added: trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_detect.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_isc_dhcp_client_detect.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,73 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_isc_dhcp_client_detect.nasl 3518 2009-07-22 15:21:24Z jul $
+#
+# ISC DHCP Client Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900696);
+  script_version("Revision: 1.0");
+  script_name("ISC DHCP Client Version Detection");
+  desc  = "
+
+  Overview: This script detects the installed version of ISC DHCP Client
+  and sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(desc);
+  script_summary("Sets KB for the version of DHCP Client");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Service detection");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+dhcp_sock = ssh_login_or_reuse_connection();
+if(!dhcp_sock){
+  exit(0);
+}
+
+paths = find_bin(prog_name:"dhclient", sock:dhcp_sock);
+foreach dhcpBin (paths)
+{
+   dhcpVer= get_bin_version(full_prog_name:chomp(dhcpBin),
+            sock:dhcp_sock, version_argv:"--version",
+            ver_pattern:"([0-9.]+)(-| )?((alpha|beta|rc|[a-z][0-9])?([0-9]+)?)");
+
+   if(("isc-dhclient" >< dhcpVer) && (dhcpVer[1] != NULL))
+   {
+     if(dhcpVer[3] != NULL){
+       dhcpVer = dhcpVer[1] + "." + dhcpVer[3];
+     }
+     else
+       dhcpVer = dhcpVer[1];
+   
+     set_kb_item(name:"ISC/DHCP-Client/Ver", value:dhcpVer);
+  }
+}
+ssh_close_connection();

Added: trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms_ie_unicode_str_dos_vuln.nasl 3625 2009-07-23 17:29:29Z jul $
+#
+# Microsoft Internet Explorer Unicode String DoS Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900400);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2576");
+  script_name("Microsoft Internet Explorer Unicode String DoS Vulnerability");
+  desc = "
+
+  Overview: This host is installed with Internet Explorer and is prone to
+  Denial of Service vulnerability.
+
+  Vulnerability Insight:
+  Error exists when application fails to handle user supplied input into the
+  'write' method via a long Unicode string argument.
+
+  Impact:
+  Successful exploitation lets the attacker to cause memory or CPU consumption,
+  resulting in Denial of Service condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Microsoft Internet Explorer version 6.0.2900.2180 and prior
+
+  Fix: No solution or patch is available as on 23rd July 2009, Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer,
+  http://www.microsoft.com/windows/internet-explorer/download-ie.aspx
+
+  References:
+  http://websecurity.com.ua/3338/
+  http://www.securityfocus.com/archive/1/archive/1/505122/100/0/threaded
+  http://www.securityfocus.com/archive/1/archive/1/505120/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.2
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the Version of Internet Explorer");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_ms_ie_detect.nasl");
+  script_require_keys("MS/IE/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+ieVer = get_kb_item("MS/IE/Version");
+if(!ieVer){
+  exit(0);
+}
+
+if(version_is_less_equal(version:ieVer, test_version:"6.0.2900.2180")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms_ie_unicode_str_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_opera_unicode_str_dos_vuln_lin.nasl 3624 2009-07-23 18:43:29Z jul $
+#
+# Opera Unicode String Denial Of Service Vulnerability (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900804);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2577");
+  script_name("Opera Unicode String Denial Of Service Vulnerability (Linux)");
+  desc = "
+
+  Overview: This host is installed with Opera and is prone to Denial of Service
+  vulnerability.
+
+  Vulnerability Insight:
+  Error exists when application fails to handle user supplied input into the
+  'write' method via a long Unicode string argument.
+
+  Impact:
+  Successful exploitation lets the attacker cause memory or CPU consumption,
+  resulting in Denial of Service condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Opera version 9.52 and prior on Linux.
+
+  Fix: No solution or patch is available as on 23rd July 2009, Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.opera.com/
+
+  References:
+  http://websecurity.com.ua/3338/
+  http://www.securityfocus.com/archive/1/archive/1/505092/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.2
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the Version of Opera");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("secpod_opera_detection_linux_900037.nasl");
+  script_require_keys("Opera/Linux/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+operaVer = get_kb_item("Opera/Linux/Version");
+if(!operaVer){
+  exit(0);
+}
+
+# Check for Opera version <= 9.52
+if(version_is_less_equal(version:operaVer, test_version:"9.52")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_opera_unicode_str_dos_vuln_win.nasl 3624 2009-07-23 18:29:29Z jul $
+#
+# Opera Unicode String Denial Of Service Vulnerability (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900803);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2577");
+  script_name("Opera Unicode String Denial Of Service Vulnerability (Win)");
+  desc = "
+
+  Overview: This host is installed with Opera and is prone to Denial of Service
+  vulnerability.
+
+  Vulnerability Insight:
+  Error exists when application fails to handle user supplied input into the
+  'write' method via a long Unicode string argument.
+
+  Impact:
+  Successful exploitation lets the attacker cause memory or CPU consumption,
+  resulting in Denial of Service condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Opera version 9.52 and prior on Windows.
+
+  Fix: No solution or patch is available as on 23rd July 2009, Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.opera.com/
+
+  References:
+  http://websecurity.com.ua/3338/
+  http://www.securityfocus.com/archive/1/archive/1/505092/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.2
+  Risk factor: Medium";
+
+  script_description(desc);
+  script_summary("Check for the Version of Opera");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("secpod_opera_detection_win_900036.nasl");
+  script_require_keys("Opera/Win/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+operaVer = get_kb_item("Opera/Win/Version");
+
+security_note(data:"versiona" +operaVer);
+if(!operaVer){
+  exit(0);
+}
+
+# Check for Opera version <= 9.52
+if(version_is_less_equal(version:operaVer, test_version:"9.52")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_opera_unicode_str_dos_vuln_win.nasl
___________________________________________________________________
Name: svn:executable
   + *

