From scm-commit at wald.intevation.org Sun Mar 1 15:00:02 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sun, 1 Mar 2009 15:00:02 +0100 (CET) Subject: [Openvas-commits] r2615 - in trunk/openvas-manager: . src Message-ID: <20090301140002.A966C40728@pyrosoma.intevation.org> Author: mattm Date: 2009-03-01 14:59:55 +0100 (Sun, 01 Mar 2009) New Revision: 2615 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.c trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/ompd.c trunk/openvas-manager/src/openvasmd.c trunk/openvas-manager/src/otp.c Log: Reduce number of gotos. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-02-28 20:28:46 UTC (rev 2614) +++ trunk/openvas-manager/ChangeLog 2009-03-01 13:59:55 UTC (rev 2615) @@ -1,3 +1,25 @@ +2009-03-01 Matthew Mundell + + Reduce number of gotos. + + * src/ompd.c (read_from_server): Retry with while instead of goto. + + * src/omp.c (send_dependency): Move SEND_TO_CLIENT destination to end + of function. + (omp_xml_handle_end_element): Neaten indentation. + + * src/openvasmd.c (read_protocol): Retry with while instead of goto. + + * src/otp.c (parse_server_done, parse_server_preference_value, + parse_server_rule, parse_server_plugin_dependency_dependency, + parse_server_server, sync_buffer): New functions. + (process_otp_server_input): Call new parsing and sync functions instead + of jumping. Return immediately instead of jumping to fail code. Use + g_strdup instead of strdup. Drop make_message return checks. + + * src/manage.c (load_tasks, save_task): Move fail destinations to ends + of functions. + 2009-02-28 Matthew Mundell Add env_authenticate and use it in tests. Modified: trunk/openvas-manager/src/manage.c =================================================================== --- trunk/openvas-manager/src/manage.c 2009-02-28 20:28:46 UTC (rev 2614) +++ trunk/openvas-manager/src/manage.c 2009-03-01 13:59:55 UTC (rev 2615) @@ -414,6 +414,7 @@ } int index; + gchar* file_name = NULL; for (index = 0; index < count; index++) { const char* task_name = names[index]->d_name; @@ -425,23 +426,9 @@ tracef (" %s\n", task_name); - gchar* file_name = g_build_filename (dir_name, task_name, "name", NULL); + file_name = g_build_filename (dir_name, task_name, "name", NULL); g_file_get_contents (file_name, &name, NULL, &error); - if (error) - { - contents_fail: - fprintf (stderr, "Failed to get contents of %s: %s\n", - file_name, - error->message); - fail: - g_error_free (error); - g_free (dir_name); - g_free (file_name); - for (; index < count; index++) free (names[index]); - free (names); - free_tasks (); - return -1; - } + if (error) goto contents_fail; g_free (file_name); file_name = g_build_filename (dir_name, task_name, "time", NULL); @@ -512,6 +499,19 @@ tracef (" Loading tasks... done\n"); return 0; + + contents_fail: + fprintf (stderr, "Failed to get contents of %s: %s\n", + file_name, + error->message); + fail: + g_error_free (error); + g_free (dir_name); + g_free (file_name); + for (; index < count; index++) free (names[index]); + free (names); + free_tasks (); + return -1; } /** @@ -545,16 +545,7 @@ gchar* file_name = g_build_filename (dir_name, "name", NULL); g_file_set_contents (file_name, task->name, -1, &error); - if (error) - { - contents_fail: - fprintf (stderr, "Failed to set contents of %s: %s\n", - file_name, - error->message); - g_error_free (error); - g_free (file_name); - return -1; - } + if (error) goto contents_fail; g_free (file_name); file_name = g_build_filename (dir_name, "comment", NULL); @@ -588,6 +579,14 @@ g_free (file_name); return 0; + + contents_fail: + fprintf (stderr, "Failed to set contents of %s: %s\n", + file_name, + error->message); + g_error_free (error); + g_free (file_name); + return -1; } /** Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-02-28 20:28:46 UTC (rev 2614) +++ trunk/openvas-manager/src/omp.c 2009-03-01 13:59:55 UTC (rev 2615) @@ -561,13 +561,16 @@ if (g_slist_find_custom ((GSList*) value, NULL, send_requirement)) { - send_to_client_fail: g_free (msg); return TRUE; } SEND_TO_CLIENT (""); return FALSE; + + send_to_client_fail: + g_free (msg); + return TRUE; } /** @@ -780,15 +783,15 @@ "333" ""); SEND_TO_CLIENT ("" - "1.3.6.1.4.1.25623.1.7.13005" - "FooBar 1.5 installed" - "md5222" - ""); + "1.3.6.1.4.1.25623.1.7.13005" + "FooBar 1.5 installed" + "md5222" + ""); SEND_TO_CLIENT ("" - "1.3.6.1.4.1.25623.1.7.13006" - "FooBar 2.1 XSS vulnerability" - "md5223" - ""); + "1.3.6.1.4.1.25623.1.7.13006" + "FooBar 2.1 XSS vulnerability" + "md5223" + ""); SEND_TO_CLIENT (""); set_client_state (CLIENT_AUTHENTIC); break; Modified: trunk/openvas-manager/src/ompd.c =================================================================== --- trunk/openvas-manager/src/ompd.c 2009-02-28 20:28:46 UTC (rev 2614) +++ trunk/openvas-manager/src/ompd.c 2009-03-01 13:59:55 UTC (rev 2615) @@ -152,8 +152,6 @@ while (from_server_end < from_buffer_size) { ssize_t count; - int retries = 5; - retry: count = gnutls_record_recv (*server_session, from_server + from_server_end, from_buffer_size - from_server_end); @@ -184,10 +182,6 @@ } fprintf (stderr, "Failed to read from server.\n"); gnutls_perror (count); - /* FIX Retry a few times even though there has been an error. - This is because the recv sometimes fails with a "decryption - failed" error. */ - while (retries--) goto retry; return -1; } if (count == 0) Modified: trunk/openvas-manager/src/openvasmd.c =================================================================== --- trunk/openvas-manager/src/openvasmd.c 2009-02-28 20:28:46 UTC (rev 2614) +++ trunk/openvas-manager/src/openvasmd.c 2009-03-01 13:59:55 UTC (rev 2615) @@ -276,19 +276,24 @@ while (from_client_end < FROM_BUFFER_SIZE) { ssize_t count; - retry: - count = gnutls_record_recv (*client_session, - from_client + from_client_end, - FROM_BUFFER_SIZE - - from_client_end); - if (count < 0) + + while (1) { + count = gnutls_record_recv (*client_session, + from_client + from_client_end, + FROM_BUFFER_SIZE + - from_client_end); if (count == GNUTLS_E_INTERRUPTED) /* Interrupted, try read again. */ - goto retry; + continue; if (count == GNUTLS_E_REHANDSHAKE) /* Try again. TODO Rehandshake. */ - goto retry; + continue; + break; + } + + if (count < 0) + { if (gnutls_error_is_fatal (count) == 0 && (count == GNUTLS_E_WARNING_ALERT_RECEIVED || count == GNUTLS_E_FATAL_ALERT_RECEIVED)) Modified: trunk/openvas-manager/src/otp.c =================================================================== --- trunk/openvas-manager/src/otp.c 2009-02-28 20:28:46 UTC (rev 2614) +++ trunk/openvas-manager/src/otp.c 2009-03-01 13:59:55 UTC (rev 2615) @@ -746,6 +746,261 @@ extern int from_server_end; /** + * @brief Parse the final SERVER field of an OTP message. + * + * @param messages A pointer into the OTP input buffer. + * + * @return 0 success, -1 fail, -2 too few characters (need more input). + */ +int +parse_server_done (char** messages) +{ + char *end = *messages + from_server_end - from_server_start; + while (*messages < end && ((*messages)[0] == ' ' || (*messages)[0] == '\n')) + { (*messages)++; from_server_start++; } + if ((int) (end - *messages) < 6) + /* Too few characters to be the end marker, return to select to + * wait for more input. */ + return -2; + if (strncasecmp ("SERVER", *messages, 6)) + { + tracef (" server fail: expected final \"SERVER\"\n"); + return -1; + } + set_server_state (SERVER_TOP); + from_server_start += 6; + (*messages) += 6; + return 0; +} + +/** + * @brief Parse the final SERVER field of an OTP message. + * + * @param messages A pointer into the OTP input buffer. + * + * @return 0 success, -2 too few characters (need more input). + */ +int +parse_server_preference_value (char** messages) +{ + char *value, *end, *match; + assert (current_server_preference); + end = *messages + from_server_end - from_server_start; + while (*messages < end && ((*messages)[0] == ' ')) + { (*messages)++; from_server_start++; } + if ((match = memchr (*messages, '\n', from_server_end - from_server_start))) + { + match[0] = '\0'; + value = g_strdup (*messages); + add_server_preference (current_server_preference, value); + set_server_state (SERVER_PREFERENCE_NAME); + from_server_start += match + 1 - *messages; + *messages = match + 1; + return 0; + } + return -2; +} + +/** + * @brief Parse an OTP rule. + * + * @param messages A pointer into the OTP input buffer. + * + * @return 0 read a rule, -1 read a <|>, -2 too few characters (need + * more input). + */ +int +parse_server_rule (char** messages) +{ + char *end, *match; + end = *messages + from_server_end - from_server_start; + while (*messages < end && ((*messages)[0] == '\n')) + { (*messages)++; from_server_start++; } + while (*messages < end && ((*messages)[0] == ' ')) + { (*messages)++; from_server_start++; } + /* Check for the end marker. */ + if (end - *messages > 2 + && (*messages)[0] == '<' + && (*messages)[1] == '|' + && (*messages)[2] == '>') + /* The rules list ends with "<|> SERVER". */ + return -1; + /* There may be a rule ending in a semicolon. */ + if ((match = memchr (*messages, ';', from_server_end - from_server_start))) + { + char* rule; + match[0] = '\0'; + rule = g_strdup (*messages); + add_server_rule (rule); + from_server_start += match + 1 - *messages; + *messages = match + 1; + return 0; + } + return -2; +} + +/** + * @brief Parse the dependency of a server plugin. + * + * @param messages A pointer into the OTP input buffer. + * + * @return 1 if a <|> follows in the buffer, otherwise 0. + */ +int +parse_server_plugin_dependency_dependency (char** messages) +{ + /* Look for the end of dependency marker: a newline that comes before + * the next <|>. */ + char *separator, *end, *match, *input; + int from_start, from_end; + separator = NULL; + /* Look for <|>. */ + input = *messages; + from_start = from_server_start; + from_end = from_server_end; + while (from_start < from_end + && (match = memchr (input, '<', from_end - from_start))) + { + if (((int) (match - input) - from_start + 1) < from_end + && (match[1] == '|') + && (match[2] == '>')) + { + separator = match; + break; + } + from_start += match + 1 - input; + input = match + 1; + } + /* Look for newline. */ + end = *messages + from_server_end - from_server_start; + while (*messages < end && ((*messages)[0] == ' ')) + { (*messages)++; from_server_start++; } + if ((match = memchr (*messages, '\n', from_server_end - from_server_start))) + { + /* Compare newline position to <|> position. */ + if ((separator == NULL) || (match < separator)) + { + finish_current_server_plugin_dependency (); + from_server_start += match + 1 - *messages; + *messages = match + 1; + set_server_state (SERVER_PLUGIN_DEPENDENCY_NAME); + } + } + return separator == NULL; +} + + +/** + * @brief Parse the field following "SERVER <|>". + * + * @param messages A pointer into the OTP input buffer. + * + * @return 0 found a newline delimited field, -1 error, -2 need more input, + * -3 found a <|> before next newline (that is, a <|> delimited + * field follows), -4 failed to find a newline (may be a <|>) + */ +int +parse_server_server (char** messages) +{ + char *end, *match; + end = *messages + from_server_end - from_server_start; + while (*messages < end && ((*messages)[0] == ' ')) + { (*messages)++; from_server_start++; } + if ((match = memchr (*messages, '\n', from_server_end - from_server_start))) + { + match[0] = '\0'; + // FIX is there ever whitespace before the newline? + while (*messages < end && ((*messages)[0] == ' ')) + { (*messages)++; from_server_start++; } + // FIX 20 available? + if (strncasecmp ("PLUGINS_DEPENDENCIES", *messages, 20) == 0) + { + from_server_start += match + 1 - *messages; + *messages = match + 1; + maybe_free_server_plugins_dependencies (); + make_server_plugins_dependencies (); + set_server_state (SERVER_PLUGIN_DEPENDENCY_NAME); + return 0; + } + char* newline = match; + newline[0] = '\n'; + /* Check for a <|>. */ + char* input = *messages; + int from_start = from_server_start; + int from_end = from_server_end; + while (from_start < from_end + && (match = memchr (input, '<', from_end - from_start))) + { + if ((((int) (match - input) - from_start + 1) < from_end) + && (match[1] == '|') + && (match[2] == '>')) + { + if (match > newline) + /* The next <|> is after the newline, which is an error. */ + return -1; + /* The next <|> is before the newline, which may be correct. */ + return -3; + } + from_start += match + 1 - input; + input = match + 1; + } + /* Need more input for a newline or <|>. */ + return -2; + } + return -4; +} + +/** + * @brief "Synchronise" the \ref from_server buffer. + * + * Move any OTP in the \ref from_server buffer to the front of the buffer. + * + * @return 0 success, -1 \ref from_server is full. + */ +int +sync_buffer () +{ + if (from_server_start > 0 && from_server_start == from_server_end) + { + from_server_start = from_server_end = 0; + tracef (" server start caught end\n"); + } + else if (from_server_start == 0) + { + if (from_server_end == from_buffer_size) + { + // FIX if the buffer is entirely full here then exit + // (or will hang waiting for buffer to empty) + // this could happen if the server sends a field with length >= buffer length + // could realloc buffer + // which may eventually use all mem and bring down manager + // would only bring down the process serving the client + // may lead to out of mem in other processes? + // could realloc to an upper limit within avail mem + tracef (" server buffer full\n"); + return -1; + } + } + else + { + /* Move the remaining partial line to the front of the buffer. This + * ensures that there is space after the partial line into which + * serve_omp can read the rest of the line. */ + char* start = from_server + from_server_start; + from_server_end -= from_server_start; + memmove (from_server, start, from_server_end); + from_server_start = 0; +#if TRACE + from_server[from_server_end] = '\0'; + //tracef (" new from_server: %s\n", from_server); + tracef (" new from_server_start: %i\n", from_server_start); + tracef (" new from_server_end: %i\n", from_server_end); +#endif + } + return 0; +} + +/** * @brief Process any lines available in \ref from_server. * * Update server information according to the input from the server. @@ -775,13 +1030,16 @@ { case SERVER_INIT_SENT_VERSION: if (from_server_end - from_server_start < 12) - /* Need more input. */ - goto succeed; + { + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } if (strncasecmp ("< OTP/1.0 >\n", messages, 12)) { tracef (" server fail: expected \"< OTP/1.0 >, got \"%.12s\"\n\"\n", messages); - goto fail; + return -1; } from_server_start += 12; messages += 12; @@ -789,214 +1047,104 @@ /* Fall through to attempt next step. */ case SERVER_INIT_GOT_VERSION: if (from_server_end - from_server_start < 7) - /* Need more input. */ - goto succeed; + { + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } if (strncasecmp ("User : ", messages, 7)) { tracef (" server fail: expected \"User : \", got \"%7s\"\n", messages); - goto fail; + return -1; } from_server_start += 7; messages += 7; set_server_init_state (SERVER_INIT_GOT_USER); - goto succeed; + if (sync_buffer ()) return -1; + return 0; case SERVER_INIT_GOT_USER: /* Input from server after "User : " and before user name sent. */ - goto fail; + return -1; case SERVER_INIT_SENT_USER: if (from_server_end - from_server_start < 11) - /* Need more input. */ - goto succeed; + { + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } if (strncasecmp ("Password : ", messages, 11)) { tracef (" server fail: expected \"Password : \", got \"%11s\"\n", messages); - goto fail; + return -1; } from_server_start += 11; messages += 11; set_server_init_state (SERVER_INIT_GOT_PASSWORD); - goto succeed; + if (sync_buffer ()) return -1; + return 0; case SERVER_INIT_GOT_PASSWORD: /* Input from server after "Password : " and before password sent. */ - goto fail; + return -1; case SERVER_INIT_CONNECT_INTR: case SERVER_INIT_CONNECTED: /* Input from server before version string sent. */ - goto fail; + return -1; case SERVER_INIT_DONE: case SERVER_INIT_TOP: if (server_state == SERVER_DONE) - { - char *end; - server_done: - end = messages + from_server_end - from_server_start; - while (messages < end && (messages[0] == ' ' || messages[0] == '\n')) - { messages++; from_server_start++; } - if ((int) (end - messages) < 6) - /* Too few characters to be the end marker, return to select to - * wait for more input. */ - goto succeed; - if (strncasecmp ("SERVER", messages, 6)) - { - tracef (" server fail: expected final \"SERVER\"\n"); - goto fail; - } - set_server_state (SERVER_TOP); - from_server_start += 6; - messages += 6; - } + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } else if (server_state == SERVER_PREFERENCE_VALUE) - { - char *value, *end; - server_preference_value: - assert (current_server_preference); - end = messages + from_server_end - from_server_start; - while (messages < end && (messages[0] == ' ')) - { messages++; from_server_start++; } - if ((match = memchr (messages, '\n', from_server_end - from_server_start))) - { - match[0] = '\0'; - value = strdup (messages); - if (value == NULL) goto out_of_memory; - add_server_preference (current_server_preference, value); - set_server_state (SERVER_PREFERENCE_NAME); - from_server_start += match + 1 - messages; - messages = match + 1; - } - else - /* Need to wait for a newline to end the value so return to select - * to wait for more input. */ - goto succeed; - } + switch (parse_server_preference_value (&messages)) + { + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } else if (server_state == SERVER_RULE) - { - server_rule: - while (1) - { - char *end; - end = messages + from_server_end - from_server_start; - while (messages < end && (messages[0] == '\n')) - { messages++; from_server_start++; } - while (messages < end && (messages[0] == ' ')) - { messages++; from_server_start++; } - /* Check for the end marker. */ - if (end - messages > 2 - && messages[0] == '<' - && messages[1] == '|' - && messages[2] == '>') - /* The rules list ends with "<|> SERVER" so carry on, to - * process the ending. */ - break; - /* There may be a rule ending in a semicolon. */ - if ((match = memchr (messages, ';', from_server_end - from_server_start))) - { - char* rule; - match[0] = '\0'; - rule = strdup (messages); - if (rule == NULL) goto out_of_memory; - add_server_rule (rule); - from_server_start += match + 1 - messages; - messages = match + 1; - } - else - /* Need more input for a ; or <|>. */ - goto succeed; - } - } + while (1) + { + switch (parse_server_rule (&messages)) + { + case 0: continue; /* Read a rule. */ + case -1: break; /* At final <|>. */ + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; + } else if (server_state == SERVER_SERVER) + /* Look for any newline delimited server commands. */ + switch (parse_server_server (&messages)) + { + case 0: break; /* Found newline delimited command. */ + case -1: return -1; /* Error. */ + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + case -3: break; /* Next <|> is before next \n. */ + case -4: break; /* Failed to find \n, try for <|>. */ + } + else if (server_state == SERVER_PLUGIN_DEPENDENCY_DEPENDENCY + && parse_server_plugin_dependency_dependency (&messages)) { - /* Look for any newline delimited server commands. */ - char *end; - server_server: - end = messages + from_server_end - from_server_start; - while (messages < end && (messages[0] == ' ')) - { messages++; from_server_start++; } - if ((match = memchr (messages, '\n', from_server_end - from_server_start))) - { - match[0] = '\0'; - // FIX is there ever whitespace before the newline? - while (messages < end && (messages[0] == ' ')) - { messages++; from_server_start++; } - if (strncasecmp ("PLUGINS_DEPENDENCIES", messages, 20) == 0) - { - from_server_start += match + 1 - messages; - messages = match + 1; - maybe_free_server_plugins_dependencies (); - make_server_plugins_dependencies (); - set_server_state (SERVER_PLUGIN_DEPENDENCY_NAME); - } - else - { - char* newline = match; - newline[0] = '\n'; - /* Check for a <|>. */ - input = messages; - from_start = from_server_start, from_end = from_server_end; - while (from_start < from_end - && (match = memchr (input, '<', from_end - from_start))) - { - if ((((int) (match - input) - from_start + 1) < from_end) - && (match[1] == '|') - && (match[2] == '>')) - { - if (match > newline) - /* The next <|> is after the newline, which is an error. */ - goto fail; - /* The next <|> is before the newline, which may be correct. Jump - * over the <|> search in the `while' beginning the next section, - * to save repeating the search. */ - goto server_server_command; - } - from_start += match + 1 - input; - input = match + 1; - } - /* Need more input for a newline or <|>. */ - goto succeed; - } - } + /* Need more input for a <|>. */ + if (sync_buffer ()) return -1; + return 0; } - else if (server_state == SERVER_PLUGIN_DEPENDENCY_DEPENDENCY) - { - /* Look for the end of dependency marker: a newline that comes before - * the next <|>. */ - char *separator, *end; - server_plugin_dependency_dependency: - separator = NULL; - /* Look for <|>. */ - input = messages; - from_start = from_server_start; - from_end = from_server_end; - while (from_start < from_end - && (match = memchr (input, '<', from_end - from_start))) - { - if (((int) (match - input) - from_start + 1) < from_end - && (match[1] == '|') - && (match[2] == '>')) - { - separator = match; - break; - } - from_start += match + 1 - input; - input = match + 1; - } - /* Look for newline. */ - end = messages + from_server_end - from_server_start; - while (messages < end && (messages[0] == ' ')) - { messages++; from_server_start++; } - if ((match = memchr (messages, '\n', from_server_end - from_server_start))) - { - /* Compare newline position to <|> position. */ - if ((separator == NULL) || (match < separator)) - { - finish_current_server_plugin_dependency (); - from_server_start += match + 1 - messages; - messages = match + 1; - set_server_state (SERVER_PLUGIN_DEPENDENCY_NAME); - } - } - } + break; } /* switch (server_init_state) */ /* Parse and handle any fields ending in <|>. */ @@ -1012,7 +1160,6 @@ && (match[2] == '>')) { char* message; - server_server_command: /* Found a full field, process the field. */ #if 1 tracef (" server messages: %.*s...\n", @@ -1038,7 +1185,7 @@ { case SERVER_BYE: if (strncasecmp ("BYE", field, 3)) - goto fail; + return -1; set_server_init_state (SERVER_INIT_TOP); set_server_state (SERVER_DONE); // FIX @@ -1046,16 +1193,21 @@ if (shutdown (server_socket, SHUT_RDWR) == -1) perror ("Failed to shutdown server socket"); #endif - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; case SERVER_DEBUG_DESCRIPTION: { if (current_message) { // FIX \n for newline in description - char* description = strdup (field); - if (description == NULL) goto out_of_memory; + char* description = g_strdup (field); set_message_description (current_message, description); } set_server_state (SERVER_DEBUG_OID); @@ -1088,7 +1240,6 @@ number, protocol); current_message = make_message (number, protocol); - if (current_message == NULL) goto out_of_memory; set_server_state (SERVER_DEBUG_DESCRIPTION); break; @@ -1097,25 +1248,29 @@ { if (current_message) { - char* oid = strdup (field); - if (oid == NULL) goto out_of_memory; + char* oid = g_strdup (field); set_message_oid (current_message, oid); append_debug_message (current_server_task, current_message); current_message = NULL; } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_HOLE_DESCRIPTION: { if (current_message) { // FIX \n for newline in description - char* description = strdup (field); - if (description == NULL) goto out_of_memory; + char* description = g_strdup (field); set_message_description (current_message, description); } set_server_state (SERVER_HOLE_OID); @@ -1148,7 +1303,6 @@ number, protocol); current_message = make_message (number, protocol); - if (current_message == NULL) goto out_of_memory; set_server_state (SERVER_HOLE_DESCRIPTION); break; @@ -1157,25 +1311,29 @@ { if (current_message) { - char* oid = strdup (field); - if (oid == NULL) goto out_of_memory; + char* oid = g_strdup (field); set_message_oid (current_message, oid); append_hole_message (current_server_task, current_message); current_message = NULL; } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_INFO_DESCRIPTION: { if (current_message) { // FIX \n for newline in description - char* description = strdup (field); - if (description == NULL) goto out_of_memory; + char* description = g_strdup (field); set_message_description (current_message, description); } set_server_state (SERVER_INFO_OID); @@ -1208,7 +1366,6 @@ number, protocol); current_message = make_message (number, protocol); - if (current_message == NULL) goto out_of_memory; set_server_state (SERVER_INFO_DESCRIPTION); break; @@ -1217,25 +1374,29 @@ { if (current_message && current_server_task) { - char* oid = strdup (field); - if (oid == NULL) goto out_of_memory; + char* oid = g_strdup (field); set_message_oid (current_message, oid); append_info_message (current_server_task, current_message); current_message = NULL; } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_LOG_DESCRIPTION: { if (current_message) { // FIX \n for newline in description - char* description = strdup (field); - if (description == NULL) goto out_of_memory; + char* description = g_strdup (field); set_message_description (current_message, description); } set_server_state (SERVER_LOG_OID); @@ -1268,7 +1429,6 @@ number, protocol); current_message = make_message (number, protocol); - if (current_message == NULL) goto out_of_memory; set_server_state (SERVER_LOG_DESCRIPTION); break; @@ -1277,25 +1437,29 @@ { if (current_message && current_server_task) { - char* oid = strdup (field); - if (oid == NULL) goto out_of_memory; + char* oid = g_strdup (field); set_message_oid (current_message, oid); append_log_message (current_server_task, current_message); current_message = NULL; } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_NOTE_DESCRIPTION: { if (current_message) { // FIX \n for newline in description - char* description = strdup (field); - if (description == NULL) goto out_of_memory; + char* description = g_strdup (field); set_message_description (current_message, description); } set_server_state (SERVER_NOTE_OID); @@ -1328,7 +1492,6 @@ number, protocol); current_message = make_message (number, protocol); - if (current_message == NULL) goto out_of_memory; set_server_state (SERVER_NOTE_DESCRIPTION); break; @@ -1337,59 +1500,76 @@ { if (current_message && current_server_task) { - char* oid = strdup (field); - if (oid == NULL) goto out_of_memory; + char* oid = g_strdup (field); set_message_oid (current_message, oid); append_note_message (current_server_task, current_message); current_message = NULL; } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_PLUGIN_DEPENDENCY_NAME: { if (strlen (field) == 0) { set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } - char* name = strdup (field); - if (name == NULL) - goto out_of_memory; + char* name = g_strdup (field); make_current_server_plugin_dependency (name); set_server_state (SERVER_PLUGIN_DEPENDENCY_DEPENDENCY); - /* Jump to the newline check, as this loop only considers fields - * ending in <|> and the list of dependencies can end in a - * newline. */ - goto server_plugin_dependency_dependency; + if (parse_server_plugin_dependency_dependency (&messages)) + { + /* Need more input for a <|>. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_PLUGIN_DEPENDENCY_DEPENDENCY: { - char* dep = strdup (field); - if (dep == NULL) - goto out_of_memory; + char* dep = g_strdup (field); append_to_current_server_plugin_dependency (dep); - /* Jump to the newline check, as this loop only considers fields - * ending in <|> and the list of dependencies can end in a - * newline. */ - goto server_plugin_dependency_dependency; + if (parse_server_plugin_dependency_dependency (&messages)) + { + /* Need more input for a <|>. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_PLUGINS_MD5: { - char* md5 = strdup (field); - if (md5 == NULL) - goto out_of_memory; + char* md5 = g_strdup (field); tracef (" server got plugins_md5: %s\n", md5); server.plugins_md5 = md5; set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_PORT_HOST: { @@ -1419,33 +1599,55 @@ protocol); } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_PREFERENCE_NAME: { if (strlen (field) == 0) { set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } - char* name = strdup (field); - if (name == NULL) goto out_of_memory; + char* name = g_strdup (field); current_server_preference = name; set_server_state (SERVER_PREFERENCE_VALUE); - /* Jump to preference value check, as values end with a - * newline and this loop only considers fields ending in <|>. */ - goto server_preference_value; + switch (parse_server_preference_value (&messages)) + { + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_RULE: /* A <|> following a rule. */ set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; case SERVER_SERVER: if (strncasecmp ("BYE", field, 3) == 0) set_server_state (SERVER_BYE); @@ -1474,9 +1676,20 @@ maybe_free_server_rules (); make_server_rules (); set_server_state (SERVER_RULE); - /* Jump to rules parsing, as each rule end in a ; and this - * loop only considers fields ending in <|>. */ - goto server_rule; + while (1) + { + switch (parse_server_rule (&messages)) + { + case 0: continue; /* Read a rule. */ + case -1: break; /* At final <|>. */ + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; + } + break; } else if (strncasecmp ("TIME", field, 4) == 0) { @@ -1490,16 +1703,14 @@ { tracef ("New server command to implement: %s\n", field); - goto fail; + return -1; } break; case SERVER_STATUS_ATTACK_STATE: { if (current_server_task) { - char* state = strdup (field); - if (state == NULL) - goto out_of_memory; + char* state = g_strdup (field); tracef (" server got attack state: %s\n", state); if (current_server_task->attack_state) free (current_server_task->attack_state); @@ -1524,9 +1735,15 @@ set_task_ports (current_server_task, current, max); } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_TIME: { @@ -1552,18 +1769,22 @@ { if (current_server_task) { - char* time = strdup (field); - if (time == NULL) - goto out_of_memory; + char* time = g_strdup (field); tracef (" server got start time: %s\n", time); if (current_server_task->start_time) free (current_server_task->start_time); current_server_task->start_time = time; } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_TIME_HOST_END_HOST: { @@ -1575,48 +1796,75 @@ { if (current_server_task) { - char* time = strdup (field); - if (time == NULL) - goto out_of_memory; + char* time = g_strdup (field); tracef (" server got end time: %s\n", time); if (current_server_task->end_time) free (current_server_task->end_time); current_server_task->end_time = time; - if (save_report (current_server_task)) goto fail; + if (save_report (current_server_task)) return -1; current_server_task = NULL; } set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_TIME_SCAN_START: { /* Read over it. */ set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_TIME_SCAN_END: { /* Read over it. */ set_server_state (SERVER_DONE); - /* Jump to the done check, as this loop only considers fields - * ending in <|>. */ - goto server_done; + switch (parse_server_done (&messages)) + { + case -1: return -1; + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + } + break; } case SERVER_TOP: default: tracef (" switch t\n"); tracef (" cmp %i\n", strncasecmp ("SERVER", field, 6)); if (strncasecmp ("SERVER", field, 6)) - goto fail; + return -1; set_server_state (SERVER_SERVER); - /* Jump to newline check, in case command ends in a newline. */ - goto server_server; + /* Look for any newline delimited server commands. */ + switch (parse_server_server (&messages)) + { + case 0: break; /* Found newline delimited command. */ + case -1: return -1; /* Error. */ + case -2: + /* Need more input. */ + if (sync_buffer ()) return -1; + return 0; + case -3: break; /* Next <|> is before next \n. */ + case -4: break; /* Failed to find \n, try for <|>. */ + } + break; } tracef (" server new state: %i\n", server_state); @@ -1628,48 +1876,6 @@ } } - succeed: - - if (from_server_start > 0 && from_server_start == from_server_end) - { - from_server_start = from_server_end = 0; - tracef (" server start caught end\n"); - } - else if (from_server_start == 0) - { - if (from_server_end == from_buffer_size) - { - // FIX if the buffer is entirely full here then exit - // (or will hang waiting for buffer to empty) - // this could happen if the server sends a field with length >= buffer length - // could realloc buffer - // which may eventually use all mem and bring down manager - tracef (" server buffer full\n"); - return -1; - } - } - else - { - /* Move the remaining partial line to the front of the buffer. This - * ensures that there is space after the partial line into which - * serve_omp can read the rest of the line. */ - char* start = from_server + from_server_start; - from_server_end -= from_server_start; - memmove (from_server, start, from_server_end); - from_server_start = 0; -#if TRACE - from_server[from_server_end] = '\0'; - //tracef (" new from_server: %s\n", from_server); - tracef (" new from_server_start: %i\n", from_server_start); - tracef (" new from_server_end: %i\n", from_server_end); -#endif - } - + if (sync_buffer ()) return -1; return 0; - - out_of_memory: - tracef (" out of mem (server)\n"); - - fail: - return -1; } From scm-commit at wald.intevation.org Mon Mar 2 08:40:28 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 08:40:28 +0100 (CET) Subject: [Openvas-commits] r2616 - in trunk/openvas-server: . openvasd Message-ID: <20090302074028.5610E4072B@pyrosoma.intevation.org> Author: mwiegand Date: 2009-03-02 08:40:24 +0100 (Mon, 02 Mar 2009) New Revision: 2616 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/openvasd/oval_plugins.c Log: * openvasd/oval_plugins.c: Beautification commit, no code changes. Made indentation consistent with the coding style, added documentation. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2009-03-01 13:59:55 UTC (rev 2615) +++ trunk/openvas-server/ChangeLog 2009-03-02 07:40:24 UTC (rev 2616) @@ -1,3 +1,9 @@ +2009-03-02 Michael Wiegand + + * openvasd/oval_plugins.c: Beautification commit, no code changes. + Made indentation consistent with the coding style, added + documentation. + 2009-02-27 Felix Wolfsteller Support for per-host password based local checks. Yet ignored because Modified: trunk/openvas-server/openvasd/oval_plugins.c =================================================================== --- trunk/openvas-server/openvasd/oval_plugins.c 2009-03-01 13:59:55 UTC (rev 2615) +++ trunk/openvas-server/openvasd/oval_plugins.c 2009-03-02 07:40:24 UTC (rev 2616) @@ -39,8 +39,8 @@ #include "processes.h" -static void oval_thread(struct arglist *); -void ovaldi_launch(struct arglist * g_args); +static void oval_thread (struct arglist *); +void ovaldi_launch (struct arglist * g_args); // TODO: A better way to store the results of the XML parser would be to use the // user_data pointer provided by the glib XML parser. @@ -57,8 +57,14 @@ gchar * title; } oval_plugin_t; +/** + * @brief The current plugin/definition when parsing definitions. + */ oval_plugin_t * current_plugin; +/** + * @brief The list of plugins/definitions. + */ GSList * plugin_list = NULL; /** @@ -70,8 +76,14 @@ gchar * result; } oval_result_t; +/** + * @brief The current result when parsing results. + */ oval_result_t * current_result; +/** + * @brief The list of results. + */ GSList * result_list = NULL; /** @@ -89,6 +101,11 @@ state_t parser_state = TOP; +/** + * @brief Sets the internal state during XML parsing. + * + * @param state The state to be set. + */ void set_parser_state (state_t state) { @@ -97,199 +114,218 @@ gchar * result; -void child_setup (gpointer user_data) { - // This function is called by the forked child just before it is executed. We - // try to drop our root privileges and setuid to nobody to minimize the - // risk of running an untrusted ovaldi. - // NB: The current implementation is somewhat linux-specific and may not work - // on other platforms. - +/** + * @brief Prepares the launch of an external executable by dropping privileges. + * + * This function is called by the forked child just before it is executed. We + * try to drop our root privileges and setuid to nobody to minimize the risk of + * running an untrusted executable, in this case ovaldi. NB: The current + * implementation is somewhat linux-specific and may not work on other + * platforms. + * + * @param user_data Pointer to additional data passed by glib; currently unused. + */ +void +child_setup (gpointer user_data) +{ struct passwd * nobody_pw = NULL; - if(getuid() == 0) - { - log_write("oval_plugins.c: Running as root, trying to drop privileges.\n"); - if((nobody_pw = getpwnam("nobody"))) + if (getuid () == 0) { - if(setgid(nobody_pw->pw_gid) == 0) - { - log_write("oval_plugins.c: Successfully dropped group privileges.\n"); - } + log_write ("oval_plugins.c: Running as root, trying to drop privileges.\n"); + if ((nobody_pw = getpwnam ("nobody"))) + { + if (setgid (nobody_pw->pw_gid) == 0) + { + log_write ("oval_plugins.c: Successfully dropped group privileges.\n"); + } + else + { + log_write ("oval_plugins.c: WARNING: Could not drop group privileges!\n"); + } + if (setuid (nobody_pw->pw_uid) == 0) + { + log_write ("oval_plugins.c: Successfully dropped user privileges.\n"); + } + else + { + log_write ("oval_plugins.c: WARNING: Could not drop group privileges!\n"); + } + } else - { - log_write("oval_plugins.c: WARNING: Could not drop group privileges!\n"); - } - if(setuid(nobody_pw->pw_uid) == 0) - { - log_write("oval_plugins.c: Successfully dropped user privileges.\n"); - } - else - { - log_write("oval_plugins.c: WARNING: Could not drop group privileges!\n"); - } + { + log_write ("oval_plugins.c: WARNING: Could not drop privileges; unable to get uid and gid for user nobody!\n"); + } } - else + else { - log_write("oval_plugins.c: WARNING: Could not drop privileges; unable to get uid and gid for user nobody!\n"); + log_write ("oval_plugins.c: WARNING: Did not attempt to drop privileges since we do not seem to be running as root.\n"); } - } - else - { - log_write("oval_plugins.c: WARNING: Did not attempt to drop privileges since we do not seem to be running as root.\n"); - } } -void start_element (GMarkupParseContext *context, const gchar *element_name, - const gchar **attribute_names, - const gchar **attribute_values, gpointer user_data, - GError **error) +/** + * @brief This function handles the opening tag of an XML element. + */ +void +start_element (GMarkupParseContext *context, const gchar *element_name, + const gchar **attribute_names, const gchar **attribute_values, + gpointer user_data, GError **error) { const gchar **name_cursor = attribute_names; const gchar **value_cursor = attribute_values; switch (parser_state) { - case TOP: - if(strcmp(element_name, "definition") == 0) - { - set_parser_state (DEFINITION); - current_plugin = g_malloc (sizeof(oval_plugin_t)); - while(*name_cursor) - { - if (strcmp (*name_cursor, "id") == 0) - { - current_plugin->id = g_strrstr(g_strdup(*value_cursor), ":") + 1; - // TODO: This currently assigns only IDs in the range intended for - // RedHat security advisories. - current_plugin->oid = g_strconcat("1.3.6.1.4.1.25623.1.2.2312.", current_plugin->id, NULL); - } - if (strcmp (*name_cursor, "version") == 0) - current_plugin->version = g_strdup(*value_cursor); - name_cursor++; - value_cursor++; - } - } - - if(strcmp(element_name, "results") == 0) - set_parser_state (RESULTS); - break; - case DEFINITION: - if(strcmp(element_name, "description") == 0) - set_parser_state (DESCRIPTION); - - if(strcmp(element_name, "title") == 0) - set_parser_state (TITLE); - break; - - case RESULTS: - if(strcmp(element_name, "definition") == 0) - { - set_parser_state (RESULTS_DEFINITION); - current_result = g_malloc (sizeof (oval_result_t)); - while(*name_cursor) - { - if (strcmp (*name_cursor, "definition_id") == 0) - { - current_result->definition_id = g_strdup (*value_cursor); - } - if (strcmp (*name_cursor, "result") == 0) - { - current_result->result = g_strdup (*value_cursor); - } - name_cursor++; - value_cursor++; - } - } - break; - default: - break; + case TOP: + if (strcmp (element_name, "definition") == 0) + { + set_parser_state (DEFINITION); + current_plugin = g_malloc (sizeof (oval_plugin_t)); + while (*name_cursor) + { + if (strcmp (*name_cursor, "id") == 0) + { + current_plugin->id = g_strrstr (g_strdup (*value_cursor), ":") + 1; + // TODO: This currently assigns only IDs in the range intended for + // RedHat security advisories. + current_plugin->oid = g_strconcat ("1.3.6.1.4.1.25623.1.2.2312.", + current_plugin->id, NULL); + } + if (strcmp (*name_cursor, "version") == 0) + current_plugin->version = g_strdup (*value_cursor); + name_cursor++; + value_cursor++; + } + } + if (strcmp (element_name, "results") == 0) + set_parser_state (RESULTS); + break; + case DEFINITION: + if (strcmp (element_name, "description") == 0) + set_parser_state (DESCRIPTION); + if (strcmp (element_name, "title") == 0) + set_parser_state (TITLE); + break; + case RESULTS: + if (strcmp (element_name, "definition") == 0) + { + set_parser_state (RESULTS_DEFINITION); + current_result = g_malloc (sizeof (oval_result_t)); + while (*name_cursor) + { + if (strcmp (*name_cursor, "definition_id") == 0) + { + current_result->definition_id = g_strdup (*value_cursor); + } + if (strcmp (*name_cursor, "result") == 0) + { + current_result->result = g_strdup (*value_cursor); + } + name_cursor++; + value_cursor++; + } + } + break; + default: + break; } } -void text(GMarkupParseContext *context, const gchar *text, gsize text_len, - gpointer user_data, GError **error) +/** + * @brief This function handles the text content of an XML element. + * + */ +void +text (GMarkupParseContext *context, const gchar *text, gsize text_len, + gpointer user_data, GError **error) { switch (parser_state) { - case DESCRIPTION: - // NOTE: This currently cuts off descriptions longer than the maximum length - // specified in libopenvas/store_internal.h - current_plugin->description = g_strndup(text, 3190); - break; - case TITLE: - { - int i; - gchar **title_split = g_strsplit(text, "\n", 0); - if (g_strv_length (title_split) > 1) - { - for (i = 0; i < g_strv_length (title_split); i++) - { - g_strstrip (title_split[i]); - } - current_plugin->title = g_strjoinv(" ", title_split); - } - else - { - current_plugin->title = g_strdup(title_split[0]); - } - g_strfreev (title_split); - } - break; - default: - break; + case DESCRIPTION: + // NOTE: This currently cuts off descriptions longer than the maximum + // length specified in libopenvas/store_internal.h + current_plugin->description = g_strndup (text, 3190); + break; + case TITLE: + { + int i; + gchar **title_split = g_strsplit (text, "\n", 0); + if (g_strv_length (title_split) > 1) + { + for (i = 0; i < g_strv_length (title_split); i++) + { + g_strstrip (title_split[i]); + } + current_plugin->title = g_strjoinv (" ", title_split); + } + else + { + current_plugin->title = g_strdup (title_split[0]); + } + g_strfreev (title_split); + } + break; + default: + break; } } -void end_element (GMarkupParseContext *context, const gchar *element_name, - gpointer user_data, GError **error) +/** + * @brief This function handles the closing tag of an XML element. + */ +void +end_element (GMarkupParseContext *context, const gchar *element_name, + gpointer user_data, GError **error) { switch (parser_state) { - case DESCRIPTION: - if(strcmp(element_name, "description") == 0) - set_parser_state (DEFINITION); - break; - case DEFINITION: - if(strcmp(element_name, "definition") == 0) - { - plugin_list = g_slist_append (plugin_list, current_plugin); + case DESCRIPTION: + if (strcmp (element_name, "description") == 0) + set_parser_state (DEFINITION); + break; + case DEFINITION: + if (strcmp (element_name, "definition") == 0) + { + plugin_list = g_slist_append (plugin_list, current_plugin); + set_parser_state (TOP); + } + break; + case TITLE: + if (strcmp (element_name, "title") == 0) + set_parser_state (DEFINITION); + break; + case RESULTS: + if (strcmp (element_name, "results") == 0) set_parser_state (TOP); - } - break; - case TITLE: - if(strcmp(element_name, "title") == 0) - set_parser_state (DEFINITION); - break; - case RESULTS: - if(strcmp(element_name, "results") == 0) - set_parser_state (TOP); - break; - case RESULTS_DEFINITION: - if(strcmp(element_name, "definition") == 0) - { - result_list = g_slist_append (result_list, current_result); - set_parser_state (RESULTS); - } - break; - default: - break; + break; + case RESULTS_DEFINITION: + if (strcmp (element_name, "definition") == 0) + { + result_list = g_slist_append (result_list, current_result); + set_parser_state (RESULTS); + } + break; + default: + break; } } /** - * Initialize the plugin class + * @brief Initialize the plugin class. */ -pl_class_t* oval_plugin_init(struct arglist* prefs, struct arglist* args) +pl_class_t* +oval_plugin_init (struct arglist* prefs, struct arglist* args) { - return &oval_plugin_class; + return &oval_plugin_class; } /** - * Add *one* OVAL definition to the server list + * @brief Add a single OVAL definition file to the list of available NVTs. */ -struct arglist * oval_plugin_add(char * folder, char * name, - struct arglist * plugins, - struct arglist * preferences) +struct arglist * +oval_plugin_add (char * folder, char * name, + struct arglist * plugins, + struct arglist * preferences) { char fullname[PATH_MAX+1]; struct arglist * args = NULL; @@ -304,178 +340,188 @@ int i; if (plugin_list != NULL) - { - g_slist_free (plugin_list); - plugin_list = NULL; - } + { + g_slist_free (plugin_list); + plugin_list = NULL; + } - snprintf(fullname, sizeof(fullname), "%s/%s", folder, name); + snprintf (fullname, sizeof (fullname), "%s/%s", folder, name); - if ( preferences_nasl_no_signature_check(preferences) == 0 - && nasl_verify_signature( fullname) != 0) - { - log_write("%s: signature of nvt could not been verified/ is missing.", fullname); - return NULL; - } - - args = store_load_plugin(folder, name, preferences); - - if(args == NULL) - { - char* sign_fprs = nasl_extract_signature_fprs( fullname ); - // If server accepts signed plugins only, discard if signature file missing. - if(preferences_nasl_no_signature_check(preferences) == 0 && sign_fprs == NULL) + if (preferences_nasl_no_signature_check (preferences) == 0 + && nasl_verify_signature (fullname) != 0) { - printf("%s: nvt is not signed and thus ignored\n", fullname); + log_write("%s: signature of nvt could not been verified/ is missing.", + fullname); return NULL; } - else if(sign_fprs == NULL) - { - sign_fprs = ""; - } - // Parse plugin properties into arglist - parser.start_element = start_element; - parser.end_element = end_element; - parser.text = text; - parser.passthrough = NULL; - parser.error = NULL; + args = store_load_plugin (folder, name, preferences); - if(!g_file_get_contents(fullname, &filebuffer, &length, NULL)) + if (args == NULL) { - log_write("oval_plugin_add: File %s not found", fullname); - return NULL; - } + char* sign_fprs = nasl_extract_signature_fprs (fullname ); + // If server accepts signed plugins only, discard if signature file missing. + if (preferences_nasl_no_signature_check (preferences) == 0 + && sign_fprs == NULL) + { + printf ("%s: nvt is not signed and thus ignored\n", fullname); + return NULL; + } + else if (sign_fprs == NULL) + { + sign_fprs = ""; + } - context = g_markup_parse_context_new(&parser, 0, NULL, NULL); - g_markup_parse_context_parse(context, filebuffer, length, NULL); - g_free(filebuffer); - g_markup_parse_context_free(context); + parser.start_element = start_element; + parser.end_element = end_element; + parser.text = text; + parser.passthrough = NULL; + parser.error = NULL; - if (g_slist_length(plugin_list) == 0) - { - log_write("oval_plugin_add: Empty plugin_list, no definitions found in %s!", fullname); - return NULL; - } + if (!g_file_get_contents (fullname, &filebuffer, &length, NULL)) + { + log_write ("oval_plugin_add: File %s not found", fullname); + return NULL; + } - oval_plugin_t * first_plugin = g_slist_nth_data (plugin_list, 0); - if (g_slist_length(plugin_list) > 1) - { - gchar ** title_array; - title_array = g_malloc0((g_slist_length(plugin_list) + 1) * sizeof(gchar *)); + context = g_markup_parse_context_new (&parser, 0, NULL, NULL); + g_markup_parse_context_parse (context, filebuffer, length, NULL); + g_free (filebuffer); + g_markup_parse_context_free (context); - for (i = 0; i < g_slist_length(plugin_list); i++) - { - oval_plugin_t * plug = g_slist_nth_data (plugin_list, i); - title_array[i] = g_strdup_printf("%s\n", plug->title); - } - title_array[i] = NULL; - descriptions = g_strjoinv (NULL, title_array); - if (strlen(descriptions) > 3100) - { - description = g_strconcat("This OVAL file contains the following definitions:\n", g_strndup (descriptions, 3100), "\n(list cut due to memory limitations)", NULL); - } - else - { - description = g_strconcat("This OVAL file contains the following definitions:\n", g_strdup (descriptions), NULL); - } - g_free (descriptions); - g_strfreev (title_array); - title = g_strdup_printf("%s (%d OVAL definitions)", name, g_slist_length(plugin_list)); - } - else - { - description = first_plugin->description; - title = first_plugin->title; - } + if (g_slist_length (plugin_list) == 0) + { + log_write ("oval_plugin_add: Empty plugin_list, no definitions found in %s!", + fullname); + return NULL; + } + oval_plugin_t * first_plugin = g_slist_nth_data (plugin_list, 0); + if (g_slist_length (plugin_list) > 1) + { + gchar ** title_array; + title_array = g_malloc0 ((g_slist_length (plugin_list) + 1) * sizeof (gchar *)); - args = emalloc(sizeof(struct arglist)); + for (i = 0; i < g_slist_length (plugin_list); i++) + { + oval_plugin_t * plug = g_slist_nth_data (plugin_list, i); + title_array[i] = g_strdup_printf ("%s\n", plug->title); + } + title_array[i] = NULL; + descriptions = g_strjoinv (NULL, title_array); + if (strlen (descriptions) > 3100) + { + description = g_strconcat ("This OVAL file contains the following definitions:\n", + g_strndup (descriptions, 3100), + "\n(list cut due to memory limitations)", NULL); + } + else + { + description = g_strconcat ("This OVAL file contains the following definitions:\n", + g_strdup (descriptions), NULL); + } + g_free (descriptions); + g_strfreev (title_array); + title = g_strdup_printf ("%s (%d OVAL definitions)", name, + g_slist_length (plugin_list)); + } + else + { + description = first_plugin->description; + title = first_plugin->title; + } - plug_set_oid(args, g_strdup(first_plugin->oid)); - plug_set_version(args, first_plugin->version); - plug_set_name(args, title, NULL); - plug_set_description(args, description, NULL); - plug_set_category(args, ACT_END); - plug_set_family(args, "OVAL definitions", NULL); + args = emalloc (sizeof (struct arglist)); - plug_set_path(args, g_build_filename(folder, name, NULL)); + plug_set_oid (args, g_strdup (first_plugin->oid)); + plug_set_version (args, first_plugin->version); + plug_set_name (args, title, NULL); + plug_set_description (args, description, NULL); + plug_set_category (args, ACT_END); + plug_set_family (args, "OVAL definitions", NULL); - plug_set_sign_key_ids(args, sign_fprs); + plug_set_path (args, g_build_filename (folder, name, NULL)); - store_plugin(args, name); - args = store_load_plugin(folder, name, preferences); - } + plug_set_sign_key_ids (args, sign_fprs); - if(args != NULL) - { - prev_plugin = arg_get_value(plugins, name); - if(prev_plugin == NULL) - arg_add_value(plugins, name, ARG_ARGLIST, -1, args); - else + store_plugin (args, name); + args = store_load_plugin (folder, name, preferences); + } + + if (args != NULL) { - plugin_free(prev_plugin); - arg_set_value(plugins, name, -1, args); + prev_plugin = arg_get_value (plugins, name); + if (prev_plugin == NULL) + arg_add_value (plugins, name, ARG_ARGLIST, -1, args); + else + { + plugin_free (prev_plugin); + arg_set_value (plugins, name, -1, args); + } } - } return args; } /** - * Launch an OVAL plugin + * @brief Launches an OVAL plugin. */ -int oval_plugin_launch(struct arglist * globals, struct arglist * plugin, - struct arglist * hostinfos, struct arglist * preferences, - struct kb_item ** kb, char * name) +int +oval_plugin_launch (struct arglist * globals, struct arglist * plugin, + struct arglist * hostinfos, struct arglist * preferences, + struct kb_item ** kb, char * name) { nthread_t module; - arg_add_value(plugin, "globals", ARG_ARGLIST, -1, globals); - arg_add_value(plugin, "HOSTNAME", ARG_ARGLIST, -1, hostinfos); - arg_add_value(plugin, "name", ARG_STRING, strlen(name), name); - arg_set_value(plugin, "preferences", -1, preferences); - arg_add_value(plugin, "key", ARG_PTR, -1, kb); + arg_add_value (plugin, "globals", ARG_ARGLIST, -1, globals); + arg_add_value (plugin, "HOSTNAME", ARG_ARGLIST, -1, hostinfos); + arg_add_value (plugin, "name", ARG_STRING, strlen (name), name); + arg_set_value (plugin, "preferences", -1, preferences); + arg_add_value (plugin, "key", ARG_PTR, -1, kb); // TODO felix get Preferences from global context and check the signature - //if( nasl_verify_signature( arg_get_value(g_args, "name")) ) - // post_log( g_args, 0, "Attempt to start signed oval plugin."); + //if (nasl_verify_signature (arg_get_value (g_args, "name"))) + // post_log (g_args, 0, "Attempt to start signed oval plugin."); - module = create_process((process_func_t)oval_thread, plugin); + module = create_process ((process_func_t)oval_thread, plugin); return module; } /** - * Create a thread for the OVAL plugin + * @brief Creates a thread for an OVAL plugin. */ -static void oval_thread(struct arglist * g_args) +static void +oval_thread (struct arglist * g_args) { - struct arglist * args = arg_get_value(g_args, "args"); - int soc = GPOINTER_TO_SIZE(arg_get_value(g_args, "SOCKET")); - struct arglist * globals = arg_get_value(args, "globals"); + struct arglist * args = arg_get_value (g_args, "args"); + int soc = GPOINTER_TO_SIZE (arg_get_value (g_args, "SOCKET")); + struct arglist * globals = arg_get_value (args, "globals"); - soc = dup2(soc, 4); - if(soc < 0) - { - log_write("oval_thread: dup2() failed ! - can not launch the plugin\n"); - return; - } - arg_set_value(args, "SOCKET", sizeof(gpointer), GSIZE_TO_POINTER(soc)); - arg_set_value(globals, "global_socket", sizeof(gpointer), GSIZE_TO_POINTER(soc)); + soc = dup2 (soc, 4); + if (soc < 0) + { + log_write ("oval_thread: dup2() failed ! - can not launch the plugin\n"); + return; + } + arg_set_value (args, "SOCKET", sizeof (gpointer), GSIZE_TO_POINTER (soc)); + arg_set_value (globals, "global_socket", sizeof (gpointer), GSIZE_TO_POINTER (soc)); - setproctitle("testing %s (%s)", - (char*)arg_get_value(arg_get_value(args, "HOSTNAME"), "NAME"), - (char*)arg_get_value(g_args, "name")); - signal(SIGTERM, _exit); + setproctitle ("testing %s (%s)", + (char*) arg_get_value (arg_get_value (args, "HOSTNAME"), "NAME"), + (char*) arg_get_value (g_args, "name")); + signal (SIGTERM, _exit); - ovaldi_launch(g_args); - internal_send(soc, NULL, INTERNAL_COMM_MSG_TYPE_CTRL | INTERNAL_COMM_CTRL_FINISHED); + ovaldi_launch (g_args); + internal_send (soc, NULL, INTERNAL_COMM_MSG_TYPE_CTRL | INTERNAL_COMM_CTRL_FINISHED); } /** + * @brief Launches ovaldi. + * * This function will generate an OVAL system characteristics document from the * data available in the knowledge base (KB), run ovaldi and return the results * to the client. */ -void ovaldi_launch(struct arglist * g_args) +void +ovaldi_launch (struct arglist * g_args) { gchar * sc_filename; gchar * results_filename; @@ -483,232 +529,237 @@ time_t t; struct tm *tmp; char timestr[20]; - // struct arglist * args = arg_get_value(g_args, "args"); - struct kb_item ** kb = arg_get_value(g_args, "key"); - gchar * basename = g_strrstr(g_strdup((char*)arg_get_value(g_args, "name")), "/") + 1; + // struct arglist * args = arg_get_value (g_args, "args"); + struct kb_item ** kb = arg_get_value (g_args, "key"); + gchar * basename = g_strrstr (g_strdup ((char*) arg_get_value (g_args, "name")), "/") + 1; gchar * result_string = NULL; - gchar * folder = g_strndup((char*)arg_get_value(g_args, "name"), strlen((char*)arg_get_value(g_args, "name")) - strlen(basename)); + gchar * folder = g_strndup ((char*) arg_get_value (g_args, "name"), + strlen ((char*) arg_get_value (g_args, "name")) - strlen (basename)); - sc_filename = g_strconcat(folder, "sc-out.xml", NULL); - log_write("SC Filename: %s\n", sc_filename); + sc_filename = g_strconcat (folder, "sc-out.xml", NULL); + log_write ("SC Filename: %s\n", sc_filename); results_filename = "/tmp/results.xml"; - sc_file = fopen(sc_filename, "w"); - if(sc_file == NULL) - { - result_string = g_strdup_printf ("Could not launch ovaldi for OVAL definition %s: Could not create SC file.\n\n", basename); - post_note(g_args, 0, result_string); - efree(&sc_filename); - } + sc_file = fopen (sc_filename, "w"); + if (sc_file == NULL) + { + result_string = g_strdup_printf ("Could not launch ovaldi for OVAL definition %s: Could not create SC file.\n\n", + basename); + post_note (g_args, 0, result_string); + efree (&sc_filename); + } else - { - fprintf(sc_file, "\n"); - fprintf(sc_file, "\n\n"); - - t = time(NULL); - tmp = localtime(&t); - strftime(timestr, sizeof(timestr), "%FT%T", tmp); - fprintf(sc_file, "\t\n\t\t%s\n\t\t%s\n\t\t5.4\n\t\t%s\n\t\tThe OpenVAS Project\n\t\n\n", PROGNAME, OPENVAS_FULL_VERSION, timestr); + { + fprintf (sc_file, "\n"); + fprintf (sc_file, "\n\n"); - // TODO: Replace dummy values with real values; inserted dummy value since - // ovaldi does not like empty elements here. - fprintf(sc_file, "\t\n\t\tdummy\n\t\tdummy\n\t\tdummy\n\t\tdummy\n\t\t\n\t\t\t\n\t\t\t\tdummy\n\t\t\t\tdummy\n\t\t\t\tdummy\n\t\t\t\n\t\t\n\t\n\n"); - fprintf(sc_file, "\t\n"); + t = time (NULL); + tmp = localtime (&t); + strftime (timestr, sizeof (timestr), "%FT%T", tmp); + fprintf (sc_file, "\t\n\t\t%s\n\t\t%s\n\t\t5.4\n\t\t%s\n\t\tThe OpenVAS Project\n\t\n\n", PROGNAME, OPENVAS_FULL_VERSION, timestr); - int i = 1; + // TODO: Replace dummy values with real values; inserted dummy value + // since ovaldi does not like empty elements here. + fprintf (sc_file, "\t\n\t\tdummy\n\t\tdummy\n\t\tdummy\n\t\tdummy\n\t\t\n\t\t\t\n\t\t\t\tdummy\n\t\t\t\tdummy\n\t\t\t\tdummy\n\t\t\t\n\t\t\n\t\n\n"); + fprintf (sc_file, "\t\n"); - // Get the open TCP ports from the KB and build - struct kb_item * res = kb_item_get_pattern(kb, "Ports/tcp/*"); + int i = 1; - while(res) - { - fprintf(sc_file, "\t\t\n", i); - fprintf(sc_file, "\t\t\ttcp\n"); - fprintf(sc_file, "\t\t\t\n"); - fprintf(sc_file, "\t\t\t%s\n", g_strrstr(res->name, "/") + 1); - fprintf(sc_file, "\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n"); - fprintf(sc_file, "\t\t\n"); - i++; - res = res->next; - } + // Get the open TCP ports from the KB and build + struct kb_item * res = kb_item_get_pattern (kb, "Ports/tcp/*"); - // Test if ssh/login/release is present in the KB; this means that an - // information gathering plugin has collected release and possibly package - // information from the remote system. - if(kb_item_get_str(kb, "ssh/login/release") == NULL) - { - log_write("Could not identify release, not collecting package information.\n"); - result_string = g_strdup_printf ("Could not collect remote package information for OVAL definition %s: Result may be incomplete.\n\n", basename); - post_note(g_args, 0, result_string); - - } - else - { - // TODO: Right now, every plugin needs to parse the package data in the KB - // by itself and dependent on the detected release since they are not - // stored in a structured way by the collecting plugin. - if(strstr(kb_item_get_str(kb, "ssh/login/release"), "DEB") != NULL) - { - log_write("Detected Debian package information\n"); - char * packages_str = kb_item_get_str(kb, "ssh/login/packages"); - - if(packages_str) + while (res) { - gchar ** package = g_strsplit(packages_str, "\n", 0); - int j = 5; - while(package[j] != NULL) - { - strtok(package[j], " "); - fprintf(sc_file, "\t\t\n", i); - fprintf(sc_file, "\t\t\t%s\n", strtok(NULL, " ")); - fprintf(sc_file, "\t\t\t\n"); - fprintf(sc_file, "\t\t\t\n"); - fprintf(sc_file, "\t\t\t\n"); - fprintf(sc_file, "\t\t\t%s\n", strtok(NULL, " ")); - fprintf(sc_file, "\t\t\t\n"); - fprintf(sc_file, "\t\t\n"); - i++; - j++; - } - g_strfreev(package); + fprintf (sc_file, "\t\t\n", i); + fprintf (sc_file, "\t\t\ttcp\n"); + fprintf (sc_file, "\t\t\t\n"); + fprintf (sc_file, "\t\t\t%s\n", g_strrstr (res->name, "/") + 1); + fprintf (sc_file, "\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n\t\t\t\n"); + fprintf (sc_file, "\t\t\n"); + i++; + res = res->next; } - } - // NOTE: This parser should work for other RPM-based distributions as well. - if(strstr(kb_item_get_str(kb, "ssh/login/release"), "RH") != NULL) - { - log_write("Detected RedHat package information\n"); - char * packages_str = kb_item_get_str(kb, "ssh/login/rpms"); + // Test if ssh/login/release is present in the KB; this means that an + // information gathering plugin has collected release and possibly package + // information from the remote system. + if (kb_item_get_str (kb, "ssh/login/release") == NULL) + { + log_write ("Could not identify release, not collecting package information.\n"); + result_string = g_strdup_printf ("Could not collect remote package information for OVAL definition %s: Result may be incomplete.\n\n", basename); + post_note (g_args, 0, result_string); - if(packages_str) + } + else { - gchar ** package = g_strsplit(packages_str, ";", 0); - int j = 1; - char keyid[17]; - keyid[16] = '\0'; - gchar * package_name; - gchar * package_version; - gchar * package_release; - while(package[j] != NULL) - { - gchar * pgpsig = strncpy(keyid, package[j] + strlen(package[j]) - 16, 16); - g_strchug(package[j]); - gchar ** package_data = g_strsplit(package[j], "~", 0); - if(package_data[0]) + // TODO: Right now, every plugin needs to parse the package data in the KB + // by itself and dependent on the detected release since they are not + // stored in a structured way by the collecting plugin. + if (strstr (kb_item_get_str (kb, "ssh/login/release"), "DEB") != NULL) { - package_name = package_data[0]; - package_version = package_data[1]; - package_release = package_data[2]; - fprintf(sc_file, "\t\t\n", i); - fprintf(sc_file, "\t\t\t%s\n", package_name); - fprintf(sc_file, "\t\t\t\n"); - fprintf(sc_file, "\t\t\t\n"); - fprintf(sc_file, "\t\t\t%s\n", package_release); - fprintf(sc_file, "\t\t\t%s\n", package_version); - fprintf(sc_file, "\t\t\t\n"); - fprintf(sc_file, "\t\t\t%s\n", pgpsig); - fprintf(sc_file, "\t\t\n"); - i++; + log_write ("Detected Debian package information\n"); + char * packages_str = kb_item_get_str (kb, "ssh/login/packages"); + + if (packages_str) + { + gchar ** package = g_strsplit (packages_str, "\n", 0); + int j = 5; + while (package[j] != NULL) + { + strtok (package[j], " "); + fprintf (sc_file, "\t\t\n", i); + fprintf (sc_file, "\t\t\t%s\n", strtok (NULL, " ")); + fprintf (sc_file, "\t\t\t\n"); + fprintf (sc_file, "\t\t\t\n"); + fprintf (sc_file, "\t\t\t\n"); + fprintf (sc_file, "\t\t\t%s\n", strtok (NULL, " ")); + fprintf (sc_file, "\t\t\t\n"); + fprintf (sc_file, "\t\t\n"); + i++; + j++; + } + g_strfreev (package); + } } - j++; - g_strfreev(package_data); - } - g_strfreev(package); + + // NOTE: This parser should work for other RPM-based distributions as well. + if (strstr (kb_item_get_str (kb, "ssh/login/release"), "RH") != NULL) + { + log_write ("Detected RedHat package information\n"); + char * packages_str = kb_item_get_str (kb, "ssh/login/rpms"); + + if (packages_str) + { + gchar ** package = g_strsplit (packages_str, ";", 0); + int j = 1; + char keyid[17]; + keyid[16] = '\0'; + gchar * package_name; + gchar * package_version; + gchar * package_release; + while (package[j] != NULL) + { + gchar * pgpsig = strncpy (keyid, package[j] + strlen (package[j]) - 16, 16); + g_strchug (package[j]); + gchar ** package_data = g_strsplit (package[j], "~", 0); + if (package_data[0]) + { + package_name = package_data[0]; + package_version = package_data[1]; + package_release = package_data[2]; + fprintf (sc_file, "\t\t\n", i); + fprintf (sc_file, "\t\t\t%s\n", package_name); + fprintf (sc_file, "\t\t\t\n"); + fprintf (sc_file, "\t\t\t\n"); + fprintf (sc_file, "\t\t\t%s\n", package_release); + fprintf (sc_file, "\t\t\t%s\n", package_version); + fprintf (sc_file, "\t\t\t\n"); + fprintf (sc_file, "\t\t\t%s\n", pgpsig); + fprintf (sc_file, "\t\t\n"); + i++; + } + j++; + g_strfreev (package_data); + } + g_strfreev (package); + } + } } - } + + fprintf (sc_file, "\t\n\n"); + fprintf (sc_file, "\n"); } + if (sc_file != NULL) + fclose (sc_file); - fprintf(sc_file, "\t\n\n"); - fprintf(sc_file, "\n"); - } - if(sc_file != NULL) - fclose(sc_file); - - gchar ** argv = (gchar **)g_malloc (11 * sizeof (gchar *)); - argv[0] = g_strdup("ovaldi"); - argv[1] = g_strdup("-m"); // Do not check OVAL MD5 signature - argv[2] = g_strdup("-o"); // Request the use of _this_ plugin - argv[3] = g_strdup((char*)arg_get_value(g_args, "name")); - argv[4] = g_strdup("-i"); // Request the use of the system characteristics retrieved from the KB - argv[5] = g_strdup(sc_filename); - argv[6] = g_strdup("-r"); // Store the scan results where we can parse them - argv[7] = g_strdup(results_filename); + gchar ** argv = (gchar **) g_malloc (11 * sizeof (gchar *)); + argv[0] = g_strdup ("ovaldi"); + argv[1] = g_strdup ("-m"); // Do not check OVAL MD5 signature + argv[2] = g_strdup ("-o"); // Request the use of _this_ plugin + argv[3] = g_strdup ((char*) arg_get_value (g_args, "name")); + argv[4] = g_strdup ("-i"); // Request the use of the system characteristics retrieved from the KB + argv[5] = g_strdup (sc_filename); + argv[6] = g_strdup ("-r"); // Store the scan results where we can parse them + argv[7] = g_strdup (results_filename); argv[8] = g_strdup ("-a"); // Path to the directory that contains the OVAL schema argv[9] = g_strdup (folder); argv[10] = NULL; -// log_write("Launching ovaldi with: %s\n", g_strjoinv(" ", argv)); + // log_write ("Launching ovaldi with: %s\n", g_strjoinv (" ", argv)); - if(g_spawn_sync(NULL, argv, NULL, G_SPAWN_SEARCH_PATH, child_setup, NULL, NULL, NULL, NULL, NULL)) - { - GMarkupParser parser; - GMarkupParseContext *context = NULL; - gchar *filebuffer = NULL; - gsize length = 0; - int i; - - parser.start_element = start_element; - parser.end_element = end_element; - parser.text = text; - parser.passthrough = NULL; - parser.error = NULL; - - if(!g_file_get_contents(results_filename, &filebuffer, &length, NULL)) + if (g_spawn_sync (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, child_setup, NULL, + NULL, NULL, NULL, NULL)) { - result_string = g_strdup_printf ( - "Could not return results for OVAL definition %s: Results file not found.\n\n", - basename); - post_note(g_args, 0, result_string); - log_write("Results file %s not found!\n", results_filename); - } - else - { - context = g_markup_parse_context_new(&parser, 0, NULL, NULL); - g_markup_parse_context_parse(context, filebuffer, length, NULL); - g_free(filebuffer); - g_markup_parse_context_free(context); + GMarkupParser parser; + GMarkupParseContext *context = NULL; + gchar *filebuffer = NULL; + gsize length = 0; + int i; - if (g_slist_length (result_list) == 0) - { - log_write ("oval_result_add: Empty result_list, no results found in %s!", basename); - } + parser.start_element = start_element; + parser.end_element = end_element; + parser.text = text; + parser.passthrough = NULL; + parser.error = NULL; - oval_result_t * first_result = g_slist_nth_data (result_list, 0); - if (g_slist_length(result_list) > 1) + if (!g_file_get_contents (results_filename, &filebuffer, &length, NULL)) { - gchar ** result_array; - result_array = g_malloc0 ((g_slist_length (result_list) + 1) * sizeof (gchar *)); + result_string = g_strdup_printf ("Could not return results for OVAL definition %s: Results file not found.\n\n", + basename); + post_note (g_args, 0, result_string); + log_write ("Results file %s not found!\n", results_filename); + } + else + { + context = g_markup_parse_context_new (&parser, 0, NULL, NULL); + g_markup_parse_context_parse (context, filebuffer, length, NULL); + g_free (filebuffer); + g_markup_parse_context_free (context); - for (i = 0; i < g_slist_length(result_list); i++) + if (g_slist_length (result_list) == 0) { - oval_result_t * res = g_slist_nth_data (result_list, i); - result_array[i] = g_strdup_printf ("The OVAL definition %s returned the following result: %s\n", res->definition_id, res->result); + log_write ("oval_result_add: Empty result_list, no results found in %s!", basename); } - result_array[i] = NULL; - result_string = g_strjoinv (NULL, result_array); - g_strfreev (result_array); + + oval_result_t * first_result = g_slist_nth_data (result_list, 0); + if (g_slist_length (result_list) > 1) + { + gchar ** result_array; + result_array = g_malloc0 ((g_slist_length (result_list) + 1) * sizeof (gchar *)); + + for (i = 0; i < g_slist_length (result_list); i++) + { + oval_result_t * res = g_slist_nth_data (result_list, i); + result_array[i] = g_strdup_printf ("The OVAL definition %s returned the following result: %s\n", + res->definition_id, res->result); + } + result_array[i] = NULL; + result_string = g_strjoinv (NULL, result_array); + g_strfreev (result_array); + } + else + { + result_string = g_strdup_printf ("The OVAL definition %s returned the following result: %s\n\n", + first_result->definition_id, first_result->result); + } + + post_note (g_args, 0, result_string); } - else - { - result_string = g_strdup_printf ("The OVAL definition %s returned the following result: %s\n\n", first_result->definition_id, first_result->result); - } - - post_note(g_args, 0, result_string); } - } else - { - result_string = g_strdup_printf ("Could not launch ovaldi for OVAL definition %s: Launch failed. (Is ovaldi in your PATH?)\n\n", basename); - post_note(g_args, 0, result_string); - log_write("Could not launch ovaldi!\n"); - } + { + result_string = g_strdup_printf ("Could not launch ovaldi for OVAL definition %s: Launch failed. (Is ovaldi in your PATH?)\n\n", + basename); + post_note (g_args, 0, result_string); + log_write ("Could not launch ovaldi!\n"); + } g_strfreev (argv); g_free (result_string); } pl_class_t oval_plugin_class = { - NULL, - ".oval", - oval_plugin_init, - oval_plugin_add, - oval_plugin_launch, + NULL, + ".oval", + oval_plugin_init, + oval_plugin_add, + oval_plugin_launch, }; From scm-commit at wald.intevation.org Mon Mar 2 09:40:31 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 09:40:31 +0100 (CET) Subject: [Openvas-commits] r2617 - in trunk/openvas-server: . openvasd Message-ID: <20090302084031.1ECF140729@pyrosoma.intevation.org> Author: mwiegand Date: 2009-03-02 09:40:25 +0100 (Mon, 02 Mar 2009) New Revision: 2617 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/openvasd/oval_plugins.c Log: * openvasd/oval_plugins.c: Code cleanup. Renamed child_setup to drop_privileges to make the function intention more clear. Removed superfluous result variable. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2009-03-02 07:40:24 UTC (rev 2616) +++ trunk/openvas-server/ChangeLog 2009-03-02 08:40:25 UTC (rev 2617) @@ -1,5 +1,11 @@ 2009-03-02 Michael Wiegand + * openvasd/oval_plugins.c: Code cleanup. Renamed child_setup to + drop_privileges to make the function intention more clear. Removed + superfluous result variable. + +2009-03-02 Michael Wiegand + * openvasd/oval_plugins.c: Beautification commit, no code changes. Made indentation consistent with the coding style, added documentation. Modified: trunk/openvas-server/openvasd/oval_plugins.c =================================================================== --- trunk/openvas-server/openvasd/oval_plugins.c 2009-03-02 07:40:24 UTC (rev 2616) +++ trunk/openvas-server/openvasd/oval_plugins.c 2009-03-02 08:40:25 UTC (rev 2617) @@ -99,6 +99,9 @@ TOP } state_t; +/** + * @brief The current parser state during XML parsing. + */ state_t parser_state = TOP; /** @@ -112,8 +115,6 @@ parser_state = state; } -gchar * result; - /** * @brief Prepares the launch of an external executable by dropping privileges. * @@ -126,7 +127,7 @@ * @param user_data Pointer to additional data passed by glib; currently unused. */ void -child_setup (gpointer user_data) +drop_privileges (gpointer user_data) { struct passwd * nobody_pw = NULL; @@ -686,7 +687,7 @@ argv[10] = NULL; // log_write ("Launching ovaldi with: %s\n", g_strjoinv (" ", argv)); - if (g_spawn_sync (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, child_setup, NULL, + if (g_spawn_sync (NULL, argv, NULL, G_SPAWN_SEARCH_PATH, drop_privileges, NULL, NULL, NULL, NULL, NULL)) { GMarkupParser parser; From scm-commit at wald.intevation.org Mon Mar 2 10:18:16 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 10:18:16 +0100 (CET) Subject: [Openvas-commits] r2618 - in trunk/openvas-client: . libnessus Message-ID: <20090302091816.00F2240720@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 10:18:10 +0100 (Mon, 02 Mar 2009) New Revision: 2618 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/libnessus/arglists.c trunk/openvas-client/libnessus/rand.c trunk/openvas-client/libnessus/system.c Log: Added one RATS ignore, cosmetics. * libnessus/rand.c: Added RATS ignore where size is sane, minimal doc and reformat. * libnessus/arglists.c: Minimal reformat, doc. * libnessus/system.c: Minimal reformat. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 08:40:25 UTC (rev 2617) +++ trunk/openvas-client/ChangeLog 2009-03-02 09:18:10 UTC (rev 2618) @@ -1,3 +1,14 @@ +2009-03-02 Felix Wolfsteller + + Added one RATS ignore, cosmetics. + + * libnessus/rand.c: Added RATS ignore where size is sane, minimal doc + and reformat. + + * libnessus/arglists.c: Minimal reformat, doc. + + * libnessus/system.c: Minimal reformat. + 2009-02-28 Joey Schulze * nessus/parser.c (parse_modify_data, parse_host_add_data): Switch Modified: trunk/openvas-client/libnessus/arglists.c =================================================================== --- trunk/openvas-client/libnessus/arglists.c 2009-03-02 08:40:25 UTC (rev 2617) +++ trunk/openvas-client/libnessus/arglists.c 2009-03-02 09:18:10 UTC (rev 2618) @@ -24,11 +24,15 @@ #include #define HASH_MAX 2713 + /** - * We use a hash of the argument name to speed up the lookups - * when calling arg_get_value() + * @brief Make a hash value from string. + * + * Hash vlaues of argument names are used to speed up the lookups when calling + * arg_get_value(). */ -static int mkhash_arglists(const char * name) +static int +mkhash_arglists (const char * name) { unsigned long h = 0; const unsigned char *p = (const unsigned char*) name; @@ -41,7 +45,7 @@ } /** - * name_cache : + * @brief Struct to cache names (keys) of arglist entries. * * A lot of entries in our arglists have the same name. * We use a caching system to avoid to allocate twice the same name @@ -129,6 +133,7 @@ return nc->name; } + void cache_dec(const char * name) { @@ -167,8 +172,7 @@ ExtFunc void -arg_free_name(name) - char * name; +arg_free_name (char * name) { cache_dec(name); } @@ -314,8 +318,8 @@ arglst->type = type; return 0; } - - + + ExtFunc void * arg_get_value(args, name) struct arglist * args; Modified: trunk/openvas-client/libnessus/rand.c =================================================================== --- trunk/openvas-client/libnessus/rand.c 2009-03-02 08:40:25 UTC (rev 2617) +++ trunk/openvas-client/libnessus/rand.c 2009-03-02 09:18:10 UTC (rev 2618) @@ -25,7 +25,8 @@ #include -/* +/** + * @file * If the libc does not provide [ls]rand48, we use [s]rand() instead. * * While rand() is weak in comparison of lrand48, this is not a big @@ -43,7 +44,7 @@ if ((fd = open("/dev/urandom", O_RDONLY)) >= 0) { - if (read(fd, &x, sizeof(x)) <= 0) + if (read(fd, &x, sizeof(x)) <= 0) /* RATS: ignore, size is sane, not in a loop */ perror("/dev/urandom"); if (close(fd) < 0) perror("close"); @@ -80,7 +81,7 @@ ExtFunc void srand48(long seed) -{ +{ srand(seed); } #endif Modified: trunk/openvas-client/libnessus/system.c =================================================================== --- trunk/openvas-client/libnessus/system.c 2009-03-02 08:40:25 UTC (rev 2617) +++ trunk/openvas-client/libnessus/system.c 2009-03-02 09:18:10 UTC (rev 2618) @@ -26,14 +26,8 @@ - - - - - -ExtFunc -void * emalloc(size) - size_t size; +ExtFunc void * +emalloc (size_t size) { void * ptr; @@ -77,8 +71,7 @@ } ExtFunc char * -estrdup(str) - const char * str; +estrdup (const char* str) { char * buf; int len; @@ -94,8 +87,7 @@ ExtFunc void -efree(ptr) - void * ptr; +efree (void * ptr) { char ** p = ptr; if(p && *p){ @@ -105,9 +97,7 @@ } ExtFunc void * -erealloc(ptr, size) - void * ptr; - size_t size; +erealloc (void * ptr, size_t size) { void * ret; From scm-commit at wald.intevation.org Mon Mar 2 10:25:18 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 10:25:18 +0100 (CET) Subject: [Openvas-commits] r2619 - in trunk/openvas-client: . ssl Message-ID: <20090302092518.CD39840720@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 10:25:13 +0100 (Mon, 02 Mar 2009) New Revision: 2619 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/ssl/openvasclient-mkrand.c Log: * ssl/openvasclient-mkrand.c: Reformatted (moved includes behind the gpl header), extracted file doc block. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 09:18:10 UTC (rev 2618) +++ trunk/openvas-client/ChangeLog 2009-03-02 09:25:13 UTC (rev 2619) @@ -1,5 +1,10 @@ 2009-03-02 Felix Wolfsteller + * ssl/openvasclient-mkrand.c: Reformatted (moved includes behind the + gpl header), extracted file doc block. + +2009-03-02 Felix Wolfsteller + Added one RATS ignore, cosmetics. * libnessus/rand.c: Added RATS ignore where size is sane, minimal doc Modified: trunk/openvas-client/ssl/openvasclient-mkrand.c =================================================================== --- trunk/openvas-client/ssl/openvasclient-mkrand.c 2009-03-02 09:18:10 UTC (rev 2618) +++ trunk/openvas-client/ssl/openvasclient-mkrand.c 2009-03-02 09:25:13 UTC (rev 2619) @@ -1,11 +1,4 @@ -#include -#include -#include -#include -#include -#include - -/* +/* * Copyright (C) 2001 Michel Arboi * * This program is free software; you can redistribute it and/or modify @@ -21,21 +14,30 @@ * along with this program; if not, write to the Free Software * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. * - * ******************************************************************* + * $Id: nessusclient-mkrand.c,v 1.2 2006-08-23 11:15:49 jan Exp $ + */ + +/** + * @file + * * This program generates some random data and store then to a file. * It is useful to OpenSSL users who do not have a /dev/urandom * Try something like: * openvasclient-mkrand $HOME/.rnd 128 - * ******************************************************************* * * Note: the "entropy estimator" is really crude. The first version probably * underestimated it, the current probably over-estimate it. * You've been warned! * - * $Id: nessusclient-mkrand.c,v 1.2 2006-08-23 11:15:49 jan Exp $ - * */ +#include +#include +#include +#include +#include +#include + FILE *fp; /* From scm-commit at wald.intevation.org Mon Mar 2 10:26:06 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 10:26:06 +0100 (CET) Subject: [Openvas-commits] r2620 - in trunk/openvas-client: . nessus Message-ID: <20090302092606.163AD40720@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 10:26:05 +0100 (Mon, 02 Mar 2009) New Revision: 2620 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/README trunk/openvas-client/nessus/latex_output.c Log: * nessus/latex_output.c: Fixed typo in text. * README: Minimal change to wording, reference to openvas-discuss rather than openvas-users. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 09:25:13 UTC (rev 2619) +++ trunk/openvas-client/ChangeLog 2009-03-02 09:26:05 UTC (rev 2620) @@ -1,5 +1,12 @@ 2009-03-02 Felix Wolfsteller + * nessus/latex_output.c: Fixed typo in text. + + * README: Minimal change to wording, reference to openvas-discuss rather + than openvas-users. + +2009-03-02 Felix Wolfsteller + * ssl/openvasclient-mkrand.c: Reformatted (moved includes behind the gpl header), extracted file doc block. Modified: trunk/openvas-client/README =================================================================== --- trunk/openvas-client/README 2009-03-02 09:25:13 UTC (rev 2619) +++ trunk/openvas-client/README 2009-03-02 09:26:05 UTC (rev 2620) @@ -1,7 +1,7 @@ About OpenVAS-Client: --------------------- -It is a successor of NessusClient. The fork happened +OpenVAS-Client is a successor of NessusClient. The fork happened with NessusClient CVS HEAD 20070704. The reason was that the original authors of NessusClient @@ -41,7 +41,7 @@ packages for your system. For more information and questions, please contact the OpenVAS -development team on the openvas-users or openvas-devel +development team on the openvas-discuss or openvas-devel Mailing List (see www.openvas.org). Modified: trunk/openvas-client/nessus/latex_output.c =================================================================== --- trunk/openvas-client/nessus/latex_output.c 2009-03-02 09:25:13 UTC (rev 2619) +++ trunk/openvas-client/nessus/latex_output.c 2009-03-02 09:26:05 UTC (rev 2620) @@ -467,7 +467,7 @@ fprintf(f, "A lot of factors can not be tested by a security scanner : "); fprintf(f, "the practices of the users of the network, the home-made "); fprintf(f, "services and CGIs, and so on... So, you should not have "); - fprintf(f, "a false sense of security now that the test are done. "); + fprintf(f, "a false sense of security now that the tests are done. "); fprintf(f, "We recommand that you monitor actively what happens on "); fprintf(f, "your firewall, and that you use some tools such as "); fprintf(f, "tripwire to restore your servers more easily in the case "); From scm-commit at wald.intevation.org Mon Mar 2 10:37:39 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 10:37:39 +0100 (CET) Subject: [Openvas-commits] r2621 - in trunk/openvas-client: . nessus nessus/prefs_dialog src/gui Message-ID: <20090302093739.022B340729@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 10:37:36 +0100 (Mon, 02 Mar 2009) New Revision: 2621 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/attack.c trunk/openvas-client/nessus/cli.c trunk/openvas-client/nessus/html_output.c trunk/openvas-client/nessus/nessus_plugin.c trunk/openvas-client/nessus/preferences.c trunk/openvas-client/nessus/prefs_dialog/listnotebook.h trunk/openvas-client/nessus/prefs_dialog/prefs_scan_assistant.c trunk/openvas-client/src/gui/ssh_keys_dialog.c Log: * src/gui/ssh_keys_dialog.c: Documentation added/improved. * nessus/prefs_dialog/listnotebook.h: Removed white spaces and commented proto. * nessus/cli.c: Removed zlib include, minor reformatting. * nessus/preferences.c, nessus/attack.c, nessus/html_output.c, nessus/prefs_dialog/prefs_scan_assistant.c, nessus/nessus_plugin.c: Documentation, K&R style replacements. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/ChangeLog 2009-03-02 09:37:36 UTC (rev 2621) @@ -1,5 +1,18 @@ 2009-03-02 Felix Wolfsteller + * src/gui/ssh_keys_dialog.c: Documentation added/improved. + + * nessus/prefs_dialog/listnotebook.h: Removed white spaces and + commented proto. + + * nessus/cli.c: Removed zlib include, minor reformatting. + + * nessus/preferences.c, nessus/attack.c, nessus/html_output.c, + nessus/prefs_dialog/prefs_scan_assistant.c, nessus/nessus_plugin.c: + Documentation, K&R style replacements. + +2009-03-02 Felix Wolfsteller + * nessus/latex_output.c: Fixed typo in text. * README: Minimal change to wording, reference to openvas-discuss rather Modified: trunk/openvas-client/nessus/attack.c =================================================================== --- trunk/openvas-client/nessus/attack.c 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/nessus/attack.c 2009-03-02 09:37:36 UTC (rev 2621) @@ -48,9 +48,7 @@ */ #ifdef ENABLE_SAVE_TESTS void -restore_attack(session_name, context) - char * session_name; - struct context *context; +restore_attack (char * session_name, struct context *context) { struct arglist * preferences = context->prefs; char * plug_list, * old_plug_list; @@ -101,12 +99,11 @@ /** - * This functions sends to the server (nessusd) the order - * to start a new attack. + * @brief Sends the order to start a new attack to the server (openvasd). * * @param hostname Name of the host to test first. * @param context Context to use. - */ + */ int attack_host (char* hostname, struct context* context) { @@ -196,14 +193,16 @@ } /** - * convert the OIDs of the NVTs wich are enabled * to a string + * @brief Converts OIDs of the NVTs wich are enabled to a string. + * + * OIDs are separated by semicolons * (ie : '1.3.6.1.4.1.25623.1.0.1;1.3.6.1.4.1.25623.1.0.3;1.3.6.1.4.1.25623.1.0.4') + * + * @param[out] plug_list Will contain the list when done. */ static void -setup_plug_list(plugs, scanners, plug_list) - struct nessus_plugin * plugs; - struct nessus_plugin * scanners; - char * plug_list; +setup_plug_list (struct nessus_plugin * plugs, struct nessus_plugin * scanners, + char * plug_list) { struct nessus_plugin * w = NULL; int i = 0; Modified: trunk/openvas-client/nessus/cli.c =================================================================== --- trunk/openvas-client/nessus/cli.c 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/nessus/cli.c 2009-03-02 09:37:36 UTC (rev 2621) @@ -34,7 +34,6 @@ */ #include -#include #include "globals.h" #include "nessus.h" @@ -93,8 +92,9 @@ cli_report(g_cli); exit(5); } -/* - * Monitor the test - read data from the client, and process it + +/** + * @brief Monitor the test - read data from the client, and process it */ static void cli_test_monitor(cli) @@ -448,6 +448,7 @@ } return realloc(ret, strlen(ret) + 1); } + static void _cli_sql_dump_plugins(p) struct nessus_plugin * p; @@ -517,6 +518,7 @@ p = p->next; } } + static void _cli_dump_plugins(p) struct nessus_plugin * p; @@ -663,6 +665,7 @@ return; } + int cli_close_connection(cli) struct cli_args * cli; @@ -679,9 +682,9 @@ restore_attack(session, Context); cli_test_monitor(cli); } + void -cli_list_sessions(cli) - struct cli_args * cli; +cli_list_sessions(struct cli_args* cli) { hargwalk * hw; if(!comm_server_restores_sessions(Context)) @@ -698,6 +701,6 @@ { printf("%s | %s\n", key, harg_get_string(Context->sessions, key)); } - } + } } #endif Modified: trunk/openvas-client/nessus/html_output.c =================================================================== --- trunk/openvas-client/nessus/html_output.c 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/nessus/html_output.c 2009-03-02 09:37:36 UTC (rev 2621) @@ -61,7 +61,7 @@ * only the item ID will be printed. */ void -html_output_fprint_link(FILE* file, const char* key, const char* item) +html_output_fprint_link (FILE* file, const char* key, const char* item) { char *itemparts = estrdup(item); char *itemsrc = itemparts; @@ -111,7 +111,8 @@ /** * All the cross references (CVE, BID) have the same format - XREF: ,...
*/ -char* html_output_extract_xref(FILE* file, char* str, char* key) +char* +html_output_extract_xref (FILE* file, char* str, char* key) { while(str != NULL && strncmp(str, "
", 4) != 0) { @@ -144,9 +145,10 @@ } return str; } - -void html_output_print_data_with_links(FILE* file, char* str, char* plugin_oid, - gboolean internal_link) + +void +html_output_print_data_with_links (FILE* file, char* str, char* plugin_oid, + gboolean internal_link) { while(str != NULL && str[0] != '\0') { @@ -197,10 +199,12 @@ /** * Replaces newlines and \<, \> by "\" and "\>"" , "\<". + * * @param str String to convert. * @return String str where newlines and \<, \> have been replaced by html tags. */ -char* html_output_convert_cr_to_html(char* str) +char* +html_output_convert_cr_to_html (char* str) { int num = 0; char * t; @@ -246,7 +250,8 @@ } -char* html_output_portname_to_ahref(char* name, char* hostname) +char* +html_output_portname_to_ahref (char* name, char* hostname) { char *t, *k; @@ -288,13 +293,16 @@ /* As pdf export works via intermediate html export, it might be worth looking at arglist_to_plainhtml (pdf_output.c), refactor and merge. */ /** - * Writes a report to html. + * @brief Writes a report to an html file. + * * @param hosts Arglist with hosts containing issue arglists. * @param filename Name of file to write to. + * + * @return -1 if file could not be openend, 0 otherwise. */ -int arglist_to_html(struct arglist* hosts, char* filename) +int +arglist_to_html (struct arglist* hosts, char* filename) { - FILE * file; struct arglist * h; @@ -544,7 +552,8 @@ } -void summary_to_file(FILE *file, struct arglist *hosts) +void +summary_to_file (FILE *file, struct arglist *hosts) { fprintf(file, "\n"); Modified: trunk/openvas-client/nessus/nessus_plugin.c =================================================================== --- trunk/openvas-client/nessus/nessus_plugin.c 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/nessus/nessus_plugin.c 2009-03-02 09:37:36 UTC (rev 2621) @@ -121,8 +121,17 @@ } - -struct nessus_plugin * nessus_plugin_get_by_name(struct nessus_plugin * plugins, char * name) +/** + * @brief Returns the first plugin in the plugin set \ with the name + * @brief \. + * + * @param plugins List of plugins. + * @param name Name of plugin to find. + * + * @return First plugin in plugin set with given name. + */ +struct nessus_plugin * +nessus_plugin_get_by_name(struct nessus_plugin * plugins, char * name) { while ( plugins != NULL ) { @@ -133,7 +142,15 @@ return NULL; } - +/** + * @brief Returns the first plugin in the plugin set \ with the OID + * @brief \. + * + * @param plugins List of plugins. + * @param name OID of plugin to find. + * + * @return First plugin in plugin set with given name. + */ struct nessus_plugin * nessus_plugin_get_by_oid(struct nessus_plugin * plugins, const char * oid) { Modified: trunk/openvas-client/nessus/preferences.c =================================================================== --- trunk/openvas-client/nessus/preferences.c 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/nessus/preferences.c 2009-03-02 09:37:36 UTC (rev 2621) @@ -245,9 +245,10 @@ { if(strchr(buffer, '=')) prefs_buffer_parse(buffer, context->prefs, 1); - else if(!strncmp(buffer, "begin(", strlen("begin("))) + else if(!strncmp(buffer, "begin(", + strlen("begin("))) /* RATS: ignore, string literals are nul terminated */ { - char *t = buffer + (strlen("begin(") * sizeof(char)); + char *t = buffer + (strlen("begin(") * sizeof(char)); /* RATS: ignore, string literals are nul terminated */ char *end = strchr(t, ')'); if(!end) @@ -310,7 +311,7 @@ // Check for int and 1 or string and 'yes' void* argval = arg_get_value (argl, prefname); - int argtype = arg_get_type (argl, prefname); + int argtype = GPOINTER_TO_INT(arg_get_type (argl, prefname)); if ( (argtype == ARG_INT && (int) argval == 1) || (argtype == ARG_STRING && argval && !strcmp(argval, "yes")) ) @@ -396,6 +397,12 @@ } } +/** + * @brief Gets or creates the plugin set (arglist) with name \ of a + * @brief context. + * + * If the set is created, all plugins in \ are used to create the set. + */ struct arglist * prefs_get_pluginset (struct context *context, char *name, struct nessus_plugin *plugins) @@ -446,8 +453,8 @@ } /** - * Update arglists "PLUGIN_SET" or "SCANNER_SET" - * from context->plugins or context->scanners + * @brief Update arglists "PLUGIN_SET" or "SCANNER_SET" from context->plugins + * @brief or context->scanners. */ void pluginset_reload (struct context *context, char *name, @@ -503,9 +510,7 @@ } void -preferences_save_as(context, filename) - struct context *context; - char *filename; +preferences_save_as (struct context *context, char *filename) { FILE *fd; struct arglist *t; @@ -713,26 +718,33 @@ return NULL; } +/** + * @brief Returns either the user-set value of a preference or its Default. + * + * As this function returns a void pointer, it is wrapped in the macros + * prefs_get_int and prefs_get_string. Use these, as you should know which + * type you expect. + * + * @param context Context to query preferences of. + * @param name Preference name (e.g. "trusted_ca"). + * + * @return Value of unknown type (thus use prefs_get_int or prefs_get_string). + */ void * -prefs_get_value(context, name) - struct context *context; - const char *name; +prefs_get_value (struct context *context, const char *name) { void *value = arg_get_value(context->prefs, name); int type = arg_get_type(context->prefs, name); if(type < 0 || (type != ARG_INT && value == NULL) || (type == ARG_STRING && !strlen((const char *)value))) - value = prefs_get_default(context, name); + value = prefs_get_default (context, name); return value; } void -prefs_set_value(context, name, value, type) - struct context *context; - const char *name; - void *value; - int type; +prefs_set_value (struct context *context, const char *name, void *value, + int type) { int len; int arg_type; @@ -773,19 +785,13 @@ } void -prefs_set_int(context, name, value) - struct context *context; - const char *name; - int value; +prefs_set_int (struct context *context, const char *name, int value) { prefs_set_value(context, name, GSIZE_TO_POINTER(value), ARG_INT); } void -prefs_set_string(context, name, value) - struct context *context; - const char *name; - const char *value; +prefs_set_string (struct context *context, const char *name, const char *value) { const char *default_value = prefs_get_default(context, name); if(!default_value || strcmp(value, default_value)) @@ -796,8 +802,7 @@ /* are there any options besides "name" and "comment"? */ int -prefs_has_options(context) - struct context *context; +prefs_has_options (struct context *context) { struct arglist *t = context->prefs; Modified: trunk/openvas-client/nessus/prefs_dialog/listnotebook.h =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/listnotebook.h 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/nessus/prefs_dialog/listnotebook.h 2009-03-02 09:37:36 UTC (rev 2621) @@ -25,17 +25,16 @@ * file, but you are not obligated to do so. If you do not wish to * do so, delete this exception statement from your version. */ - + #ifndef _NESSUSC_LIST_NOTEBOOK_H #define _NESSUSC_LIST_NOTEBOOK_H GtkWidget* listnotebook_new(gboolean, gboolean); -/* void listnotebook_add_to_box(GtkWidget*); */ void listnotebook_add_page(GtkWidget*, GtkWidget*, const char*, const char*); void listnotebook_remove_page (GtkWidget* listnotebook, char* pagename); void listnotebook_select_page(GtkWidget*, int); void listnotebook_select_page_named(GtkWidget* listnotebook, char* page_name); char* listnotebook_get_selected (GtkWidget* listnotebook); - + #endif /* _NESSUSC_LIST_NOTEBOOK_H */ Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_scan_assistant.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_scan_assistant.c 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_scan_assistant.c 2009-03-02 09:37:36 UTC (rev 2621) @@ -30,6 +30,9 @@ #include "prefs_dialog.h" #include "prefs_dialog_auth.h" +/** + * @brief Struct linking the Widgets needed to show the scan wizard. + */ struct scan_assistant { GtkWindow *parent; GtkWidget *dialog; @@ -44,9 +47,7 @@ void -scan_assistant_add_text(box, text) - GtkWidget *box; - const gchar *text; +scan_assistant_add_text (GtkWidget *box, const gchar *text) { GtkWidget *label; @@ -58,10 +59,7 @@ } GtkWidget * -scan_assistant_add_entry(box, name, text) - GtkWidget *box; - const gchar *name; - const gchar *text; +scan_assistant_add_entry (GtkWidget *box, const gchar *name, const gchar *text) { GtkWidget *vbox; GtkWidget *entry; @@ -83,9 +81,7 @@ } GtkWidget * -scan_assistant_add_textview(box, name) - GtkWidget *box; - const gchar *name; +scan_assistant_add_textview (GtkWidget *box, const gchar *name) { GtkWidget *frame; GtkWidget *scrolledwindow; @@ -110,10 +106,8 @@ } void -scan_assistant_apply_comment(assistant, textview, ctrls) - struct scan_assistant *assistant; - GtkWidget *textview; - struct arglist *ctrls; +scan_assistant_apply_comment (struct scan_assistant *assistant, + GtkWidget *textview, struct arglist *ctrls) { GtkTextBuffer *assistant_buffer, *comment_buffer; GtkTextIter start, end; @@ -129,9 +123,7 @@ } GtkWidget * -scan_assistant_append_page(notebook, name) - GtkWidget *notebook; - const gchar *name; +scan_assistant_append_page (GtkWidget *notebook, const gchar *name) { GtkWidget *vbox; GtkWidget *label; @@ -148,9 +140,8 @@ } void -scan_assistant_update_nextbutton(assistant, page_num) - struct scan_assistant *assistant; - guint page_num; +scan_assistant_update_nextbutton (struct scan_assistant *assistant, + guint page_num) { static gint previous = GTK_RESPONSE_NONE; gint response; @@ -179,8 +170,7 @@ } void -scan_assistant_setdefault(widget) - GtkWidget *widget; +scan_assistant_setdefault (GtkWidget *widget) { if(GTK_IS_ENTRY(widget) && !gtk_entry_get_text(GTK_ENTRY(widget))[0]) gtk_entry_set_text(GTK_ENTRY(widget), @@ -188,9 +178,7 @@ } void -scan_assistant_update_page(assistant, page_num) - struct scan_assistant *assistant; - guint page_num; +scan_assistant_update_page (struct scan_assistant *assistant, guint page_num) { GtkWidget *focus; @@ -217,17 +205,14 @@ } void -scan_assistant_switch_page(notebook, page, page_num, assistant) - GtkNotebook *notebook; - GtkNotebookPage *page; - guint page_num; - struct scan_assistant *assistant; +scan_assistant_switch_page (GtkNotebook *notebook, GtkNotebookPage *page, + guint page_num, struct scan_assistant *assistant) { scan_assistant_update_page(assistant, page_num); } void -scan_assistant_create_dialog(struct scan_assistant *assistant, +scan_assistant_create_dialog (struct scan_assistant *assistant, const char * targets) { GtkWidget *dialog; @@ -326,9 +311,7 @@ } void -prefs_scan_assistant(widget, ctrls) - GtkWidget *widget; - gpointer ctrls; +prefs_scan_assistant (GtkWidget *widget, gpointer ctrls) { void *context_window = arg_get_value(ctrls, "CONTEXT"); struct scan_assistant *assistant = emalloc(sizeof(struct scan_assistant)); Modified: trunk/openvas-client/src/gui/ssh_keys_dialog.c =================================================================== --- trunk/openvas-client/src/gui/ssh_keys_dialog.c 2009-03-02 09:26:05 UTC (rev 2620) +++ trunk/openvas-client/src/gui/ssh_keys_dialog.c 2009-03-02 09:37:36 UTC (rev 2621) @@ -1,6 +1,6 @@ /* OpenVAS-Client * $Id$ - * Description: The ssh key management dialog. + * Description: The OpenVAS SSH Key Manager dialog. * * Authors: * Felix Wolfsteller @@ -50,8 +50,16 @@ #define STR_NO_LOGINS_YET _("[No logins yet]") /** - * Callback function to open the OpenVAS SSH Key Manager. + * @file + * Displays the OpenVAS SSH Key Manager to list, create and delete registered + * ssh logins. + */ + +/** + * @brief Callback function to open the OpenVAS SSH Key Manager. + * * Only calls ssh_keys_dialog_show. + * * @see ssh_keys_dialog_show */ void ssh_manager_button_cb(GtkWidget* super, void* ignored ) @@ -242,7 +250,7 @@ /** - * Shows the SSH Key Management Dialog. + * @brief Shows the SSH Key Management Dialog. */ void ssh_keys_dialog_show() From scm-commit at wald.intevation.org Mon Mar 2 10:42:30 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 10:42:30 +0100 (CET) Subject: [Openvas-commits] r2622 - in trunk/openvas-client: . nessus Message-ID: <20090302094230.6232A40729@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 10:42:29 +0100 (Mon, 02 Mar 2009) New Revision: 2622 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/filter.h Log: In filter module, added GPL header from implementation file to the header file. * nessus/filter.h: Added GPL Header from modules implementation file (nessus/filter.c). Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 09:37:36 UTC (rev 2621) +++ trunk/openvas-client/ChangeLog 2009-03-02 09:42:29 UTC (rev 2622) @@ -1,5 +1,13 @@ 2009-03-02 Felix Wolfsteller + In filter module, added GPL header from implementation file to the + header file. + + * nessus/filter.h: Added GPL Header from modules implementation file + (nessus/filter.c). + +2009-03-02 Felix Wolfsteller + * src/gui/ssh_keys_dialog.c: Documentation added/improved. * nessus/prefs_dialog/listnotebook.h: Removed white spaces and Modified: trunk/openvas-client/nessus/filter.h =================================================================== --- trunk/openvas-client/nessus/filter.h 2009-03-02 09:37:36 UTC (rev 2621) +++ trunk/openvas-client/nessus/filter.h 2009-03-02 09:42:29 UTC (rev 2622) @@ -1,3 +1,31 @@ +/* Nessus + * Copyright (C) 1998 - 2001 Renaud Deraison + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * In addition, as a special exception, Renaud Deraison + * gives permission to link the code of this program with any + * version of the OpenSSL library which is distributed under a + * license identical to that listed in the included COPYING.OpenSSL + * file, and distribute linked combinations including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * this file, you may extend this exception to your version of the + * file, but you are not obligated to do so. If you do not wish to + * do so, delete this exception statement from your version. + */ + #ifndef __NESSUS_FILTER_H__ #define __NESSUS_FILTER_H__ struct plugin_filter { From scm-commit at wald.intevation.org Mon Mar 2 10:49:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 10:49:34 +0100 (CET) Subject: [Openvas-commits] r2623 - in trunk/openvas-manager: . src/tests Message-ID: <20090302094934.14F1140729@pyrosoma.intevation.org> Author: mattm Date: 2009-03-02 10:49:32 +0100 (Mon, 02 Mar 2009) New Revision: 2623 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/tests/common.c trunk/openvas-manager/src/tests/common.h trunk/openvas-manager/src/tests/omp_abort_task_0.c trunk/openvas-manager/src/tests/omp_modify_task_0.c trunk/openvas-manager/src/tests/omp_start_task_0.c trunk/openvas-manager/src/tests/omp_status_0.c Log: In tests, wait for server with wait_for_task_start, and delete created tasks on exit. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-03-02 09:42:29 UTC (rev 2622) +++ trunk/openvas-manager/ChangeLog 2009-03-02 09:49:32 UTC (rev 2623) @@ -1,3 +1,14 @@ +2009-03-02 Matthew Mundell + + * src/tests/common.c: Turn off some tracing. + (DO_CHILDREN, id_string, wait_for_task_start, delete_task): New functions. + + * src/tests/common.h (delete_task, wait_for_task_start): New headers. + + * src/tests/omp_abort_task_0.c, src/tests/omp_start_task_0.c, + src/tests/omp_modify_task_0.c, src/tests/omp_modify_task_0.c: Wait for + server with wait_for_task_start. Delete task on exit. + 2009-03-01 Matthew Mundell Reduce number of gotos. Modified: trunk/openvas-manager/src/tests/common.c =================================================================== --- trunk/openvas-manager/src/tests/common.c 2009-03-02 09:42:29 UTC (rev 2622) +++ trunk/openvas-manager/src/tests/common.c 2009-03-02 09:49:32 UTC (rev 2623) @@ -45,8 +45,10 @@ * \ref authenticate, * \ref env_authenticate, * \ref create_task, - * \ref create_task_from_rc_file and - * \ref start_task. + * \ref create_task_from_rc_file, + * \ref delete_task, + * \ref start_task and + * \ref wait_for_task_start. * * There are examples of using this interface in the tests. */ @@ -488,7 +490,7 @@ GError **error) { entity_t entity; - tracef (" handle_start_element %s\n", element_name); + //tracef (" handle_start_element %s\n", element_name); context_data_t* data = (context_data_t*) user_data; if (data->current) { @@ -519,7 +521,7 @@ gpointer user_data, GError **error) { - tracef (" handle_end_element %s\n", element_name); + //tracef (" handle_end_element %s\n", element_name); context_data_t* data = (context_data_t*) user_data; assert (data->current && data->first); if (data->current == data->first) @@ -550,7 +552,7 @@ gpointer user_data, GError **error) { - tracef (" handle_text\n"); + //tracef (" handle_text\n"); context_data_t* data = (context_data_t*) user_data; entity_t current = (entity_t) data->current->data; current->text = current->text @@ -570,7 +572,7 @@ GError *error, gpointer user_data) { - tracef (" handle_error\n"); + //tracef (" handle_error\n"); tracef (" Error: %s\n", error->message); } @@ -758,6 +760,41 @@ return 1; } +/** + * @brief Do something for each child of an entity. + * + * Calling "break" during body exits the loop. + * + * @param[in] entity The entity. + * @param[in] child Name to use for child variable. + * @param[in] temp Name to use for internal variable. + * @param[in] body The code to run for each child. + */ +#define DO_CHILDREN(entity, child, temp, body) \ + do \ + { \ + GSList* temp = entity->entities; \ + while (temp) \ + { \ + entity_t child = temp->data; \ + { \ + body; \ + } \ + temp = g_slist_next (temp); \ + } \ + } \ + while (0) + +#if 0 +/* Lisp version of DO_CHILDREN. */ +(defmacro do-children ((entity child) &body body) + "Do something for each child of an entity." + (let ((temp (gensym))) + `(while ((,temp (entity-entities ,entity) (rest ,temp))) + (,temp) + , at body))) +#endif + /* OMP. */ @@ -981,3 +1018,174 @@ if (first == '2') return 0; return -1; } + +/** + * @brief Return a string version of an ID. + * + * @param[in] id ID. + * @param[out] string Pointer to a string. On successful return contains a + * pointer to a static buffer with the task ID as a string. + * The static buffer is overwritten across successive + * calls. + * + * @return 0 success, -1 error. + */ +int +id_string (int id, const char ** string) +{ + static char buffer[11]; /* (expt 2 32) => 4294967296 */ + int length = sprintf (buffer, "%u", id); + assert (length < 11); + if (length < 1) return -1; + *string = buffer; + return 0; +} + +/** + * @brief Wait for a task to start running on the server. + * + * @param[in] session Pointer to GNUTLS session. + * @param[in] id ID of task. + * + * @return 0 on success, -1 on error. + */ +int +wait_for_task_start (gnutls_session_t* session, + unsigned int id) +{ + while (1) + { + if (sendf_to_manager (session, "") == -1) + return -1; + + /* Read the response. */ + + entity_t entity = NULL; + if (read_entity (session, &entity)) return -1; + + /* Check the response. */ + + entity_t status = entity_child (entity, "status"); + if (status == NULL) + { + free_entity (entity); + return -1; + } + const char* status_text = entity_text (status); + if (strlen (status_text) == 0) + { + free_entity (entity); + return -1; + } + if (status_text[0] == '2') + { + /* Check the running status of the given task. */ + + char* run_state = NULL; + const char* string_id; + if (id_string (id, &string_id)) + { + free_entity (entity); + return -1; + } + +#if 0 + /* Lisp version. */ + (do-children (entity child) + (when (string= (entity-type child) "task") + (let ((task-id (entity-child child "task_id"))) + (fi* task-id + (free-entity entity) + (return-from wait-for-task-start -1)) + (when (string= (entity-text task-id) string-id) + (let ((status (entity-child child "status"))) + (fi* status + (free-entity entity) + (return-from wait-for-task-start -1)) + (setq run-state (entity-text status))) + (return))))) +#endif + + DO_CHILDREN (entity, child, temp, + if (strcasecmp (entity_name (child), "task") == 0) + { + entity_t task_id = entity_child (child, "task_id"); + if (task_id == NULL) + { + free_entity (entity); + return -1; + } + if (strcasecmp (entity_text (task_id), string_id) + == 0) + { + entity_t status = entity_child (child, "status"); + if (status == NULL) + { + free_entity (entity); + return -1; + } + run_state = entity_text (status); + break; + } + }); + + if (run_state == NULL) + { + free_entity (entity); + return -1; + } + + if (strcmp (run_state, "Running") == 0 + || strcmp (run_state, "Done") == 0) + { + free_entity (entity); + return 0; + } + free_entity (entity); + } + + sleep (1); + } +} + +/** + * @brief Delete a task and read the manager response. + * + * @param[in] session Pointer to GNUTLS session. + * @param[in] id ID of task. + * + * @return 0 on success, -1 on error. + */ +int +delete_task (gnutls_session_t* session, unsigned int id) +{ + if (sendf_to_manager (session, + "%u", + id) + == -1) + return -1; + + /* Read the response. */ + + entity_t entity = NULL; + if (read_entity (session, &entity)) return -1; + + /* Check the response. */ + + entity_t status = entity_child (entity, "status"); + if (status == NULL) + { + free_entity (entity); + return -1; + } + const char* status_text = entity_text (status); + if (strlen (status_text) == 0) + { + free_entity (entity); + return -1; + } + char first = status_text[0]; + free_entity (entity); + if (first == '2') return 0; + return -1; +} Modified: trunk/openvas-manager/src/tests/common.h =================================================================== --- trunk/openvas-manager/src/tests/common.h 2009-03-02 09:42:29 UTC (rev 2622) +++ trunk/openvas-manager/src/tests/common.h 2009-03-02 09:49:32 UTC (rev 2623) @@ -99,5 +99,10 @@ unsigned int*); int +delete_task (gnutls_session_t*, unsigned int); + +int start_task (gnutls_session_t* , unsigned int); +int +wait_for_task_start (gnutls_session_t*, unsigned int); Modified: trunk/openvas-manager/src/tests/omp_abort_task_0.c =================================================================== --- trunk/openvas-manager/src/tests/omp_abort_task_0.c 2009-03-02 09:42:29 UTC (rev 2622) +++ trunk/openvas-manager/src/tests/omp_abort_task_0.c 2009-03-02 09:49:32 UTC (rev 2623) @@ -65,20 +65,26 @@ if (start_task (&session, id)) { + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_FAILURE; } /* Wait for the task to start on the server. */ - // FIX wait on %u - sleep (5); + if (wait_for_task_start (&session, id)) + { + delete_task (&session, id); + close_manager_connection (socket, session); + return EXIT_FAILURE; + } /* Cancel the task. */ #if 0 if (env_authenticate (&session)) { + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_FAILURE; } @@ -89,6 +95,7 @@ id) == -1) { + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_FAILURE; } @@ -102,18 +109,19 @@ entity_t expected = add_entity (NULL, "abort_task_response", NULL); add_entity (&expected->entities, "status", "201"); - print_entity (stdout, expected); if (compare_entities (entity, expected)) { free_entity (expected); free_entity (entity); + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_FAILURE; } free_entity (expected); free_entity (entity); + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_SUCCESS; } Modified: trunk/openvas-manager/src/tests/omp_modify_task_0.c =================================================================== --- trunk/openvas-manager/src/tests/omp_modify_task_0.c 2009-03-02 09:42:29 UTC (rev 2622) +++ trunk/openvas-manager/src/tests/omp_modify_task_0.c 2009-03-02 09:49:32 UTC (rev 2623) @@ -69,6 +69,7 @@ #if 0 if (env_authenticate (&session)) { + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_FAILURE; } @@ -83,6 +84,7 @@ id) == -1) { + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_FAILURE; } @@ -104,6 +106,7 @@ /* Cleanup. */ + delete_task (&session, id); close_manager_connection (socket, session); free_entity (entity); free_entity (expected); Modified: trunk/openvas-manager/src/tests/omp_start_task_0.c =================================================================== --- trunk/openvas-manager/src/tests/omp_start_task_0.c 2009-03-02 09:42:29 UTC (rev 2622) +++ trunk/openvas-manager/src/tests/omp_start_task_0.c 2009-03-02 09:49:32 UTC (rev 2623) @@ -83,6 +83,7 @@ { free_entity (expected); free_entity (entity); + delete_task (&session, id); fail: close_manager_connection (socket, session); return EXIT_FAILURE; @@ -90,6 +91,7 @@ free_entity (expected); free_entity (entity); + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_SUCCESS; } Modified: trunk/openvas-manager/src/tests/omp_status_0.c =================================================================== --- trunk/openvas-manager/src/tests/omp_status_0.c 2009-03-02 09:42:29 UTC (rev 2622) +++ trunk/openvas-manager/src/tests/omp_status_0.c 2009-03-02 09:49:32 UTC (rev 2623) @@ -56,16 +56,16 @@ /* Start the task. */ - if (start_task (&session, id)) goto fail; + if (start_task (&session, id)) goto delete_fail; /* Request the status. */ #if 0 - if (env_authenticate (&session)) goto fail; + if (env_authenticate (&session)) goto delete_fail; #endif if (send_to_manager (&session, "") == -1) - goto fail; + goto delete_fail; /* Read the response. */ @@ -80,7 +80,7 @@ entity_t task = add_entity (&expected->entities, "task", NULL); add_entity (&task->entities, "task_id", "0"); add_entity (&task->entities, "identifier", "omp_start_task_0"); - add_entity (&task->entities, "task_status", "Running"); + add_entity (&task->entities, "status", "Running"); entity_t messages = add_entity (&task->entities, "messages", ""); add_entity (&messages->entities, "debug", "0"); add_entity (&messages->entities, "hole", "0"); @@ -92,6 +92,8 @@ { free_entity (entity); free_entity (expected); + delete_fail: + delete_task (&session, id); fail: close_manager_connection (socket, session); return EXIT_FAILURE; @@ -99,6 +101,7 @@ free_entity (entity); free_entity (expected); + delete_task (&session, id); close_manager_connection (socket, session); return EXIT_SUCCESS; } From scm-commit at wald.intevation.org Mon Mar 2 10:52:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 10:52:47 +0100 (CET) Subject: [Openvas-commits] r2624 - in trunk/openvas-manager: . src Message-ID: <20090302095247.952E740729@pyrosoma.intevation.org> Author: mattm Date: 2009-03-02 10:52:45 +0100 (Mon, 02 Mar 2009) New Revision: 2624 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.h trunk/openvas-manager/src/omp.c trunk/openvas-manager/src/otp.c Log: Add "Requested" task running state. Correct STATUS_RESPONSE tags and CLIENT_MODIFY_TASK variable usage. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-03-02 09:49:32 UTC (rev 2623) +++ trunk/openvas-manager/ChangeLog 2009-03-02 09:52:45 UTC (rev 2624) @@ -1,5 +1,20 @@ 2009-03-02 Matthew Mundell + Add "Requested" task running state. Correct STATUS_RESPONSE tags and + CLIENT_MODIFY_TASK variable usage. + + * src/otp.c (process_otp_server_input): Update task running state + on receiving SCAN_START. + + * src/omp.c (omp_xml_handle_end_element): Add printing of new running + state. Rename TASK_STATUS entity in TASK in STATUS_RESPONSE to STATUS. + Correct STATUS_RESPONSE closing tags. In CLIENT_MODIFY_TASK case + use local var instead of setting current_client_task. + + * src/manage.h (task_t): Note new running state. + +2009-03-02 Matthew Mundell + * src/tests/common.c: Turn off some tracing. (DO_CHILDREN, id_string, wait_for_task_start, delete_task): New functions. Modified: trunk/openvas-manager/src/manage.h =================================================================== --- trunk/openvas-manager/src/manage.h 2009-03-02 09:49:32 UTC (rev 2623) +++ trunk/openvas-manager/src/manage.h 2009-03-02 09:52:45 UTC (rev 2624) @@ -101,7 +101,7 @@ char* description; ///< Description. int description_length; ///< Length of description. int description_size; ///< Actual size allocated for description. - short running; ///< Flag: 0 initially, 1 if running. + short running; ///< Flag: 0 new, 1 started, 2 running. char* start_time; ///< Time the task last started. char* end_time; ///< Time the task last ended. unsigned int report_count; ///< The number of existing reports on the task. Modified: trunk/openvas-manager/src/omp.c =================================================================== --- trunk/openvas-manager/src/omp.c 2009-03-02 09:49:32 UTC (rev 2623) +++ trunk/openvas-manager/src/omp.c 2009-03-02 09:52:45 UTC (rev 2624) @@ -488,7 +488,7 @@ { SEND_TO_CLIENT ("" "402" - ""); + ""); set_client_state (CLIENT_AUTHENTIC); g_set_error (error, G_MARKUP_ERROR, @@ -909,15 +909,15 @@ unsigned int id; if (sscanf (current_task_task_id, "%u", &id) == 1) { - current_client_task = find_task (id); - if (current_client_task == NULL) + task_t* task = find_task (id); + if (task == NULL) SEND_TO_CLIENT ("" "407" ""); else { // FIX check if param,value else respond fail - int fail = set_task_parameter (current_client_task, + int fail = set_task_parameter (task, modify_task_parameter, modify_task_value); free (modify_task_parameter); @@ -1047,8 +1047,7 @@ task_t* task = find_task (id); if (task == NULL) SEND_TO_CLIENT ("" - "407" - ""); + "407"); else { SEND_TO_CLIENT ("200"); @@ -1061,8 +1060,7 @@ } else SEND_TO_CLIENT ("" - "40x" - ""); + "40x"); free_string_var (¤t_task_task_id); } else @@ -1082,7 +1080,7 @@ line = g_strdup_printf ("" "%u" "%s" - "%s" + "%s" "" "%i" "%i" @@ -1093,7 +1091,11 @@ "", index->id, index->name, - index->running ? "Running" : "New", + index->running + ? (index->running == 1 + ? "Requested" + : "Running") + : "New", index->debugs_size, index->holes_size, index->infos_size, Modified: trunk/openvas-manager/src/otp.c =================================================================== --- trunk/openvas-manager/src/otp.c 2009-03-02 09:49:32 UTC (rev 2623) +++ trunk/openvas-manager/src/otp.c 2009-03-02 09:52:45 UTC (rev 2624) @@ -1819,7 +1819,8 @@ } case SERVER_TIME_SCAN_START: { - /* Read over it. */ + if (current_server_task) + current_server_task->running = 2; set_server_state (SERVER_DONE); switch (parse_server_done (&messages)) { From scm-commit at wald.intevation.org Mon Mar 2 10:54:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 10:54:54 +0100 (CET) Subject: [Openvas-commits] r2625 - in trunk/openvas-manager: . src Message-ID: <20090302095454.69799404F2@pyrosoma.intevation.org> Author: mattm Date: 2009-03-02 10:54:53 +0100 (Mon, 02 Mar 2009) New Revision: 2625 Modified: trunk/openvas-manager/ChangeLog trunk/openvas-manager/src/manage.c Log: * src/manage.c (delete_task): Correct error check. Modified: trunk/openvas-manager/ChangeLog =================================================================== --- trunk/openvas-manager/ChangeLog 2009-03-02 09:52:45 UTC (rev 2624) +++ trunk/openvas-manager/ChangeLog 2009-03-02 09:54:53 UTC (rev 2625) @@ -1,5 +1,9 @@ 2009-03-02 Matthew Mundell + * src/manage.c (delete_task): Correct error check. + +2009-03-02 Matthew Mundell + Add "Requested" task running state. Correct STATUS_RESPONSE tags and CLIENT_MODIFY_TASK variable usage. Modified: trunk/openvas-manager/src/manage.c =================================================================== --- trunk/openvas-manager/src/manage.c 2009-03-02 09:52:45 UTC (rev 2624) +++ trunk/openvas-manager/src/manage.c 2009-03-02 09:54:53 UTC (rev 2625) @@ -821,7 +821,8 @@ id, NULL); GError* error = NULL; - if (rmdir_recursively (name, &error)) + rmdir_recursively (name, &error); + if (error) { fprintf (stderr, "Failed to remove task dir %s: %s\n", name, From scm-commit at wald.intevation.org Mon Mar 2 11:09:33 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 11:09:33 +0100 (CET) Subject: [Openvas-commits] r2626 - in trunk/openvas-client: . nessus nessus/prefs_dialog Message-ID: <20090302100933.F3F3C4072A@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 11:09:31 +0100 (Mon, 02 Mar 2009) New Revision: 2626 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/auth.c trunk/openvas-client/nessus/prefs_dialog/prefs_plugins.c trunk/openvas-client/nessus/prefs_dialog/prefs_plugins_tree.c Log: * nessus/auth.c, nessus/prefs_dialog/prefs_plugins.c, nessus/prefs_dialog/prefs_plugins_tree.c: K&R style replacements, doc, minor refomatting. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 09:54:53 UTC (rev 2625) +++ trunk/openvas-client/ChangeLog 2009-03-02 10:09:31 UTC (rev 2626) @@ -1,5 +1,11 @@ 2009-03-02 Felix Wolfsteller + * nessus/auth.c, nessus/prefs_dialog/prefs_plugins.c, + nessus/prefs_dialog/prefs_plugins_tree.c: K&R style replacements, doc, + minor refomatting. + +2009-03-02 Felix Wolfsteller + In filter module, added GPL header from implementation file to the header file. Modified: trunk/openvas-client/nessus/auth.c =================================================================== --- trunk/openvas-client/nessus/auth.c 2009-03-02 09:54:53 UTC (rev 2625) +++ trunk/openvas-client/nessus/auth.c 2009-03-02 10:09:31 UTC (rev 2626) @@ -24,12 +24,13 @@ * this file, you may extend this exception to your version of the * file, but you are not obligated to do so. If you do not wish to * do so, delete this exception statement from your version. - * - * This is the Authentication Manager - * */ +/** @file + * This is the Authentication Manager. + */ + #include #include #include "comm.h" @@ -37,19 +38,18 @@ #include "sighand.h" /** - * Sends the login and password to the OpenVAS - * daemon. + * @brief Sends the login and password to the OpenVAS daemon. * + * Note : this function does NOT check if the login/password are valid. + * * @param user Login users name. * @param password Login users password. * * @returns 0 if the login informations were sent successfully, * -1 if a problem occured. - * - * Note : this function does NOT check if the login/password are - * valid. */ -int auth_login(int soc, const char *user, const char* password) +int +auth_login (int soc, const char *user, const char* password) { char * buf = emalloc(255); @@ -57,12 +57,14 @@ /* Note: even if we use SSLv3 authentication, we ask for a password anyway */ network_gets(soc, buf, 7); - if(strncmp(buf, "User : ", strlen(buf)))return(-1); + if(strncmp(buf, "User : ", strlen(buf))) + return(-1); network_printf(soc, "%s\n", user); - + bzero(buf, 255); - network_gets(soc, buf,11); - if(strncmp(buf, "Password : ", strlen(buf)))return(-1); + network_gets (soc, buf, 11); + if(strncmp(buf, "Password : ", strlen(buf))) + return(-1); network_printf(soc, "%s\n", password); efree(&buf); return(0); @@ -70,11 +72,13 @@ /** - * This function sends a string to the server using a printf syntax. - * In the future, it will have to encrypt the string - * but I have not implemented this feature right now + * @brief This function sends a string to the server using a printf syntax. + * + * @param soc Socket over which to send data. + * @param data Format string in printf fashion. */ -void network_printf(int soc, char * data, ...) +void +network_printf (int soc, char * data, ...) { va_list param; int r, s = 16384; @@ -117,23 +121,26 @@ signal(SIGPIPE, SIG_IGN); va_end(param); efree(&buffer); -} +} + /** - * Reads data sent by the server + * @brief Reads data sent by the server into the provided buffer. + * + * @param[out] s Buffer to read data into, will always be nul- terminated. + * * @return >0 is the amount of data placed in s * <0 means there was an error. */ -int network_gets(soc, s, size) - int soc; - char * s; - size_t size; +int +network_gets (int soc, char* s, size_t size) { int n; - if ( soc <= 0 ) soc = Context->socket; + if ( soc <= 0 ) + soc = Context->socket; - if( soc <= 0 ) + if ( soc <= 0 ) return 0; @@ -142,7 +149,7 @@ * (socket close?) * Also, recv_line will return 0 on error. */ - n = recv_line(soc, s, size); + n = recv_line(soc, s, size); if (n > 0) return n; else @@ -156,15 +163,15 @@ * Reads maximal size bytes from the socket soc into s and returns it. * Stops reading at '\0' and '\n' characters, and appends a * terminating '\0' to s. - * @param soc The socket. - * @param s Pointer to the string (will not be set to NULL if NULL returned!). + * + * @param soc The socket. + * @param s Pointer to the string (will not be set to NULL if NULL returned!). * @param size Number of bytes to maximally read from socket. + * * @return The '\0' terminated string s or NULL if an error occured. */ -char * network_gets_raw(soc, s, size) - int soc; - char * s; - size_t size; +char* +network_gets_raw (int soc, char* s, size_t size) { int n = 0, processed ; Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_plugins.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_plugins.c 2009-03-02 09:54:53 UTC (rev 2625) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_plugins.c 2009-03-02 10:09:31 UTC (rev 2626) @@ -218,14 +218,19 @@ } /** - * @brief plugin_list_setup + * @brief Builds up the plugin area with plugin tree, buttons and preferences. * - * Draws the main window showing informations - * about the plugins of the server + * Draws the main window showing informations about the plugins of the server. + * This includes the list to en/disable NVTs and groups of NVTs, some + * convenient buttons like "Enable all" and the preferences hooks for dependency + * activation, dependency silencing and automatic enabling for new plugins. + * + * @param context Context of interest. + * + * @return Arglist with the GUI widgets hooked into. */ struct arglist * -prefs_dialog_plugins(context) - struct context *context; +prefs_dialog_plugins (struct context *context) { struct arglist *ctrls = emalloc(sizeof(struct arglist)); GtkWidget *frame; @@ -350,8 +355,7 @@ gtk_widget_show(button); arg_add_value(ctrls, "ENABLE_DEPS_AT_RUNTIME", ARG_PTR, -1, button); - button = - gtk_check_button_new_with_label(_("Silent")); + button = gtk_check_button_new_with_label (_("Silent")); gtk_box_pack_start(GTK_BOX(hbox), button, TRUE, TRUE, 0); gtk_widget_show(button); arg_add_value(ctrls, "SILENT_DEPS", ARG_PTR, -1, button); Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_plugins_tree.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_plugins_tree.c 2009-03-02 09:54:53 UTC (rev 2625) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_plugins_tree.c 2009-03-02 10:09:31 UTC (rev 2626) @@ -104,6 +104,7 @@ /** * @brief Handler for the tree model's "row-changed" signal. + * * Emit the "statistics-changed" signal on the tree model. */ static void @@ -118,6 +119,7 @@ /** * @brief Handler for the tree model's "row-deleted" signal. + * * Emit the "statistics-changed" signal on the tree model. */ static void @@ -216,9 +218,7 @@ * model doesn't send any signals. */ static void -trigger_row_update(model, iter) - GtkTreeModel *model; - GtkTreeIter *iter; +trigger_row_update (GtkTreeModel *model, GtkTreeIter *iter) { GtkTreePath *path = gtk_tree_model_get_path(model, iter); @@ -249,10 +249,7 @@ * parent family. */ static void -active_toggled(cell, path_str, data) - GtkCellRendererToggle *cell; - gchar *path_str; - gpointer data; +active_toggled (GtkCellRendererToggle *cell, gchar *path_str, gpointer data) { GtkTreeModel *model = gtk_tree_view_get_model(GTK_TREE_VIEW(data)); GtkTreeIter iter; @@ -340,10 +337,8 @@ * all other cases. */ static gboolean -button_press_event(tree, event, user_data) - GtkTreeView *tree; - GdkEventButton *event; - gpointer user_data; +button_press_event (GtkTreeView *tree, GdkEventButton *event, + gpointer user_data) { GtkTreePath * path; GtkTreeViewColumn *column; @@ -379,12 +374,8 @@ * @brief Set the "active" property of the toggle cell renderer. */ static void -active_data_func(tree_column, cell, model, iter, data) - GtkTreeViewColumn *tree_column; - GtkCellRenderer *cell; - GtkTreeModel *model; - GtkTreeIter *iter; - gpointer data; +active_data_func (GtkTreeViewColumn *tree_column, GtkCellRenderer *cell, + GtkTreeModel *model, GtkTreeIter *iter, gpointer data) { struct nessus_plugin *plugin; gboolean is_active = FALSE; @@ -440,16 +431,14 @@ * @brief Create a new plugin tree and model. */ GtkWidget * -prefs_create_plugins_tree(context, ctrls) - struct context *context; - struct arglist *ctrls; +prefs_create_plugins_tree (struct context *context, struct arglist* ctrls) { GtkWidget *tree; GtkTreeSelection *selection; GtkTreeViewColumn *column; GtkCellRenderer *renderer; - /* make sure the "statistics-changed" signal exists */ + /* Make sure the "statistics-changed" signal exists */ create_statistics_changed_signal(); /* Create the tree and its columns*/ @@ -498,9 +487,7 @@ * from ctrls if one is set. */ static void -fill_plugin_tree_store(context, ctrls) - struct context *context; - struct arglist *ctrls; +fill_plugin_tree_store (struct context *context, struct arglist *ctrls) { struct nessus_plugin *plugs = context->plugins; GtkTreeModel *store = GTK_TREE_MODEL(context->plugin_tree_store); @@ -508,7 +495,7 @@ GHashTable* family_hash = g_hash_table_new_full(g_str_hash, g_str_equal, NULL, (GDestroyNotify)gtk_tree_path_free); - /* add the plugins and families. The family nodes are created when + /* Add the plugins and families. The family nodes are created when * the first plugin of that family is encountered */ while(plugs != NULL ) { @@ -535,6 +522,7 @@ g_hash_table_insert(family_hash, plug_family, family_path); gtk_tree_store_set(GTK_TREE_STORE(store), &family_iter, COL_NAME, plug_family, COL_PLUGIN, NULL, -1); + } else { @@ -567,21 +555,20 @@ * statistics_changed signal. */ void -prefs_plugin_tree_context_changed(context, ctrls, force_rebuild) - struct context *context; - struct arglist *ctrls; - gboolean force_rebuild; +prefs_plugin_tree_context_changed (struct context *context, + struct arglist *ctrls, + gboolean force_rebuild) { GtkTreeView *tree_view = arg_get_value(ctrls, "PLUGINS_TREE_VIEW"); GtkTreeModel *model = context->plugin_tree_model; GtkTreeModel *old_model = gtk_tree_view_get_model(tree_view); - /* if the caller wants, force a rebuild of the store by deleting the + /* If the caller wants, force a rebuild of the store by deleting the * old one */ if (force_rebuild) context_reset_plugin_tree(context); - /* if the context doesn't have a tree store yet, create it together + /* If the context doesn't have a tree store yet, create it together * with the sort model and fill it */ if (context->plugin_tree_store == NULL) { @@ -628,9 +615,7 @@ * @brief Enable/Disable all plugins in the tree. */ void -prefs_plugin_tree_enable_all(tree, enable) - GtkTreeView *tree; - int enable; +prefs_plugin_tree_enable_all (GtkTreeView *tree, int enable) { GtkTreeModel *model = gtk_tree_view_get_model(tree); GtkTreeIter iter, child_iter; @@ -666,12 +651,15 @@ * * The function determines the total number of plugins and the number of * active plugins and stores these values is *total and *enabled. + * + * @param tree_view The treeview for which to count nvts. + * @param[out] total Will contain the total number of NVTs in the tree + * model of the tree view tree_view. + * @param[out] enabled Will contain the number of enabled NVTs in the tree model + * of the tree view tree_view. */ void -prefs_plugin_tree_statistics(tree_view, total, enabled) - GtkTreeView *tree_view; - int *total; - int *enabled; +prefs_plugin_tree_statistics (GtkTreeView *tree_view, int *total, int *enabled) { GtkTreeModel *tree_model = gtk_tree_view_get_model(tree_view); GtkTreeModel *real_model = gtk_tree_model_sort_get_model( @@ -697,7 +685,7 @@ * "active" tflag. */ void -prefs_plugin_tree_read_only(GtkTreeView* tree_view, gboolean readonly) +prefs_plugin_tree_read_only (GtkTreeView* tree_view, gboolean readonly) { g_object_set_data(G_OBJECT(tree_view), "read-only", GINT_TO_POINTER(readonly)); From scm-commit at wald.intevation.org Mon Mar 2 11:11:41 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 11:11:41 +0100 (CET) Subject: [Openvas-commits] r2627 - in trunk/openvas-client: . nessus src/gui Message-ID: <20090302101141.B062B406F4@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 11:11:39 +0100 (Mon, 02 Mar 2009) New Revision: 2627 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/auth.c trunk/openvas-client/src/gui/error_dlg.c Log: Added commented RATS ignores. * src/gui/error_dlg.c (show_dialog_std): Added RATS ignore: Calling getchar but not filling any buffer. * nessus/auth.c (auth_login): Added RATS ignore: Strlen on buffer that is nul-terminated as it comes from network_gets. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 10:09:31 UTC (rev 2626) +++ trunk/openvas-client/ChangeLog 2009-03-02 10:11:39 UTC (rev 2627) @@ -1,5 +1,15 @@ 2009-03-02 Felix Wolfsteller + Added commented RATS ignores. + + * src/gui/error_dlg.c (show_dialog_std): Added RATS ignore: Calling + getchar but not filling any buffer. + + * nessus/auth.c (auth_login): Added RATS ignore: Strlen on buffer that + is nul-terminated as it comes from network_gets. + +2009-03-02 Felix Wolfsteller + * nessus/auth.c, nessus/prefs_dialog/prefs_plugins.c, nessus/prefs_dialog/prefs_plugins_tree.c: K&R style replacements, doc, minor refomatting. Modified: trunk/openvas-client/nessus/auth.c =================================================================== --- trunk/openvas-client/nessus/auth.c 2009-03-02 10:09:31 UTC (rev 2626) +++ trunk/openvas-client/nessus/auth.c 2009-03-02 10:11:39 UTC (rev 2627) @@ -57,13 +57,13 @@ /* Note: even if we use SSLv3 authentication, we ask for a password anyway */ network_gets(soc, buf, 7); - if(strncmp(buf, "User : ", strlen(buf))) + if(strncmp(buf, "User : ", strlen(buf))) /* RATS: ignore, network_gets ensures nul termination (together with recv_line) */ return(-1); network_printf(soc, "%s\n", user); bzero(buf, 255); network_gets (soc, buf, 11); - if(strncmp(buf, "Password : ", strlen(buf))) + if(strncmp(buf, "Password : ", strlen(buf))) /* RATS: ignore, network_gets ensures nul termination (together with recv_line) */ return(-1); network_printf(soc, "%s\n", password); efree(&buf); Modified: trunk/openvas-client/src/gui/error_dlg.c =================================================================== --- trunk/openvas-client/src/gui/error_dlg.c 2009-03-02 10:09:31 UTC (rev 2626) +++ trunk/openvas-client/src/gui/error_dlg.c 2009-03-02 10:11:39 UTC (rev 2627) @@ -77,7 +77,7 @@ if(wait == DIALOG_AND_WAIT) { fprintf(stderr, _("Press to continue ...\n")); - getchar(); + getchar(); /* RATS: ignore, not reading into any buffer */ } } From scm-commit at wald.intevation.org Mon Mar 2 11:14:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 11:14:55 +0100 (CET) Subject: [Openvas-commits] r2628 - in trunk/openvas-client: . nessus Message-ID: <20090302101455.AE03A4072A@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 11:14:53 +0100 (Mon, 02 Mar 2009) New Revision: 2628 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/data_mining.h Log: In module data_mining, added GPL header from implementation file to header file. * nessus/data_mining.h: Added GPL header from modules implementation file (nessus/data_mining.c). Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 10:11:39 UTC (rev 2627) +++ trunk/openvas-client/ChangeLog 2009-03-02 10:14:53 UTC (rev 2628) @@ -1,5 +1,13 @@ 2009-03-02 Felix Wolfsteller + In module data_mining, added GPL header from implementation file to + header file. + + * nessus/data_mining.h: Added GPL header from modules implementation + file (nessus/data_mining.c). + +2009-03-02 Felix Wolfsteller + Added commented RATS ignores. * src/gui/error_dlg.c (show_dialog_std): Added RATS ignore: Calling Modified: trunk/openvas-client/nessus/data_mining.h =================================================================== --- trunk/openvas-client/nessus/data_mining.h 2009-03-02 10:11:39 UTC (rev 2627) +++ trunk/openvas-client/nessus/data_mining.h 2009-03-02 10:14:53 UTC (rev 2628) @@ -1,3 +1,34 @@ +/* Nessus + * Copyright (C) 1998, 1999, 2000, 2001 Renaud Deraison + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * In addition, as a special exception, Renaud Deraison + * gives permission to link the code of this program with any + * version of the OpenSSL library which is distributed under a + * license identical to that listed in the included COPYING.OpenSSL + * file, and distribute linked combinations including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * this file, you may extend this exception to your version of the + * file, but you are not obligated to do so. If you do not wish to + * do so, delete this exception statement from your version. + * + * Implementation modified by Axel Nennker axel at nennker.de 20020306 + * Removed unused variables and format string errors. + */ + #ifndef __DATA_MINING_H__ #define __DATA_MINING_H__ From scm-commit at wald.intevation.org Mon Mar 2 11:32:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 11:32:55 +0100 (CET) Subject: [Openvas-commits] r2629 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20090302103255.53F9B406C8@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 11:32:53 +0100 (Mon, 02 Mar 2009) New Revision: 2629 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_scan_opt.c Log: * nessus/prefs_dialog/prefs_dialog_scan_opts.c: Tranformed doc blocks, K&R style replacements. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 10:14:53 UTC (rev 2628) +++ trunk/openvas-client/ChangeLog 2009-03-02 10:32:53 UTC (rev 2629) @@ -1,5 +1,10 @@ 2009-03-02 Felix Wolfsteller + * nessus/prefs_dialog/prefs_dialog_scan_opts.c: Tranformed doc blocks, + K&R style replacements. + +2009-03-02 Felix Wolfsteller + In module data_mining, added GPL header from implementation file to header file. Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_scan_opt.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_scan_opt.c 2009-03-02 10:14:53 UTC (rev 2628) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_scan_opt.c 2009-03-02 10:32:53 UTC (rev 2629) @@ -40,22 +40,19 @@ #include "../nessus_i18n.h" -/* column IDs of scanner TreeView Model */ +/** Column IDs of scanner TreeView Model. */ enum { COL_NAME, COL_PLUGIN, NUM_COLS }; -/* Set the "active" property of the toggle cell renderer +/** + * @brief Set the "active" property of the toggle cell renderer. */ static void -active_data_func(tree_column, cell, model, iter, data) - GtkTreeViewColumn *tree_column; - GtkCellRenderer *cell; - GtkTreeModel *model; - GtkTreeIter *iter; - gpointer data; +active_data_func (GtkTreeViewColumn *tree_column, GtkCellRenderer *cell, + GtkTreeModel *model, GtkTreeIter *iter, gpointer data) { struct nessus_plugin *plugin; gboolean is_active = FALSE; @@ -72,7 +69,8 @@ NULL); } -/* Toggle the active/launch flag of a plugin +/** + * @brief Toggle the active/launch flag of a plugin. * * This function is called when the checkbox in the scanners * tree view widget has been toggled by the user. @@ -81,10 +79,8 @@ * path_str must describe the path in the model of that tree view. */ static void -prefs_scanner_list_toggle_callback(cell, path_str, data) - GtkCellRendererToggle *cell; - gchar *path_str; - gpointer data; +prefs_scanner_list_toggle_callback (GtkCellRendererToggle *cell, gchar *path_str, + gpointer data) { GtkTreeModel *model = gtk_tree_view_get_model(GTK_TREE_VIEW(data)); GtkTreeIter iter; @@ -95,15 +91,14 @@ plugin->enabled = ! plugin->enabled; } -/* Called when the user double clicks on a row of the scanner tree view. - * Pop up the plugin info dialog. +/** + * @brief Pop up the plugin info dialog. + * + * Called when the user double clicks on a row of the scanner tree view. */ static void -scanners_row_activated(treeview, path, column, user_data) - GtkTreeView *treeview; - GtkTreePath *path; - GtkTreeViewColumn *column; - gpointer user_data; +scanners_row_activated (GtkTreeView *treeview, GtkTreePath *path, + GtkTreeViewColumn *column, gpointer user_data) { GtkTreeModel * model = gtk_tree_view_get_model(treeview); GtkTreeIter iter; @@ -115,8 +110,8 @@ plugin_info_window_setup(Context->scanners, plugin_name); } -struct arglist *prefs_dialog_scan_opt(context) - struct context *context; +struct arglist * +prefs_dialog_scan_opt (struct context *context) { GtkWidget * frame; GtkWidget * table; @@ -285,13 +280,12 @@ return(ctrls); } -/* Clean the store and then fill it with the Scanners of the given - * context. +/** + * @brief Clean the store and then fill it with the Scanners of the given + * @brief context. */ void -fill_scanner_list(context, store) - struct context *context; - GtkListStore *store; +fill_scanner_list (struct context *context, GtkListStore *store) { GtkTreeIter iter; struct nessus_plugin * scans = context->scanners; @@ -310,10 +304,10 @@ } void -prefs_dialog_scan_opt_readonly(struct arglist * ctrls, gboolean readonly) +prefs_dialog_scan_opt_readonly (struct arglist * ctrls, gboolean readonly) { read_only_set_read_only(GTK_WIDGET(arg_get_value(ctrls, "FRAME")), readonly); } -#endif +#endif /* USE_GTK */ From scm-commit at wald.intevation.org Mon Mar 2 11:55:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 11:55:47 +0100 (CET) Subject: [Openvas-commits] r2630 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20090302105547.619EE406C8@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 11:55:46 +0100 (Mon, 02 Mar 2009) New Revision: 2630 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c Log: * nessus/prefs_dialog/prefs_dialog.c (set_yesno_pref_from_toggle, prefs_dialog_apply_plugin_prefs, arg_int_to_yesno): Added RATS ignores where strlen is called on string literals. * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_apply): Use estrdup instead of malloc and snprintf. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 10:32:53 UTC (rev 2629) +++ trunk/openvas-client/ChangeLog 2009-03-02 10:55:46 UTC (rev 2630) @@ -1,5 +1,14 @@ 2009-03-02 Felix Wolfsteller + * nessus/prefs_dialog/prefs_dialog.c (set_yesno_pref_from_toggle, + prefs_dialog_apply_plugin_prefs, arg_int_to_yesno): Added + RATS ignores where strlen is called on string literals. + + * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_apply): Use estrdup + instead of malloc and snprintf. + +2009-03-02 Felix Wolfsteller + * nessus/prefs_dialog/prefs_dialog_scan_opts.c: Tranformed doc blocks, K&R style replacements. Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2009-03-02 10:32:53 UTC (rev 2629) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2009-03-02 10:55:46 UTC (rev 2630) @@ -856,7 +856,7 @@ char *s = strdup(v ? "yes" : "no"); arg_set_type(serv, "auto_enable_dependencies", ARG_STRING); - arg_set_value(serv, "auto_enable_dependencies", strlen(s), s); + arg_set_value(serv, "auto_enable_dependencies", strlen(s), s); /* RATS: ignore s is yes or no and nul terminated */ v = s; } if(v && !strcmp(v, "yes")) @@ -873,7 +873,7 @@ char *s = strdup(v ? "yes" : "no"); arg_set_type(serv, "silent_dependencies", ARG_STRING); - arg_set_value(serv, "silent_dependencies", strlen(s), s); + arg_set_value(serv, "silent_dependencies", strlen(s), s); /* RATS: ignore s is yes or no and nul terminated */ v = s; } if(v && !strcmp(v, "yes")) @@ -1233,9 +1233,7 @@ t = arg_get_value(ctrls, "SCAN_OPTIONS"); gtkw = arg_get_value(t, "PORT_RANGE"); - s = emalloc(strlen(gtk_entry_get_text(GTK_ENTRY(gtkw))) + 1); - strncpy(s, gtk_entry_get_text(GTK_ENTRY(gtkw)), - strlen(gtk_entry_get_text(GTK_ENTRY(gtkw)))); + s = estrdup (gtk_entry_get_text(GTK_ENTRY(gtkw))); if(arg_get_value(serv, "port_range")) arg_set_value(serv, "port_range", strlen(s), s); @@ -1249,11 +1247,8 @@ gtkw = arg_get_value(t, "MAX_HOSTS"); - s = emalloc(strlen(gtk_entry_get_text(GTK_ENTRY(gtkw))) + 1); + s = estrdup (gtk_entry_get_text(GTK_ENTRY(gtkw))); - strncpy(s, gtk_entry_get_text(GTK_ENTRY(gtkw)), - strlen(gtk_entry_get_text(GTK_ENTRY(gtkw)))); - if(arg_get_value(serv, "max_hosts")) arg_set_value(serv, "max_hosts", strlen(s), s); else @@ -1262,11 +1257,8 @@ gtkw = arg_get_value(t, "MAX_CHECKS"); - s = emalloc(strlen(gtk_entry_get_text(GTK_ENTRY(gtkw))) + 1); + s = g_strdup (gtk_entry_get_text(GTK_ENTRY(gtkw))); - strncpy(s, gtk_entry_get_text(GTK_ENTRY(gtkw)), - strlen(gtk_entry_get_text(GTK_ENTRY(gtkw)))); - if(arg_get_value(serv, "max_checks")) arg_set_value(serv, "max_checks", strlen(s), s); else @@ -1420,8 +1412,7 @@ { char *value = GTK_TOGGLE_BUTTON(button)->active ? "yes" : "no"; - arg_set_value(pref->value, "value", strlen(value), - estrdup(value)); + arg_set_value(pref->value, "value", strlen(value), estrdup(value)); /* RATS: ignore , value is yes or no and nul- terminated */ } } else if(!strcmp(type, PREF_RADIO)) @@ -1442,7 +1433,7 @@ { // Workaround to trigger display of this NVT (otherwise invisible // when not connected) - arg_set_value(pref->value, "value", strlen("ignored"), "ignored"); + arg_set_value(pref->value, "value", strlen("ignored"), "ignored"); /* RATS: ignore string literals are nul terminated */ } } pref = pref->next; From scm-commit at wald.intevation.org Mon Mar 2 12:02:14 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 12:02:14 +0100 (CET) Subject: [Openvas-commits] r2631 - in trunk/openvas-client: . nessus nessus/prefs_dialog Message-ID: <20090302110214.458BB406E7@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 12:02:12 +0100 (Mon, 02 Mar 2009) New Revision: 2631 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/nessus.c trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_scan_opt.c Log: e GTK Spin-Buttons instead of plain text fields for preferences ~"max hosts to check concurrently" and ~"max checks concurrently", to allow a minimum of input sanitizing (expecting integers here). * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_set_defaults): Set values to spinbuttons as float (atof), not as string. * nessus/prefs_dialog/prefs_dialog_scan_opt.c (prefs_dialog_scan_opt): Initialize GtkSpinButtons rather than plain text fields for preferences that - at the end - expect integers anyway. Set limit for max hosts/checks to perform concurrently arbitrarily high to 1000. * nessus/nessus.c (struct MainDialog): Added keys of scan_options to documentation of the "main" gui arglist to ease later refactorization. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 10:55:46 UTC (rev 2630) +++ trunk/openvas-client/ChangeLog 2009-03-02 11:02:12 UTC (rev 2631) @@ -1,5 +1,22 @@ 2009-03-02 Felix Wolfsteller + Use GTK Spin-Buttons instead of pure text fields for preferences + ~"max hosts to check concurrently" and ~"max checks concurrently", to + allow a minimum of input sanitizing (expecting integers here). + + * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_set_defaults): Set values + to spinbuttons as float. + + * nessus/prefs_dialog/prefs_dialog_scan_opt.c (prefs_dialog_scan_opt): + Initialize GtkSpinButtons rather than plain text fields for preferences + that - at the end - expect integers anyway. Set limit for max + hosts/checks to perform concurrently arbitrarily high to 1000. + + * nessus/nessus.c (struct MainDialog): Added keys of scan_options to + documentation of the "main" gui arglist to ease later refactorization. + +2009-03-02 Felix Wolfsteller + * nessus/prefs_dialog/prefs_dialog.c (set_yesno_pref_from_toggle, prefs_dialog_apply_plugin_prefs, arg_int_to_yesno): Added RATS ignores where strlen is called on string literals. Modified: trunk/openvas-client/nessus/nessus.c =================================================================== --- trunk/openvas-client/nessus/nessus.c 2009-03-02 10:55:46 UTC (rev 2630) +++ trunk/openvas-client/nessus/nessus.c 2009-03-02 11:02:12 UTC (rev 2631) @@ -126,6 +126,19 @@ * - PLUGIN_CREDENTIALS * - FRAME * - PLUGIN_PREFS + * - SCAN_OPTIONS (arg) + * - FRAME + * - PING_HOSTS + * - PORT_RANGE + * - UNSCANNED_CLOSED + * - MAX_HOSTS + * - MAX_CHECKS + * - CGI_PATH + * - REVERSE_LOOKUP + * - OPTIMIZE_TEST + * - SAFE_CHECKS + * - USE_MAC_ADDR + * - SCANNERS_LIST */ struct arglist * MainDialog; char * Alt_rcfile = NULL; Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2009-03-02 10:55:46 UTC (rev 2630) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2009-03-02 11:02:12 UTC (rev 2631) @@ -1002,7 +1002,7 @@ { v = arg_get_value(serv, "max_hosts"); if(v) - gtk_entry_set_text(GTK_ENTRY(gtkw), v); + gtk_spin_button_set_value (GTK_SPIN_BUTTON(gtkw), atof(v)); } gtkw = arg_get_value(t, "MAX_CHECKS"); @@ -1010,7 +1010,7 @@ { v = arg_get_value(serv, "max_checks"); if(v) - gtk_entry_set_text(GTK_ENTRY(gtkw), v); + gtk_spin_button_set_value (GTK_SPIN_BUTTON(gtkw), atof(v)); } gtkw = arg_get_value(t, "CGI_PATH"); Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_scan_opt.