Modified: trunk/openvas-plugins/scripts/secpod_sorinara_audio_player_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_sorinara_audio_player_bof_vuln.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_sorinara_audio_player_bof_vuln.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -1,12 +1,16 @@
 ###############################################################################
 # OpenVAS Vulnerability Test
-# $Id: secpod_sorinara_audio_player_bof_vuln.nasl 2344 2009-05-19 15:56:36Z may $
+# $Id: secpod_sorinara_audio_player_bof_vuln.nasl 2344 2009-07-23 14:58:36Z jul $
 #
 # Sorinara Streaming Audio Player Stack Overflow Vulnerability
 #
 # Authors:
 # Antu Sanadi<santu at secpod.com>
 #
+# Modified by: Nikita MR (rnikita at secpod.com)
+# Date: 23rd July 2009
+# Changes: Added CVE-2009-2568 and updated the  vulnerability insight.
+#
 # Copyright:
 # Copyright (c) 2009 SecPod, http://www.secpod.com
 #
@@ -28,17 +32,17 @@
 {
   script_id(900649);
   script_version("$Revision: 1.0 $");
-  script_cve_id("CVE-2009-1644");
-  script_bugtraq_id(34861);
-  script_name(english:"Sorinara Streaming Audio Player Stack Overflow Vulnerability");
-  desc["english"] = "
+  script_cve_id("CVE-2009-1644", "CVE-2009-2568");
+  script_bugtraq_id(34861, 34842);
+  script_name("Sorinara Streaming Audio Player Stack Overflow Vulnerability");
+  desc = "
 
   Overview: This host is running Sorinara Streaming Audio Player and is prone
   to Stack Overflow Vulnerability.
 
   Vulnerability Insight:
   This vulnerability is caused due to improper boundary checks when processing
-  playlist 'pla' files.
+  playlist 'pla' and '.m3u' files.
 
   Impact:
   Successful exploitation will let the attacker execute arbitrary codes in
@@ -56,19 +60,23 @@
   http://www.milw0rm.com/exploits/8640
   http://www.milw0rm.com/exploits/8625
   http://xforce.iss.net/xforce/xfdb/50369
+  http://www.milw0rm.com/exploits/8620
+  http://www.milw0rm.com/exploits/8617
+  http://xforce.iss.net/xforce/xfdb/50339
 
   CVSS Score:
     CVSS Base Score      : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
     CVSS Temporal Score  : 8.4
   Risk factor: Critical";
 
-  script_description(english:desc["english"]);
-  script_summary(english:"Check for version of Sorinara Streaming Audio Player");
+  script_description(desc);
+  script_summary("Check for version of Sorinara Streaming Audio Player");
   script_category(ACT_GATHER_INFO);
-  script_copyright(english:"Copyright (C) 2009 SecPod");
-  script_family(english:"Buffer overflow");
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Buffer overflow");
   script_dependencies("secpod_reg_enum.nasl");
   script_require_keys("SMB/WindowsVersion");
+  script_require_keys(139,445);
   exit(0);
 }
 

Added: trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl 3622 2009-07-23 16:25:33Z jul $
+#
+# Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900802);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464",
+                "CVE-2009-2465", "CVE-2009-2466");
+  script_bugtraq_id(35765, 35769, 35775, 35770, 35776);
+  script_name("Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Linux)");
+  desc = "
+
+  Overview: The host is installed with Thunderbird and is prone to Remote Code
+  Execution vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to error in browser engine which can be exlpoited
+  via some of the known vectors and unspecified vectors.
+
+  Impact:
+  Successful exploitation could allow remote attacker to execute arbitrary code,
+  memory corruption, and results in Denial of Service condition.
+
+  Impact Level:System/Application
+
+  Affected Software/OS:
+  Mozilla Thunderbird version 2.0.0.22 and prior on Linux.
+
+  Fix: No solution or patch is available as on 23rd, July 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.mozilla.com/
+
+  References:
+  http://secunia.com/advisories/35914
+  http://www.vupen.com/english/advisories/2009/1972
+  http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the Version of Thunderbird");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_thunderbird_detect_lin.nasl");
+  script_require_keys("Thunderbird/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+tbVer = get_kb_item("Thunderbird/Linux/Ver");
+if(!tbVer){
+  exit(0);
+}
+
+# Grep for Thunderbird version <= 2.0.0.22
+if(version_is_less_equal(version:tbVer, test_version:"2.0.0.22")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_lin.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl	2009-07-23 10:48:09 UTC (rev 4132)
+++ trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl	2009-07-23 19:05:26 UTC (rev 4133)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl 3622 2009-07-23 15:53:33Z jul $
+#
+# Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900801);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-2462", "CVE-2009-2463", "CVE-2009-2464",
+                "CVE-2009-2465", "CVE-2009-2466");
+  script_bugtraq_id(35765, 35769, 35775, 35770, 35776);
+  script_name("Mozilla Thunderbird Memory Corruption Vulnerabilities July-09 (Win)");
+  desc = "
+
+  Overview: The host is installed with Thunderbird and is prone to Remote Code
+  Execution vulnerabilities.
+
+  Vulnerability Insight:
+  The flaws are caused due to error in browser engine which can be exlpoited
+  via some of the known vectors and unspecified vectors.
+
+  Impact:
+  Successful exploitation could allow remote attacker to execute arbitrary code,
+  memory corruption, and results in Denial of Service condition.
+
+  Impact Level: System/Application
+
+  Affected Software/OS:
+  Mozilla Thunderbird version 2.0.0.22 and prior on Windows.
+
+  Fix: No solution or patch is available as on 23rd, July 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.mozilla.com/
+
+  References:
+  http://secunia.com/advisories/35914
+  http://www.vupen.com/english/advisories/2009/1972
+  http://www.mozilla.org/security/announce/2009/mfsa2009-34.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.8
+  Risk factor: High";
+
+  script_description(desc);
+  script_summary("Check for the Version of Thunderbird");
+  script_category(ACT_GATHER_INFO);
+  script_copyright("Copyright (C) 2009 SecPod");
+  script_family("Denial of Service");
+  script_dependencies("gb_thunderbird_detect_win.nasl");
+  script_require_keys("Thunderbird/Win/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+if(!tbVer){
+  exit(0);
+}
+
+# Grep for Thunderbird version <= 2.0.0.22
+if(version_is_less_equal(version:tbVer, test_version:"2.0.0.22")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_thunderbird_mem_crptn_vuln_jul09_win.nasl
___________________________________________________________________
Name: svn:executable
   + *



More information about the Openvas-commits mailing list