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_scan_opt.c 2009-03-02 10:55:46 UTC (rev 2630) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_scan_opt.c 2009-03-02 11:02:12 UTC (rev 2631) @@ -187,7 +187,7 @@ gtk_table_attach_defaults(GTK_TABLE(table), label, 0,1,2,3); gtk_widget_show(label); - entry = gtk_entry_new(); + entry = gtk_spin_button_new_with_range (1.0f, 1000.0f, 1.0f); gtk_table_attach_defaults(GTK_TABLE(table), entry, 1,2,2,3); gtk_widget_show(entry); arg_add_value(ctrls, "MAX_HOSTS", ARG_PTR, -1, entry); @@ -198,7 +198,7 @@ gtk_table_attach_defaults(GTK_TABLE(table), label, 0,1,3,4); gtk_widget_show(label); - entry = gtk_entry_new(); + entry = gtk_spin_button_new_with_range (1.0f, 1000.0f, 1.0f); gtk_table_attach_defaults(GTK_TABLE(table), entry, 1,2,3,4); gtk_widget_show(entry); arg_add_value(ctrls, "MAX_CHECKS", ARG_PTR, -1, entry); From scm-commit at wald.intevation.org Mon Mar 2 12:58:06 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 12:58:06 +0100 (CET) Subject: [Openvas-commits] r2632 - in trunk/openvas-client: . nessus nessus/prefs_dialog Message-ID: <20090302115806.294F840715@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 12:58:01 +0100 (Mon, 02 Mar 2009) New Revision: 2632 Removed: trunk/openvas-client/nessus/families.c trunk/openvas-client/nessus/families.h Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/MANIFEST trunk/openvas-client/nessus/Makefile trunk/openvas-client/nessus/prefs_dialog/prefs_plugins.c trunk/openvas-client/nessus/prefs_dialog/prefs_plugins_tree.c Log: Removed obsolete module families, pointed to by cppcheck. * nessus/families.h, nessus/families.c: Removed. Not used, a tree-based approach is used instead. * nessus/prefs_dialog/prefs_plugins_tree.c, nessus/prefs_dialog/prefs_plugins.c: Removed families.h include. * nessus/Makefile: Removed target and include of families.h . * MANIFEST: Removed families- entries. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 11:02:12 UTC (rev 2631) +++ trunk/openvas-client/ChangeLog 2009-03-02 11:58:01 UTC (rev 2632) @@ -1,11 +1,25 @@ 2009-03-02 Felix Wolfsteller - Use GTK Spin-Buttons instead of pure text fields for preferences + Removed obsolete module families, pointed to by cppcheck. + + * nessus/families.h, nessus/families.c: Removed. Not used, a tree-based + approach is used instead. + + * nessus/prefs_dialog/prefs_plugins_tree.c, + nessus/prefs_dialog/prefs_plugins.c: Removed families.h include. + + * nessus/Makefile: Removed target and include of families.h . + + * MANIFEST: Removed families- entries. + +2009-03-02 Felix Wolfsteller + + Use GTK Spin-Buttons instead of plain text fields for preferences ~"max hosts to check concurrently" and ~"max checks concurrently", to allow a minimum of input sanitizing (expecting integers here). - * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_set_defaults): Set values - to spinbuttons as float. + * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_set_defaults): Set + values to spinbuttons as float (atof), not as string. * nessus/prefs_dialog/prefs_dialog_scan_opt.c (prefs_dialog_scan_opt): Initialize GtkSpinButtons rather than plain text fields for preferences Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-03-02 11:02:12 UTC (rev 2631) +++ trunk/openvas-client/MANIFEST 2009-03-02 11:58:01 UTC (rev 2632) @@ -56,8 +56,6 @@ nessus/COPYING.OpenSSL nessus/data_mining.c nessus/data_mining.h -nessus/families.c -nessus/families.h nessus/filter.c nessus/filter.h nessus/globals.h Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2009-03-02 11:02:12 UTC (rev 2631) +++ trunk/openvas-client/nessus/Makefile 2009-03-02 11:58:01 UTC (rev 2632) @@ -29,7 +29,6 @@ plugin_cache.o \ context.o \ preferences.o \ - families.o \ attack.o \ report.o \ report_save.o \ @@ -144,7 +143,7 @@ prefs_plugins_tree.o : cflags prefs_dialog/prefs_plugins_tree.c \ prefs_dialog/prefs_plugins_tree.h filter.h \ ../src/gui/error_dlg.h prefs_dialog/prefs_help.h globals.h \ - plugin_infos.h families.h xpm/warning_small.xpm + plugin_infos.h xpm/warning_small.xpm $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_plugins_tree.c openvas_certificates.o : cflags ../src/openvas-lib/openvas_certificates.c \ @@ -215,9 +214,6 @@ prefs_dialog/readonly.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/readonly.c -families.o : cflags families.c families.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c families.c - plugin_infos.o : cflags plugin_infos.c plugin_infos.h globals.h context.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c plugin_infos.c Deleted: trunk/openvas-client/nessus/families.c =================================================================== --- trunk/openvas-client/nessus/families.c 2009-03-02 11:02:12 UTC (rev 2631) +++ trunk/openvas-client/nessus/families.c 2009-03-02 11:58:01 UTC (rev 2632) @@ -1,156 +0,0 @@ -/* Nessus - * Copyright (C) 1998 - 2001 Renaud Deraison - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - * - * In addition, as a special exception, Renaud Deraison - * gives permission to link the code of this program with any - * version of the OpenSSL library which is distributed under a - * license identical to that listed in the included COPYING.OpenSSL - * file, and distribute linked combinations including the two. - * You must obey the GNU General Public License in all respects - * for all of the code used other than OpenSSL. If you modify - * this file, you may extend this exception to your version of the - * file, but you are not obligated to do so. If you do not wish to - * do so, delete this exception statement from your version. - */ - -#include -#ifdef USE_GTK -#include -#endif - -#include "nessus_plugin.h" -#include "families.h" -#include "filter.h" -#include "globals.h" - -/* - * family_init - * - * initializes a set of plugin families - */ -struct plugin_families * -family_init() -{ - struct plugin_families * ret; - - ret = emalloc(sizeof(struct plugin_families)); - return(ret); -} - -/* - * family_add - * - * add a family in the family list, after having - * checked whether the family was not already present in - * the list - */ -void -family_add(families,pluginfos) - struct plugin_families * families; - struct nessus_plugin * pluginfos; - -{ - char * name = pluginfos->family; - struct plugin_families * l = families; - int flag = 0; - if(!name)return; - if(l) - while(l->next && !flag) - { - if(l->name)flag = !strcmp(l->name, name); - l->enabled = 1; - l = l->next; - } - if(!flag) - { - l->next = emalloc(sizeof(struct plugin_families)); - l->name = emalloc(strlen(name)+1); - strncpy(l->name, name, strlen(name)); - } -} - -/* - * family_enable - */ -void -family_enable(family, plugins, enable) - char * family; - struct nessus_plugin * plugins; - int enable; -{ - - while(plugins != NULL ) - { - char * pname = plugins->family; - if( strcmp(pname, family) == 0 ) - { - switch(enable) - { - case DISABLE_FAMILY : - plugins->enabled = 0; - break; - case ENABLE_FAMILY : - if(!filter_plugin(&Filter, plugins)) - plugins->enabled = 1; - else - plugins->enabled = 0; - break; - default : /* nonsense */ - break; - } - } - plugins = plugins->next; - } -} - -int -family_enabled(family, plugins) - char * family; - struct nessus_plugin * plugins; -{ - while(plugins != NULL ) - { - char * pname = plugins->family; - - if(pname != NULL && strcmp(pname, family) == 0 ) - if( plugins->enabled != 0 ) - return 1; - plugins = plugins->next; - } - return 0; -} - -int -family_empty(family, plugins) - char * family; - struct nessus_plugin * plugins; -{ - - while(plugins != NULL ) - { - char * pname = plugins->family; - if(pname != NULL && strcmp(pname, family) == 0 ) - { - if(!filter_plugin(&Filter, plugins)) - return 0; - } - plugins = plugins->next; - } - return 1; -} - - - Deleted: trunk/openvas-client/nessus/families.h =================================================================== --- trunk/openvas-client/nessus/families.h 2009-03-02 11:02:12 UTC (rev 2631) +++ trunk/openvas-client/nessus/families.h 2009-03-02 11:58:01 UTC (rev 2632) @@ -1,46 +0,0 @@ -/* NessusClient -- the Nessus Client - * Copyright (C) 1998 Renaud Deraison - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2 as - * published by the Free Software Foundation. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - * - * In addition, as a special exception, Renaud Deraison - * gives permission to link the code of this program with any - * version of the OpenSSL library which is distributed under a - * license identical to that listed in the included COPYING.OpenSSL - * file, and distribute linked combinations including the two. - * You must obey the GNU General Public License in all respects - * for all of the code used other than OpenSSL. If you modify - * this file, you may extend this exception to your version of the - * file, but you are not obligated to do so. If you do not wish to - * do so, delete this exception statement from your version. - */ - -#ifndef _NESSUSC_FAMILIES_H -#define _NESSUSC_FAMILIES_H - -#define ENABLE_FAMILY 1 -#define DISABLE_FAMILY 0 - -struct plugin_families { - char * name; - int enabled; - struct plugin_families * next; - }; - -struct plugin_families * family_init(); -void family_add(struct plugin_families *, struct nessus_plugin *); -void family_enable(char *, struct nessus_plugin *, int); -int family_enabled(char *, struct nessus_plugin *); -int family_empty(char*, struct nessus_plugin *); -#endif Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_plugins.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_plugins.c 2009-03-02 11:02:12 UTC (rev 2631) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_plugins.c 2009-03-02 11:58:01 UTC (rev 2632) @@ -33,7 +33,6 @@ #include "../nessus_plugin.h" #include "../plugin_infos.h" -#include "../families.h" #include "../preferences.h" #include "globals.h" #include "error_dlg.h" Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_plugins_tree.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_plugins_tree.c 2009-03-02 11:02:12 UTC (rev 2631) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_plugins_tree.c 2009-03-02 11:58:01 UTC (rev 2632) @@ -35,7 +35,6 @@ #include #include "../nessus_plugin.h" #include "../plugin_infos.h" -#include "../families.h" #include "error_dlg.h" #include "../xpm/warning_small.xpm" #include "filter.h" From scm-commit at wald.intevation.org Mon Mar 2 13:03:36 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 13:03:36 +0100 (CET) Subject: [Openvas-commits] r2633 - in trunk/openvas-plugins: . scripts Message-ID: <20090302120336.A06B440715@pyrosoma.intevation.org> Author: kost Date: 2009-03-02 13:03:30 +0100 (Mon, 02 Mar 2009) New Revision: 2633 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/ftp_writeable_directories.nasl Log: Made script to work with OpenVAS (did not work before!). Extensively tested as well as made the script to check both methods if safe_checks are disabled (MKD does not work well with every server FTP out there, for example, check with writable dirs in proftpd!). Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-02 11:58:01 UTC (rev 2632) +++ trunk/openvas-plugins/ChangeLog 2009-03-02 12:03:30 UTC (rev 2633) @@ -1,3 +1,11 @@ +2009-03-02 Vlatko Kosturjak + * scripts/ftp_writeable_directories.nasl + Made script to work with OpenVAS (did not work before!). Extensively + tested as well as made the script to check both methods if safe_checks + are disabled (MKD does not work well with every server FTP out there, + for example, check with writable dirs in proftpd!). + + 2009-02-27 Chandrashekhar B * scripts/gb_fedora_2007_762_openoffice.org_fc6.nasl scripts/gb_fedora_2007_551_thunderbird_fc5.nasl Modified: trunk/openvas-plugins/scripts/ftp_writeable_directories.nasl =================================================================== --- trunk/openvas-plugins/scripts/ftp_writeable_directories.nasl 2009-03-02 11:58:01 UTC (rev 2632) +++ trunk/openvas-plugins/scripts/ftp_writeable_directories.nasl 2009-03-02 12:03:30 UTC (rev 2633) @@ -50,7 +50,7 @@ script_copyright(english:"This script is Copyright (C) 2005 TNS"); family["english"] = "FTP"; script_family(english:family["english"]); - script_dependencie("ftp_anonymous.nasl"); +# script_dependencie("ftp_anonymous.nasl"); script_require_ports("Services/ftp", 21); exit(0); } @@ -67,7 +67,7 @@ function crawl_dir(socket, directory, level ) { - local_var port, soc2, r, dirs,array, dir, sep, str; + local_var port, soc2, r, dirs,array, dir, sep, str, alreadyadded; if ( level > 20 ) return 0; if ( directory[strlen(directory) - 1] == "/" ) @@ -81,7 +81,8 @@ soc2 = open_sock_tcp(port); if (! soc2 ) return 0; dirs = make_list(); - + + alreadyadded=0; if ( Mode == MODE_WRITE ) { str = "OpenVAS" + rand_str(length:8); @@ -95,6 +96,7 @@ if ( ! Saved_in_KB ) { set_kb_item(name:"ftp/writeable_dir", value:directory); Saved_in_KB ++; + alreadyadded=1; } } } @@ -117,17 +119,20 @@ array = eregmatch(pattern:"([drwxtSs-]*) *([0-9]*) ([0-9]*) *([^ ]*) *([0-9]*) ([^ ]*) *([^ ]*) *([^ ]*) (.*)", string:chomp(r)); if ( max_index(array) >= 9 ) { - if ( Mode == MODE_CHECK_PERM ) - { +# if ( Mode == MODE_CHECK_PERM ) +# { if ( array[1] =~ "^d.......w." ) { + if (alreadyadded == 0) + { WriteableDirs[directory + sep + array[9]] = 1; if ( ! Saved_in_KB ) { set_kb_item(name:"ftp/writeable_dir", value:directory + sep + array[9]); Saved_in_KB ++; } + } } - } +# } if ( array[9] != "." && array[9] != ".." ) dirs = make_list(dirs, directory + sep + array[9]); } @@ -145,7 +150,7 @@ port = get_kb_item("Services/ftp"); -if ( ! get_kb_item("ftp/anonymous") ) exit(0); +# if ( ! get_kb_item("ftp/anonymous") ) exit(0); if ( ! port ) port = 21; if ( ! get_port_state(port) ) exit(0); From scm-commit at wald.intevation.org Mon Mar 2 13:16:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 13:16:22 +0100 (CET) Subject: [Openvas-commits] r2634 - in trunk/openvas-plugins: . plugins scripts Message-ID: <20090302121622.60D5340715@pyrosoma.intevation.org> Author: kost Date: 2009-03-02 13:16:17 +0100 (Mon, 02 Mar 2009) New Revision: 2634 Removed: trunk/openvas-plugins/plugins/ftp_write_dirs/ Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/MANIFEST trunk/openvas-plugins/scripts/ftpd_1byte_overflow.nasl trunk/openvas-plugins/scripts/hpftp_glob_stat.nasl Log: ftp_write_dirs plugin is superseeded by scripts/ftp_writeable_directories.nasl, updated dependencies Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-02 12:03:30 UTC (rev 2633) +++ trunk/openvas-plugins/ChangeLog 2009-03-02 12:16:17 UTC (rev 2634) @@ -1,4 +1,9 @@ 2009-03-02 Vlatko Kosturjak + * plugins/ftp_write_dirs/: plugin is superseeded by + scripts/ftp_writeable_directories.nasl, + updated dependencies + +2009-03-02 Vlatko Kosturjak * scripts/ftp_writeable_directories.nasl Made script to work with OpenVAS (did not work before!). Extensively tested as well as made the script to check both methods if safe_checks Modified: trunk/openvas-plugins/MANIFEST =================================================================== --- trunk/openvas-plugins/MANIFEST 2009-03-02 12:03:30 UTC (rev 2633) +++ trunk/openvas-plugins/MANIFEST 2009-03-02 12:16:17 UTC (rev 2634) @@ -31,9 +31,6 @@ plugins/find_service/find_service.c plugins/find_service/Makefile plugins/find_service/Makefile.darwin -plugins/ftp_write_dirs/ftp_write_dirs.c -plugins/ftp_write_dirs/Makefile -plugins/ftp_write_dirs/Makefile.darwin plugins/install_plug plugins/linux_tftp/linux_tftp.c plugins/linux_tftp/Makefile Modified: trunk/openvas-plugins/scripts/ftpd_1byte_overflow.nasl =================================================================== --- trunk/openvas-plugins/scripts/ftpd_1byte_overflow.nasl 2009-03-02 12:03:30 UTC (rev 2633) +++ trunk/openvas-plugins/scripts/ftpd_1byte_overflow.nasl 2009-03-02 12:16:17 UTC (rev 2634) @@ -41,7 +41,7 @@ script_copyright(english:"This script is Copyright (C) 2003 Xue Yong Zhi", francais:"Ce script est Copyright (C) 2003 Xue Yong Zhi"); - script_dependencie("find_service.nes", "ftp_write_dirs.nes"); + script_dependencie("find_service.nes", "ftp_writeable_directories.nasl"); script_require_keys("ftp/login", "ftp/writeable_dir"); script_require_ports("Services/ftp", 21); exit(0); Modified: trunk/openvas-plugins/scripts/hpftp_glob_stat.nasl =================================================================== --- trunk/openvas-plugins/scripts/hpftp_glob_stat.nasl 2009-03-02 12:03:30 UTC (rev 2633) +++ trunk/openvas-plugins/scripts/hpftp_glob_stat.nasl 2009-03-02 12:16:17 UTC (rev 2634) @@ -55,7 +55,7 @@ script_copyright(english:"This script is Copyright (C) 2003 Xue Yong Zhi", francais:"Ce script est Copyright (C) 2003 Xue Yong Zhi"); - script_dependencie("find_service.nes", "ftp_write_dirs.nes"); + script_dependencie("find_service.nes", "ftp_writeable_directories.nasl"); script_require_keys("ftp/login", "ftp/writeable_dir"); script_require_ports("Services/ftp", 21); exit(0); From scm-commit at wald.intevation.org Mon Mar 2 13:32:52 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 13:32:52 +0100 (CET) Subject: [Openvas-commits] r2635 - in trunk/openvas-client: . nessus Message-ID: <20090302123252.6E0E64072A@pyrosoma.intevation.org> Author: felix Date: 2009-03-02 13:32:47 +0100 (Mon, 02 Mar 2009) New Revision: 2635 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/cli.c trunk/openvas-client/nessus/cli.h Log: Removed obsolete code and variables in cli module, pointed to by cppcheck. * nessus/cli.h (struct cli_args): Removed auth_pwd & cipher member. * nessus/cli.h, cli.c (cli_args_auth_pwd, cli_auth_pwd, cli_args_cipher): Removed references to auth_pwd and cipher. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-02 12:16:17 UTC (rev 2634) +++ trunk/openvas-client/ChangeLog 2009-03-02 12:32:47 UTC (rev 2635) @@ -1,5 +1,15 @@ 2009-03-02 Felix Wolfsteller + Removed obsolete code and variables in cli module, pointed to by + cppcheck. + + * nessus/cli.h (struct cli_args): Removed auth_pwd & cipher member. + + * nessus/cli.h, cli.c (cli_args_auth_pwd, cli_auth_pwd, + cli_args_cipher): Removed references to auth_pwd and cipher. + +2009-03-02 Felix Wolfsteller + Removed obsolete module families, pointed to by cppcheck. * nessus/families.h, nessus/families.c: Removed. Not used, a tree-based Modified: trunk/openvas-client/nessus/cli.c =================================================================== --- trunk/openvas-client/nessus/cli.c 2009-03-02 12:16:17 UTC (rev 2634) +++ trunk/openvas-client/nessus/cli.c 2009-03-02 12:32:47 UTC (rev 2635) @@ -257,30 +257,12 @@ } void -cli_args_cipher(args, cipher) - struct cli_args * args; - char * cipher; -{ - if(args->cipher)free(args->cipher); - args->cipher = strdup(cipher); -} - - - -void cli_args_verbose(args, verbose) struct cli_args * args; int verbose; { args->verbose = verbose; } -void -cli_args_auth_pwd(args, auth_pwd) - struct cli_args * args; - cli_auth_pwd_t auth_pwd; -{ - args->auth_pwd = auth_pwd; -} /** * Sets the output function pointer in an cli_args. Modified: trunk/openvas-client/nessus/cli.h =================================================================== --- trunk/openvas-client/nessus/cli.h 2009-03-02 12:16:17 UTC (rev 2634) +++ trunk/openvas-client/nessus/cli.h 2009-03-02 12:32:47 UTC (rev 2635) @@ -36,10 +36,8 @@ #ifndef __CLI_H__ #define __CLI_H__ -typedef char*(*cli_auth_pwd_t)(int); typedef int (*output_func_t)(struct arglist *, char *); - struct cli_args { char * server; int port; @@ -50,7 +48,6 @@ char * results; char * extension; int interactive; - cli_auth_pwd_t auth_pwd; output_func_t output; int backend; int verbose; @@ -64,15 +61,11 @@ void cli_args_login(struct cli_args *,char*); void cli_args_password(struct cli_args *,char*); -void cli_args_auth_pwd(struct cli_args*, cli_auth_pwd_t); - void cli_args_target(struct cli_args *,char*); void cli_args_results(struct cli_args *,char*); void cli_args_output(struct cli_args *, char* type); -void cli_args_cipher(struct cli_args *,char*); - int cli_connect_to_nessusd(struct cli_args*); int cli_test_network(struct cli_args*); From scm-commit at wald.intevation.org Mon Mar 2 16:07:09 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 16:07:09 +0100 (CET) Subject: [Openvas-commits] r2636 - in trunk/openvas-plugins: . scripts Message-ID: <20090302150709.0BD294073C@pyrosoma.intevation.org> Author: chandra Date: 2009-03-02 16:07:07 +0100 (Mon, 02 Mar 2009) New Revision: 2636 Added: trunk/openvas-plugins/scripts/A4Desk_event_calendar_sql_injection.nasl trunk/openvas-plugins/scripts/demium_cms_multiple_vulnerabilities.nasl trunk/openvas-plugins/scripts/joomla_mambo_joomRadio_component_sql_injection.nasl trunk/openvas-plugins/scripts/pPIM_multiple_remote_vulnerabilities.nasl trunk/openvas-plugins/scripts/secpod_openssl_ca_cert_bypass_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-02 12:32:47 UTC (rev 2635) +++ trunk/openvas-plugins/ChangeLog 2009-03-02 15:07:07 UTC (rev 2636) @@ -1,3 +1,13 @@ +2009-03-02 Chandrashekhar B + * scripts/pPIM_multiple_remote_vulnerabilities.nasl, + scripts/A4Desk_event_calendar_sql_injection.nasl, + scripts/joomla_mambo_joomRadio_component_sql_injection.nasl, + scripts/demium_cms_multiple_vulnerabilities.nasl: + Added new plugins. Commits from Michael Meyer + + * scripts/secpod_openssl_ca_cert_bypass_vuln.nasl: + Added new plugins + 2009-03-02 Vlatko Kosturjak * plugins/ftp_write_dirs/: plugin is superseeded by scripts/ftp_writeable_directories.nasl, Added: trunk/openvas-plugins/scripts/A4Desk_event_calendar_sql_injection.nasl =================================================================== --- trunk/openvas-plugins/scripts/A4Desk_event_calendar_sql_injection.nasl 2009-03-02 12:32:47 UTC (rev 2635) +++ trunk/openvas-plugins/scripts/A4Desk_event_calendar_sql_injection.nasl 2009-03-02 15:07:07 UTC (rev 2636) @@ -0,0 +1,85 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id:$ +# +# A4Desk Event Calendar 'eventid' Parameter SQL Injection +# Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100006); + script_bugtraq_id(33863); + script_version ("1.0"); + + script_name(english:"A4Desk Event Calendar 'eventid' Parameter SQL Injection Vulnerability"); + desc["english"] = " + + Overview: + A4Desk Event Calendar is prone to an SQL-injection vulnerability + because it fails to sufficiently sanitize user-supplied data before + using it in an SQL query. + + Exploiting this issue could allow an attacker to compromise the + application, access or modify data, or exploit latent + vulnerabilities in the underlying database. + + Seee http://www.securityfocus.com/bid/33835/ and + http://php.a4desk.com/calendar/ for further informations. + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if A4Desk Event Calendar is vulnerable to SQL Injection"); + script_category(ACT_GATHER_INFO); + script_family(english:"CGI abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dir = make_list("/calendar", cgi_dirs()); + +foreach d (dir) +{ + url = string(d, "/admin/index.php?eventid=-1+union+all+select+1,concat_ws(version(),0x3a,database(),0x3a,user()),3,4,5,6--"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:1); + if( buf == NULL )exit(0); + + if( egrep(pattern: ".*form action=.*union all select.*", string: buf) ) + { + security_warning(port:port); + exit(0); + } +} +exit(0); Added: trunk/openvas-plugins/scripts/demium_cms_multiple_vulnerabilities.nasl =================================================================== --- trunk/openvas-plugins/scripts/demium_cms_multiple_vulnerabilities.nasl 2009-03-02 12:32:47 UTC (rev 2635) +++ trunk/openvas-plugins/scripts/demium_cms_multiple_vulnerabilities.nasl 2009-03-02 15:07:07 UTC (rev 2636) @@ -0,0 +1,90 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id:$ +# +# Demium CMS Multiple Local File Include and SQL Injection +# Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100008); + script_bugtraq_id(33933); + script_version ("1.0"); + + script_name(english:"Demium CMS Multiple Local File Include and SQL Injection Vulnerabilities"); + desc["english"] = " + + Overview: + Demium CMS is prone to multiple local file-include vulnerabilities and + SQL-injection vulnerabilities because it fails to properly sanitize + user-supplied input. + + An attacker can exploit the local file-include vulnerabilities using + directory-traversal strings to view and execute arbitrary local files within + the context of the webserver process. Information harvested may aid in further + attacks. + + The attacker can exploit the SQL-injection vulnerabilities to compromise the + application, access or modify data, or exploit latent vulnerabilities in the + underlying database. + + Demium CMS 0.2.1 Beta is vulnerable; other versions may also be affected. + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if Demium is vulnerable to SQL Injection and Local File Include Vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_family(english:"CGI abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port)) exit(0); + +dir = make_list("/demium", cgi_dirs()); + +foreach d (dir) +{ + url = string(d, "/urheber.php?name=../../../../../../../../../../etc/passwd%00"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:1); + if( buf == NULL )exit(0); + + if (egrep(pattern:"root:x:0:[01]:.*", string: buf)) + { + security_warning(port:port); + exit(0); + } +} + +exit(0); Added: trunk/openvas-plugins/scripts/joomla_mambo_joomRadio_component_sql_injection.nasl =================================================================== --- trunk/openvas-plugins/scripts/joomla_mambo_joomRadio_component_sql_injection.nasl 2009-03-02 12:32:47 UTC (rev 2635) +++ trunk/openvas-plugins/scripts/joomla_mambo_joomRadio_component_sql_injection.nasl 2009-03-02 15:07:07 UTC (rev 2636) @@ -0,0 +1,81 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id:$ +# +# Joomla! and Mambo JoomRadio Component 'id' Parameter SQL Injection +# Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100007); + script_bugtraq_id(29504); + script_version ("1.0"); + + script_name(english:"Joomla! and Mambo JoomRadio Component 'id' Parameter SQL Injection Vulnerability"); + desc["english"] = " + + Overview: + The JoomRadio component for Joomla! and Mambo is prone to an SQL-injection + vulnerability because it fails to sufficiently sanitize user-supplied data + before using it in an SQL query. + + Exploiting this issue could allow an attacker to compromise the application, + access or modify data, or exploit latent vulnerabilities in the underlying + database. + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if Joomla! and Mambo JoomRadio Component is vulnerable to SQL Injection"); + script_category(ACT_GATHER_INFO); + script_family(english:"CGI abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dir = make_list("/joomla","/cms", cgi_dirs()); +foreach d (dir) +{ + url = string(d, "/index.php?option=com_joomradio&page=show_video&id=-1%20UNION%20SELECT%20user%28%29,concat%28username,0x3a,password%29,user%28%29,user%28%29,user%28%29,user%28%29,user%28%29%20FROM%20jos_users--"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:1); + if( buf == NULL )exit(0); + + if( egrep(pattern: ".*var message=.*[a-f0-9]{32}", string: buf) ) + { + security_warning(port:port); + exit(0); + } +} +exit(0); Added: trunk/openvas-plugins/scripts/pPIM_multiple_remote_vulnerabilities.nasl =================================================================== --- trunk/openvas-plugins/scripts/pPIM_multiple_remote_vulnerabilities.nasl 2009-03-02 12:32:47 UTC (rev 2635) +++ trunk/openvas-plugins/scripts/pPIM_multiple_remote_vulnerabilities.nasl 2009-03-02 15:07:07 UTC (rev 2636) @@ -0,0 +1,132 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id:$ +# +# pPIM Multiple Remote Vulnerabilities +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100005); + script_bugtraq_id(30627); + script_version ("1.0"); + + script_name(english:"pPIM Multiple Remote Vulnerabilities"); + desc["english"] = " + + Overview: + This host is running pPIM. pPIM is an information manger that can hold contacts, events in a + calendar, links, send emails, check email, store notes, and uploads files. + + pPIM is prone to multiple vulnerabilities, including two security-bypass + issues, a cross-site scripting issue, and a file-upload issue. + + Attackers can exploit these issues to: + + - execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site + - steal cookie-based authentication credentials + - delete local files within the context of the webserver process + - upload arbitrary PHP scripts and execute them in the context of the webserver + - change user passwords + + These issues affect pPIM 1.0 and prior versions. + + Seee http://www.phlatline.org/index.php?page=prod-ppim and http://www.securityfocus.com/bid/30627 + for further informations. + + Solution: + Uninstall pPIM. + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"pPIM Multiple Remote Vulnerabilities"); + script_category(ACT_GATHER_INFO); + script_family(english:"CGI abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port)) exit(0); + +dir = make_list("/ppim", cgi_dirs()); + +foreach d (dir) +{ + + url = string(d, "/Readme.txt"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:1); + if( buf == NULL )exit(0); + + if( "pPIM" >< buf ) { + ver = eregmatch(string: buf, pattern: "Version ([0-9\.0-9]+)"); + if ( !isnull(ver[1]) ) { + version = int( str_replace(find: '.', string: ver[1], replace: "") ); + if( version > 0 && version <= 10 ) { + security_warning(port:port); + exit(0); + } + } + } + else { + # perhaps user has removed Readme.txt + url = string(d, "/upload.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:0); + if( buf == NULL )exit(0); + + if( egrep(pattern: "Location:.login\.php\?login=1", string: buf) ) { + + url = string(d, "/upload.php?login=1"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:0); + if( buf == NULL )exit(0); + + if ( egrep(pattern: 'NAME="userfile"', string: buf ) && + egrep(pattern: 'name="submitupload"', string: buf) ) + { + security_warning(port:port); + exit(0); + } + } + #user installed ppim without password protection# + else if ( egrep(pattern: 'NAME="userfile"', string: buf ) && + egrep(pattern: 'name="submitupload"', string: buf) ) + { + security_warning(port:port); + exit(0); + } + } +} + +exit(0); + Added: trunk/openvas-plugins/scripts/secpod_openssl_ca_cert_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_openssl_ca_cert_bypass_vuln.nasl 2009-03-02 12:32:47 UTC (rev 2635) +++ trunk/openvas-plugins/scripts/secpod_openssl_ca_cert_bypass_vuln.nasl 2009-03-02 15:07:07 UTC (rev 2636) @@ -0,0 +1,82 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_openssl_ca_cert_sec_bypass_vuln.nasl 1061 2009-02-25 12:10:29Z feb $ +# +# OpenSSL CA Certificate Security Bypass Vulnerability +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900464); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-0653"); + script_name(english:"OpenSSL CA Certificate Security Bypass Vulnerability"); + desc["english"] = " + + Overview: This host is running OpenSSL and is prone to Security Bypass + Vulnerability. + + Vulnerability Insight: + OpenSSL fails to verify the Basic Constraints for an intermediate CA-signed + certificate. + + Impact: + Successful exploitation will let the attacker spoof the SSL cerficate and + gain sensitive information of the remote user through inserting a malicious + URL in the contenxt of the openssl certificate. + + Affected Software/OS: + OpenSSL version 0.9.6 or prior. + + Fix: No solution or Patch is available as on 27th February 2009. Information + regarding this issue will be updated once the solution details are available. + For further updates refer, http://www.openssl.org/news + + References: + http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-0653 + + CVSS Score: + CVSS Base Score : 6.4 (AV:N/AC:L/Au:NR/C:N/I:P/A:P) + CVSS Temporal Score : 5.5 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of OpenSSL"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"Web application abuses"); + script_dependencies("gb_openssl_detect_lin.nasl"); + script_require_keys("OpenSSL/Linux/Ver"); + exit(0); +} + + +include ("version_func.inc"); + +opensslVer = get_kb_item("OpenSSL/Linux/Ver"); +if(opensslVer != NULL) +{ + # Grep for OpenSSL version 0.9.6 or prior. + if(version_is_less_equal(version:opensslVer, test_version:"0.9.6")){ + security_hole(0); + } +} From scm-commit at wald.intevation.org Mon Mar 2 19:11:22 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 2 Mar 2009 19:11:22 +0100 (CET) Subject: [Openvas-commits] r2637 - in trunk/openvas-plugins: . scripts Message-ID: <20090302181122.9448140729@pyrosoma.intevation.org> Author: reinke Date: 2009-03-02 19:11:09 +0100 (Mon, 02 Mar 2009) New Revision: 2637 Added: trunk/openvas-plugins/scripts/RHSA_2009_0021.nasl trunk/openvas-plugins/scripts/RHSA_2009_0332.nasl trunk/openvas-plugins/scripts/RHSA_2009_0334.nasl trunk/openvas-plugins/scripts/fcore_2009_1213.nasl trunk/openvas-plugins/scripts/fcore_2009_1343.nasl trunk/openvas-plugins/scripts/fcore_2009_1675.nasl trunk/openvas-plugins/scripts/fcore_2009_1694.nasl trunk/openvas-plugins/scripts/fcore_2009_2090.nasl trunk/openvas-plugins/scripts/fcore_2009_2098.nasl trunk/openvas-plugins/scripts/fcore_2009_2100.nasl trunk/openvas-plugins/scripts/fcore_2009_2108.nasl trunk/openvas-plugins/scripts/fcore_2009_2112.nasl trunk/openvas-plugins/scripts/fcore_2009_2122.nasl trunk/openvas-plugins/scripts/fcore_2009_2128.nasl trunk/openvas-plugins/scripts/fcore_2009_2131.nasl trunk/openvas-plugins/scripts/fcore_2009_2149.nasl trunk/openvas-plugins/scripts/fcore_2009_2179.nasl trunk/openvas-plugins/scripts/glsa_200902_05.nasl trunk/openvas-plugins/scripts/glsa_200902_06.nasl trunk/openvas-plugins/scripts/mdksa_2009_026_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_047_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_048.nasl trunk/openvas-plugins/scripts/mdksa_2009_048_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_048_2.nasl trunk/openvas-plugins/scripts/mdksa_2009_049.nasl trunk/openvas-plugins/scripts/mdksa_2009_049_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_050.nasl trunk/openvas-plugins/scripts/mdksa_2009_050_1.nasl trunk/openvas-plugins/scripts/mdksa_2009_051.nasl trunk/openvas-plugins/scripts/mdksa_2009_052.nasl trunk/openvas-plugins/scripts/mdksa_2009_053.nasl trunk/openvas-plugins/scripts/mdksa_2009_054.nasl trunk/openvas-plugins/scripts/mdksa_2009_055.nasl trunk/openvas-plugins/scripts/mdksa_2009_056.nasl trunk/openvas-plugins/scripts/mdksa_2009_057.nasl trunk/openvas-plugins/scripts/mdksa_2009_058.nasl trunk/openvas-plugins/scripts/suse_sa_2009_010.nasl trunk/openvas-plugins/scripts/suse_sa_2009_011.nasl trunk/openvas-plugins/scripts/suse_sr_2009_005.nasl trunk/openvas-plugins/scripts/ubuntu_724_1.nasl Modified: trunk/openvas-plugins/ChangeLog Log: New scripts added Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/ChangeLog 2009-03-02 18:11:09 UTC (rev 2637) @@ -1,3 +1,20 @@ +2009-03-02 Thomas Reinke + * glsa_200902_05.nasl glsa_200902_06.nasl + suse_sa_2009_010.nasl suse_sa_2009_011.nasl suse_sr_2009_005.nasl + ubuntu_724_1.nasl mdksa_2009_026_1.nasl mdksa_2009_047_1.nasl + mdksa_2009_048.nasl mdksa_2009_048_1.nasl mdksa_2009_048_2.nasl + mdksa_2009_049.nasl mdksa_2009_049_1.nasl mdksa_2009_050.nasl + mdksa_2009_050_1.nasl mdksa_2009_051.nasl mdksa_2009_052.nasl + mdksa_2009_053.nasl mdksa_2009_054.nasl mdksa_2009_055.nasl + mdksa_2009_056.nasl mdksa_2009_057.nasl mdksa_2009_058.nasl + RHSA_2009_0021.nasl RHSA_2009_0332.nasl RHSA_2009_0334.nasl + fcore_2009_1213.nasl fcore_2009_1343.nasl fcore_2009_1675.nasl + fcore_2009_1694.nasl fcore_2009_2090.nasl fcore_2009_2098.nasl + fcore_2009_2100.nasl fcore_2009_2108.nasl fcore_2009_2112.nasl + fcore_2009_2122.nasl fcore_2009_2128.nasl fcore_2009_2131.nasl + fcore_2009_2149.nasl fcore_2009_2179.nasl + New scripts + 2009-03-02 Chandrashekhar B * scripts/pPIM_multiple_remote_vulnerabilities.nasl, scripts/A4Desk_event_calendar_sql_injection.nasl, Added: trunk/openvas-plugins/scripts/RHSA_2009_0021.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_0021.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/RHSA_2009_0021.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,164 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:0021 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63433); + script_cve_id("CVE-2008-5029", "CVE-2008-5079", "CVE-2008-5182", "CVE-2008-5300"); + script_version ("$"); + name["english"] = "RedHat Security Advisory RHSA-2009:0021"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory RHSA-2009:0021. + +The kernel packages contain the Linux kernel, the core of any Linux +operating system. + +This update includes backported fixes for four security issues. These +issues only affected users of Red Hat Enterprise Linux 5.2 Extended Update +Support as they have already been addressed for users of Red Hat Enterprise +Linux 5 in the 5.3 update, RHSA-2009:0225. + +In accordance with the support policy, future security updates to Red Hat +Enterprise Linux 5.2 Extended Update Support will only include issues of +critical security impact. + +* when fput() was called to close a socket, the __scm_destroy() function +in the Linux kernel could make indirect recursive calls to itself. This +could, potentially, lead to a denial of service issue. (CVE-2008-5029, +Important) + +* the sendmsg() function in the Linux kernel did not block during UNIX +socket garbage collection. This could, potentially, lead to a local denial +of service. (CVE-2008-5300, Important) + +* a flaw was found in the Asynchronous Transfer Mode (ATM) subsystem. A +local, unprivileged user could use the flaw to listen on the same socket +more than once, possibly causing a denial of service. (CVE-2008-5079, +Important) + +* a race condition was found in the Linux kernel inotify watch removal +and umount implementation. This could allow a local, unprivileged user +to cause a privilege escalation or a denial of service. (CVE-2008-5182, +Important) + +Users should upgrade to these updated packages, which contain backported +patches to correct these issues. Note: for this update to take effect, the +system must be rebooted. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-0021.html +http://www.redhat.com/security/updates/classification/#important + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Redhat Security Advisory RHSA-2009:0021"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Red Hat Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump", rpm:"kernel-kdump~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump-debuginfo", rpm:"kernel-kdump-debuginfo~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump-devel", rpm:"kernel-kdump-devel~2.6.18~92.1.24.el5", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_0332.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_0332.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/RHSA_2009_0332.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:0332 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63434); + script_cve_id("CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0521"); + script_version ("$"); + name["english"] = "RedHat Security Advisory RHSA-2009:0332"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory RHSA-2009:0332. + +The flash-plugin package contains a Firefox-compatible Adobe Flash Player +Web browser plug-in. + +Multiple input validation flaws were found in the way Flash Player +displayed certain SWF (Shockwave Flash) content. An attacker could use +these flaws to create a specially-crafted SWF file that could cause +flash-plugin to crash, or, possibly, execute arbitrary code when the victim +loaded a page containing the specially-crafted SWF content. (CVE-2009-0520, +CVE-2009-0519) + +It was discovered that Adobe Flash Player had an insecure RPATH (runtime +library search path) set in the ELF (Executable and Linking Format) header. +A local user with write access to the directory pointed to by RPATH could +use this flaw to execute arbitrary code with the privileges of the user +running Adobe Flash Player. (CVE-2009-0521) + +All users of Adobe Flash Player should install this updated package, which +upgrades Flash Player to version 10.0.22.87. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-0332.html +http://www.redhat.com/security/updates/classification/#critical +http://www.adobe.com/support/security/bulletins/apsb09-01.html +http://www.adobe.com/products/flashplayer/ + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Redhat Security Advisory RHSA-2009:0332"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Red Hat Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"flash-plugin", rpm:"flash-plugin~10.0.22.87~1.el5", rls:"RHENT_5")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/RHSA_2009_0334.nasl =================================================================== --- trunk/openvas-plugins/scripts/RHSA_2009_0334.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/RHSA_2009_0334.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,96 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory RHSA-2009:0334 () +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63435); + script_cve_id("CVE-2009-0519", "CVE-2009-0520"); + script_version ("$"); + name["english"] = "RedHat Security Advisory RHSA-2009:0334"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory RHSA-2009:0334. + +The flash-plugin package contains a Firefox-compatible Adobe Flash Player +Web browser plug-in. + +Multiple input validation flaws were found in the way Flash Player +displayed certain SWF (Shockwave Flash) content. An attacker could use +these flaws to create a specially-crafted SWF file that could cause +flash-plugin to crash, or, possibly, execute arbitrary code when the victim +loaded a page containing the specially-crafted SWF content. (CVE-2009-0520, +CVE-2009-0519) + +All users of Adobe Flash Player should install this updated package, which +upgrades Flash Player to version 9.0.159.0. + +Solution: +Please note that this update is available via +Red Hat Network. To use Red Hat Network, launch the Red +Hat Update Agent with the following command: up2date + +http://rhn.redhat.com/errata/RHSA-2009-0334.html +http://www.redhat.com/security/updates/classification/#critical +http://www.adobe.com/support/security/bulletins/apsb09-01.html +http://www.adobe.com/products/flashplayer/ + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Redhat Security Advisory RHSA-2009:0334"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Red Hat Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"flash-plugin", rpm:"flash-plugin~9.0.159.0~1.el3.with.oss", rls:"RHENT_3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"flash-plugin", rpm:"flash-plugin~9.0.159.0~1.el4", rls:"RHENT_4")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_1213.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_1213.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_1213.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,107 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-1213 (gstreamer-plugins-good) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63455); + script_cve_id("CVE-2009-0386", "CVE-2009-0387"); + script_version ("$"); + name["english"] = "Fedora Core 10 FEDORA-2009-1213 (gstreamer-plugins-good)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to gstreamer-plugins-good +announced via advisory FEDORA-2009-1213. + +ChangeLog: + +* Mon Jan 26 2009 - Bastien Nocera - 0.10.13-1 +- Update to 0.10.13 +- Update libv4l patch +* Wed Jan 14 2009 Warren Togami 0.10.11-4 +- Bug #477877 Fix multilib conflict in -devel +- Bug #478449 Fix ladspa on lib64 +* Wed Jan 14 2009 Lennart Poettering 0.10.11-3 +- Bug #470000 Fix thread/memleak due to ref-loop +* Tue Jan 13 2009 Bastien Nocera - 0.10.11-2 +- Avoid pulsesink hang when PulseAudio disappears + +References: + +[ 1 ] Bug #481267 - gstreamer-plugins, gstreamer-plugins-good: heap-based buffer overflows / an array index out of bounds vulnerability while parsing malformed QuickTime media files +https://bugzilla.redhat.com/show_bug.cgi?id=481267 +[ 2 ] Bug #483736 - CVE-2009-0386 gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Composition Time To Sample (aka ctts) atom data +https://bugzilla.redhat.com/show_bug.cgi?id=483736 +[ 3 ] Bug #483737 - CVE-2009-0387 gstreamer-plugins-good: Array index error while parsing malformed QuickTime media files via crafted Sync Sample (aka stss) atom data +https://bugzilla.redhat.com/show_bug.cgi?id=483737 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update gstreamer-plugins-good' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1213 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 10 FEDORA-2009-1213 (gstreamer-plugins-good)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"gstreamer-plugins-good", rpm:"gstreamer-plugins-good~0.10.13~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-plugins-good", rpm:"gstreamer-plugins-good~devel~0.10.13", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-plugins-good", rpm:"gstreamer-plugins-good~debuginfo~0.10.13", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_1343.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_1343.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_1343.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-1343 (gstreamer-plugins-good) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63453); + script_cve_id("CVE-2009-0386", "CVE-2009-0387"); + script_version ("$"); + name["english"] = "Fedora Core 9 FEDORA-2009-1343 (gstreamer-plugins-good)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to gstreamer-plugins-good +announced via advisory FEDORA-2009-1343. + +ChangeLog: + +* Mon Feb 2 2009 - Bastien Nocera - 0.10.8-10 +- Patch for overflows in the QT demuxer (#481267) + +References: + +[ 1 ] Bug #481267 - gstreamer-plugins, gstreamer-plugins-good: heap-based buffer overflows / an array index out of bounds vulnerability while parsing malformed QuickTime media files +https://bugzilla.redhat.com/show_bug.cgi?id=481267 +[ 2 ] Bug #483736 - CVE-2009-0386 gstreamer-plugins-good: heap-based buffer overflow while parsing malformed QuickTime media files via crafted Composition Time To Sample (aka ctts) atom data +https://bugzilla.redhat.com/show_bug.cgi?id=483736 +[ 3 ] Bug #483737 - CVE-2009-0387 gstreamer-plugins-good: Array index error while parsing malformed QuickTime media files via crafted Sync Sample (aka stss) atom data +https://bugzilla.redhat.com/show_bug.cgi?id=483737 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update gstreamer-plugins-good' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1343 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 9 FEDORA-2009-1343 (gstreamer-plugins-good)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"gstreamer-plugins-good", rpm:"gstreamer-plugins-good~0.10.8~10.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-plugins-good", rpm:"gstreamer-plugins-good~devel~0.10.8", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-plugins-good", rpm:"gstreamer-plugins-good~debuginfo~0.10.8", rls:"FC9")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_1675.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_1675.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_1675.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-1675 (trickle) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63454); + script_cve_id("CVE-2009-0415"); + script_version ("$"); + name["english"] = "Fedora Core 9 FEDORA-2009-1675 (trickle)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to trickle +announced via advisory FEDORA-2009-1675. + +Update Information: + +New patch for CVE-2009-0415 Fix for #484065 - CVE-2009-0415 trickle: Possibility +to load arbitrary code from current working directory + +ChangeLog: + +* Thu Feb 12 2009 Nicoleau Fabien 1.07-7 +- Replace sed with a patch for #484065 (CVE-2009-0415) +* Fri Feb 6 2009 Nicoleau Fabien 1.07-6 +- Add a fix for bug #484065 (CVE-2009-0415) + +References: + +[ 1 ] Bug #484065 - CVE-2009-0415 trickle: Possibility to load arbitrary code from current working directory +https://bugzilla.redhat.com/show_bug.cgi?id=484065 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update trickle' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1675 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 9 FEDORA-2009-1675 (trickle)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"trickle", rpm:"trickle~1.07~7.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"trickle-debuginfo", rpm:"trickle-debuginfo~1.07~7.fc9", rls:"FC9")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_1694.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_1694.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_1694.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,98 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-1694 (trickle) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63456); + script_cve_id("CVE-2009-0415"); + script_version ("$"); + name["english"] = "Fedora Core 10 FEDORA-2009-1694 (trickle)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to trickle +announced via advisory FEDORA-2009-1694. + +Update Information: + +New patch for CVE-2009-0415 Fix for #484065 - CVE-2009-0415 trickle: Possibility +to load arbitrary code from current working directory +ChangeLog: + +* Thu Feb 12 2009 Nicoleau Fabien 1.07-7 +- Replace sed with a patch for #484065 (CVE-2009-0415) +* Fri Feb 6 2009 Nicoleau Fabien 1.07-6 +- Add a fix for bug #484065 (CVE-2009-0415) + +References: + +[ 1 ] Bug #484065 - CVE-2009-0415 trickle: Possibility to load arbitrary code from current working directory +https://bugzilla.redhat.com/show_bug.cgi?id=484065 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update trickle' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-1694 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 10 FEDORA-2009-1694 (trickle)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"trickle", rpm:"trickle~1.07~7.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"trickle-debuginfo", rpm:"trickle-debuginfo~1.07~7.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2090.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2090.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2090.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2090 (perl-Crypt-OpenSSL-DSA) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63457); + script_cve_id("CVE-2009-0129"); + script_version ("$"); + name["english"] = "Fedora Core 10 FEDORA-2009-2090 (perl-Crypt-OpenSSL-DSA)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to perl-Crypt-OpenSSL-DSA +announced via advisory FEDORA-2009-2090. + +Update Information: + +Fixes CVE-2009-0129: The Crypto::OpenSSL::DSA module now croaks upon error +rather than returning a -1 to ensure programmers are not caught by surprise +when only checking for non-zero results. +ChangeLog: + +* Mon Feb 23 2009 Wes Hardaker - 0.13-12 +- remove openssl from build requirements trying to the build servers happy +* Thu Feb 19 2009 Wes Hardaker - 0.13-11 +- Version bump (again again) to solve build issues + +References: + +[ 1 ] Bug #486012 - CVE-2009-0129 perl-Crypt-OpenSSL-DSA: do_verify() doesn't fail on errors in OpenSSL DSA_do_verify() +https://bugzilla.redhat.com/show_bug.cgi?id=486012 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update perl-Crypt-OpenSSL-DSA' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2090 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 10 FEDORA-2009-2090 (perl-Crypt-OpenSSL-DSA)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"perl-Crypt-OpenSSL", rpm:"perl-Crypt-OpenSSL~DSA~0.13", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"perl-Crypt-OpenSSL", rpm:"perl-Crypt-OpenSSL~DSA~debuginfo", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2098.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2098.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2098.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,96 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2098 (optipng) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63458); + script_version ("$"); + name["english"] = "Fedora Core 9 FEDORA-2009-2098 (optipng)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to optipng +announced via advisory FEDORA-2009-2098. + +Update Information: + +This update fixes an array overflow vulnerability. + +ChangeLog: + +* Wed Feb 25 2009 Till Maas - 0.6.2.1-1 +- Update to new release to fix array overflow +- Red Hat Bugzilla #487364 + +References: + +[ 1 ] Bug #487364 - optipng: memory re-allocation flaw in GIF reader +https://bugzilla.redhat.com/show_bug.cgi?id=487364 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update optipng' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2098 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 9 FEDORA-2009-2098 (optipng)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"optipng", rpm:"optipng~0.6.2.1~1.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"optipng-debuginfo", rpm:"optipng-debuginfo~0.6.2.1~1.fc9", rls:"FC9")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2100.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2100.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2100.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,96 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2100 (optipng) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63459); + script_version ("$"); + name["english"] = "Fedora Core 10 FEDORA-2009-2100 (optipng)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to optipng +announced via advisory FEDORA-2009-2100. + +Update Information: + +This update fixes an array overflow vulnerability. + +ChangeLog: + +* Wed Feb 25 2009 Till Maas - 0.6.2.1-1 +- Update to new release to fix array overflow +- Red Hat Bugzilla #487364 + +References: + +[ 1 ] Bug #487364 - optipng: memory re-allocation flaw in GIF reader +https://bugzilla.redhat.com/show_bug.cgi?id=487364 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update optipng' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2100 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 10 FEDORA-2009-2100 (optipng)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"optipng", rpm:"optipng~0.6.2.1~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"optipng-debuginfo", rpm:"optipng-debuginfo~0.6.2.1~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2108.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2108.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2108.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,100 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2108 (mldonkey) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63460); + script_version ("$"); + name["english"] = "Fedora Core 9 FEDORA-2009-2108 (mldonkey)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to mldonkey +announced via advisory FEDORA-2009-2108. + +Update Information: + +Fix remote arbitrary file disclosure via a GET request with more than one +leading / (slash) character in the filename. + +References: + +[ 1 ] Bug #487132 - MLDonkey: remote arbitrary file disclosure via a GET request with more than one leading / (slash) character in the filename. +https://bugzilla.redhat.com/show_bug.cgi?id=487132 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update mldonkey' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2108 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 9 FEDORA-2009-2108 (mldonkey)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"konqueror-mldonkey-ed2k", rpm:"konqueror-mldonkey-ed2k~support~2.9.7", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mldonkey", rpm:"mldonkey~2.9.7~3.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mldonkey-gui", rpm:"mldonkey-gui~2.9.7~3.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mldonkey-server", rpm:"mldonkey-server~2.9.7~3.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mldonkey-debuginfo", rpm:"mldonkey-debuginfo~2.9.7~3.fc9", rls:"FC9")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2112.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2112.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2112.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,106 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2112 (libpng) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63461); + script_cve_id("CVE-2009-0040"); + script_version ("$"); + name["english"] = "Fedora Core 10 FEDORA-2009-2112 (libpng)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to libpng +announced via advisory FEDORA-2009-2112. + +Update Information: + +Fixes CVE-2009-0040 + +ChangeLog: + +* Wed Feb 25 2009 Tom Lane 2:1.2.35-1 +- Update to libpng 1.2.35, to fix CVE-2009-0040 +* Fri Jan 9 2009 Tom Lane 2:1.2.34-1 +- Update to libpng 1.2.34 +* Sun Nov 2 2008 Tom Lane 2:1.2.33-1 +- Update to libpng 1.2.33 + +References: + +[ 1 ] Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw +https://bugzilla.redhat.com/show_bug.cgi?id=486355 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update libpng' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2112 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 10 FEDORA-2009-2112 (libpng)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libpng", rpm:"libpng~1.2.35~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.35~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-static", rpm:"libpng-static~1.2.35~1.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-debuginfo", rpm:"libpng-debuginfo~1.2.35~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2122.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2122.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2122.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,101 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2122 (mldonkey) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63462); + script_version ("$"); + name["english"] = "Fedora Core 10 FEDORA-2009-2122 (mldonkey)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to mldonkey +announced via advisory FEDORA-2009-2122. + +Update Information: + +Fix remote arbitrary file disclosure via a GET request with more than one +leading / (slash) character in the filename. Ver. 2.9.7 +ChangeLog: + +References: + +[ 1 ] Bug #487132 - MLDonkey: remote arbitrary file disclosure via a GET request with more than one leading / (slash) character in the filename. +https://bugzilla.redhat.com/show_bug.cgi?id=487132 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update mldonkey' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2122 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 10 FEDORA-2009-2122 (mldonkey)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"konqueror-mldonkey-ed2k", rpm:"konqueror-mldonkey-ed2k~support~2.9.7", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mldonkey", rpm:"mldonkey~2.9.7~3.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mldonkey-gui", rpm:"mldonkey-gui~2.9.7~3.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mldonkey-server", rpm:"mldonkey-server~2.9.7~3.fc10", rls:"FC10")) { + vuln = 1; +} +if(isrpmvuln(pkg:"mldonkey-debuginfo", rpm:"mldonkey-debuginfo~2.9.7~3.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2128.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2128.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2128.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,104 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2128 (libpng) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63463); + script_cve_id("CVE-2009-0040", "CVE-2008-1382"); + script_version ("$"); + name["english"] = "Fedora Core 9 FEDORA-2009-2128 (libpng)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to libpng +announced via advisory FEDORA-2009-2128. + +Update Information: + +Fixes CVE-2009-0040 + +ChangeLog: + +* Wed Feb 25 2009 Tom Lane 2:1.2.35-1 +- Update to libpng 1.2.35, to fix CVE-2009-0040 + +Related: #441839 + +References: + +[ 1 ] Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw +https://bugzilla.redhat.com/show_bug.cgi?id=486355 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update libpng' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2128 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 9 FEDORA-2009-2128 (libpng)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libpng", rpm:"libpng~1.2.35~1.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.35~1.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-static", rpm:"libpng-static~1.2.35~1.fc9", rls:"FC9")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-debuginfo", rpm:"libpng-debuginfo~1.2.35~1.fc9", rls:"FC9")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2131.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2131.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2131.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,87 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2131 (mingw32-libpng) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63464); + script_cve_id("CVE-2009-0040"); + script_version ("$"); + name["english"] = "Fedora Core 10 FEDORA-2009-2131 (mingw32-libpng)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to mingw32-libpng +announced via advisory FEDORA-2009-2131. + +Update Information: + +Update to libpng 1.2.35, to fix CVE-2009-0040. +References: + +[ 1 ] Bug #486355 - CVE-2009-0040 libpng arbitrary free() flaw +https://bugzilla.redhat.com/show_bug.cgi?id=486355 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update mingw32-libpng' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2131 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 10 FEDORA-2009-2131 (mingw32-libpng)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"mingw32-libpng", rpm:"mingw32-libpng~1.2.35~1.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2149.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2149.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2149.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,93 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2149 (rubygem-actionpack) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63466); + script_cve_id("CVE-2008-5189"); + script_version ("$"); + name["english"] = "Fedora Core 10 FEDORA-2009-2149 (rubygem-actionpack)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to rubygem-actionpack +announced via advisory FEDORA-2009-2149. + +Update Information: + +CVE-2008-5189: CGI header injection vulnerability + +ChangeLog: + +* Thu Feb 26 2009 Jeroen van Meeuwen - 2.1.1-2 +- Fix CVE-2008-5189 + +References: + +[ 1 ] Bug #472510 - CVE-2008-5189 rubygems-actionpack: redirect HTTP header injection vulnerability +https://bugzilla.redhat.com/show_bug.cgi?id=472510 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update rubygem-actionpack' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2149 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 10 FEDORA-2009-2149 (rubygem-actionpack)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"rubygem-actionpack", rpm:"rubygem-actionpack~2.1.1~2.fc10", rls:"FC10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/fcore_2009_2179.nasl =================================================================== --- trunk/openvas-plugins/scripts/fcore_2009_2179.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/fcore_2009_2179.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,97 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory FEDORA-2009-2179 (rubygem-actionpack) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63465); + script_cve_id("CVE-2008-5189", "CVE-2008-4094"); + script_version ("$"); + name["english"] = "Fedora Core 9 FEDORA-2009-2179 (rubygem-actionpack)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to rubygem-actionpack +announced via advisory FEDORA-2009-2179. + +Update Information: + +CVE-2008-5189: CGI header injection vulnerability + +ChangeLog: + +* Thu Feb 26 2009 Jeroen van Meeuwen - 2.1.1-2 +- Fix CVE-2008-5189 +* Tue Sep 16 2008 David Lutterkort - 2.1.1-1 +- New version (fixes CVE-2008-4094) +* Thu Jul 31 2008 Michael Stahnke - 2.1.0-1 +- New Upstream + +References: + +[ 1 ] Bug #472510 - CVE-2008-5189 rubygems-actionpack: redirect HTTP header injection vulnerability +https://bugzilla.redhat.com/show_bug.cgi?id=472510 + +Solution: Apply the appropriate updates. + +This update can be installed with the yum update program. Use +su -c 'yum update rubygem-actionpack' at the command line. +For more information, refer to Managing Software with yum, +available at http://docs.fedoraproject.org/yum/. + +https://secure1.securityspace.com/smysecure/catid.html?in=FEDORA-2009-2179 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Fedora Core 9 FEDORA-2009-2179 (rubygem-actionpack)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Fedora Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"rubygem-actionpack", rpm:"rubygem-actionpack~2.1.1~2.fc9", rls:"FC9")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200902_05.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200902_05.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/glsa_200902_05.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,84 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(63470); + script_cve_id("CVE-2008-5905", "CVE-2008-5906"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200902-05 (ktorrent)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200902-05. + +Two vulnerabilities in the web interface plugin in KTorrent allow for +remote execution of code and arbitrary torrent uploads. + +Solution: +All KTorrent users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=net-p2p/ktorrent-2.2.8' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200902-05 +http://bugs.gentoo.org/show_bug.cgi?id=244741 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200902-05 (ktorrent)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"net-p2p/ktorrent", unaffected: make_list("ge 2.2.8"), vulnerable: make_list("lt 2.2.8"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/glsa_200902_06.nasl =================================================================== --- trunk/openvas-plugins/scripts/glsa_200902_06.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/glsa_200902_06.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,94 @@ +# +# OpenVAS Vulnerability Test +# $ +# Description: Auto generated from Gentoo's XML based advisory +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisories, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + + +if(description) +{ + script_id(63471); + script_cve_id("CVE-2008-2142", "CVE-2008-3949"); + script_version ("$"); + name["english"] = "Gentoo Security Advisory GLSA 200902-06 (emacs edit-utils)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory GLSA 200902-06. + +Two vulnerabilities were found in GNU Emacs, possibly leading to +user-assisted execution of arbitrary code. One also affects edit-utils in +XEmacs. + +Solution: +All GNU Emacs users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=app-editors/emacs-22.2-r3' + +All edit-utils users should upgrade to the latest version: + + # emerge --sync + # emerge --ask --oneshot --verbose '>=app-xemacs/edit-utils-2.39' + +http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200902-06 +http://bugs.gentoo.org/show_bug.cgi?id=221197 +http://bugs.gentoo.org/show_bug.cgi?id=236498 + +Risk factor : Medium"; + + script_description(english:desc["english"]); + + summary["english"] = "Gentoo Security Advisory GLSA 200902-06 (emacs edit-utils)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Gentoo Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/gentoo"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-gentoo.inc"); +vuln = 0; +if(ispkgvuln(pkg:"app-editors/emacs", unaffected: make_list("ge 22.2-r3", "rge 21.4-r17", "lt 19"), vulnerable: make_list("lt 22.2-r3"))) { + vuln=1; +} +if(ispkgvuln(pkg:"app-xemacs/edit-utils", unaffected: make_list("ge 2.39"), vulnerable: make_list("lt 2.39"))) { + vuln=1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_026_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_026_1.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_026_1.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,97 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:026-1 (phpMyAdmin) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63450); + script_cve_id("CVE-2008-4775", "CVE-2008-5621", "CVE-2008-5622"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to phpMyAdmin +announced via advisory MDVSA-2009:026-1. + +Cross-site scripting (XSS) vulnerability in pmd_pdf.php allows +remote attackers to inject arbitrary web script or HTML by +using db script parameter when register_global php parameter is +enabled?(CVE-2008-4775). + +Cross-site request forgery (CSRF) vulnerability in tbl_structure.php +allows remote attackers perform SQL injection and execute arbitrary +code by using table script parameter (CVE-2008-5621). + +Multiple cross-site request forgery (CSRF) vulnerabilities in allows +remote attackers perform SQL injection by using unknown vectors +related to table script parameter (CVE-2008-5622). + +This update provide the fix for these security issues. + +Update: + +The previous update packages wasn't signed, this time they are. + +Affected: Corporate 4.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:026-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:026-1 (phpMyAdmin)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"phpMyAdmin", rpm:"phpMyAdmin~2.11.9.4~0.2.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_047_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_047_1.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_047_1.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,99 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:047-1 (vim) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63443); + script_cve_id("CVE-2009-0316"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:047-1 (vim)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to vim +announced via advisory MDVSA-2009:047-1. + +Python has a variable called sys.path that contains all paths where +Python loads modules by using import scripting procedure. A wrong +handling of that variable enables local attackers to execute arbitrary +code via Python scripting in the current Vim working directory +(CVE-2009-0316). + +This update provides fix for that vulnerability. + +Update: + +This update also provides updated packages for Mandriva Linux 2008.0. + +Affected: 2008.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:047-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:047-1 (vim)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"vim-common", rpm:"vim-common~7.2.065~9.4mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"vim-enhanced", rpm:"vim-enhanced~7.2.065~9.4mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"vim-minimal", rpm:"vim-minimal~7.2.065~9.4mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"vim-X11", rpm:"vim-X11~7.2.065~9.4mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_048.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_048.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_048.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,95 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:048 (epiphany) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63436); + script_cve_id("CVE-2008-5985"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:048 (epiphany)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to epiphany +announced via advisory MDVSA-2009:048. + +Python has a variable called sys.path that contains all paths where +Python loads modules by using import scripting procedure. A wrong +handling of that variable enables local attackers to execute arbitrary +code via Python scripting in the current Epiphany working directory +(CVE-2008-5985). + +This update provides fix for that vulnerability. + +Affected: 2008.1, 2009.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:048 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:048 (epiphany)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"epiphany", rpm:"epiphany~2.22.0~4.7mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"epiphany-devel", rpm:"epiphany-devel~2.22.0~4.7mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"epiphany", rpm:"epiphany~2.24.0.1~3.4mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"epiphany-devel", rpm:"epiphany-devel~2.24.0.1~3.4mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_048_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_048_1.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_048_1.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,94 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:048-1 (epiphany) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63442); + script_cve_id("CVE-2008-5985"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:048-1 (epiphany)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to epiphany +announced via advisory MDVSA-2009:048-1. + +Python has a variable called sys.path that contains all paths where +Python loads modules by using import scripting procedure. A wrong +handling of that variable enables local attackers to execute arbitrary +code via Python scripting in the current Epiphany working directory +(CVE-2008-5985). + +This update provides fix for that vulnerability. + +Update: + +The previous update package was not built against the correct (latest) +libxulrunner-1.9.0.6 library (fixes #48163) + +Affected: 2009.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:048-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:048-1 (epiphany)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"epiphany", rpm:"epiphany~2.24.0.1~3.5mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"epiphany-devel", rpm:"epiphany-devel~2.24.0.1~3.5mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_048_2.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_048_2.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_048_2.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,94 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:048-2 (epiphany) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63449); + script_cve_id("CVE-2008-5985"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:048-2 (epiphany)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to epiphany +announced via advisory MDVSA-2009:048-2. + +Python has a variable called sys.path that contains all paths where +Python loads modules by using import scripting procedure. A wrong +handling of that variable enables local attackers to execute arbitrary +code via Python scripting in the current Epiphany working directory +(CVE-2008-5985). + +This update provides fix for that vulnerability. + +Update: + +The previous update package was not built against the correct (latest) +libxulrunner-1.9.0.6 library (fixes #48163) + +Affected: 2008.1 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:048-2 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:048-2 (epiphany)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"epiphany", rpm:"epiphany~2.22.3~0.3mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"epiphany-devel", rpm:"epiphany-devel~2.22.3~0.3mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_049.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_049.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_049.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,94 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:049 (pycrypto) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63437); + script_cve_id("CVE-2009-0544"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:049 (pycrypto)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to pycrypto +announced via advisory MDVSA-2009:049. + +A vulnerability have been discovered and corrected in PyCrypto +ARC2 module 2.0.1, which allows remote attackers to cause a denial +of service and possibly execute arbitrary code via a large ARC2 key +length (CVE-2009-0544). + +The updated packages have been patched to prevent this. + +Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:049 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:049 (pycrypto)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0.1~1.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0.1~2.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0.1~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0~1.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_049_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_049_1.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_049_1.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,98 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:049-1 (pycrypto) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63441); + script_cve_id("CVE-2009-0544"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:049-1 (pycrypto)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to pycrypto +announced via advisory MDVSA-2009:049-1. + +A vulnerability have been discovered and corrected in PyCrypto +ARC2 module 2.0.1, which allows remote attackers to cause a denial +of service and possibly execute arbitrary code via a large ARC2 key +length (CVE-2009-0544). + +The updated packages have been patched to prevent this. + +Update: + +The previous update package was not signed. + +Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:049-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:049-1 (pycrypto)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0.1~1.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0.1~2.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0.1~3.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pycrypto", rpm:"pycrypto~2.0~1.2.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_050.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_050.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_050.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,85 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:050 (python-pycrypto) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63438); + script_cve_id("CVE-2009-0544"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:050 (python-pycrypto)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to python-pycrypto +announced via advisory MDVSA-2009:050. + +A vulnerability have been discovered and corrected in PyCrypto +ARC2 module 2.0.1, which allows remote attackers to cause a denial +of service and possibly execute arbitrary code via a large ARC2 key +length (CVE-2009-0544). + +The updated packages have been patched to prevent this. + +Affected: 2009.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:050 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:050 (python-pycrypto)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"python-pycrypto", rpm:"python-pycrypto~2.0.1~4.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_050_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_050_1.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_050_1.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,89 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:050-1 (python-pycrypto) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63439); + script_cve_id("CVE-2009-0544"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:050-1 (python-pycrypto)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to python-pycrypto +announced via advisory MDVSA-2009:050-1. + +A vulnerability have been discovered and corrected in PyCrypto +ARC2 module 2.0.1, which allows remote attackers to cause a denial +of service and possibly execute arbitrary code via a large ARC2 key +length (CVE-2009-0544). + +The updated packages have been patched to prevent this. + +Update: + +The previous update package was not signed. + +Affected: 2009.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:050-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:050-1 (python-pycrypto)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"python-pycrypto", rpm:"python-pycrypto~2.0.1~4.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_051.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_051.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_051.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,198 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:051 (libpng) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63440); + script_cve_id("CVE-2008-3964", "CVE-2008-5907", "CVE-2009-0040"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:051 (libpng)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to libpng +announced via advisory MDVSA-2009:051. + +A number of vulnerabilities have been found and corrected in libpng: + +Fixed 1-byte buffer overflow in pngpread.c (CVE-2008-3964). This was +allready fixed in Mandriva Linux 2009.0. + +Fix the function png_check_keyword() that allowed setting arbitrary +bytes in the process memory to 0 (CVE-2008-5907). + +Fix a potential DoS (Denial of Service) or to potentially compromise +an application using the library (CVE-2009-0040). + +The updated packages have been patched to prevent this. + +Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0, Corporate 4.0, + Multi Network Firewall 2.0 + + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:051 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:051 (libpng)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libpng3", rpm:"libpng3~1.2.22~0.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.22~0.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-source", rpm:"libpng-source~1.2.22~0.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-static-devel", rpm:"libpng-static-devel~1.2.22~0.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3", rpm:"lib64png3~1.2.22~0.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png-devel", rpm:"lib64png-devel~1.2.22~0.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png-static-devel", rpm:"lib64png-static-devel~1.2.22~0.3mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3", rpm:"libpng3~1.2.25~2.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.25~2.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-source", rpm:"libpng-source~1.2.25~2.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-static-devel", rpm:"libpng-static-devel~1.2.25~2.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3", rpm:"lib64png3~1.2.25~2.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png-devel", rpm:"lib64png-devel~1.2.25~2.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png-static-devel", rpm:"lib64png-static-devel~1.2.25~2.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3", rpm:"libpng3~1.2.31~2.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.31~2.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-source", rpm:"libpng-source~1.2.31~2.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-static-devel", rpm:"libpng-static-devel~1.2.31~2.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3", rpm:"lib64png3~1.2.31~2.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png-devel", rpm:"lib64png-devel~1.2.31~2.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png-static-devel", rpm:"lib64png-static-devel~1.2.31~2.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3", rpm:"libpng3~1.2.5~10.11.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3-devel", rpm:"libpng3-devel~1.2.5~10.11.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3-static-devel", rpm:"libpng3-static-devel~1.2.5~10.11.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3", rpm:"lib64png3~1.2.5~10.11.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3-devel", rpm:"lib64png3-devel~1.2.5~10.11.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3-static-devel", rpm:"lib64png3-static-devel~1.2.5~10.11.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3", rpm:"libpng3~1.2.8~1.6.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3-devel", rpm:"libpng3-devel~1.2.8~1.6.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3-static-devel", rpm:"libpng3-static-devel~1.2.8~1.6.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3", rpm:"lib64png3~1.2.8~1.6.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3-devel", rpm:"lib64png3-devel~1.2.8~1.6.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64png3-static-devel", rpm:"lib64png3-static-devel~1.2.8~1.6.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3", rpm:"libpng3~1.2.5~10.11.C30mdk", rls:"MNDK_2.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3-devel", rpm:"libpng3-devel~1.2.5~10.11.C30mdk", rls:"MNDK_2.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3-static-devel", rpm:"libpng3-static-devel~1.2.5~10.11.C30mdk", rls:"MNDK_2.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_052.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_052.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_052.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,103 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:052 (php-smarty) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63444); + script_cve_id("CVE-2008-4810"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:052 (php-smarty)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to php-smarty +announced via advisory MDVSA-2009:052. + +A vulnerability has been identified and corrected in php-smarty: + +The _expand_quoted_text function in libs/Smarty_Compiler.class.php in Smarty 2.6.20 before r2797 allows remote attackers to execute arbitrary PHP code via vectors related to templates and (1) a dollar-sign character, aka php executed in templates + +Affected: 2008.0, 2008.1, 2009.0, Corporate 4.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:052 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:052 (php-smarty)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"php-smarty", rpm:"php-smarty~2.6.22~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-smarty-manual", rpm:"php-smarty-manual~2.6.22~0.1mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-smarty", rpm:"php-smarty~2.6.22~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-smarty-manual", rpm:"php-smarty-manual~2.6.22~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-smarty", rpm:"php-smarty~2.6.22~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-smarty-manual", rpm:"php-smarty-manual~2.6.22~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-smarty", rpm:"php-smarty~2.6.22~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"php-smarty-manual", rpm:"php-smarty-manual~2.6.22~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_053.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_053.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_053.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,241 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:053 (squirrelmail) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63445); + script_cve_id("CVE-2008-3663"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:053 (squirrelmail)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to squirrelmail +announced via advisory MDVSA-2009:053. + +A vulnerability has been identified and corrected in squirrelmail: + +Squirrelmail 1.4.15 does not set the secure flag for the session +cookie in an https session, which can cause the cookie to be sent in +http requests and make it easier for remote attackers to capture this +cookie (CVE-2008-3663). + +Additionally many of the bundled plugins has been upgraded. The +localization has also been upgraded. Basically this is a syncronization +with the latest squirrelmail package found in Mandriva Cooker. The +rpm changelog will reveal all the changes (rpm -q --changelog +squirrelmail). + +The updated packages have been upgraded to the latest version of +squirrelmail to prevent this. + +Affected: Corporate 4.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:053 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:053 (squirrelmail)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"squirrelmail", rpm:"squirrelmail~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ar", rpm:"squirrelmail-ar~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-bg", rpm:"squirrelmail-bg~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-bn", rpm:"squirrelmail-bn~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ca", rpm:"squirrelmail-ca~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-cs", rpm:"squirrelmail-cs~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-cy", rpm:"squirrelmail-cy~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-cyrus", rpm:"squirrelmail-cyrus~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-da", rpm:"squirrelmail-da~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-de", rpm:"squirrelmail-de~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-el", rpm:"squirrelmail-el~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-en", rpm:"squirrelmail-en~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-es", rpm:"squirrelmail-es~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-et", rpm:"squirrelmail-et~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-eu", rpm:"squirrelmail-eu~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-fa", rpm:"squirrelmail-fa~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-fi", rpm:"squirrelmail-fi~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-fo", rpm:"squirrelmail-fo~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-fr", rpm:"squirrelmail-fr~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-fy", rpm:"squirrelmail-fy~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-he", rpm:"squirrelmail-he~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-hr", rpm:"squirrelmail-hr~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-hu", rpm:"squirrelmail-hu~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-id", rpm:"squirrelmail-id~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-is", rpm:"squirrelmail-is~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-it", rpm:"squirrelmail-it~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ja", rpm:"squirrelmail-ja~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ka", rpm:"squirrelmail-ka~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ko", rpm:"squirrelmail-ko~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-lt", rpm:"squirrelmail-lt~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ms", rpm:"squirrelmail-ms~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-nb", rpm:"squirrelmail-nb~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-nl", rpm:"squirrelmail-nl~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-nn", rpm:"squirrelmail-nn~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-pl", rpm:"squirrelmail-pl~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-poutils", rpm:"squirrelmail-poutils~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-pt", rpm:"squirrelmail-pt~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ro", rpm:"squirrelmail-ro~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ru", rpm:"squirrelmail-ru~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-sk", rpm:"squirrelmail-sk~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-sl", rpm:"squirrelmail-sl~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-sr", rpm:"squirrelmail-sr~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-sv", rpm:"squirrelmail-sv~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-th", rpm:"squirrelmail-th~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-tr", rpm:"squirrelmail-tr~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-ug", rpm:"squirrelmail-ug~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-uk", rpm:"squirrelmail-uk~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-vi", rpm:"squirrelmail-vi~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-zh_CN", rpm:"squirrelmail-zh_CN~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"squirrelmail-zh_TW", rpm:"squirrelmail-zh_TW~1.4.17~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_054.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_054.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_054.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,97 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:054 (nagios) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63446); + script_cve_id("CVE-2007-5624", "CVE-2008-1360", "CVE-2007-5803"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:054 (nagios)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to nagios +announced via advisory MDVSA-2009:054. + +A vulnerability has been identified and corrected in nagios: + +Cross-site scripting (XSS) vulnerability in Nagios allows remote +attackers to inject arbitrary web script or HTML via unknown vectors, +a different vulnerability than CVE-2007-5624 and CVE-2008-1360 +(CVE-2007-5803). + +The updated packages have been upgraded to the latest version of +nagios to prevent this. + +Affected: Corporate 4.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:054 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:054 (nagios)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"nagios", rpm:"nagios~3.1.0~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nagios-devel", rpm:"nagios-devel~3.1.0~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nagios-theme-default", rpm:"nagios-theme-default~3.1.0~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nagios-www", rpm:"nagios-www~3.1.0~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_055.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_055.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_055.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,97 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:055 (audacity) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63447); + script_cve_id("CVE-2009-0490"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:055 (audacity)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to audacity +announced via advisory MDVSA-2009:055. + +A vulnerability has been identified and corrected in audacity: + +Stack-based buffer overflow in the String_parse::get_nonspace_quoted +function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other +versions before 1.3.6 allows remote attackers to cause a denial of +service (crash) and possibly execute arbitrary code via a .gro file +containing a long string (CVE-2009-0490). + +The updated packages have been patched to prevent this. + +Affected: 2008.0, 2008.1, 2009.0, Corporate 3.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:055 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:055 (audacity)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"audacity", rpm:"audacity~1.3.3~1.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"audacity", rpm:"audacity~1.3.4~7.2mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"audacity", rpm:"audacity~1.3.5~3.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"audacity", rpm:"audacity~1.2.0~1.2.C30mdk", rls:"MNDK_3.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_056.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_056.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_056.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,122 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:056 (net-snmp) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63451); + script_cve_id("CVE-2008-6123"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:056 (net-snmp)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to net-snmp +announced via advisory MDVSA-2009:056. + +A vulnerability has been identified and corrected in net-snmp: + +The netsnmp_udp_fmtaddr function (snmplib/snmpUDPDomain.c) in +net-snmp 5.0.9 through 5.4.2, when using TCP wrappers for client +authorization, does not properly parse hosts.allow rules, which +allows remote attackers to bypass intended access restrictions +and execute SNMP queries, related to source/destination IP address +confusion. (CVE-2008-6123) + +The updated packages have been patched to prevent this. + +Affected: 2009.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:056 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:056 (net-snmp)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"libnet-snmp15", rpm:"libnet-snmp15~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnet-snmp-devel", rpm:"libnet-snmp-devel~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libnet-snmp-static-devel", rpm:"libnet-snmp-static-devel~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"net-snmp", rpm:"net-snmp~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"net-snmp-mibs", rpm:"net-snmp-mibs~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"net-snmp-tkmib", rpm:"net-snmp-tkmib~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"net-snmp-trapd", rpm:"net-snmp-trapd~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"net-snmp-utils", rpm:"net-snmp-utils~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"perl-NetSNMP", rpm:"perl-NetSNMP~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64net-snmp15", rpm:"lib64net-snmp15~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64net-snmp-devel", rpm:"lib64net-snmp-devel~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64net-snmp-static-devel", rpm:"lib64net-snmp-static-devel~5.4.2~2.2mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_057.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_057.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_057.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,96 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:057 (valgrind) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63448); + script_cve_id("CVE-2008-4865"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:057 (valgrind)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to valgrind +announced via advisory MDVSA-2009:057. + +A vulnerability has been identified and corrected in valgrind: + +Untrusted search path vulnerability in valgrind before 3.4.0 +allows local users to execute arbitrary programs via a Trojan horse +.valgrindrc file in the current working directory, as demonstrated +using a malicious --db-command options. NOTE: the severity of this +issue has been disputed, but CVE is including this issue because +execution of a program from an untrusted directory is a common +scenario. (CVE-2008-4865) + +The updated packages have been patched to prevent this. + +Affected: 2008.0, 2008.1, 2009.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:057 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:057 (valgrind)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"valgrind", rpm:"valgrind~3.2.3~2.2mdv2008.0", rls:"MNDK_2008.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"valgrind", rpm:"valgrind~3.3.0~3.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"valgrind", rpm:"valgrind~3.3.1~2.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/mdksa_2009_058.nasl =================================================================== --- trunk/openvas-plugins/scripts/mdksa_2009_058.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/mdksa_2009_058.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,175 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory MDVSA-2009:058 (wireshark) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63452); + script_cve_id("CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"); + script_version ("$"); + name["english"] = "Mandrake Security Advisory MDVSA-2009:058 (wireshark)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to wireshark +announced via advisory MDVSA-2009:058. + +Buffer overflow in wiretap/netscreen.c in Wireshark 0.99.7 through +1.0.5 allows user-assisted remote attackers to cause a denial +of service (application crash) via a malformed NetScreen snoop +file. (CVE-2009-0599) + +Wireshark 0.99.6 through 1.0.5 allows user-assisted remote attackers to +cause a denial of service (application crash) via a crafted Tektronix +K12 text capture file, as demonstrated by a file with exactly one +frame. (CVE-2009-0600) + +Format string vulnerability in Wireshark 0.99.8 through 1.0.5 +on non-Windows platforms allows local users to cause a denial of +service (application crash) via format string specifiers in the HOME +environment variable. (CVE-2009-0601) + +This update provides Wireshark 1.0.6, which is not vulnerable to +these issues. + +Affected: 2008.1, 2009.0, Corporate 4.0 + +Solution: +To upgrade automatically use MandrakeUpdate or urpmi. The verification +of md5 checksums and GPG signatures is performed automatically for you. + +https://secure1.securityspace.com/smysecure/catid.html?in=MDVSA-2009:058 +http://www.wireshark.org/security/wnpa-sec-2009-01.html + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Mandrake Security Advisory MDVSA-2009:058 (wireshark)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Mandrake Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.6~0.1mdv2008.1", rls:"MNDK_2008.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.6~0.1mdv2009.0", rls:"MNDK_2009.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"dumpcap", rpm:"dumpcap~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libwireshark0", rpm:"libwireshark0~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libwireshark-devel", rpm:"libwireshark-devel~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"rawshark", rpm:"rawshark~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"tshark", rpm:"tshark~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-tools", rpm:"wireshark-tools~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64wireshark0", rpm:"lib64wireshark0~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"lib64wireshark-devel", rpm:"lib64wireshark-devel~1.0.6~0.1.20060mlcs4", rls:"MNDK_4.0")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/suse_sa_2009_010.nasl =================================================================== --- trunk/openvas-plugins/scripts/suse_sa_2009_010.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/suse_sa_2009_010.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,161 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory SUSE-SA:2009:010 (kernel) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63467); + if(NASL_LEVEL>=2191) { + script_cve_id("CVE-2008-5079", "CVE-2008-5700", "CVE-2008-5702", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269", "CVE-2009-0322"); + } else { + script_cve_id("CVE-2008-5079", "CVE-2008-5700", "CVE-2008-5702", "CVE-2009-0028", "CVE-2009-0029", "CVE-2009-0031", "CVE-2009-0065", "CVE-2009-0269"); + }; + script_version ("$"); + name["english"] = "SuSE Security Advisory SUSE-SA:2009:010 (kernel)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory SUSE-SA:2009:010. + +This update fixes several security issues and lots of bugs in the +openSUSE 11.1 kernel. For details, please visit the referenced +security advisories. + +The Linux kernel on openSUSE 11.1 was updated to the stable version +2.6.27.19 and is also now at the same kernel as we are planning to +ship with SUSE Linux Enterprise (Server/Desktop) 11. + +This update introduces kABI changes, so all kernel module packages +also need to be rebuilt and reapplied. Rebuilt NVIDIA KMPs already +are provided by NVIDIA, ATI and Madwifi KMPs will follow soon. + +Solution: +Update your system with the packages as indicated in +the referenced security advisory. + +https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:010 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "SuSE Security Advisory SUSE-SA:2009:010 (kernel)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "SuSE Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-base", rpm:"kernel-debug-base~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-debug-extra", rpm:"kernel-debug-extra~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-default", rpm:"kernel-default~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-default-base", rpm:"kernel-default-base~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-default-extra", rpm:"kernel-default-extra~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-pae", rpm:"kernel-pae~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-pae-base", rpm:"kernel-pae-base~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-pae-extra", rpm:"kernel-pae-extra~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-syms", rpm:"kernel-syms~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-trace", rpm:"kernel-trace~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-trace-base", rpm:"kernel-trace-base~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-trace-extra", rpm:"kernel-trace-extra~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-vanilla", rpm:"kernel-vanilla~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-base", rpm:"kernel-xen-base~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-xen-extra", rpm:"kernel-xen-extra~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-docs", rpm:"kernel-docs~2.6.3~3.13.5", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-kdump", rpm:"kernel-kdump~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-ppc64", rpm:"kernel-ppc64~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-ppc64-base", rpm:"kernel-ppc64-base~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-ppc64-extra", rpm:"kernel-ppc64-extra~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"kernel-ps3", rpm:"kernel-ps3~2.6.27.19~3.2.1", rls:"openSUSE11.1")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/suse_sa_2009_011.nasl =================================================================== --- trunk/openvas-plugins/scripts/suse_sa_2009_011.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/suse_sa_2009_011.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,87 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory SUSE-SA:2009:011 (flash-player) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63468); + script_cve_id("CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0521"); + script_version ("$"); + name["english"] = "SuSE Security Advisory SUSE-SA:2009:011 (flash-player)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory SUSE-SA:2009:011. + +Specially crafted swf files could cause a buffer overflow in +flash-player. Attackers could potentially exploit that to execute +code on the victim's machine (CVE-2009-0519, CVE-2009-0520, +CVE-2009-0521). + +Solution: +Update your system with the packages as indicated in +the referenced security advisory. + +https://secure1.securityspace.com/smysecure/catid.html?in=SUSE-SA:2009:011 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "SuSE Security Advisory SUSE-SA:2009:011 (flash-player)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "SuSE Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"flash-player", rpm:"flash-player~10.0.22.87~0.1.1", rls:"openSUSE11.1")) { + vuln = 1; +} +if(isrpmvuln(pkg:"flash-player", rpm:"flash-player~9.0.159.0~0.1", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"flash-player", rpm:"flash-player~9.0.159.0~0.1", rls:"openSUSE10.3")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/suse_sr_2009_005.nasl =================================================================== --- trunk/openvas-plugins/scripts/suse_sr_2009_005.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/suse_sr_2009_005.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,175 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory SUSE-SR:2009:005 +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63469); + if(NASL_LEVEL>=2191) { + script_cve_id("CVE-2007-0062", "CVE-2008-5078", "CVE-2008-5138", "CVE-2009-0021", "CVE-2009-0040", "CVE-2009-0049", "CVE-2009-0386", "CVE-2009-0387", "CVE-2009-0397", "CVE-2009-0478", "CVE-2009-0599", "CVE-2009-0600", "CVE-2009-0601"); + } else { + script_cve_id("CVE-2007-0062", "CVE-2008-5078", "CVE-2008-5138", "CVE-2009-0021", "CVE-2009-0040", "CVE-2009-0049", "CVE-2009-0386", "CVE-2009-0387"); + }; + script_version ("$"); + name["english"] = "SuSE Security Summary SUSE-SR:2009:005"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing updates announced in +advisory SUSE-SR:2009:005. SuSE Security Summaries are short +on detail when it comes to the names of packages affected by +a particular bug. Because of this, while this test will detect +out of date packages, it cannot tell you what bugs impact +which packages, or vice versa. + +Solution: + +Update all out of date packages. + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "SuSE Security Advisory SUSE-SR:2009:005"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "SuSE Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/rpms"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-rpm.inc"); +vuln = 0; +if(isrpmvuln(pkg:"eID-belgium", rpm:"eID-belgium~2.6.0~73.2", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"flash-player", rpm:"flash-player~9.0.159.0~0.1", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-0_10-plugins-good", rpm:"gstreamer-0_10-plugins-good~0.10.7~38.2", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-0_10-plugins-good-doc", rpm:"gstreamer-0_10-plugins-good-doc~0.10.7~38.2", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-0_10-plugins-good-extra", rpm:"gstreamer-0_10-plugins-good-extra~0.10.7~38.2", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer-0_10-plugins-good-lang", rpm:"gstreamer-0_10-plugins-good-lang~0.10.7~38.2", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"keyutils", rpm:"keyutils~1.2~80.1", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"keyutils-devel", rpm:"keyutils-devel~1.2~80.1", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"keyutils-libs", rpm:"keyutils-libs~1.2~80.1", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.26~14.8", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng3", rpm:"libpng3~1.2.26~14.8", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng12-0", rpm:"libpng12-0~1.2.26~14.8", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nagios", rpm:"nagios~3.0.6~1.1", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nagios-devel", rpm:"nagios-devel~3.0.6~1.1", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"nagios-www", rpm:"nagios-www~3.0.6~1.1", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ntp", rpm:"ntp~4.2.4p4~44.2", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"ntp-doc", rpm:"ntp-doc~4.2.4p4~44.2", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pam_mount", rpm:"pam_mount~0.35~15.8", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~1.0.0~17.9", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-devel", rpm:"wireshark-devel~1.0.0~17.9", rls:"openSUSE11.0")) { + vuln = 1; +} +if(isrpmvuln(pkg:"eID-belgium", rpm:"eID-belgium~2.5.9~119.2", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"flash-player", rpm:"flash-player~9.0.159.0~0.1", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer010-plugins-good", rpm:"gstreamer010-plugins-good~0.10.6~41.4", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer010-plugins-good-doc", rpm:"gstreamer010-plugins-good-doc~0.10.6~41.4", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"gstreamer010-plugins-good-extra", rpm:"gstreamer010-plugins-good-extra~0.10.6~41.4", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng", rpm:"libpng~1.2.18~15.10", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"libpng-devel", rpm:"libpng-devel~1.2.18~15.10", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"pam_mount", rpm:"pam_mount~0.18~84.4", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~0.99.6~31.15", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"wireshark-devel", rpm:"wireshark-devel~0.99.6~31.15", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xntp", rpm:"xntp~4.2.4p3~25.2", rls:"openSUSE10.3")) { + vuln = 1; +} +if(isrpmvuln(pkg:"xntp-doc", rpm:"xntp-doc~4.2.4p3~25.2", rls:"openSUSE10.3")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} Added: trunk/openvas-plugins/scripts/ubuntu_724_1.nasl =================================================================== --- trunk/openvas-plugins/scripts/ubuntu_724_1.nasl 2009-03-02 15:07:07 UTC (rev 2636) +++ trunk/openvas-plugins/scripts/ubuntu_724_1.nasl 2009-03-02 18:11:09 UTC (rev 2637) @@ -0,0 +1,92 @@ +# OpenVAS Vulnerability Test +# $Id$ +# Description: Auto-generated from advisory USN-724-1 (squid) +# +# Authors: +# Thomas Reinke +# +# Copyright: +# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com +# Text descriptions are largely excerpted from the referenced +# advisory, and are Copyright (c) the respective author(s) +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2, +# or at your option, GNU General Public License version 3, +# as published by the Free Software Foundation +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +# + +if(description) +{ + script_id(63472); + script_cve_id("CVE-2009-0478"); + script_version ("$"); + name["english"] = "Ubuntu USN-724-1 (squid)"; + script_name(english:name["english"]); + + desc["english"] = " +The remote host is missing an update to squid +announced via advisory USN-724-1. + +Joshua Morin, Mikko Varpiola and Jukka Taimisto discovered that Squid did +not properly validate the HTTP version when processing requests. A remote +attacker could exploit this to cause a denial of service (assertion failure). + +Solution: +The problem can be corrected by upgrading your system to the +following package versions: + +Ubuntu 8.10: + squid 2.7.STABLE3-1ubuntu2.1 + +In general, a standard system upgrade is sufficient to effect the +necessary changes. + +https://secure1.securityspace.com/smysecure/catid.html?in=USN-724-1 + +Risk factor : High"; + + script_description(english:desc["english"]); + + summary["english"] = "Ubuntu USN-724-1 (squid)"; + script_summary(english:summary["english"]); + + script_category(ACT_GATHER_INFO); + + script_copyright(english:"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com"); + family["english"] = "Ubuntu Local Security Checks"; + script_family(english:family["english"]); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/packages"); + exit(0); +} + +# +# The script code starts here +# + +include("revisions-lib.inc"); +include("pkg-lib-deb.inc"); +vuln = 0; +if(isdpkgvuln(pkg:"squid-common", ver:"2.7.STABLE3-1ubuntu2.1", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid", ver:"2.7.STABLE3-1ubuntu2.1", rls:"UBUNTU8.10")) { + vuln = 1; +} +if(isdpkgvuln(pkg:"squid-cgi", ver:"2.7.STABLE3-1ubuntu2.1", rls:"UBUNTU8.10")) { + vuln = 1; +} + +if(vuln) { + security_hole(0); +} From scm-commit at wald.intevation.org Tue Mar 3 06:56:40 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 06:56:40 +0100 (CET) Subject: [Openvas-commits] r2638 - in trunk/openvas-plugins: . scripts Message-ID: <20090303055640.F1CA24077B@pyrosoma.intevation.org> Author: chandra Date: 2009-03-03 06:56:37 +0100 (Tue, 03 Mar 2009) New Revision: 2638 Added: trunk/openvas-plugins/scripts/gb_moodle_cms_detect.nasl trunk/openvas-plugins/scripts/gb_moodle_cms_mult_vuln.nasl trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_lin.nasl trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_win.nasl trunk/openvas-plugins/scripts/secpod_adobe_prdts_detect_win.nasl trunk/openvas-plugins/scripts/secpod_mediawiki_mult_xss_vuln.nasl trunk/openvas-plugins/scripts/secpod_tightvnc_detect_lin.nasl trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_lin.nasl trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_win.nasl trunk/openvas-plugins/scripts/secpod_tor_replay_attack_vuln_lin.nasl trunk/openvas-plugins/scripts/secpod_tor_replay_attack_vuln_win.nasl trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl trunk/openvas-plugins/scripts/secpod_ultravnc_mult_int_overflow_vuln_win.nasl trunk/openvas-plugins/scripts/secpod_wow_raid_manager_detect.nasl trunk/openvas-plugins/scripts/secpod_wow_raid_manager_xss_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/secpod_mediawiki_detect.nasl Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/ChangeLog 2009-03-03 05:56:37 UTC (rev 2638) @@ -1,3 +1,23 @@ +2009-03-03 Chandrashekhar B + * scripts/secpod_tightvnc_mult_int_overflow_vuln_win.nasl, + scripts/secpod_ultravnc_mult_int_overflow_vuln_win.nasl, + scripts/secpod_adobe_prdts_bof_vuln_win.nasl, + scripts/secpod_tightvnc_detect_lin.nasl, + scripts/secpod_mediawiki_detect.nasl, + scripts/gb_moodle_cms_detect.nasl, + scripts/secpod_tightvnc_mult_int_overflow_vuln_lin.nasl, + scripts/secpod_mediawiki_mult_xss_vuln.nasl, + scripts/secpod_tor_replay_attack_vuln_win.nasl, + scripts/secpod_adobe_prdts_bof_vuln_lin.nasl, + scripts/secpod_ultravnc_detect_win.nasl, + scripts/secpod_wow_raid_manager_xss_vuln.nasl, + scripts/secpod_tightvnc_detect_win.nasl, + scripts/gb_moodle_cms_mult_vuln.nasl, + scripts/secpod_tor_replay_attack_vuln_lin.nasl, + scripts/secpod_adobe_prdts_detect_win.nasl, + scripts/secpod_wow_raid_manager_detect.nasl: + Added new plugins + 2009-03-02 Thomas Reinke * glsa_200902_05.nasl glsa_200902_06.nasl suse_sa_2009_010.nasl suse_sa_2009_011.nasl suse_sr_2009_005.nasl Added: trunk/openvas-plugins/scripts/gb_moodle_cms_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_moodle_cms_detect.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/gb_moodle_cms_detect.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,73 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_moodle_cms_detect.nasl 1002 2009-02-26 15:20:35Z feb $ +# +# Moodle CMS Version Detection +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800239); + script_version("Revision: 1.0 "); + script_name(english:"Moodle CMS Version Detection"); + desc["english"] = " + Overview : This script finds the Moodle CMS on the Web Server and saves + the version in KB. + + Risk factor : Informational"; + + script_description(english:desc["english"]); + script_summary(english:"Set Version of Moodle CMS in KB"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"General"); + script_dependencies("http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +foreach path (make_list("/", "/moodle/", cgi_dirs())) +{ + sndReq = http_get(item:string(path, "index.php"), port:port); + rcvRes = http_keepalive_send_recv(port:port, data:sndReq); + if(rcvRes == NULL){ + continue; + } + + if(rcvRes =~ "[M|m]oodle") + { + moodleVer = eregmatch(pattern:"[M|m]oodle ([0-9.]+)", string:rcvRes); + if(moodleVer[1] != NULL){ + set_kb_item(name:"Moodle/Version", value:moodleVer[1]); + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/gb_moodle_cms_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/gb_moodle_cms_mult_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_moodle_cms_mult_vuln.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/gb_moodle_cms_mult_vuln.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_moodle_cms_mult_vuln.nasl 1002 2009-02-26 17:00:29Z feb $ +# +# Moodle CMS Multiple Vulnerabilities +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800240); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-0499", "CVE-2009-0500", "CVE-2009-0501", "CVE-2009-0502"); + script_bugtraq_id(33617, 33615, 33612, 32402); + script_name(english:"Moodle CMS Multiple Vulnerabilities"); + desc["english"] = " + + Overview: This host is running Moodle CMS and is prone to Multiple + Vulnerabilities. + + Vulnerability Insight: + Multiple flaws are due to + - Vulnerability in post.php for IMG tag which allows unauthorised access + to user's posts. + - XSS Vulnerability in course/lib.php which allows injection of arbitrary + web scripts or malicious HTML codes while displaying the log report in + browser due to lack of sanitization. + - Unspecified vulnerability in the Calendar export feature which causes + conducting brute force attacks. + - XSS Vulnerability in blocks/html/block_html.php which allows injection + of arbitracy scripts of malformed HTML codes injection. + + Impact: + Successful exploitation will allow remote attackers to cause Cross Site + Scripting attacks, can gain sensitive information about the user or the + remote host or can delete unauthorised posts through injecting malicious + web scripts. + + Impact level: System/Application + + Affected Software/OS: + Moodle version from 1.6 prior to 1.6.9, + Moodle version from 1.7 prior to 1.7.7, + Moodle version from 1.8 prior to 1.8.8 and + Moodle version from 1.9 prior to 1.9.4 on all platforms. + + Fix: Upgrade to latest version 1.6.9, 1.7.7, 1.8.8 and 1.9.4 + http://moodle.org/downloads + + References: + http://moodle.org/security + http://www.openwall.com/lists/oss-security/2009/02/04/1 + + CVSS Score: + CVSS Base Score : 7.5 (AV:N/AC:L/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 5.5 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Moodle CMS"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Web application abuses"); + script_dependencies("gb_moodle_cms_detect.nasl"); + script_require_ports("Services/www", 80); + script_require_keys("Moodle/Version"); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +moodlePort = get_http_port(default:80); +if(!moodlePort){ + exit(0); +} + +moodleVer = get_kb_item("Moodle/Version"); +if(!moodleVer){ + exit(0); +} + +# Grep for Moodle CMS Version +if(version_in_range(version:moodleVer, test_version:"1.6", test_version2:"1.6.8") || + version_in_range(version:moodleVer, test_version:"1.7", test_version2:"1.7.6") || + version_in_range(version:moodleVer, test_version:"1.8", test_version2:"1.8.7") || + version_in_range(version:moodleVer, test_version:"1.9", test_version2:"1.9.3")){ + security_hole(moodlePort); +} Added: trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_lin.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_lin.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_adobe_prdts_bof_vuln_lin.nasl 1064 2009-02-25 19:34:26Z feb $ +# +# Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900321); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-0658"); + script_bugtraq_id(33751); + script_name(english:"Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Linux)"); + desc["english"] = " + + Overview: This host has Adobe Acrobat or Adobe Reader installed, and is prone + to buffer overflow vulnerability. + + Vulnerability Insight: + Error in array indexing while processing JBIG2 streams. This can be exploited + to corrupt arbitrary memory via a specially crafted PDF file, related to a + non-JavaScript function call. + + Impact: + Allow remote attacker to execute arbitrary code in context of the affect + application and can compromise a user's system. + + Impact Level: Application + + Affected Software/OS: + Adobe Reader version 8.1.3 and prior + Adobe Acrobat version 9.0 and prior on Linux. + + Fix: No solution or patch is available as on 03rd March, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.adobe.com/support/security + + References: + http://secunia.com/advisories/33901 + http://securitytracker.com/alerts/2009/Feb/1021739.html + http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 + http://www.adobe.com/support/security/advisories/apsa09-01.html + http://downloads.securityfocus.com/vulnerabilities/exploits/33751-PoC.pl + http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=1 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 8.4 + Risk factor: Critical"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Adobe Acrobat and Reader"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"Buffer overflow"); + script_dependencies("gb_adobe_prdts_detect_lin.nasl"); + script_require_keys("Adobe/Reader/Linux/Version"); + exit(0); +} + + +include("version_func.inc"); + +readerVer = get_kb_item("Adobe/Reader/Linux/Version"); +if(!readerVer){ + exit(0); +} + +if(version_is_less_equal(version:readerVer, test_version:"8.1.3")){ + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_win.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_win.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,100 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_adobe_prdts_bof_vuln_win.nasl 1064 2009-02-25 15:55:26Z feb $ +# +# Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900320); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-0658"); + script_bugtraq_id(33751); + script_name(english:"Buffer Overflow Vulnerability in Adobe Acrobat and Reader (Win)"); + desc["english"] = " + + Overview: This host has Adobe Acrobat or Adobe Reader installed, and is prone + to buffer overflow vulnerability. + + Vulnerability Insight: + Error in array indexing while processing JBIG2 streams. This can be exploited + to corrupt arbitrary memory via a specially crafted PDF file, related to a + non-JavaScript function call. + + Impact: + Allow remote attacker to execute arbitrary code in context of the affected + application and can compromise a user's system. + + Impact Level: Application/System + + Affected Software/OS: + Adobe Reader and Acrobat version 9.0 and prior on Windows. + + Fix: No solution or patch is available as on 03rd March, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.adobe.com/support/security + + References: + http://secunia.com/advisories/33901 + http://securitytracker.com/alerts/2009/Feb/1021739.html + http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219 + http://www.adobe.com/support/security/advisories/apsa09-01.html + http://downloads.securityfocus.com/vulnerabilities/exploits/33751-PoC.pl + http://www.symantec.com/security_response/writeup.jsp?docid=2009-021212-5523-99&tabid=1 + + CVSS Score: + CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 8.4 + Risk factor: Critical"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Adobe Acrobat and Reader"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"Buffer overflow"); + script_dependencies("secpod_adobe_prdts_detect_win.nasl"); + script_require_keys("Adobe/Reader/Win/Ver", "Adobe/Acrobat/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +readerVer = get_kb_item("Adobe/Reader/Win/Ver"); +acrobatVer = get_kb_item("Adobe/Acrobat/Win/Ver"); + +if(readerVer) +{ + if(version_is_less_equal(version:readerVer, test_version:"9.0.0")) + { + security_hole(0); + exit(0); + } +} + +if(acrobatVer) +{ + if(version_is_less_equal(version:acrobatVer, test_version:"9.0.0")){ + security_hole(0); + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_adobe_prdts_bof_vuln_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_adobe_prdts_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_adobe_prdts_detect_win.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_adobe_prdts_detect_win.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,83 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_adobe_prdts_detect_win.nasl 1064 2009-02-25 13:51:44Z feb $ +# +# Adobe Products Version Detection (Win) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900319); + script_version("$Revision: 1.0 $"); + script_name(english:"Adobe Products Version Detection (Win)"); + desc["english"] =" + + Overview : This script finds the installed product version of Adobe Reader + or Adobe Acrobat and sets the result in KB. + + Risk factor : Informational"; + + script_description(english:desc["english"]); + script_summary(english:"Set KB for the version of Adobe Products"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"General"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(!registry_key_exists(key:"SOFTWARE\Adobe")){ + exit(0); +} + +# Set the KB item for Adobe Reader and Adobe Acrobat +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + adobeName = registry_get_sz(key:key + item, item:"DisplayName"); + + if("Adobe Acrobat" >< adobeName) + { + acrobatVer = registry_get_sz(key:key + item, item:"DisplayVersion"); + if(acrobatVer != NULL){ + set_kb_item(name:"Adobe/Acrobat/Win/Ver", value:acrobatVer); + } + } + + else if("Adobe Reader" >< adobeName) + { + readerVer = registry_get_sz(key:key + item, item:"DisplayVersion"); + if(readerVer != NULL){ + set_kb_item(name:"Adobe/Reader/Win/Ver", value:readerVer); + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_adobe_prdts_detect_win.nasl ___________________________________________________________________ Name: svn:executable + * Modified: trunk/openvas-plugins/scripts/secpod_mediawiki_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_mediawiki_detect.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_mediawiki_detect.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -48,6 +48,7 @@ include("http_func.inc"); +include("http_keepalive.inc"); port = get_http_port(default:80); if(!port){ @@ -57,12 +58,12 @@ foreach dir (make_list("/wiki", cgi_dirs())) { sndReq = http_get(item:string(dir, "/index.php/Special:Version"), port:port); - rcvRes = http_send_recv(port:port, data:sndReq); + rcvRes = http_keepalive_send_recv(port:port, data:sndReq); if(rcvRes == NULL){ exit(0); } - if("Powered by MediaWiki" >< rcvRes) + if("[P|p]owered by" && "MediaWiki" >< rcvRes) { wikiVer = eregmatch(pattern:"MediaWiki ([0-9.]+)", string:rcvRes); if(wikiVer[1] != NULL){ Added: trunk/openvas-plugins/scripts/secpod_mediawiki_mult_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_mediawiki_mult_xss_vuln.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_mediawiki_mult_xss_vuln.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,105 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: secpod_mediawiki_mult_xss_vuln.nasl 1074 2009-02-26 18:02:29Z feb $ +# +# MediaWiki Multiple XSS Vulnerabilities +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900469); + script_version("$Revision: 1.0 $"); + script_bugtraq_id(33681); + script_cve_id("CVE-2009-0737"); + script_name(english:"MediaWiki Multiple XSS Vulnerabilities"); + desc["english"] = " + + Overview: This host is running MediaWiki and is prone to Multiple XSS + Vulnerabilities. + + Vulnerability Insight: + Multiple flaws are caused as the data supplied by the user via unspecified + vectors is not adequately sanitised before being passed into the file + 'config/index.php' of MediaWiki. + + Impact: + Successful exploitation will let the attacker include arbitrary HTML or web + scripts in the scope of the browser. This may lead to cross site scripting + attacks and the attacker may gain sensitive information of the remote user + or of the web application. + + Impact level: Application + + Affected Software/OS: + MediaWiki version prior to 1.13.4 + MediaWiki version prior to 1.12.4 + MediaWiki version prior to 1.6.12 + + Fix: + Apply the security updates accordingly. + MediaWiki Version 1.13.4 + MediaWiki Version 1.12.4 + MediaWiki Version 1.6.12 + + References: + http://secunia.com/advisories/33881 + http://www.vupen.com/english/advisories/2009/0368 + + CVSS Score: + CVSS Base Score : 2.6 (AV:N/AC:H/Au:NR/C:N/I:P/A:N) + CVSS Temporal Score : 1.9 + Risk factor: Low"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of MediaWiki"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"Web application abuses"); + script_require_ports("Services/www", 80); + script_dependencies("secpod_mediawiki_detect.nasl"); + script_require_keys("MediaWiki/Version"); + exit(0); +} + + +include("version_func.inc"); + +wikiPort = get_kb_item("Services/www"); +if(!get_port_state(wikiPort)){ + exit(0); +} + +mediawiki = get_kb_item("MediaWiki/Version"); +if(!mediawiki){ + exit(0); +} + +if(mediawiki != NULL) +{ + # Grep for affected MediaWiki Versions + if(version_in_range(version:mediawiki, test_version:"1.13", test_version2:"1.13.3") || + version_in_range(version:mediawiki, test_version:"1.12", test_version2:"1.12.3") || + version_in_range(version:mediawiki, test_version:"1.6", test_version2:"1.6.11")){ + security_warning(wikiPort); + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_mediawiki_mult_xss_vuln.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_tightvnc_detect_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_tightvnc_detect_lin.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_tightvnc_detect_lin.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,68 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_tightvnc_detect_lin.nasl 987 2009-02-27 13:25:36Z feb $ +# +# TightVNC Version Detection (Linux) +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900474); + script_version("Revision: 1.0 "); + script_name(english:"TightVNC Version Detection (Linux)"); + desc["english"] = " + Overview: This script finds the installed TightVNC version on Linux + and saves the version in KB. + + Risk factor: Informational"; + + script_description(english:desc["english"]); + script_summary(english:"Set the Version of TightVNC in KB"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"General"); + exit(0); +} + + +include("version_func.inc"); + +sock = ssh_login_or_reuse_connection(); +if(!sock){ + exit(0); +} + +vncPath = find_file(file_name:"Xvnc", file_path:"/", useregex:TRUE, + regexpar:"$", sock:sock); +foreach vncBin (vncPath) +{ + vncVer = get_bin_version(full_prog_name:chomp(vncBin), + sock:sock, version_argv:"-version", + ver_pattern:"tight([0-9]\.[0-9.]+)"); + if(vncVer[1] != NULL) + { + set_kb_item(name:"TightVNC/Linux/Ver", value:vncVer[1]); + ssh_close_connection(); + exit(0); + } +} +ssh_close_connection(); Property changes on: trunk/openvas-plugins/scripts/secpod_tightvnc_detect_lin.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,68 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id: secpod_tightvnc_detect_win.nasl 987 2009-02-27 16:50:24Z feb $ +# +# TightVNC Version Detection (Win) +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900472); + script_version("$Revision: 1.0 $"); + script_name(english:"TightVNC Version Detection (Win)"); + desc["english"] = " + Overview : This script finds the installed version of TightVNC and + saves the version in KB. + + Risk factor : Informational"; + + script_description(english:desc["english"]); + script_summary(english:"Set Version of TightVNC in KB"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"General"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + tvncName = registry_get_sz(key:key + item, item:"DisplayName"); + if("TightVNC" >< tvncName) + { + tvncVer = registry_get_sz(key:key + item, item:"DisplayVersion"); + if(tvncVer != NULL){ + set_kb_item(name:"TightVNC/Win/Ver", value:tvncVer); + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_tightvnc_detect_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_lin.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_lin.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,98 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_tightvnc_mult_int_overflow_vuln_lin.nasl 987 2009-02-27 16:30:29Z feb $ +# +# TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Linux) +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900475); + script_version("$Revision: 1.0 $"); + script_bugtraq_id(33568); + script_cve_id("CVE-2009-0388"); + script_name(english:"TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Linux)"); + desc["english"] = " + + Overview: This host is running TightVNC and is prone to Multiple Integer + Overflow Vulnerability. + + Vulnerability Insight: + Multiple Integer Overflow due to signedness errors within the functions + ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize + in ClientConnection.cpp file fails to validate user input. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes in the + context of the application and may cause remote code execution to compromise + the affected remote system. + + Impact level: Application/System + + Affected Software/OS: + TightVNC version 1.3.9 and prior on Linux. + + Fix: + Upgrade to the latest version 1.3.10 + http://www.tightvnc.com/download.html + + References: + http://milw0rm.com/exploits/7990 + http://milw0rm.com/exploits/8024 + http://www.coresecurity.com/content/vnc-integer-overflows + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of TightVNC"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"Buffer overflow"); + script_dependencies("secpod_tightvnc_detect_lin.nasl", "find_service1.nasl"); + script_require_ports("Services/vnc", 5801, 5901); + script_require_keys("TightVNC/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +tvncPort = get_kb_item("Services/vnc"); +if(!tvncPort){ + exit(0); +} + +if(get_port_state(tvncPort)) +{ + tvncVer = get_kb_item("TightVNC/Linux/Ver"); + if(!tvncVer){ + exit(0); + } + + # Grep for TightVNC version 1.3.9 and prior on Linux + if(version_is_less_equal(version:tvncVer, test_version:"1.3.9")){ + security_hole(tvncPort); + } +} Added: trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_win.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_win.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,98 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_tightvnc_mult_int_overflow_vuln_win.nasl 987 2009-02-27 15:20:29Z feb $ +# +# TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Win) +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900473); + script_version("$Revision: 1.0 $"); + script_bugtraq_id(33568); + script_cve_id("CVE-2009-0388"); + script_name(english:"TightVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Win)"); + desc["english"] = " + + Overview: This host is running TightVNC and is prone to Multiple Integer + Overflow Vulnerability. + + Vulnerability Insight: + Multiple Integer Overflow due to signedness errors within the functions + ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize + in ClientConnection.cpp file fails to validate user input. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes in the + context of the application and may cause remote code execution to compromise + the affected remote system. + + Impact level: Application/System + + Affected Software/OS: + TightVNC version 1.3.9 and prior on Windows. + + Fix: + Upgrade to the latest version 1.3.10 + http://www.tightvnc.com/download.html + + References: + http://milw0rm.com/exploits/7990 + http://milw0rm.com/exploits/8024 + http://www.coresecurity.com/content/vnc-integer-overflows + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of TightVNC"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"Buffer overflow"); + script_dependencies("secpod_tightvnc_detect_win.nasl", "find_service1.nasl"); + script_require_ports("Services/vnc", 5800, 5900); + script_require_keys("TightVNC/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +tvncPort = get_kb_item("Services/vnc"); +if(!tvncPort){ + tvncPort = 5900; +} + +if(get_port_state(tvncPort)) +{ + tvncVer = get_kb_item("TightVNC/Win/Ver"); + if(!tvncVer){ + exit(0); + } + + # Grep for TightVNC version prior to 1.3.10 + if(version_is_less(version:tvncVer, test_version:"1.3.10")){ + security_hole(tvncPort); + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_tightvnc_mult_int_overflow_vuln_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_tor_replay_attack_vuln_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_tor_replay_attack_vuln_lin.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_tor_replay_attack_vuln_lin.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_tor_replay_attack_vuln_lin.nasl 1062 2009-02-26 13:15:29Z feb $ +# +# Tor Replay Attack Vulnerability (Linux) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900323); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-0654"); + script_name(english:"Replay Attack Vulnerability in Tor (Linux)"); + desc["english"] = " + + Overview: This host is installed with Tor Anonimity Proxy and is prone + to replay attack vulnerability. + + Vulnerability Insight: + Flaw is in the data flow at the end of the circuit which lets the attacker + to modify the relayed data. + + Impact: + Successful exploitation will let the remote attacker cause replay attacks + in the network and can compromise router functionalities. + + Impact level: Network + + Affected Software/OS: + Tor version 0.2.0.34 and prior on Linux. + + Fix: No solution or patch is available as on 03rd March, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, https://www.torproject.org/download-unix.html.en + + References: + http://blog.torproject.org/blog/one-cell-enough + http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf + + CVSS Score: + CVSS Base Score : 5.1 (AV:N/AC:H/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 4.3 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Tor Proxy"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"General"); + script_dependencies("secpod_tor_detect_lin.nasl"); + script_require_keys("Tor/Linux/Ver"); + exit(0); +} + + +include("version_func.inc"); + +torVer = get_kb_item("Tor/Linux/Ver"); +if(torVer != NULL) +{ + # Grep for version 0.2.0.34 and prior + if(version_is_less_equal(version:torVer, test_version:"0.2.0.34")){ + security_warning(0); + } +} Added: trunk/openvas-plugins/scripts/secpod_tor_replay_attack_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_tor_replay_attack_vuln_win.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_tor_replay_attack_vuln_win.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_tor_replay_attack_vuln_win.nasl 1062 2009-02-26 12:07:29Z feb $ +# +# Tor Replay Attack Vulnerability (Windows) +# +# Authors: +# Sharath S +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900322); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-0654"); + script_name(english:"Tor Replay Attack Vulnerability (Windows)"); + desc["english"] = " + + Overview: This host is installed with Tor Anonimity Proxy and is prone + to replay attack vulnerability. + + Vulnerability Insight: + Flaw is in the data flow at the end of the circuit which lets the attacker + to modify the relayed data. + + Impact: + Successful exploitation will let the remote attacker cause replay attacks + in the network and can compromise router functionalities. + + Impact level: Network + + Affected Software/OS: + Tor version 0.2.0.34 and prior on Windows. + + Fix: No solution or patch is available as on 03rd March, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, https://www.torproject.org + + References: + http://blog.torproject.org/blog/one-cell-enough + http://www.blackhat.com/presentations/bh-dc-09/Fu/BlackHat-DC-09-Fu-Break-Tors-Anonymity.pdf + + CVSS Score: + CVSS Base Score : 5.1 (AV:N/AC:H/Au:NR/C:P/I:P/A:P) + CVSS Temporal Score : 4.3 + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Tor Proxy"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"General"); + script_dependencies("gb_tor_detect_win.nasl"); + script_require_keys("Tor/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +torVer = get_kb_item("Tor/Win/Ver"); +if(torVer != NULL) +{ + # Grep for version 0.2.0.34 and prior + if(version_is_less_equal(version:torVer, test_version:"0.2.0.34")){ + security_warning(0); + } +} Added: trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,68 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ultravnc_detect_win.nasl 987 2009-02-27 19:50:24Z feb $ +# +# UltraVNC Version Detection (Win) +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900470); + script_version("$Revision: 1.0 $"); + script_name(english:"UltraVNC Version Detection (Win)"); + desc["english"] = " + Overview : This script finds the installed version of UltraVNC and + saves the version in KB. + + Risk factor : Informational"; + + script_description(english:desc["english"]); + script_summary(english:"Set Version of UltraVNC in KB"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"General"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\"; +foreach item (registry_enum_keys(key:key)) +{ + uvncName = registry_get_sz(key:key + item, item:"DisplayName"); + if("UltraVNC" >< uvncName) + { + vncString = eregmatch(pattern:"UltraVNC v?([0-9.]+)", string:uvncName); + if(vncString[1] != NULL){ + set_kb_item(name:"UltraVNC/Win/Ver", value:vncString[1]); + } + exit(0); + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_ultravnc_detect_win.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_ultravnc_mult_int_overflow_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ultravnc_mult_int_overflow_vuln_win.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_ultravnc_mult_int_overflow_vuln_win.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ultravnc_mult_int_overflow_vuln_win.nasl 987 2009-02-27 17:40:29Z feb $ +# +# UltraVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Win) +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900471); + script_version("$Revision: 1.0 $"); + script_bugtraq_id(33568); + script_cve_id("CVE-2009-0388"); + script_name(english:"UltraVNC ClientConnection Multiple Integer Overflow Vulnerabilities (Win)"); + desc["english"] = " + + Overview: This host is running UltraVNC and is prone to Multiple Integer + Overflow Vulnerability. + + Vulnerability Insight: + Multiple Integer Overflow due to signedness errors within the functions + ClientConnection::CheckBufferSize and ClientConnection::CheckFileZipBufferSize + in ClientConnection.cpp file fails to validate user input. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes in the + context of the application and may cause remote code execution to compromise + the affected remote system. + + Impact level: Application/System + + Affected Software/OS: + UltraVNC version prior to 1.0.5.4 on Windows. + + Fix: + Upgrade to the latest version 1.0.5.4 + http://www.uvnc.com/download/1054 + + References: + http://milw0rm.com/exploits/7990 + http://secunia.com/advisories/33794 + + CVSS Score: + CVSS Base Score : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C) + CVSS Temporal Score : 7.8 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of UltraVNC"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"Buffer overflow"); + script_dependencies("secpod_ultravnc_detect_win.nasl", "find_service1.nasl"); + script_require_ports("Services/vnc", 5800, 5900); + script_require_keys("UltraVNC/Win/Ver"); + exit(0); +} + + +include("version_func.inc"); + +vncPort = get_kb_item("Services/vnc"); +if(!vncPort){ + vncPort = 5900; +} + +if(get_port_state(vncPort)) +{ + uvncVer = get_kb_item("UltraVNC/Win/Ver"); + if(!uvncVer){ + exit(0); + } + + # Grep for UltraVNC version prior to 1.0.5.4 + if(version_is_less(version:uvncVer, test_version:"1.0.5.4")){ + security_hole(vncPort); + } +} Added: trunk/openvas-plugins/scripts/secpod_wow_raid_manager_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_wow_raid_manager_detect.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_wow_raid_manager_detect.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,74 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_wow_raid_manager_detect.nasl 1040 2009-01-28 13:52:24Z feb $ +# +# WOW Raid Manager Version Detection +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900514); + script_version("Revision: 1.0 "); + script_name(english:"WOW Raid Manager Version Detection"); + desc["english"] = " + Overview: This script detects the installed version of WOW Raid Manager and + sets the version in KB. + + Risk factor: Informational"; + + script_description(english:desc["english"]); + script_summary(english:"Sets the KB for the version of WOW Raid Manager"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"General"); + script_dependencies("http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!port){ + exit(0); +} + +foreach dir (make_list("/wrm", cgi_dirs())) +{ + sndReq = http_get(item:string(dir, "/index.php"), port:port); + rcvRes = http_keepalive_send_recv(port:port, data:sndReq); + if(rcvRes == NULL){ + exit(0); + } + + if("WoW Raid Manager" >< rcvRes) + { + version = eregmatch(pattern:"WoW Raid Manager.* v([0-9.]+)", string:rcvRes); + if(version[1] != NULL) + { + set_kb_item(name:"WoWRaidManager/Ver", value: version[1]); + exit(0); + } + } +} Property changes on: trunk/openvas-plugins/scripts/secpod_wow_raid_manager_detect.nasl ___________________________________________________________________ Name: svn:executable + * Added: trunk/openvas-plugins/scripts/secpod_wow_raid_manager_xss_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_wow_raid_manager_xss_vuln.nasl 2009-03-02 18:11:09 UTC (rev 2637) +++ trunk/openvas-plugins/scripts/secpod_wow_raid_manager_xss_vuln.nasl 2009-03-03 05:56:37 UTC (rev 2638) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_wow_raid_manager_xss_vuln.nasl 1040 2009-02-27 16:05:33Z feb $ +# +# WoW Raid Manager Cross-Site Scripting Vulnerability +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900515); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-6161"); + script_bugtraq_id(31661); + script_name(english:"WoW Raid Manager Cross-Site Scripting Vulnerability"); + desc["english"] = " + + Overview: The host is installed with WoW Raid Manager and is prone to + Cross-Site Scripting vulnerability. + + Vulnerability Insight: + The flaw exists due to WoW Raid Manager fails to properly sanitise user + supplied input. + + Impact: Successful remote exploitation will let the attacker execute + arbitrary code in the scope of the application. As a result the attacker + may gain sensitive information and use it to redirect the user to any + other malicious URL. + + Impact Level: Application + + Affected Software/OS: + WoW Raid Manager versions prior to 3.5.1. + + Fix: Upgrade to version 3.5.1 + http://www.wowraidmanager.net/downloadrel.php + + References: + http://secunia.com/advisories/32172 + http://sourceforge.net/project/shownotes.php?release_id=631789 + + CVSS Score: + CVSS Base Score : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N) + CVSS Temporal Score : 3.2 + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of WoW Raid Manager"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"General"); + script_dependencies("secpod_wow_raid_manager_detect.nasl"); + script_require_ports("Services/www", 80); + script_require_keys("WoWRaidManager/Ver"); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +wowPort = get_http_port(default:80); +if(!wowPort){ + exit(0); +} + +wowVer = get_kb_item("WoWRaidManager/Ver"); +if(!wowVer){ + exit(0); +} + +if(version_is_less(version:wowVer, test_version:"3.5.1")){ + security_warning(wowPort); +} Property changes on: trunk/openvas-plugins/scripts/secpod_wow_raid_manager_xss_vuln.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Tue Mar 3 11:24:35 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 11:24:35 +0100 (CET) Subject: [Openvas-commits] r2639 - in trunk/openvas-client: . nessus Message-ID: <20090303102435.0A561406E7@pyrosoma.intevation.org> Author: felix Date: 2009-03-03 11:24:33 +0100 (Tue, 03 Mar 2009) New Revision: 2639 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/plugin_infos.c trunk/openvas-client/nessus/plugin_infos.h Log: * nessus/plugin_infos.c, nessus/plugin_infos.h (plugin_info_window_show_cb): New, callback method can be used to show plugin info dialog when only a NVTs OID is known. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-03 05:56:37 UTC (rev 2638) +++ trunk/openvas-client/ChangeLog 2009-03-03 10:24:33 UTC (rev 2639) @@ -1,3 +1,9 @@ +2009-03-03 Felix Wolfsteller + + * nessus/plugin_infos.c, nessus/plugin_infos.h + (plugin_info_window_show_cb): New, callback method can be used to show + plugin info dialog when only a NVTs OID is known. + 2009-03-02 Felix Wolfsteller Removed obsolete code and variables in cli module, pointed to by Modified: trunk/openvas-client/nessus/plugin_infos.c =================================================================== --- trunk/openvas-client/nessus/plugin_infos.c 2009-03-03 05:56:37 UTC (rev 2638) +++ trunk/openvas-client/nessus/plugin_infos.c 2009-03-03 10:24:33 UTC (rev 2639) @@ -313,12 +313,36 @@ } /** + * @brief Callback, extracts plugin name and shows info dialog, using current + * @brief Context. + * + * If either no plugin list in current context is found or no oid is provided, + * does nothing. + * + * @param emitter ignored (callback) + * @param oid OID of plugin to show info. + */ +void +plugin_info_window_show_cb (GtkWidget* emitter, char* oid) +{ + if (oid == NULL || Context->plugins == NULL) + return; + + /* Search name of nvt first, to make plugin_info_window_setup happy. Creates + some overhead, as the plugin list will be traversed in ..._setup again. */ + struct nessus_plugin* nvt = nessus_plugin_get_by_oid (Context->plugins, oid); + + if (nvt) + plugin_info_window_setup (Context->plugins, nvt->name); +} + +/** * @brief Draws the window which contains information about a plugin. * - * @param res Pointer to a nessus_plugin struct. + * @param res Pointer to a nessus_plugin struct (list). * @param name The plugins name. */ -void +void plugin_info_window_setup (struct nessus_plugin * res, char* pluginname) { GtkWindow * window = GTK_WINDOW(arg_get_value(MainDialog, "WINDOW")); @@ -338,8 +362,9 @@ struct nessus_plugin * plugin; char * txt; - plugin = nessus_plugin_get_by_name(res, pluginname); - if( plugin == NULL ) + printf("BUGME: plugin infos name %s\n", pluginname); + plugin = nessus_plugin_get_by_name (res, pluginname); + if (plugin == NULL) { #ifdef DEBUG fprintf(stderr, _("Error ! Plugin selected not found ?!\n")); Modified: trunk/openvas-client/nessus/plugin_infos.h =================================================================== --- trunk/openvas-client/nessus/plugin_infos.h 2009-03-03 05:56:37 UTC (rev 2638) +++ trunk/openvas-client/nessus/plugin_infos.h 2009-03-03 10:24:33 UTC (rev 2639) @@ -30,5 +30,6 @@ #define _NESSUSC_PLUGIN_INFOS_H void plugin_info_window_setup(struct nessus_plugin *, char * pluginname); +void plugin_info_window_show_cb (GtkWidget* emitter, char* oid); #endif From scm-commit at wald.intevation.org Tue Mar 3 11:32:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 11:32:45 +0100 (CET) Subject: [Openvas-commits] r2640 - in trunk/openvas-client: . nessus Message-ID: <20090303103245.058E840729@pyrosoma.intevation.org> Author: felix Date: 2009-03-03 11:32:44 +0100 (Tue, 03 Mar 2009) New Revision: 2640 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/plugin_infos.c Log: * nessus/plugin_infos.c: Removed debug-survivor-printf. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-03 10:24:33 UTC (rev 2639) +++ trunk/openvas-client/ChangeLog 2009-03-03 10:32:44 UTC (rev 2640) @@ -1,5 +1,9 @@ 2009-03-03 Felix Wolfsteller + * nessus/plugin_infos.c: Removed debug-survivor-printf. + +2009-03-03 Felix Wolfsteller + * nessus/plugin_infos.c, nessus/plugin_infos.h (plugin_info_window_show_cb): New, callback method can be used to show plugin info dialog when only a NVTs OID is known. Modified: trunk/openvas-client/nessus/plugin_infos.c =================================================================== --- trunk/openvas-client/nessus/plugin_infos.c 2009-03-03 10:24:33 UTC (rev 2639) +++ trunk/openvas-client/nessus/plugin_infos.c 2009-03-03 10:32:44 UTC (rev 2640) @@ -320,7 +320,7 @@ * does nothing. * * @param emitter ignored (callback) - * @param oid OID of plugin to show info. + * @param oid OID of plugin to show info of. */ void plugin_info_window_show_cb (GtkWidget* emitter, char* oid) @@ -362,7 +362,6 @@ struct nessus_plugin * plugin; char * txt; - printf("BUGME: plugin infos name %s\n", pluginname); plugin = nessus_plugin_get_by_name (res, pluginname); if (plugin == NULL) { From scm-commit at wald.intevation.org Tue Mar 3 11:48:33 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 11:48:33 +0100 (CET) Subject: [Openvas-commits] r2641 - in trunk/openvas-client: . nessus Message-ID: <20090303104833.E7A0940729@pyrosoma.intevation.org> Author: felix Date: 2009-03-03 11:48:31 +0100 (Tue, 03 Mar 2009) New Revision: 2641 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/plugin_infos.c trunk/openvas-client/nessus/plugin_infos.h Log: * nessus/plugin_infos.c, nessus/plugin_infos.h (plugin_info_window_show_cb): Method takes name instead of OID to avoid double traversal of plugin list. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-03 10:32:44 UTC (rev 2640) +++ trunk/openvas-client/ChangeLog 2009-03-03 10:48:31 UTC (rev 2641) @@ -1,5 +1,11 @@ 2009-03-03 Felix Wolfsteller + * nessus/plugin_infos.c, nessus/plugin_infos.h + (plugin_info_window_show_cb): Method takes name instead of OID + to avoid double traversal of plugin list. + +2009-03-03 Felix Wolfsteller + * nessus/plugin_infos.c: Removed debug-survivor-printf. 2009-03-03 Felix Wolfsteller Modified: trunk/openvas-client/nessus/plugin_infos.c =================================================================== --- trunk/openvas-client/nessus/plugin_infos.c 2009-03-03 10:32:44 UTC (rev 2640) +++ trunk/openvas-client/nessus/plugin_infos.c 2009-03-03 10:48:31 UTC (rev 2641) @@ -313,27 +313,19 @@ } /** - * @brief Callback, extracts plugin name and shows info dialog, using current - * @brief Context. + * @brief Callback, shows info dialog, using current Context as plugin source. * - * If either no plugin list in current context is found or no oid is provided, + * If either no plugin list in current context is found or no name is provided, * does nothing. * * @param emitter ignored (callback) - * @param oid OID of plugin to show info of. + * @param name Name of plugin to show info of. */ void -plugin_info_window_show_cb (GtkWidget* emitter, char* oid) +plugin_info_window_show_cb (GtkWidget* emitter, char* name) { - if (oid == NULL || Context->plugins == NULL) - return; - - /* Search name of nvt first, to make plugin_info_window_setup happy. Creates - some overhead, as the plugin list will be traversed in ..._setup again. */ - struct nessus_plugin* nvt = nessus_plugin_get_by_oid (Context->plugins, oid); - - if (nvt) - plugin_info_window_setup (Context->plugins, nvt->name); + if (name != NULL || Context->plugins != NULL) + plugin_info_window_setup (Context->plugins, name); } /** Modified: trunk/openvas-client/nessus/plugin_infos.h =================================================================== --- trunk/openvas-client/nessus/plugin_infos.h 2009-03-03 10:32:44 UTC (rev 2640) +++ trunk/openvas-client/nessus/plugin_infos.h 2009-03-03 10:48:31 UTC (rev 2641) @@ -30,6 +30,6 @@ #define _NESSUSC_PLUGIN_INFOS_H void plugin_info_window_setup(struct nessus_plugin *, char * pluginname); -void plugin_info_window_show_cb (GtkWidget* emitter, char* oid); +void plugin_info_window_show_cb (GtkWidget* emitter, char* name); #endif From scm-commit at wald.intevation.org Tue Mar 3 11:52:07 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 11:52:07 +0100 (CET) Subject: [Openvas-commits] r2642 - in trunk/openvas-client: . src/gui Message-ID: <20090303105207.150B340729@pyrosoma.intevation.org> Author: felix Date: 2009-03-03 11:52:05 +0100 (Tue, 03 Mar 2009) New Revision: 2642 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/src/gui/priorities_dialog.c Log: Added Button to open plugin_info dialog from priority editing dialog, fixed bug when viewing editing priorities of empty report, fixed mem leaks, minor doc and reformatting. * src/gui/priorities_dialog.c: Added plugin_infos.h include. * src/gui/priorities_dialog.c (edit_priority, -priorities_keypress_cb, priorities_dialog): Minor reformatting and extension of documentation and function declarations. * src/gui/priorities_dialog.c (edit_priority): Use gchar + g_strdup_printf instead of malloc + snprintf, fixed mem leaks where strings for labels were not freed, added Button to open plugin_info dialog. * src/gui/priorities_dialog.c (priorities_dialog): When empty priority chain returned, show warning and abort. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-03 10:48:31 UTC (rev 2641) +++ trunk/openvas-client/ChangeLog 2009-03-03 10:52:05 UTC (rev 2642) @@ -1,5 +1,25 @@ 2009-03-03 Felix Wolfsteller + Added Button to open plugin_info dialog from priority editing dialog, + fixed bug when viewing editing priorities of empty report, fixed mem + leaks, minor doc and reformatting. + + * src/gui/priorities_dialog.c: Added plugin_infos.h include. + + * src/gui/priorities_dialog.c (edit_priority, -priorities_keypress_cb, + priorities_dialog): Minor reformatting and extension of documentation + and function declarations. + + * src/gui/priorities_dialog.c (edit_priority): Use gchar + + g_strdup_printf instead of malloc + snprintf, fixed mem leaks where + strings for labels were not freed, added Button to open plugin_info + dialog. + + * src/gui/priorities_dialog.c (priorities_dialog): When empty priority + chain returned, show warning and abort. + +2009-03-03 Felix Wolfsteller + * nessus/plugin_infos.c, nessus/plugin_infos.h (plugin_info_window_show_cb): Method takes name instead of OID to avoid double traversal of plugin list. Modified: trunk/openvas-client/src/gui/priorities_dialog.c =================================================================== --- trunk/openvas-client/src/gui/priorities_dialog.c 2009-03-03 10:48:31 UTC (rev 2641) +++ trunk/openvas-client/src/gui/priorities_dialog.c 2009-03-03 10:52:05 UTC (rev 2642) @@ -33,6 +33,10 @@ * wish to do so, delete this exception statement from your version. */ +/** @file + * GUI elements for editing priorities. + */ + #include #include "nessus_i18n.h" @@ -46,6 +50,7 @@ #include "parseutils.h" #include "priority.h" #include "nessus_plugin.h" +#include "plugin_infos.h" enum { @@ -57,18 +62,20 @@ /** - * @brief Open a dialog to edit a priority chain + * @brief Open a dialog to edit a priority chain. * + * Consist of a notebook with one page for each port and beneath a table + * with one set of radiobuttons for each message type found. * The new dialog is modal. The supplied priority chain is altered * when the dialog is exited via the OK button. * - * @param oid OpenVAS ID - * @param priority Priority chain + * @param oid OID of NVT. + * @param priority[in,out] Priority chain * - * @return The priority chain may be modified + * @return The priority chain may be modified. */ void -edit_priority(char *oid, struct priority *priority) +edit_priority (char *oid, struct priority *priority) { GtkWidget* dialog; GtkWidget* box; @@ -81,7 +88,7 @@ GtkWidget* notebook = NULL; struct context *context; struct nessus_plugin *plugin; - char *str; + gchar *str; char *port; int maxprios, nrprio, ismulti; @@ -106,9 +113,9 @@ hbox = gtk_hbox_new(FALSE, FALSE); gtk_container_add(GTK_CONTAINER(box), hbox); - str = emalloc(strlen(_("OID %s")) + strlen(oid)); - sprintf(str, _("OID %s"), oid); + str = g_strdup_printf (_("OID %s"), oid); label = gtk_label_new(str); + g_free (str); gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 0); if (context && (plugin = nessus_plugin_get_by_oid(context->plugins, oid)) != NULL) { @@ -116,6 +123,11 @@ gtk_container_add(GTK_CONTAINER(box), hbox); label = gtk_label_new(plugin->name); gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 0); + // "Show Details"- Button + button = gtk_button_new_with_label (_("Show Details")); + g_signal_connect (GTK_OBJECT(button), "clicked", GTK_SIGNAL_FUNC(plugin_info_window_show_cb), + plugin->name); + gtk_box_pack_start(GTK_BOX(box), button, FALSE, FALSE, 0); } if (ismulti) { @@ -124,9 +136,9 @@ } else { hbox = gtk_hbox_new(FALSE, FALSE); gtk_container_add(GTK_CONTAINER(box), hbox); - str = emalloc(strlen(_("Port: %s")) + strlen(priority->port)); - sprintf(str, _("Port: %s"), priority->port); + str = g_strdup_printf(_("Port: %s"), priority->port); label = gtk_label_new(str); + g_free (str); gtk_label_set_justify(GTK_LABEL(label), GTK_JUSTIFY_LEFT); gtk_box_pack_start(GTK_BOX(hbox), label, FALSE, FALSE, 0); } @@ -198,20 +210,20 @@ } /** - * @brief Callback for the double-click in the editor window + * @brief Callback for the double-click in the editor window. * * A new modal dialog is opened when the current position in the * respective OID listing can be determined. The TreeView is adjusted * with respect to the status of the particular line. * * @param treeview Respective TreeView - * @param path TreeView path - * @param column TreeView column + * @param path TreeView path + * @param column TreeView column * @param priorities Priority chain attached to the TreeView */ void -priorities_keypress_cb(GtkTreeView *treeview, GtkTreePath *path, - GtkTreeViewColumn *column, struct arglist *priorities) +priorities_keypress_cb (GtkTreeView *treeview, GtkTreePath *path, + GtkTreeViewColumn *column, struct arglist *priorities) { GtkTreeModel *model = gtk_tree_view_get_model(treeview); GtkTreeIter iter; @@ -249,7 +261,7 @@ } /** - * @brief Display the main dialog for priorities + * @brief Display the main dialog for priorities. * * A new modal dialog is opened for all visible OpenVAS IDs in the * current report and overwritten in the current scope for all hosts @@ -257,7 +269,7 @@ * with all priorities and ports for the same OID and host. */ void -priorities_dialog(GtkWidget* w, struct arglist* ctrls) +priorities_dialog (GtkWidget* w, struct arglist* ctrls) { GtkWidget *dialog; GtkWidget *scrolledwindow; @@ -281,8 +293,16 @@ NULL); priorities = priority = get_priorities(ctrls); - multi = priorities->next->next != NULL; + + if (priorities == NULL || priorities->next == NULL) + { + show_warning (_("Can not edit any priorities in empty report.")); + priorities_free (priorities); + return; + } + multi = (priorities->next->next != NULL); + if (multi) { notebook = gtk_notebook_new(); gtk_container_add(GTK_CONTAINER(GTK_DIALOG(dialog)->vbox), notebook); From scm-commit at wald.intevation.org Tue Mar 3 12:00:01 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 12:00:01 +0100 (CET) Subject: [Openvas-commits] r2643 - in trunk/openvas-client: . nessus src/gui Message-ID: <20090303110001.5125640729@pyrosoma.intevation.org> Author: felix Date: 2009-03-03 12:00:00 +0100 (Tue, 03 Mar 2009) New Revision: 2643 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/plugin_infos.c trunk/openvas-client/src/gui/priorities_dialog.c Log: * src/gui/priorities_dialog.c, nessus/plugin_infos.c: Added missing includes. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-03 10:52:05 UTC (rev 2642) +++ trunk/openvas-client/ChangeLog 2009-03-03 11:00:00 UTC (rev 2643) @@ -1,5 +1,10 @@ 2009-03-03 Felix Wolfsteller + * src/gui/priorities_dialog.c, nessus/plugin_infos.c: Added missing + includes. + +2009-03-03 Felix Wolfsteller + Added Button to open plugin_info dialog from priority editing dialog, fixed bug when viewing editing priorities of empty report, fixed mem leaks, minor doc and reformatting. Modified: trunk/openvas-client/nessus/plugin_infos.c =================================================================== --- trunk/openvas-client/nessus/plugin_infos.c 2009-03-03 10:52:05 UTC (rev 2642) +++ trunk/openvas-client/nessus/plugin_infos.c 2009-03-03 11:00:00 UTC (rev 2643) @@ -47,6 +47,7 @@ #include "openvas_certificates.h" #include "preferences.h" #include "error_dlg.h" +#include "plugin_infos.h" /** * @brief Opens a dialog to show the dependencies. Modified: trunk/openvas-client/src/gui/priorities_dialog.c =================================================================== --- trunk/openvas-client/src/gui/priorities_dialog.c 2009-03-03 10:52:05 UTC (rev 2642) +++ trunk/openvas-client/src/gui/priorities_dialog.c 2009-03-03 11:00:00 UTC (rev 2643) @@ -51,6 +51,7 @@ #include "priority.h" #include "nessus_plugin.h" #include "plugin_infos.h" +#include "error_dlg.h" enum { From scm-commit at wald.intevation.org Tue Mar 3 12:17:27 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 12:17:27 +0100 (CET) Subject: [Openvas-commits] r2644 - in trunk/openvas-client: . nessus Message-ID: <20090303111727.77613406FF@pyrosoma.intevation.org> Author: felix Date: 2009-03-03 12:17:25 +0100 (Tue, 03 Mar 2009) New Revision: 2644 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/backend.c Log: * nessus/backend.c: Added commented RATS ignores where strlen is called on string literals. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-03 11:00:00 UTC (rev 2643) +++ trunk/openvas-client/ChangeLog 2009-03-03 11:17:25 UTC (rev 2644) @@ -1,5 +1,10 @@ 2009-03-03 Felix Wolfsteller + * nessus/backend.c: Added commented RATS ignores where strlen is called + on string literals. + +2009-03-03 Felix Wolfsteller + * src/gui/priorities_dialog.c, nessus/plugin_infos.c: Added missing includes. Modified: trunk/openvas-client/nessus/backend.c =================================================================== --- trunk/openvas-client/nessus/backend.c 2009-03-03 11:00:00 UTC (rev 2643) +++ trunk/openvas-client/nessus/backend.c 2009-03-03 11:17:25 UTC (rev 2644) @@ -156,7 +156,7 @@ backend_insert_timestamps (int be, char* host, char* type, char* time) { lseek(backends[be].fd, 0, SEEK_END); - if((write(backends[be].fd, "timestamps||", strlen("timestamps||")) < 0) || + if((write(backends[be].fd, "timestamps||", strlen("timestamps||")) < 0) || /* RATS: ignore, string literal is always nul- terminated */ (write(backends[be].fd, host, strlen(host)) < 0 ) || (write(backends[be].fd, "|", 1) < 0) || (write(backends[be].fd, type, strlen(type)) < 0) || @@ -184,7 +184,7 @@ char * port; { lseek(backends[be].fd, 0, SEEK_END); - if((write(backends[be].fd, "results|", strlen("results|")) < 0) || + if((write(backends[be].fd, "results|", strlen("results|")) < 0) || /* RATS: ignore, string literal is always nul- terminated */ (write(backends[be].fd, subnet, strlen(subnet)) < 0) || (write(backends[be].fd, "|", 1) < 0) || (write(backends[be].fd, host, strlen(host)) < 0 ) || @@ -326,7 +326,8 @@ buf[strlen(buf) - 1] = '\0'; /* skip lines that are not */ - if(strncmp(buf, "results", strlen("results"))) + if(strncmp (buf, "results", + strlen("results"))) /* RATS: ignore, string literal is always nul- terminated */ continue; /* "validate the nbe", as it has to have three '|'s */ @@ -580,7 +581,8 @@ while(fgets(buf, sizeof(buf) - 1, f) != NULL ) { buf[sizeof(buf) - 1] = '\0'; - if(strncmp(buf, "results", strlen("results")) == 0) + if (strncmp (buf, "results", + strlen("results")) == 0) /* RATS: ignore, string literal is always nul- terminated */ { return 1; } From scm-commit at wald.intevation.org Tue Mar 3 12:23:14 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 12:23:14 +0100 (CET) Subject: [Openvas-commits] r2645 - in trunk/openvas-plugins: . docs Message-ID: <20090303112314.0F206406FF@pyrosoma.intevation.org> Author: jan Date: 2009-03-03 12:23:11 +0100 (Tue, 03 Mar 2009) New Revision: 2645 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/docs/plugins_api.txt Log: * docs/plugins_api.txt: Updated according to replacement of ftp_write_dirs.nes by ftp_writeable_directories.nasl. * ChangeLog: Added some missing changes. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-03 11:17:25 UTC (rev 2644) +++ trunk/openvas-plugins/ChangeLog 2009-03-03 11:23:11 UTC (rev 2645) @@ -1,3 +1,8 @@ +2009-03-03 Jan-Oliver Wagner + + * docs/plugins_api.txt: Updated according to replacement of + ftp_write_dirs.nes by ftp_writeable_directories.nasl. + 2009-03-03 Chandrashekhar B * scripts/secpod_tightvnc_mult_int_overflow_vuln_win.nasl, scripts/secpod_ultravnc_mult_int_overflow_vuln_win.nasl, @@ -46,10 +51,16 @@ Added new plugins 2009-03-02 Vlatko Kosturjak - * plugins/ftp_write_dirs/: plugin is superseeded by - scripts/ftp_writeable_directories.nasl, - updated dependencies + * plugins/ftp_write_dirs/, plugins/ftp_write_dirs/ftp_write_dirs.c, + plugins/ftp_write_dirs/Makefile, plugins/ftp_write_dirs/Makefile.darwin: + Removed. Superseeded by scripts/ftp_writeable_directories.nasl. + + * scripts/ftpd_1byte_overflow.nasl, scripts/hpftp_glob_stat.nasl: + updated dependencies accordingly. + + * MANIFEST: Updated. + 2009-03-02 Vlatko Kosturjak * scripts/ftp_writeable_directories.nasl Made script to work with OpenVAS (did not work before!). Extensively Modified: trunk/openvas-plugins/docs/plugins_api.txt =================================================================== --- trunk/openvas-plugins/docs/plugins_api.txt 2009-03-03 11:17:25 UTC (rev 2644) +++ trunk/openvas-plugins/docs/plugins_api.txt 2009-03-03 11:23:11 UTC (rev 2645) @@ -1014,7 +1014,7 @@ logins, "no" if it does not Key : "ftp/writeable_dir" - Defined in : "ftp_write_dirs.nes" + Defined in : "ftp_writeable_directories.nasl" Type : ARG_STRING Value : NULL if there is no anonymous-writeable directory or the name of a writeable directory on the remote From scm-commit at wald.intevation.org Tue Mar 3 12:53:14 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 3 Mar 2009 12:53:14 +0100 (CET) Subject: [Openvas-commits] r2646 - in trunk/openvas-client: . nessus Message-ID: <20090303115314.4C380406FF@pyrosoma.intevation.org> Author: felix Date: 2009-03-03 12:53:12 +0100 (Tue, 03 Mar 2009) New Revision: 2646 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/parser.c Log: * nessus/parser.c: Cosmetics, K&R style replacements, documentation, formatting. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-03 11:23:11 UTC (rev 2645) +++ trunk/openvas-client/ChangeLog 2009-03-03 11:53:12 UTC (rev 2646) @@ -1,5 +1,10 @@ 2009-03-03 Felix Wolfsteller + * nessus/parser.c: Cosmetics, K&R style replacements, documentation, + formatting. + +2009-03-03 Felix Wolfsteller + * nessus/backend.c: Added commented RATS ignores where strlen is called on string literals. Modified: trunk/openvas-client/nessus/parser.c =================================================================== --- trunk/openvas-client/nessus/parser.c 2009-03-03 11:23:11 UTC (rev 2645) +++ trunk/openvas-client/nessus/parser.c 2009-03-03 11:53:12 UTC (rev 2646) @@ -26,6 +26,11 @@ * do so, delete this exception statement from your version. */ +/** @file + * Mainly functions to parse messages coming from the server and undertake + * appropriate actions. + */ + #include #include "nessus_i18n.h" @@ -63,11 +68,10 @@ return 1; } -/* +/** * nessusd does not convert the subnet by itself, so we create * this record on this fly */ - static char * __host2subnet (char* host) { @@ -200,14 +204,14 @@ } /** - * Adjust the priority of a script's output and adds information about - * client-side adjusted priority in the text + * @brief Adjust the priority of a script's output and adds information about + * @brief client-side adjusted priority in the text. * - * @param script_id unified script id - * @param context current context the script is run in - * @param priority Server-side priority for this script - * @param port Port specification for this script - * @param data Output returned from the script + * @param script_id Unified script id (OID). + * @param context Current context the script is run in. + * @param priority[out] Server-side priority for this script. + * @param port Port specification for this script. + * @param data Output returned from the script. * * @return adjusted script output or NULL if no override was found or an error occurred * @return priority adjusted priority for later processing @@ -302,11 +306,12 @@ } /** - * This function analyzes a message received - * from the server, and performs what must - * must be done depending on the server message + * @brief Analyzes a message received from the server, and performs what must + * @brief must be done depending on the server message. + * + * @return MSG_STAT2 if its "just" a status update */ -int +int parse_server_message (struct context* context, char * message, int backend, char * humanmsg) { @@ -314,7 +319,7 @@ char * buf; char * t; int type; - + if(!strncmp(message, "s:", 2)) return MSG_STAT2; else @@ -485,15 +490,11 @@ } /** - * The server has sent a STATUS message. + * @brief The server has sent a STATUS message. */ void -parse_nessusd_status(servmsg, host, action, current, max) - char * servmsg; - char ** host; - char ** action; - char ** current; - int * max; +parse_nessusd_status (char * servmsg, char ** host, char ** action, + char ** current, int * max) { char * t1,*t2; @@ -535,12 +536,8 @@ } void -parse_nessusd_short_status(msg, host, action, current, max) - char * msg; - char ** host; - char ** action; - char ** current; - int * max; +parse_nessusd_short_status (char * msg, char ** host, char ** action, + char ** current, int * max) { char * t; static char portscan[] = "portscan"; @@ -594,12 +591,12 @@ } /** - * Adds an entry into the backend to report that the server has sent a - * HOLE, INFO, NOTE, LOG or DEBUG message. + * @brief Adds an entry into the backend to report that the server has sent a + * @brief HOLE, INFO, NOTE, LOG or DEBUG message. * - * @param backend The backend index. + * @param backend The backend index. * @param servermsg The server message as a string. - * @param type One of {MSG_HOLE, MSG_INFO, MSG_NOT, MSG_LOG, MSG_DEBUG}. + * @param type One of {MSG_HOLE, MSG_INFO, MSG_NOT, MSG_LOG, MSG_DEBUG}. */ void parse_host_add_data (int backend, struct context * context, char * servmsg, @@ -612,7 +609,7 @@ char * msgt; char * script_id; char * old; - + hostname = parse_separator(servmsg); if(!hostname){ return; @@ -641,13 +638,13 @@ if ((msgt = priority_type_to_str(type)) == NULL) return; - + if ((data = parse_modify_data(hostname, script_id, context, &type, port, data)) == NULL) return; if ((msgt = priority_type_to_str(type)) == NULL) return; - + old = data; data = rmslashes(old); efree(&old); @@ -657,15 +654,15 @@ { netmap_add_data(data); } -#endif +#endif subnet = __host2subnet(hostname); backend_insert_report_data(backend, subnet, hostname, port, script_id, msgt, data); - + #ifdef DEBUGMORE fprintf(stderr,"data for %s (port %s) [type : %d] : \n%s\n", hostname, port, type, data); #endif - + efree(&script_id); efree(&hostname); efree(&port); @@ -677,7 +674,7 @@ * @return Pointer to the location after the ' <|> ' symbol in str or NULL if * no ' <|> ' found. */ -char * +char * parse_symbol(char *str) { char * s = str; @@ -696,11 +693,16 @@ } /** + * @brief In the standard case, returns content between two separators (\<|\>) + * @brief in a string. + * * Returns a copy of the string between the first two ' <|> 's, or from the * first ' <|> ' to the end of string str or NULL if str is empty or does not * contain a ' <|> '. + * + * @param str String to parse. */ -char * +char * parse_separator(char* str) { char * s_1, *s_2; From scm-commit at wald.intevation.org Wed Mar 4 08:27:00 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 08:27:00 +0100 (CET) Subject: [Openvas-commits] r2647 - in trunk/openvas-client: . nessus/prefs_dialog src/gui src/openvas-lib src/util Message-ID: <20090304072700.E3D13406FF@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 08:26:56 +0100 (Wed, 04 Mar 2009) New Revision: 2647 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c trunk/openvas-client/src/gui/ssh_keys_dialog.c trunk/openvas-client/src/openvas-lib/openvas_ssh_login.c trunk/openvas-client/src/openvas-lib/openvas_ssh_login.h trunk/openvas-client/src/util/openvas_ssh_key_create.c trunk/openvas-client/src/util/openvas_ssh_key_create.h Log: Renamed the OpenVAS SSH Key Manager into the OpenVAS LSC Credentials Manager. * src/openvas-lib/openvas_ssh_login.h, src/gui/ssh_keys_dialog.c, src/util/openvas_ssh_key_create.c, src/util/openvas_ssh_key_create.h, nessus/prefs_dialog/prefs_dialog_prefs.c, src/openvas-lib/openvas_ssh_login.c: Reworded ~SSH Key into LSC Credentials. * nessus/prefs_dialog/prefs_dialog_prefs.c (prefs_dialog_prefs): Use non-default box adding for slightly better look. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-03 11:53:12 UTC (rev 2646) +++ trunk/openvas-client/ChangeLog 2009-03-04 07:26:56 UTC (rev 2647) @@ -1,3 +1,17 @@ +2009-03-04 Felix Wolfsteller + + Renamed the OpenVAS SSH Key Manager into the OpenVAS LSC Credentials + Manager. + + * src/openvas-lib/openvas_ssh_login.h, src/gui/ssh_keys_dialog.c, + src/util/openvas_ssh_key_create.c, src/util/openvas_ssh_key_create.h, + nessus/prefs_dialog/prefs_dialog_prefs.c, + src/openvas-lib/openvas_ssh_login.c: Reworded ~SSH Key into LSC + Credentials. + + * nessus/prefs_dialog/prefs_dialog_prefs.c (prefs_dialog_prefs): + Use non-default box adding for slightly better look. + 2009-03-03 Felix Wolfsteller * nessus/parser.c: Cosmetics, K&R style replacements, documentation, Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c 2009-03-03 11:53:12 UTC (rev 2646) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c 2009-03-04 07:26:56 UTC (rev 2647) @@ -269,11 +269,11 @@ gtk_table_attach_defaults(GTK_TABLE(table), entry_url_bid, 1, 2, 2, 3); /* SSH Key Management */ - frame = gtk_frame_new(_("SSH Key Management")); + frame = gtk_frame_new(_("LSC Credentials Management")); gtk_widget_show(frame); - gtk_box_pack_start_defaults(GTK_BOX(vbox), frame); + gtk_box_pack_start(GTK_BOX(vbox), frame, TRUE, FALSE, 5); - ssh_management_button = gtk_button_new_with_label(_("OpenVAS SSH Key Manager")); + ssh_management_button = gtk_button_new_with_label(_("OpenVAS LSC Credentials Manager")); gtk_widget_show(ssh_management_button); gtk_container_add (GTK_CONTAINER (frame), ssh_management_button); Modified: trunk/openvas-client/src/gui/ssh_keys_dialog.c =================================================================== --- trunk/openvas-client/src/gui/ssh_keys_dialog.c 2009-03-03 11:53:12 UTC (rev 2646) +++ trunk/openvas-client/src/gui/ssh_keys_dialog.c 2009-03-04 07:26:56 UTC (rev 2647) @@ -196,7 +196,7 @@ ssh_key_info_form* form; form = ssh_key_info_form_create(); - dialog = gtk_dialog_new_with_buttons(_("OpenVAS SSH Key Manager - Create new SSH key pair"), + dialog = gtk_dialog_new_with_buttons(_("OpenVAS LSC Credentials Manager - Create new Credentials"), NULL, GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, @@ -250,7 +250,7 @@ /** - * @brief Shows the SSH Key Management Dialog. + * @brief Shows the OpenVAS LSC Credentials Management Dialog. */ void ssh_keys_dialog_show() @@ -261,7 +261,7 @@ GtkWidget* key_notebook; GtkWidget* buttonbox; - win = gtk_dialog_new_with_buttons(_("OpenVAS SSH Key Manager"), + win = gtk_dialog_new_with_buttons(_("OpenVAS LSC Credentials Manager"), NULL, GTK_DIALOG_MODAL | GTK_DIALOG_DESTROY_WITH_PARENT, Modified: trunk/openvas-client/src/openvas-lib/openvas_ssh_login.c =================================================================== --- trunk/openvas-client/src/openvas-lib/openvas_ssh_login.c 2009-03-03 11:53:12 UTC (rev 2646) +++ trunk/openvas-client/src/openvas-lib/openvas_ssh_login.c 2009-03-04 07:26:56 UTC (rev 2647) @@ -1,6 +1,6 @@ /* OpenVAS-Client * $Id$ - * Description: SSH Key management. + * Description: LSC Credentials management. * * Authors: * Felix Wolfsteller Modified: trunk/openvas-client/src/openvas-lib/openvas_ssh_login.h =================================================================== --- trunk/openvas-client/src/openvas-lib/openvas_ssh_login.h 2009-03-03 11:53:12 UTC (rev 2646) +++ trunk/openvas-client/src/openvas-lib/openvas_ssh_login.h 2009-03-04 07:26:56 UTC (rev 2647) @@ -1,6 +1,6 @@ /* OpenVAS-Client * $Id$ - * Description: SSH Key management. + * Description: LSC Credentials management. * * Authors: * Felix Wolfsteller Modified: trunk/openvas-client/src/util/openvas_ssh_key_create.c =================================================================== --- trunk/openvas-client/src/util/openvas_ssh_key_create.c 2009-03-03 11:53:12 UTC (rev 2646) +++ trunk/openvas-client/src/util/openvas_ssh_key_create.c 2009-03-04 07:26:56 UTC (rev 2647) @@ -1,6 +1,7 @@ /* OpenVAS-Client * $Id$ - * Description: SSH Key management. + * Description: LSC Credentials management - module to create and unlink key + * files. * * Authors: * Felix Wolfsteller Modified: trunk/openvas-client/src/util/openvas_ssh_key_create.h =================================================================== --- trunk/openvas-client/src/util/openvas_ssh_key_create.h 2009-03-03 11:53:12 UTC (rev 2646) +++ trunk/openvas-client/src/util/openvas_ssh_key_create.h 2009-03-04 07:26:56 UTC (rev 2647) @@ -1,6 +1,6 @@ /* OpenVAS-Client * $Id$ - * Description: SSH Key management. + * Description: LSC Credentials management. * * Authors: * Felix Wolfsteller From scm-commit at wald.intevation.org Wed Mar 4 08:41:59 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 08:41:59 +0100 (CET) Subject: [Openvas-commits] r2648 - in trunk/openvas-plugins: . scripts Message-ID: <20090304074159.4B10A40761@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 08:41:57 +0100 (Wed, 04 Mar 2009) New Revision: 2648 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gather-package-list.nasl Log: * scripts/gather-package-list.nasl: If ssh_func failed opening a socket send the error message as log message to the client. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-04 07:26:56 UTC (rev 2647) +++ trunk/openvas-plugins/ChangeLog 2009-03-04 07:41:57 UTC (rev 2648) @@ -1,3 +1,8 @@ +2009-03-04 Felix Wolfsteller + + * scripts/gather-package-list.nasl: If ssh_func failed opening a socket + send the error message as log message to the client. + 2009-03-03 Jan-Oliver Wagner * docs/plugins_api.txt: Updated according to replacement of Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl =================================================================== --- trunk/openvas-plugins/scripts/gather-package-list.nasl 2009-03-04 07:26:56 UTC (rev 2647) +++ trunk/openvas-plugins/scripts/gather-package-list.nasl 2009-03-04 07:41:57 UTC (rev 2648) @@ -26,7 +26,7 @@ if(description) { script_id(50282); - script_version("1.1.1"); + script_version("1.1.2"); name["english"] = "Determine OS and list of installed packages via SSH login"; script_name(english:name["english"]); @@ -65,6 +65,8 @@ } sock = ssh_login_or_reuse_connection(); if(!sock) { + # Send "error" as set by ssh_funcs. + log_message(port:port, data:get_ssh_error()); exit(0); } From scm-commit at wald.intevation.org Wed Mar 4 08:54:15 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 08:54:15 +0100 (CET) Subject: [Openvas-commits] r2649 - in trunk/openvas-plugins: . scripts Message-ID: <20090304075415.34B9440761@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 08:54:12 +0100 (Wed, 04 Mar 2009) New Revision: 2649 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gather-package-list.nasl Log: * scripts/gather-package-list.nasl: NASL-LEVEL- guard the log message sending. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-04 07:41:57 UTC (rev 2648) +++ trunk/openvas-plugins/ChangeLog 2009-03-04 07:54:12 UTC (rev 2649) @@ -1,5 +1,10 @@ 2009-03-04 Felix Wolfsteller + * scripts/gather-package-list.nasl: NASL-LEVEL- guard the log message + sending. + +2009-03-04 Felix Wolfsteller + * scripts/gather-package-list.nasl: If ssh_func failed opening a socket send the error message as log message to the client. Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl =================================================================== --- trunk/openvas-plugins/scripts/gather-package-list.nasl 2009-03-04 07:41:57 UTC (rev 2648) +++ trunk/openvas-plugins/scripts/gather-package-list.nasl 2009-03-04 07:54:12 UTC (rev 2649) @@ -26,7 +26,7 @@ if(description) { script_id(50282); - script_version("1.1.2"); + script_version("1.1.3"); name["english"] = "Determine OS and list of installed packages via SSH login"; script_name(english:name["english"]); @@ -65,8 +65,10 @@ } sock = ssh_login_or_reuse_connection(); if(!sock) { + if(NASL_LEVEL>=2300){ # Send "error" as set by ssh_funcs. log_message(port:port, data:get_ssh_error()); + } exit(0); } From scm-commit at wald.intevation.org Wed Mar 4 09:55:14 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 09:55:14 +0100 (CET) Subject: [Openvas-commits] r2650 - in trunk/openvas-client: . nessus Message-ID: <20090304085514.69B8040708@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 09:55:10 +0100 (Wed, 04 Mar 2009) New Revision: 2650 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/data_mining.c Log: Improved documentation of data_mining module, minor reformatting. * nessus/data_mining.c: Improved documentation. * nessus/data_mining.c (__split_line): K&R style replacement. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-04 07:54:12 UTC (rev 2649) +++ trunk/openvas-client/ChangeLog 2009-03-04 08:55:10 UTC (rev 2650) @@ -1,5 +1,13 @@ 2009-03-04 Felix Wolfsteller + Improved documentation of data_mining module, minor reformatting. + + * nessus/data_mining.c: Improved documentation. + + * nessus/data_mining.c (__split_line): K&R style replacement. + +2009-03-04 Felix Wolfsteller + Renamed the OpenVAS SSH Key Manager into the OpenVAS LSC Credentials Manager. Modified: trunk/openvas-client/nessus/data_mining.c =================================================================== --- trunk/openvas-client/nessus/data_mining.c 2009-03-04 07:54:12 UTC (rev 2649) +++ trunk/openvas-client/nessus/data_mining.c 2009-03-04 08:55:10 UTC (rev 2650) @@ -30,12 +30,14 @@ */ /** @file - * Functions to explore a report. Note that this code can easily be + * Functions to explore a report. + * Note that this code can easily be * changed to be linked to any database instead of the simple * flat files that are currently used. - * * This file implements subset selection in the report as well * as the implementation of a light query language. + * + * @section queryreport Querying a report * * We use a dumb SQL-like language to query our subsets. If a database * was to be linked, it should intercept these calls, rephrase them @@ -48,7 +50,7 @@ * * * where \ is one of : - * - subnet + * - subnet * - host * - port * - note (security note) @@ -65,6 +67,17 @@ * SELECT host FROM results WHERE subnet = '127.0.0'\n * SELECT host,severity FROM results WHERE subnet = '127.0.0'\n * SELECT host,severity,port FROM results WHERE subnet = '127.0.0'\n + * + * + * @section subsetmanagement Subset Management Interface + * + * A subset contains the result of a query. It is made up of rows + * and fields (that we call values). + * To go from the current row to the next one, use the function + * subset_next(). To extract value of the values (fields), + * use subset_nth_value(). subset_value() is an alias for + * subset_nth_value(subset, 0), ie: it returns the first field + * (the only one which can not be NULL). */ #include @@ -606,7 +619,7 @@ /** - * Entry point for the sort + * @brief Entry point for the sort. * * @param subset The subset we want to sort. * @param field_start Starting number of fields to sort. @@ -629,12 +642,11 @@ *------------------------------------------------------------------------*/ /** - * Act as the uniq(1) unix utility -> two entries with the same - * fields are removed. + * @brief Act as the uniq(1) unix utility -> two entries with the same + * @brief fields are removed. * * This function compares the \ first fields. - * (hence, subset_uniq(s, 0) will remove all duplicates in a list) - * + * (hence, subset_uniq(s, 0) will remove all duplicates in a list). */ struct subset * subset_uniq (struct subset * subset, int n) @@ -671,9 +683,9 @@ /** - * Tells us if the value \ is already in the \ field of the current - * row - */ + * @brief Tells us if the value \ is already in the \ field of + * @brief the current row. + */ static char * subset_in_nth (struct subset * subset, char * value, int n) { @@ -688,7 +700,7 @@ /** - * An alias for the above function, for n = 0 + * @brief An alias for the above function, for subset_in_nth (0). */ char * subset_in (struct subset * subset, char * value) @@ -698,7 +710,7 @@ /** - * Frees a subset and associate fields from memory + * @brief Frees a subset and associate fields from memory. */ void subset_free (struct subset * subset) @@ -719,7 +731,7 @@ /** - * Dumps the content of a subset on screen. For debugging purposes only + * @brief Dumps the content of a subset on screen (for debugging purposes only). */ int subset_dump (struct subset * subset) @@ -738,7 +750,7 @@ /** - * Returns the number of items in a subset + * @brief Returns the number of items in a subset. */ int subset_size (struct subset * subset) @@ -901,8 +913,7 @@ /** - * Parses the condition(s) of a query (the whole part - * after 'where') + * @brief Parses the condition(s) of a query (the whole part after 'where'). */ static struct condition * compile_conditions(str) @@ -1098,13 +1109,11 @@ /** - * parse a line in our .nsr file and returns the records - * contained in it + * @brief Parse a line in a .nbe file and returns the records contained in it. */ static int -__split_line(entry, table, subnet, hostname, port, plugin_id, severity, data) - char * entry; - char ** table, **subnet, **hostname, ** port, ** plugin_id, ** severity, ** data; +__split_line (char * entry, char ** table, char** subnet, char** hostname, + char** port, char** plugin_id, char** severity, char** data) { char * t; *port = *plugin_id = *severity = *data = NULL; From scm-commit at wald.intevation.org Wed Mar 4 10:25:51 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 10:25:51 +0100 (CET) Subject: [Openvas-commits] r2651 - in trunk/openvas-plugins: . scripts Message-ID: <20090304092551.65C7240766@pyrosoma.intevation.org> Author: kost Date: 2009-03-04 10:25:48 +0100 (Wed, 04 Mar 2009) New Revision: 2651 Added: trunk/openvas-plugins/scripts/tftpd_detect.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new script for TFTP detection Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-04 08:55:10 UTC (rev 2650) +++ trunk/openvas-plugins/ChangeLog 2009-03-04 09:25:48 UTC (rev 2651) @@ -1,3 +1,7 @@ +2009-03-04 Vlatko Kosturjak + * scripts/tftpd_detect.nasl: + Added new script for TFTP detection + 2009-03-04 Felix Wolfsteller * scripts/gather-package-list.nasl: NASL-LEVEL- guard the log message Added: trunk/openvas-plugins/scripts/tftpd_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/tftpd_detect.nasl 2009-03-04 08:55:10 UTC (rev 2650) +++ trunk/openvas-plugins/scripts/tftpd_detect.nasl 2009-03-04 09:25:48 UTC (rev 2651) @@ -0,0 +1,93 @@ +# tftpd detect +# template from external_svc_ident.nasl +if (description) +{ + script_id(80100); + script_version("1.0"); + + desc = " +Synopsis : + +The remote host has TFTP server running. + +Description : + +The remote host has TFTP server running. TFTP stands +for Trivial File Transfer Protocol. + +Solution : + +Disable TFTP server if not used. + +Risk factor : + +None"; + + script_description(english: desc); + script_copyright(english: "(C) 2009 Vlatko Kosturjak"); + script_name(english: "TFTP detection"); + script_category(ACT_GATHER_INFO); + script_family(english: "Service detection"); + script_summary(english: "Detects TFTP server"); + + exit(0); +} + +include('misc_func.inc'); +include('global_settings.inc'); + +foundtftp=0; + +# taken from tftpd_dir_trav.nasl, adapted a bit +function tftp_grab(port, file, mode) +{ + local_var req, rep, sport, ip, u, filter, data, i; + + req = '\x00\x01'+file+'\0'+mode+'\0'; + sport = rand() % 64512 + 1024; + + ip = forge_ip_packet(ip_hl : 5, ip_v: 4, ip_tos:0, + ip_len:20, ip_off:0, ip_ttl:64, ip_p:IPPROTO_UDP, + ip_src: this_host()); + + u = forge_udp_packet(ip:ip, uh_sport: sport, uh_dport:port, uh_ulen: 8 + strlen(req), data:req); + + filter = 'udp and dst port ' + sport + ' and src host ' + get_host_ip() + ' and udp[8:1]=0x00'; + + data = NULL; + for (i = 0; i < 2; i ++) # Try twice + { + rep = send_packet(u, pcap_active:TRUE, pcap_filter:filter, pcap_timeout:1); + if(rep) + { + if (debug_level > 2) dump(ddata: rep, dtitle: 'TFTP (IP)'); + data = get_udp_element(udp: rep, element:"data"); + if (debug_level > 1) dump(ddata: data, dtitle: 'TFTP (UDP)'); + if (data[0] == '\0') + { + if (data[1] == '\x03' || data[1] =='\x05') { + foundtftp=1; + } + } + else + return NULL; + } + } + return NULL; +} + +port=69; +rndfile="nonexistant-"+rand_str(); + +exit (0); + +# test valid modes according to RFC-783 +tftp_grab (port:port, file:rndfile, mode:"netascii"); +tftp_grab (port:port, file:rndfile, mode:"octet"); +tftp_grab (port:port, file:rndfile, mode:"mail"); + +if (foundtftp==1) { + register_service(port: port, ipproto: "udp", proto: "tftp"); + security_note(port:port, proto:"udp"); +} + From scm-commit at wald.intevation.org Wed Mar 4 10:56:04 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 10:56:04 +0100 (CET) Subject: [Openvas-commits] r2652 - in trunk/openvas-client: . include nessus src/util Message-ID: <20090304095604.3F378406E0@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 10:56:02 +0100 (Wed, 04 Mar 2009) New Revision: 2652 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/include/config.h.in trunk/openvas-client/nessus/parser.c trunk/openvas-client/src/util/parseutils.c Log: Replaced #ifdef DEBUGMORE switches by #ifdef DEBUGs. * include/config.h.in: No need to undef MOREDEBUG anymore. * nessus/parser.c, src/util/parseutils.c: Replaced DEBUGMORE by DEBUG. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-04 09:25:48 UTC (rev 2651) +++ trunk/openvas-client/ChangeLog 2009-03-04 09:56:02 UTC (rev 2652) @@ -1,5 +1,13 @@ 2009-03-04 Felix Wolfsteller + Replaced #ifdef DEBUGMORE switches by #ifdef DEBUGs. + + * include/config.h.in: No need to undef MOREDEBUG anymore. + + * nessus/parser.c, src/util/parseutils.c: Replaced DEBUGMORE by DEBUG. + +2009-03-04 Felix Wolfsteller + Improved documentation of data_mining module, minor reformatting. * nessus/data_mining.c: Improved documentation. Modified: trunk/openvas-client/include/config.h.in =================================================================== --- trunk/openvas-client/include/config.h.in 2009-03-04 09:25:48 UTC (rev 2651) +++ trunk/openvas-client/include/config.h.in 2009-03-04 09:56:02 UTC (rev 2652) @@ -28,7 +28,6 @@ #undef DEBUG /* more paricular debuging flags */ -#undef DEBUGMORE #undef ENABLE_PID_STAMP_DEBUGGING /* Definitions for client/server ecryption, activated on the C compiler Modified: trunk/openvas-client/nessus/parser.c =================================================================== --- trunk/openvas-client/nessus/parser.c 2009-03-04 09:25:48 UTC (rev 2651) +++ trunk/openvas-client/nessus/parser.c 2009-03-04 09:56:02 UTC (rev 2652) @@ -581,7 +581,7 @@ if(!port){efree(&hostname); return;} subnet = __host2subnet(hostname); backend_insert_report_port(backend, subnet, hostname, port); -#ifdef DEBUGMORE +#ifdef DEBUG fprintf(stderr, "Port %s opened on %s\n", port, hostname); #endif @@ -659,7 +659,7 @@ backend_insert_report_data(backend, subnet, hostname, port, script_id, msgt, data); -#ifdef DEBUGMORE +#ifdef DEBUG fprintf(stderr,"data for %s (port %s) [type : %d] : \n%s\n", hostname, port, type, data); #endif Modified: trunk/openvas-client/src/util/parseutils.c =================================================================== --- trunk/openvas-client/src/util/parseutils.c 2009-03-04 09:25:48 UTC (rev 2651) +++ trunk/openvas-client/src/util/parseutils.c 2009-03-04 09:56:02 UTC (rev 2652) @@ -51,7 +51,7 @@ int priority_name_to_type(char *name) { -#ifdef DEBUGMORE +#ifdef DEBUG fprintf(stderr, "%s:%d type : %s\n", __FILE__, __LINE__, name); #endif if(!strcmp(MSG_HOLE_STR, name))return(MSG_HOLE); From scm-commit at wald.intevation.org Wed Mar 4 11:08:02 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 11:08:02 +0100 (CET) Subject: [Openvas-commits] r2653 - in trunk/openvas-client: . src/gui Message-ID: <20090304100802.CEBBE40761@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 11:08:01 +0100 (Wed, 04 Mar 2009) New Revision: 2653 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/src/gui/ssh_key_info_form.c Log: * src/gui/ssh_key_info_form.c (ssh_key_info_form_create): Modified label text to indicate that password is optional (and may indeed be ignored by current ssh_authorization.nasl). Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-04 09:56:02 UTC (rev 2652) +++ trunk/openvas-client/ChangeLog 2009-03-04 10:08:01 UTC (rev 2653) @@ -1,5 +1,11 @@ 2009-03-04 Felix Wolfsteller + * src/gui/ssh_key_info_form.c (ssh_key_info_form_create): Modified + label text to indicate that password is optional (and may indeed be + ignored by current ssh_authorization.nasl). + +2009-03-04 Felix Wolfsteller + Replaced #ifdef DEBUGMORE switches by #ifdef DEBUGs. * include/config.h.in: No need to undef MOREDEBUG anymore. Modified: trunk/openvas-client/src/gui/ssh_key_info_form.c =================================================================== --- trunk/openvas-client/src/gui/ssh_key_info_form.c 2009-03-04 09:56:02 UTC (rev 2652) +++ trunk/openvas-client/src/gui/ssh_key_info_form.c 2009-03-04 10:08:01 UTC (rev 2653) @@ -195,7 +195,7 @@ row++; col = 1; - label = gtk_label_new(_("SSH login password:")); + label = gtk_label_new(_("(optional) SSH login password:")); gtk_table_attach_defaults(GTK_TABLE(table), label, col, col+1, row, row+1); col++; gtk_table_attach_defaults(GTK_TABLE(table), form->userpassword, col, col+1, row, row+1); From scm-commit at wald.intevation.org Wed Mar 4 11:18:05 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 11:18:05 +0100 (CET) Subject: [Openvas-commits] r2654 - in trunk/openvas-client: . nessus src/util Message-ID: <20090304101805.5F5CB40761@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 11:18:03 +0100 (Wed, 04 Mar 2009) New Revision: 2654 Added: trunk/openvas-client/nessus/parseutils.c trunk/openvas-client/nessus/parseutils.h Removed: trunk/openvas-client/src/util/parseutils.c trunk/openvas-client/src/util/parseutils.h Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/MANIFEST trunk/openvas-client/nessus/Makefile trunk/openvas-client/src/util/Makefile Log: Moved parseutils module (extracted from parser module in rev 2610) back into nessus dir, due to unclear copyright and licensing. * src/util/parseutils.c, src/util/parseutils.h: Moved to nessus/, reverted GPL and copyright header. * nessus/parseutils.h, nessus/parseutils.c: Moved from src/util, reverted GPL and copyright header. * src/util/Makefile: Removed parseutils target. * nessus/Makefile: Included parseutils target. * MANIFEST: updated. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-04 10:08:01 UTC (rev 2653) +++ trunk/openvas-client/ChangeLog 2009-03-04 10:18:03 UTC (rev 2654) @@ -1,5 +1,22 @@ 2009-03-04 Felix Wolfsteller + Moved parseutils module (extracted from parser module in rev 2610) + back into nessus dir, due to unclear copyright and licensing. + + * src/util/parseutils.c, src/util/parseutils.h: Moved to nessus/, + reverted GPL and copyright header. + + * nessus/parseutils.h, nessus/parseutils.c: Moved from src/util, + reverted GPL and copyright header. + + * src/util/Makefile: Removed parseutils target. + + * nessus/Makefile: Included parseutils target. + + * MANIFEST: updated. + +2009-03-04 Felix Wolfsteller + * src/gui/ssh_key_info_form.c (ssh_key_info_form_create): Modified label text to indicate that password is optional (and may indeed be ignored by current ssh_authorization.nasl). Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-03-04 10:08:01 UTC (rev 2653) +++ trunk/openvas-client/MANIFEST 2009-03-04 10:18:03 UTC (rev 2654) @@ -82,6 +82,8 @@ nessus/OpenVAS-Client.desktop nessus/parser.c nessus/parser.h +nessus/parseutils.c +nessus/parseutils.h nessus/pdf_output.c nessus/pdf_output.h nessus/plugin_cache.c Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2009-03-04 10:08:01 UTC (rev 2653) +++ trunk/openvas-client/nessus/Makefile 2009-03-04 10:18:03 UTC (rev 2654) @@ -43,6 +43,7 @@ error_dlg.o \ backend.o \ data_mining.o \ + parseutils.o \ prefs_dialog.o \ prefs_scope_tree.o \ prefs_dialog_scan_opt.o \ @@ -73,7 +74,7 @@ ../src/gui/ssh_key_info_form.o ../src/gui/nvt_pref_sshlogin.o \ ../src/openvas-lib/hash_table_file.o ../src/gui/priorities_dialog.o \ -UTIL_OBJS = ../src/util/parseutils.o ../src/util/priority.o +UTIL_OBJS = ../src/util/priority.o all : cflags ${make_bindir}/$(NESSUSCLIENT) @@ -170,6 +171,9 @@ ssh_key_info_form.o : cflags ../src/gui/ssh_key_info_form.c ../src/gui/ssh_key_info_form.h globals.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/gui/ssh_key_info_form.c +parseutils.o: cflags parseutils.c parseutils.h + $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c parseutils.c + prefs_dialog_plugins_prefs.o : cflags prefs_dialog/prefs_dialog_plugins_prefs.c context.h \ prefs_dialog/listnotebook.h prefs_dialog/readonly.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_dialog_plugins_prefs.c Copied: trunk/openvas-client/nessus/parseutils.c (from rev 2652, trunk/openvas-client/src/util/parseutils.c) =================================================================== --- trunk/openvas-client/src/util/parseutils.c 2009-03-04 09:56:02 UTC (rev 2652) +++ trunk/openvas-client/nessus/parseutils.c 2009-03-04 10:18:03 UTC (rev 2654) @@ -0,0 +1,155 @@ +/* Nessus + * Copyright (C) 1998 - 2001 Renaud Deraison + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * In addition, as a special exception, Renaud Deraison + * gives permission to link the code of this program with any + * version of the OpenSSL library which is distributed under a + * license identical to that listed in the included COPYING.OpenSSL + * file, and distribute linked combinations including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * this file, you may extend this exception to your version of the + * file, but you are not obligated to do so. If you do not wish to + * do so, delete this exception statement from your version. + */ + +#include +#include +#include +#include "parseutils.h" + +/** + * @brief Convert internal message type into integer value + * + * Return value is one of MSG_HOLE, MSG_INFO, MSG_NOTE, MSG_FALSE, MSG_TIME, + * MSG_STAT, MSG_PORT, MSG_ERROR, MSG_FINISHED, MSG_BYE, MSG_LOG, MSG_DEBUG + * and -1 for unknown message type. + * + * @param name Internal message type name + * @return Message type code or -1 if unknown. + */ +int +priority_name_to_type(char *name) +{ +#ifdef DEBUG + fprintf(stderr, "%s:%d type : %s\n", __FILE__, __LINE__, name); +#endif + if(!strcmp(MSG_HOLE_STR, name))return(MSG_HOLE); + if(!strcmp(MSG_INFO_STR, name))return(MSG_INFO); + if(!strcmp(MSG_NOTE_STR, name))return(MSG_NOTE); + if(!strcmp(MSG_FALSE_STR, name))return(MSG_FALSE); + if(!strcmp(MSG_TIME_STR, name))return(MSG_TIME); + if(!strcmp(MSG_STAT_STR, name))return(MSG_STAT); + if(!strcmp(MSG_PORT_STR, name))return(MSG_PORT); + if(!strcmp(MSG_ERROR_STR, name))return(MSG_ERROR); + if(!strcmp(MSG_FINISHED_STR, name))return(MSG_FINISHED); + if(!strcmp(MSG_BYE_STR, name))return(MSG_BYE); + if(!strcmp(MSG_LOG_STR, name))return(MSG_LOG); + if(!strcmp(MSG_DEBUG_STR, name))return(MSG_DEBUG); + return(-1); +} + +/** + * @brief Convert message type into integer value + * + * Return value is one of MSG_HOLE, MSG_INFO, MSG_NOTE, MSG_FALSE, MSG_LOG, + * MSG_DEBUG and -1 for unknown message type. + * + * @param str Message type name + * @return Message type code or -1 if unknown. + */ +int +priority_str_to_type(char *str) +{ + if (!strcmp("Security Hole", str)) return MSG_HOLE; + if (!strcmp("Security Warning", str)) return MSG_INFO; + if (!strcmp("Security Note", str)) return MSG_NOTE; + if (!strcmp("False Positive", str)) return MSG_FALSE; + if (!strcmp("Log Message", str)) return MSG_LOG; + if (!strcmp("Debug Message", str)) return MSG_DEBUG; + + return -1; +} + +/** + * @brief Convert message type into internal message type name + * + * Return value is one of MSG_HOLE_STR, MSG_INFO_STR, MSG_NOTE_STR, + * MSG_FALSE_STR and exists for unknown message type. + * + * @param type Message type + * @return Message type name + */ +char * +priority_type_to_name(int type) +{ + switch (type) { + case MSG_HOLE: + return MSG_HOLE_STR; + break; + case MSG_NOTE: + return MSG_NOTE_STR; + break; + case MSG_INFO: + return MSG_INFO_STR; + break; + case MSG_FALSE: + return MSG_FALSE_STR; + break; + default: + fprintf(stderr, "priority_type_to_name: Unknown message type %d\n", type); + exit(1); + break; + } +} + + +/** + * @brief Convert message type into a human readable string + * + * Return value is the English name for the message type. + * + * @param name Message type + * @return Message type string + */ +char * +priority_type_to_str(int type) +{ + switch(type) + { + case MSG_HOLE : + return "Security Hole"; + break; + case MSG_INFO : + return "Security Warning"; + break; + case MSG_NOTE : + return "Security Note"; + break; + case MSG_FALSE : + return "False Positive"; + break; + case MSG_LOG : + return "Log Message"; + break; + case MSG_DEBUG : + return "Debug Message"; + break; + default : + fprintf(stderr, "received unknown message type (%d)\n", type); + return NULL; + } +} Copied: trunk/openvas-client/nessus/parseutils.h (from rev 2635, trunk/openvas-client/src/util/parseutils.h) =================================================================== --- trunk/openvas-client/src/util/parseutils.h 2009-03-02 12:32:47 UTC (rev 2635) +++ trunk/openvas-client/nessus/parseutils.h 2009-03-04 10:18:03 UTC (rev 2654) @@ -0,0 +1,64 @@ +/* Nessus + * Copyright (C) 1998 - 2001 Renaud Deraison + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * as published by the Free Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + * + * In addition, as a special exception, Renaud Deraison + * gives permission to link the code of this program with any + * version of the OpenSSL library which is distributed under a + * license identical to that listed in the included COPYING.OpenSSL + * file, and distribute linked combinations including the two. + * You must obey the GNU General Public License in all respects + * for all of the code used other than OpenSSL. If you modify + * this file, you may extend this exception to your version of the + * file, but you are not obligated to do so. If you do not wish to + * do so, delete this exception statement from your version. + */ + +#ifndef _UTIL_PARSEUTILS_H +#define _UTIL_PARSEUTILS_H + +#define MSG_ERROR 1 +#define MSG_PORT 2 +#define MSG_HOLE 3 +#define MSG_BYE 4 +#define MSG_INFO 5 +#define MSG_STAT 6 +#define MSG_FINISHED 9 +#define MSG_STAT2 10 +#define MSG_NOTE 11 +#define MSG_TIME 12 +#define MSG_LOG 13 +#define MSG_DEBUG 14 +#define MSG_FALSE 15 + +#define MSG_ERROR_STR "ERROR" +#define MSG_PORT_STR "PORT" +#define MSG_HOLE_STR "HOLE" +#define MSG_INFO_STR "INFO" +#define MSG_NOTE_STR "NOTE" +#define MSG_STAT_STR "STATUS" +#define MSG_BYE_STR "BYE" +#define MSG_FINISHED_STR "FINISHED" +#define MSG_TIME_STR "TIME" +#define MSG_LOG_STR "LOG" +#define MSG_DEBUG_STR "DEBUG" +#define MSG_FALSE_STR "FALSE" + +int priority_name_to_type(char *name); +int priority_str_to_type(char *str); +char *priority_type_to_name(int type); +char * priority_type_to_str(int type); + +#endif /* _UTIL_PARSEUTILS_H */ Modified: trunk/openvas-client/src/util/Makefile =================================================================== --- trunk/openvas-client/src/util/Makefile 2009-03-04 10:08:01 UTC (rev 2653) +++ trunk/openvas-client/src/util/Makefile 2009-03-04 10:18:03 UTC (rev 2654) @@ -6,7 +6,7 @@ # Felix Wolfsteller # # Copyright: -# Copyright (C) 2008 Intevation GmbH +# Copyright (C) 2008, 2009 Intevation GmbH # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License version 2, @@ -48,7 +48,7 @@ LDFLAGS+=-mwindows endif -OBJS=openvas_ssh_key_create.o priority.o parseutils.o +OBJS=openvas_ssh_key_create.o priority.o all : cflags $(OBJS) @@ -64,8 +64,5 @@ priority.o: priority.c priority.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c priority.c -parseutils.o: parseutils.c parseutils.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c parseutils.c - clean : rm -f *.o cflags Deleted: trunk/openvas-client/src/util/parseutils.c =================================================================== --- trunk/openvas-client/src/util/parseutils.c 2009-03-04 10:08:01 UTC (rev 2653) +++ trunk/openvas-client/src/util/parseutils.c 2009-03-04 10:18:03 UTC (rev 2654) @@ -1,162 +0,0 @@ -/* OpenVAS-Client - * - * Description: Utilities for parsing - * - * Authors: - * Joey Schulze - * - * Copyright: - * Copyright (C) 2009 Intevation GmbH - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * or, at your option, any later version as published by the Free - * Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * In addition, as a special exception, you have - * permission to link the code of this program with the OpenSSL - * library (or with modified versions of OpenSSL that use the same - * license as OpenSSL), and distribute linked combinations including - * the two. You must obey the GNU General Public License in all - * respects for all of the code used other than OpenSSL. If you - * modify this file, you may extend this exception to your version - * of the file, but you are not obligated to do so. If you do not - * wish to do so, delete this exception statement from your version. - */ - -#include -#include -#include -#include "parseutils.h" - -/** - * @brief Convert internal message type into integer value - * - * Return value is one of MSG_HOLE, MSG_INFO, MSG_NOTE, MSG_FALSE, MSG_TIME, - * MSG_STAT, MSG_PORT, MSG_ERROR, MSG_FINISHED, MSG_BYE, MSG_LOG, MSG_DEBUG - * and -1 for unknown message type. - * - * @param name Internal message type name - * @return Message type code or -1 if unknown. - */ -int -priority_name_to_type(char *name) -{ -#ifdef DEBUG - fprintf(stderr, "%s:%d type : %s\n", __FILE__, __LINE__, name); -#endif - if(!strcmp(MSG_HOLE_STR, name))return(MSG_HOLE); - if(!strcmp(MSG_INFO_STR, name))return(MSG_INFO); - if(!strcmp(MSG_NOTE_STR, name))return(MSG_NOTE); - if(!strcmp(MSG_FALSE_STR, name))return(MSG_FALSE); - if(!strcmp(MSG_TIME_STR, name))return(MSG_TIME); - if(!strcmp(MSG_STAT_STR, name))return(MSG_STAT); - if(!strcmp(MSG_PORT_STR, name))return(MSG_PORT); - if(!strcmp(MSG_ERROR_STR, name))return(MSG_ERROR); - if(!strcmp(MSG_FINISHED_STR, name))return(MSG_FINISHED); - if(!strcmp(MSG_BYE_STR, name))return(MSG_BYE); - if(!strcmp(MSG_LOG_STR, name))return(MSG_LOG); - if(!strcmp(MSG_DEBUG_STR, name))return(MSG_DEBUG); - return(-1); -} - -/** - * @brief Convert message type into integer value - * - * Return value is one of MSG_HOLE, MSG_INFO, MSG_NOTE, MSG_FALSE, MSG_LOG, - * MSG_DEBUG and -1 for unknown message type. - * - * @param str Message type name - * @return Message type code or -1 if unknown. - */ -int -priority_str_to_type(char *str) -{ - if (!strcmp("Security Hole", str)) return MSG_HOLE; - if (!strcmp("Security Warning", str)) return MSG_INFO; - if (!strcmp("Security Note", str)) return MSG_NOTE; - if (!strcmp("False Positive", str)) return MSG_FALSE; - if (!strcmp("Log Message", str)) return MSG_LOG; - if (!strcmp("Debug Message", str)) return MSG_DEBUG; - - return -1; -} - -/** - * @brief Convert message type into internal message type name - * - * Return value is one of MSG_HOLE_STR, MSG_INFO_STR, MSG_NOTE_STR, - * MSG_FALSE_STR and exists for unknown message type. - * - * @param type Message type - * @return Message type name - */ -char * -priority_type_to_name(int type) -{ - switch (type) { - case MSG_HOLE: - return MSG_HOLE_STR; - break; - case MSG_NOTE: - return MSG_NOTE_STR; - break; - case MSG_INFO: - return MSG_INFO_STR; - break; - case MSG_FALSE: - return MSG_FALSE_STR; - break; - default: - fprintf(stderr, "priority_type_to_name: Unknown message type %d\n", type); - exit(1); - break; - } -} - - -/** - * @brief Convert message type into a human readable string - * - * Return value is the English name for the message type. - * - * @param name Message type - * @return Message type string - */ -char * -priority_type_to_str(int type) -{ - switch(type) - { - case MSG_HOLE : - return "Security Hole"; - break; - case MSG_INFO : - return "Security Warning"; - break; - case MSG_NOTE : - return "Security Note"; - break; - case MSG_FALSE : - return "False Positive"; - break; - case MSG_LOG : - return "Log Message"; - break; - case MSG_DEBUG : - return "Debug Message"; - break; - default : - fprintf(stderr, "received unknown message type (%d)\n", type); - return NULL; - } -} Deleted: trunk/openvas-client/src/util/parseutils.h =================================================================== --- trunk/openvas-client/src/util/parseutils.h 2009-03-04 10:08:01 UTC (rev 2653) +++ trunk/openvas-client/src/util/parseutils.h 2009-03-04 10:18:03 UTC (rev 2654) @@ -1,71 +0,0 @@ -/* OpenVAS-Client - * - * Description: Utilities for parsing - * - * Authors: - * Joey Schulze - * - * Copyright: - * Copyright (C) 2009 Intevation GmbH - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * or, at your option, any later version as published by the Free - * Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. - * - * In addition, as a special exception, you have - * permission to link the code of this program with the OpenSSL - * library (or with modified versions of OpenSSL that use the same - * license as OpenSSL), and distribute linked combinations including - * the two. You must obey the GNU General Public License in all - * respects for all of the code used other than OpenSSL. If you - * modify this file, you may extend this exception to your version - * of the file, but you are not obligated to do so. If you do not - * wish to do so, delete this exception statement from your version. - */ - -#ifndef _UTIL_PARSEUTILS_H -#define _UTIL_PARSEUTILS_H - -#define MSG_ERROR 1 -#define MSG_PORT 2 -#define MSG_HOLE 3 -#define MSG_BYE 4 -#define MSG_INFO 5 -#define MSG_STAT 6 -#define MSG_FINISHED 9 -#define MSG_STAT2 10 -#define MSG_NOTE 11 -#define MSG_TIME 12 -#define MSG_LOG 13 -#define MSG_DEBUG 14 -#define MSG_FALSE 15 - -#define MSG_ERROR_STR "ERROR" -#define MSG_PORT_STR "PORT" -#define MSG_HOLE_STR "HOLE" -#define MSG_INFO_STR "INFO" -#define MSG_NOTE_STR "NOTE" -#define MSG_STAT_STR "STATUS" -#define MSG_BYE_STR "BYE" -#define MSG_FINISHED_STR "FINISHED" -#define MSG_TIME_STR "TIME" -#define MSG_LOG_STR "LOG" -#define MSG_DEBUG_STR "DEBUG" -#define MSG_FALSE_STR "FALSE" - -int priority_name_to_type(char *name); -int priority_str_to_type(char *str); -char *priority_type_to_name(int type); -char * priority_type_to_str(int type); - -#endif /* _UTIL_PARSEUTILS_H */ From scm-commit at wald.intevation.org Wed Mar 4 11:32:16 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 11:32:16 +0100 (CET) Subject: [Openvas-commits] r2655 - in trunk/openvas-client: . nessus/prefs_dialog Message-ID: <20090304103216.712224074A@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 11:32:14 +0100 (Wed, 04 Mar 2009) New Revision: 2655 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/prefs_dialog/prefs_context.c trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c Log: Disabled "Edit Priorities" menu item. * nessus/prefs_dialog/prefs_dialog.c, nessus/prefs_dialog/prefs_context.c: Disabled "Edit Priorities" menu item. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-04 10:18:03 UTC (rev 2654) +++ trunk/openvas-client/ChangeLog 2009-03-04 10:32:14 UTC (rev 2655) @@ -1,5 +1,13 @@ 2009-03-04 Felix Wolfsteller + Disabled "Edit Priorities" menu item. + + * nessus/prefs_dialog/prefs_dialog.c, + nessus/prefs_dialog/prefs_context.c: Disabled "Edit Priorities" menu + item. + +2009-03-04 Felix Wolfsteller + Moved parseutils module (extracted from parser module in rev 2610) back into nessus dir, due to unclear copyright and licensing. Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_context.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_context.c 2009-03-04 10:18:03 UTC (rev 2654) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_context.c 2009-03-04 10:32:14 UTC (rev 2655) @@ -79,7 +79,9 @@ prefs_context_enable_widget("DELETETASK_MENUITEM", type >= CONTEXT_TASK); prefs_context_enable_widget("EXECSCOPE_MENUITEM", type >= CONTEXT_SCOPE && action == CONTEXT_IDLE ); +#if 0 prefs_context_enable_widget("EDITPRIORITIES_MENUITEM", type >= CONTEXT_REPORT); +#endif prefs_context_enable_widget("NEWSCOPE_MENUITEM", type >= CONTEXT_TASK); prefs_context_enable_widget("RENAMESCOPE_MENUITEM", type >= CONTEXT_SCOPE); prefs_context_enable_widget("DELETESCOPE_MENUITEM", type >= CONTEXT_SCOPE); Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2009-03-04 10:18:03 UTC (rev 2654) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2009-03-04 10:32:14 UTC (rev 2655) @@ -471,9 +471,11 @@ menuitem_add(menuitem, submenu, "EXECSCOPE_MENUITEM", NULL, GTK_SIGNAL_FUNC(prefs_dialog_execute)); +#if 0 menuitem = gtk_menu_item_new_with_mnemonic(_("Edit _Priorities")); menuitem_add(menuitem, submenu, "EDITPRIORITIES_MENUITEM", NULL, GTK_SIGNAL_FUNC(priorities_dialog)); +#endif menuitem_separator(submenu); From scm-commit at wald.intevation.org Wed Mar 4 12:04:09 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 12:04:09 +0100 (CET) Subject: [Openvas-commits] r2656 - in trunk/openvas-client: . nessus Message-ID: <20090304110409.783AF404E4@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 12:04:07 +0100 (Wed, 04 Mar 2009) New Revision: 2656 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/parser.c Log: Use of g_strdup_printf instead of malloc + sprintf, cosmetics in parser module. * nessus/parser.c: Moved defines to beginning of file. * nessus/parser.c (is_mac_addr, parse_server_error): Shortened comment blocks. * nessus/parser.c (parse_modify_data): use g_strdupo_printf + g_free instead of emalloc + sprintf + free. * nessus/parser.c (parse_nessusd_short_status): Gave example in comment. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-04 10:32:14 UTC (rev 2655) +++ trunk/openvas-client/ChangeLog 2009-03-04 11:04:07 UTC (rev 2656) @@ -1,5 +1,20 @@ 2009-03-04 Felix Wolfsteller + Use of g_strdup_printf instead of malloc + sprintf, cosmetics in parser + module. + + * nessus/parser.c: Moved defines to beginning of file. + + * nessus/parser.c (is_mac_addr, parse_server_error): Shortened comment + blocks. + + * nessus/parser.c (parse_modify_data): use g_strdupo_printf + g_free + instead of emalloc + sprintf + free. + + * nessus/parser.c (parse_nessusd_short_status): Gave example in comment. + +2009-03-04 Felix Wolfsteller + Disabled "Edit Priorities" menu item. * nessus/prefs_dialog/prefs_dialog.c, Modified: trunk/openvas-client/nessus/parser.c =================================================================== --- trunk/openvas-client/nessus/parser.c 2009-03-04 10:32:14 UTC (rev 2655) +++ trunk/openvas-client/nessus/parser.c 2009-03-04 11:04:07 UTC (rev 2656) @@ -44,6 +44,10 @@ #include "backend.h" #include "globals.h" +#define TIMER_HOST_START 1 +#define TIMER_HOST_END 2 +#define TIMER_SCAN_START 3 +#define TIMER_SCAN_END 4 static int is_mac_addr (char* host) @@ -85,9 +89,7 @@ (!(mac = is_mac_addr(host)))) { char * t; - /* - * Not an IP nor a MAC addr - */ + /* Not an IP nor a MAC addr */ t = strchr(host, '.'); if(t) ++t; @@ -99,10 +101,8 @@ { if(mac) { - /* - * This is a MAC address. In that case, the 'subnet' - * are the first three bytes (manufacturer id) - */ + /* This is a MAC address. In that case, the 'subnet' + * are the first three bytes (manufacturer id) */ char * t = strchr(host,'.'); int i; for(i=0;i<2;i++) @@ -120,7 +120,7 @@ } else { - /* this is an IP */ + /* This is an IP */ char * t = strrchr(host, '.'); if(t)t[0] = '\0'; strncpy(subnet, host, sizeof(subnet) - 1); @@ -132,7 +132,7 @@ /** - * Parse a configuration of multiple of "<|> ldap (389/tcp) <|> 11 <|> 3 <|>" + * Parse a configuration of multiple of "<|> ldap (389/tcp) <|> INFO <|> NOTE <|>" * and return the new priority as integer if the line matches the current script. * * @param override Override value from the openvasrc configuration @@ -229,15 +229,14 @@ char *prefkey; int prio; - prefkey = emalloc(strlen("PLUGINS_PRIORITIES")+strlen(host)+2); - sprintf(prefkey, "PLUGINS_PRIORITIES_%s", host); + prefkey = g_strdup_printf ("PLUGINS_PRIORITIES_%s", host); if ((priorities = arg_get_value(context->prefs, prefkey)) == NULL) { - efree(&prefkey); + g_free (prefkey); return NULL; } - efree(&prefkey); + g_free (prefkey); if ((override = arg_get_value(priorities, script_id)) == NULL) return NULL; @@ -274,11 +273,9 @@ char *msg = parse_separator(servmsg); char *msg1, *msg2; - /* - * msg2 contains the following lines of the server error. + /* msg2 contains the following lines of the server error. * Currently this can only be the list of rejected hosts, - * so don't translate them. - */ + * so don't translate them. */ if((msg2 = strchr(msg, ';'))) { char *t; @@ -289,7 +286,7 @@ t[0]='\n'; } - /* * keep these in sync with the messages in ../nessusd/attack.c */ + /* Keep these in sync with the messages in ../nessusd/attack.c */ if(!strncmp("E001 -", msg, 6)) msg1 = _("Invalid port range"); else if(!strncmp("E002 -", msg, 6)) @@ -345,13 +342,7 @@ char * msg = parse_separator(t); int type = 0; int len = 0; -#define TIMER_HOST_START 1 -#define TIMER_HOST_END 2 -#define TIMER_SCAN_START 3 -#define TIMER_SCAN_END 4 - - if(!strcmp(msg, "HOST_START")){ len = strlen(msg); type = TIMER_HOST_START; @@ -381,7 +372,7 @@ break; case TIMER_HOST_END: backend_insert_timestamps(backend, host, "host_end", date); - break; + break; } } @@ -511,7 +502,6 @@ *action = emalloc(strlen(t2) + 1); strncpy(*action, t2, strlen(t2)); - efree(&t2); t2 = parse_separator(servmsg+strlen(t1)+3); @@ -542,7 +532,7 @@ char * t; static char portscan[] = "portscan"; static char attack[] = "attack"; - /* the short status is : action:hostname:current:max */ + /* The short status is : action:hostname:current:max (e.g. s:a:localhost:44:102)*/ if(msg[0]=='p') *action = strdup(portscan); else @@ -671,7 +661,7 @@ /** - * @return Pointer to the location after the ' <|> ' symbol in str or NULL if + * @return Pointer to the location after the ' <|> ' symbol in str or NULL if * no ' <|> ' found. */ char * From scm-commit at wald.intevation.org Wed Mar 4 12:20:43 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 12:20:43 +0100 (CET) Subject: [Openvas-commits] r2657 - in trunk/openvas-client: . nessus Message-ID: <20090304112043.A2A2C406A5@pyrosoma.intevation.org> Author: felix Date: 2009-03-04 12:20:41 +0100 (Wed, 04 Mar 2009) New Revision: 2657 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/parser.c Log: Disabled priority mapping at server message parsing level. Code remained. Parser module should behave like in rev. 1791. * nessus/parser.c (parse_host_add_data): Disabled modifications of data regarding security messages. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-04 11:04:07 UTC (rev 2656) +++ trunk/openvas-client/ChangeLog 2009-03-04 11:20:41 UTC (rev 2657) @@ -1,5 +1,13 @@ 2009-03-04 Felix Wolfsteller + Disabled priority mapping at server message parsing level. + Code remained. Parser module should behave like in rev. 1791. + + * nessus/parser.c (parse_host_add_data): Disabled modifications of + data regarding security messages. + +2009-03-04 Felix Wolfsteller + Use of g_strdup_printf instead of malloc + sprintf, cosmetics in parser module. Modified: trunk/openvas-client/nessus/parser.c =================================================================== --- trunk/openvas-client/nessus/parser.c 2009-03-04 11:04:07 UTC (rev 2656) +++ trunk/openvas-client/nessus/parser.c 2009-03-04 11:20:41 UTC (rev 2657) @@ -600,6 +600,11 @@ char * script_id; char * old; + msgt = priority_type_to_str (type); + + if (msgt == NULL) + return; + hostname = parse_separator(servmsg); if(!hostname){ return; @@ -625,7 +630,7 @@ efree(&data); return; } - +#if 0 if ((msgt = priority_type_to_str(type)) == NULL) return; @@ -634,6 +639,7 @@ if ((msgt = priority_type_to_str(type)) == NULL) return; +#endif old = data; data = rmslashes(old); From scm-commit at wald.intevation.org Wed Mar 4 12:46:43 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 12:46:43 +0100 (CET) Subject: [Openvas-commits] r2658 - in trunk/openvas-libraries: . libopenvas Message-ID: <20090304114643.80AA3406C2@pyrosoma.intevation.org> Author: kost Date: 2009-03-04 12:46:42 +0100 (Wed, 04 Mar 2009) New Revision: 2658 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/libopenvas/bpf_share.c Log: by default, put pcap device in non blocking mode - fixing plugins hang/freeze, fixes #901 Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-03-04 11:20:41 UTC (rev 2657) +++ trunk/openvas-libraries/ChangeLog 2009-03-04 11:46:42 UTC (rev 2658) @@ -1,3 +1,8 @@ +2009-03-04 Vlatko Kosturjak + + * libopenvas/bpf_share.c: by default, put pcap device in non + blocking mode - fixing plugins hang/freeze, fixes #901 + 2009-02-27 Felix Wolfsteller * libopenvas/openvas_ssh_login.c, libopenvas/openvas_ssh_login.h: Modified: trunk/openvas-libraries/libopenvas/bpf_share.c =================================================================== --- trunk/openvas-libraries/libopenvas/bpf_share.c 2009-03-04 11:20:41 UTC (rev 2657) +++ trunk/openvas-libraries/libopenvas/bpf_share.c 2009-03-04 11:46:42 UTC (rev 2658) @@ -73,6 +73,11 @@ pcap_close(ret); return -1; } + + if (pcap_setnonblock(ret,1,NULL)==-1) { + pcap_perror(ret,"pcap_setnonblock"); + printf("call to pcap_setnonblock failed, some plugins/scripts will hang/freeze. Upgrade your version of libcap!\n"); + } if(pcap_setfilter(ret, &filter_prog) < 0) { From scm-commit at wald.intevation.org Wed Mar 4 12:48:25 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 12:48:25 +0100 (CET) Subject: [Openvas-commits] r2659 - in trunk/openvas-plugins: . scripts Message-ID: <20090304114825.E0EB3406C2@pyrosoma.intevation.org> Author: kost Date: 2009-03-04 12:48:23 +0100 (Wed, 04 Mar 2009) New Revision: 2659 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/tftpd_detect.nasl Log: removed safety line - exit(0) - due to hang/freeze Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-04 11:46:42 UTC (rev 2658) +++ trunk/openvas-plugins/ChangeLog 2009-03-04 11:48:23 UTC (rev 2659) @@ -1,5 +1,9 @@ 2009-03-04 Vlatko Kosturjak * scripts/tftpd_detect.nasl: + removed safety line - exit(0) - due to hang/freeze + +2009-03-04 Vlatko Kosturjak + * scripts/tftpd_detect.nasl: Added new script for TFTP detection 2009-03-04 Felix Wolfsteller Modified: trunk/openvas-plugins/scripts/tftpd_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/tftpd_detect.nasl 2009-03-04 11:46:42 UTC (rev 2658) +++ trunk/openvas-plugins/scripts/tftpd_detect.nasl 2009-03-04 11:48:23 UTC (rev 2659) @@ -79,8 +79,6 @@ port=69; rndfile="nonexistant-"+rand_str(); -exit (0); - # test valid modes according to RFC-783 tftp_grab (port:port, file:rndfile, mode:"netascii"); tftp_grab (port:port, file:rndfile, mode:"octet"); From scm-commit at wald.intevation.org Wed Mar 4 12:53:09 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 12:53:09 +0100 (CET) Subject: [Openvas-commits] r2660 - in branches/openvas-libraries-1-0: . libopenvas Message-ID: <20090304115309.C09C94074A@pyrosoma.intevation.org> Author: kost Date: 2009-03-04 12:53:07 +0100 (Wed, 04 Mar 2009) New Revision: 2660 Modified: branches/openvas-libraries-1-0/ChangeLog branches/openvas-libraries-1-0/libopenvas/bpf_share.c Log: by default, put pcap device in non blocking mode - fixing plugins hang/freeze, fixes #901 Modified: branches/openvas-libraries-1-0/ChangeLog =================================================================== --- branches/openvas-libraries-1-0/ChangeLog 2009-03-04 11:48:23 UTC (rev 2659) +++ branches/openvas-libraries-1-0/ChangeLog 2009-03-04 11:53:07 UTC (rev 2660) @@ -1,3 +1,8 @@ +2009-03-04 Vlatko Kosturjak + + * libopenvas/bpf_share.c: by default, put pcap device in non + bocking mode - fixing plugins hang/freeze, fixes #901 + 2008-11-06 Michael Wiegand * INSTALL_README: Updated note regarding gnutls version requirements as Modified: branches/openvas-libraries-1-0/libopenvas/bpf_share.c =================================================================== --- branches/openvas-libraries-1-0/libopenvas/bpf_share.c 2009-03-04 11:48:23 UTC (rev 2659) +++ branches/openvas-libraries-1-0/libopenvas/bpf_share.c 2009-03-04 11:53:07 UTC (rev 2660) @@ -73,6 +73,11 @@ pcap_close(ret); return -1; } + + if (pcap_setnonblock(ret,1,NULL)==-1) { + pcap_perror(ret,"pcap_setnonblock"); + printf("call to pcap_setnonblock failed, some plugins/scripts will hang/freeze. Upgrade your version of libcap!\n"); + } if(pcap_setfilter(ret, &filter_prog) < 0) { From scm-commit at wald.intevation.org Wed Mar 4 13:17:40 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 13:17:40 +0100 (CET) Subject: [Openvas-commits] r2661 - in trunk/openvas-plugins: . plugins Message-ID: <20090304121740.18D07406E0@pyrosoma.intevation.org> Author: kost Date: 2009-03-04 13:17:39 +0100 (Wed, 04 Mar 2009) New Revision: 2661 Removed: trunk/openvas-plugins/plugins/linux_tftp/ Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/MANIFEST Log: plugins/tftp_linux removed because it is superseeded by scripts/tftpd_detect.nasl and scripts/tftpd_dir_trav.nasl. MANIFEST updated accordingly. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-04 11:53:07 UTC (rev 2660) +++ trunk/openvas-plugins/ChangeLog 2009-03-04 12:17:39 UTC (rev 2661) @@ -1,4 +1,13 @@ 2009-03-04 Vlatko Kosturjak + + * plugins/linux_tftp/Makefile.darwin, plugins/linux_tftp/Makefile, + plugins/linux_tftp/linux_tftp.c, plugins/linux_tftp: removed + Superseeded by scripts/tftpd_detect.nasl and + scripts/tftpd_dir_trav.nasl. + + * MANIFEST: Updated. + +2009-03-04 Vlatko Kosturjak * scripts/tftpd_detect.nasl: removed safety line - exit(0) - due to hang/freeze Modified: trunk/openvas-plugins/MANIFEST =================================================================== --- trunk/openvas-plugins/MANIFEST 2009-03-04 11:53:07 UTC (rev 2660) +++ trunk/openvas-plugins/MANIFEST 2009-03-04 12:17:39 UTC (rev 2661) @@ -32,9 +32,6 @@ plugins/find_service/Makefile plugins/find_service/Makefile.darwin plugins/install_plug -plugins/linux_tftp/linux_tftp.c -plugins/linux_tftp/Makefile -plugins/linux_tftp/Makefile.darwin plugins/make_world plugins/nmap_wrapper/Makefile plugins/nmap_wrapper/Makefile.darwin From scm-commit at wald.intevation.org Wed Mar 4 14:45:18 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Wed, 4 Mar 2009 14:45:18 +0100 (CET) Subject: [Openvas-commits] r2662 - in trunk/openvas-client: . libnessus Message-ID: <20090304134518.927DF40765@pyrosoma.intevation.org> Author: mwiegand Date: 2009-03-04 14:45:17 +0100 (Wed, 04 Mar 2009) New Revision: 2662 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/libnessus/rand.c Log: * nessus/rand.c: Added commented RATS ignore since moderate randomness is enough for our purpose here. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-04 12:17:39 UTC (rev 2661) +++ trunk/openvas-client/ChangeLog 2009-03-04 13:45:17 UTC (rev 2662) @@ -1,3 +1,8 @@ +2009-03-04 Michael Wiegand + + * nessus/rand.c: Added commented RATS ignore since moderate randomness + is enough for our purpose here. + 2009-03-04 Felix Wolfsteller Disabled priority mapping at server message parsing level. Modified: trunk/openvas-client/libnessus/rand.c =================================================================== --- trunk/openvas-client/libnessus/rand.c 2009-03-04 12:17:39 UTC (rev 2661) +++ trunk/openvas-client/libnessus/rand.c 2009-03-04 13:45:17 UTC (rev 2662) @@ -68,20 +68,20 @@ gettimeofday(&tv, NULL); x += tv.tv_sec * 3 + tv.tv_usec + getpid() * 7 + getppid(); - srand48(x); + srand48(x); /* RATS: ignore. As stated above, moderate randomness is enough for our purpose. */ } #ifndef HAVE_LRAND48 ExtFunc -long lrand48() +long lrand48() /* RATS: ignore. As stated above, moderate randomness is enough for our purpose. */ { - return rand(); + return rand(); /* RATS: ignore. As stated above, moderate randomness is enough for our purpose. */ } ExtFunc -void srand48(long seed) +void srand48(long seed) /* RATS: ignore. As stated above, moderate randomness is enough for our purpose. */ { - srand(seed); + srand(seed); /* RATS: ignore. As stated above, moderate randomness is enough for our purpose. */ } #endif From scm-commit at wald.intevation.org Thu Mar 5 06:26:00 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 06:26:00 +0100 (CET) Subject: [Openvas-commits] r2663 - in trunk/openvas-plugins: . scripts Message-ID: <20090305052600.2837440788@pyrosoma.intevation.org> Author: chandra Date: 2009-03-05 06:25:55 +0100 (Thu, 05 Mar 2009) New Revision: 2663 Added: trunk/openvas-plugins/scripts/gb_apple_safari_uri_dos_vuln_win.nasl trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-04 13:45:17 UTC (rev 2662) +++ trunk/openvas-plugins/ChangeLog 2009-03-05 05:25:55 UTC (rev 2663) @@ -1,3 +1,8 @@ +2009-03-05 Chandrashekhar B + * scripts/gb_apple_safari_uri_dos_vuln_win.nasl, + scripts/secpod_ms_dns_mem_corr_vuln.nasl: + Added new plugins + 2009-03-04 Vlatko Kosturjak * plugins/linux_tftp/Makefile.darwin, plugins/linux_tftp/Makefile, Added: trunk/openvas-plugins/scripts/gb_apple_safari_uri_dos_vuln_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_apple_safari_uri_dos_vuln_win.nasl 2009-03-04 13:45:17 UTC (rev 2662) +++ trunk/openvas-plugins/scripts/gb_apple_safari_uri_dos_vuln_win.nasl 2009-03-05 05:25:55 UTC (rev 2663) @@ -0,0 +1,87 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: gb_apple_safari_uri_dos_vuln_win.nasl 629 2009-03-04 10:40:26Z mar $ +# +# Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win) +# +# Authors: +# Nikita MR +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(800524); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2009-0744"); + script_bugtraq_id(33909); + script_name(english:"Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)"); + desc["english"] = " + + Overview: This host is running Apple Safari web browser and is prone + to denial of service vulnerability. + + Vulnerability Insight: + Browser fails to adequately sanitize user supplied input in URI feeds. + Hence when certain characters are passed at the begining of the URI, + the NULL Pointer Dereference bug occurs, using '%', '{', '}', '`', '^', '|' + and '&' characters. + + Impact: + Successful exploitation could allow remote attackers to cause browser crash. + + Impact Level: Application + + Affected Software/OS: + Apple Safari version 4 beta and prior on Windows. + + Fix: No solution or patch is available as on 04th March, 2009. Information + regarding this issue will be updated once the solution details are available. + For updates refer, http://www.apple.com/support/downloads + + References: + http://xforce.iss.net/xforce/xfdb/48943 + http://www.securityfocus.com/archive/1/archive/1/501229/100/0/threaded + + CVSS Score: + CVSS Base Score : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P) + CVSS Temporal Score : 4.5 + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of Apple Safari"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Denial of Service"); + script_dependencies("secpod_apple_safari_detect_win_900003.nasl"); + script_require_keys("AppleSafari/Version"); + exit(0); +} + + +include("version_func.inc"); + +safariVer = get_kb_item("AppleSafari/Version"); +if(!safariVer){ + exit(0); +} + +# Apple Safari Version <= (4.28.16.0) 4 build 528.16 +if(version_is_less_equal(version:safariVer, test_version:"4.28.16.0")){ + security_warning(0); +} Added: trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl 2009-03-04 13:45:17 UTC (rev 2662) +++ trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl 2009-03-05 05:25:55 UTC (rev 2663) @@ -0,0 +1,126 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id: secpod_ms_dns_mem_corr_vuln.nasl 1050 2009-03-03 15:00:29Z mar $ +# +# Microsoft Windows DNS Memory Corruption Vulnerability - Mar09 +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 SecPod, http://www.secpod.com +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(900465); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2008-6194"); + script_name(english:"Microsoft Windows DNS Memory Corruption Vulnerability - Mar09"); + desc["english"] = " + + Overview: This host is running Microsoft Windows and is prone to DNS Memory + Corruption Vulnerability. + + Vulnerability Insight: + This flaw is due to memory leak vulnerability in Microsoft Windows DNS + Server through DNS packets. + + Impact: + Successful exploitation will let the attacker execute arbitrary codes in + the context of the application and can cause memory corruption in the DNS + service. + + Impact level: System + + Affected Software/OS: + Microsoft Windows Server 2000 and 2003. + + Fix: No solution or patch is available as on 04th March, 2009. Information + regarding this issue will be updated once the solution details are available. + For further updates refer, http://www.microsoft.com + + References: + http://www.microsoft.com/technet/security/bulletin/ms07-062.mspx + http://www.securityfocus.com/archive/1/archive/1/491831/100/0/threaded + http://www.securityfocus.com/archive/1/archive/1/491815/100/0/threaded + + CVSS Score: + CVSS Base Score : 7.8 (AV:N/AC:L/Au:NR/C:N/I:N/A:C) + CVSS Temporal Score : 6.6 + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the version of DNS Executable"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 SecPod"); + script_family(english:"Windows"); + script_dependencies("secpod_reg_enum.nasl"); + script_require_keys("SMB/WindowsVersion"); + exit(0); +} + + +include("smb_nt.inc"); +include("secpod_reg.inc"); +include("version_func.inc"); +include("secpod_smb_func.inc"); + +if(!get_kb_item("SMB/WindowsVersion")){ + exit(0); +} + +if(hotfix_check_sp(win2k:5, win2003:3) <= 0){ + exit(0); +} + +sys32Path = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup", + item:"Install Path"); +if(!sys32Path){ + exit(0); +} + +share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sys32Path); +file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:sys32Path + "\dns.exe"); + +dnsVer = GetVer(file:file, share:share); +if(dnsVer != NULL) +{ + if(get_kb_item("SMB/Win2K/ServicePack")) # Win-2000 SP4 and prior + { + if(version_is_less_equal(version:dnsVer, test_version:"5.0.2195.7147")){ + security_hole(0); + } + exit(0); + } + + SP = get_kb_item("SMB/Win2003/ServicePack"); + if("Service Pack 1" >< SP) # Win-2003 SP1 + { + if(version_is_less_equal(version:dnsVer, test_version:"5.2.3790.3027")){ + security_hole(0); + } + exit(0); + } + else if("Service Pack 2" >< SP) # Win-2003 SP2 + { + if(version_is_less_equal(version:dnsVer, test_version:"5.2.3790.4171")){ + security_hole(0); + } + exit(0); + } + security_hole(0); +} Property changes on: trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Thu Mar 5 08:46:39 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 08:46:39 +0100 (CET) Subject: [Openvas-commits] r2664 - in trunk/openvas-plugins: . extra/lsc_generator/parser extra/lsc_generator/templates extra/lsc_generator/test/unit_test Message-ID: <20090305074639.6B4FE40796@pyrosoma.intevation.org> Author: chandra Date: 2009-03-05 08:46:34 +0100 (Thu, 05 Mar 2009) New Revision: 2664 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/extra/lsc_generator/parser/redhat.py trunk/openvas-plugins/extra/lsc_generator/templates/RedHat.template trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_centos.py trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_redhat.py Log: Removed unsupported OS list from redhat parser Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-05 05:25:55 UTC (rev 2663) +++ trunk/openvas-plugins/ChangeLog 2009-03-05 07:46:34 UTC (rev 2664) @@ -1,4 +1,12 @@ 2009-03-05 Chandrashekhar B + * extra/lsc_generator/test/unit_test/test_centos.py, + extra/lsc_generator/test/unit_test/test_redhat.py, + extra/lsc_generator/parser/redhat.py, + extra/lsc_generator/templates/RedHat.template: + Removed unsupported OS from RedHat and fixed a + minor with CentOS test module + +2009-03-05 Chandrashekhar B * scripts/gb_apple_safari_uri_dos_vuln_win.nasl, scripts/secpod_ms_dns_mem_corr_vuln.nasl: Added new plugins Modified: trunk/openvas-plugins/extra/lsc_generator/parser/redhat.py =================================================================== --- trunk/openvas-plugins/extra/lsc_generator/parser/redhat.py 2009-03-05 05:25:55 UTC (rev 2663) +++ trunk/openvas-plugins/extra/lsc_generator/parser/redhat.py 2009-03-05 07:46:34 UTC (rev 2664) @@ -36,74 +36,74 @@ ## gather-package-list.nasl to set "ssh/login/release" os_map = { - 'Red Hat Enterprise Linux Desktop (v. 5 client)' : 'RHELDeskV5Cli', - 'RHEL Desktop Workstation (v. 5 client)' : 'RHELDesWorkV5Cli', - 'Red Hat Enterprise Linux (v. 5 server)' : 'RHELV5Ser', - 'Red Hat Enterprise Linux AS (Advanced Server) version 2.1' : 'RHELASV2.1', - 'Red Hat Linux Advanced Workstation 2.1' : 'RHLAWV2.1', - 'Red Hat Enterprise Linux ES version 2.1' : 'RHELESV2.1', - 'Red Hat Enterprise Linux WS version 2.1' : 'RHELWSV2.1', - 'Red Hat Enterprise Linux AS version 4 Extras' : 'RHELASV4Ex', - 'Red Hat Desktop version 4 Extras' : 'RHDeskV4Ex', - 'Red Hat Enterprise Linux ES version 4 Extras' : 'RHELESV4Ex', - 'Red Hat Enterprise Linux WS version 4 Extras' : 'RHELWSV4Ex', - 'RHEL Desktop Supplementary (v. 5 client)' : 'RHELDeslSupV5Cli', - 'RHEL Supplementary (v. 5 server)' : 'RHELSupV5Ser', - 'Red Hat Enterprise Linux AS version 3' : 'RHELASV3', - 'Red Hat Desktop version 3' : 'RHDeskV3', - 'Red Hat Enterprise Linux ES version 3' : 'RHELESV3', - 'Red Hat Enterprise Linux WS version 3' : 'RHELWSV3', - 'Red Hat Enterprise Linux AS version 4' : 'RHELASV4', - 'Red Hat Enterprise Linux Desktop version 4' : 'RHELDeskV4', - 'Red Hat Enterprise Linux ES version 4' : 'RHELESV4', - 'Red Hat Enterprise Linux WS version 4' : 'RHELWSV4', - 'Red Hat Certificate System 7.2 for 4AS' : 'RHCS7.2AS', - 'Red Hat Certificate System 7.2 for 4ES' : 'RHCS7.2ES', - 'MRG Realtime for RHEL 5 Server' : 'MRGRTRHEL5Ser', - 'Red Hat Certificate System 7.3 for 4AS' : 'RHCS7.3AS', - 'Red Hat Certificate System 7.3 for 4ES' : 'RHCS7.3ES', - 'RHEL Desktop Multi OS (v. 5 client)' : 'RHELDesMuOSV5Cli', - 'RHEL Virtualization (v. 5 server)' : 'RHELVirV5Ser', - 'RHEL Optional Productivity Applications (v. 5 server)' : 'RHELOpProAppV5Ser', - 'Red Hat Application Stack v1 for Enterprise Linux AS (v.4)' : 'RHAppStV1EntLASV4', - 'Red Hat Application Stack v1 for Enterprise Linux ES (v.4)' : 'RHAppStV1EntLESV4', - 'Red Hat Application Stack v2 for Enterprise Linux (v.5)' : 'RHAppStV2EntV5', - 'RHEL 4 Directory Server ES' : 'RHEL4DirSerES', - 'RHEL 4 Directory Server AS' : 'RHEL4DirSerAS', - 'RHEL 3 Directory Server ES' : 'RHEL3DirSerES', - 'RHEL 3 Directory Server AS' : 'RHEL3DirSerAS', - 'Red Hat Network Satellite Server 5.1 (RHEL v.4 AS)' : 'RHNetSatSerV5.1RHELV4AS', - 'Red Hat Network Satellite Server v 4.2 (RHEL v.3 AS)' : 'RHNetSatSerV4.2RHELV3AS', - 'Red Hat Network Satellite Server v 4.2 (RHEL v.4 AS)' : 'RHNetSatSerV4.2RHELV4AS', - 'Red Hat Enterprise Linux AS version 4.5.z' : 'RHELASV4.5Z', - 'Red Hat Enterprise Linux ES version 4.5.z' : 'RHELESV4.5Z', - 'Red Hat Developer Suite v.3 (AS v.4)' : 'RHDevSuV3ASV4', - 'JBoss Enterprise Application Platform for RHEL 5 Server' : 'JBEntAppRHEL5Ser', - 'Red Hat Network Satellite Server 5.0 (RHEL v.4 AS)' : 'RHNetSatSer5.0RHELV4AS', - 'Red Hat IPA 1 for RHEL 5 Server' : 'RHIPA1RHEL5Ser', - 'Red Hat Network Proxy v 5.1 (RHEL v.4 AS)' : 'RHNetProV5.1RHELV4AS', - 'Red Hat Directory Server 8.0 (for RHEL 5 Server)' : 'RHDirSer8.0RHEL5Ser', - 'JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS' : 'JBEntApp4.3.0RHEL4AS', - 'JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES' : 'JBEntApp4.3.0RHEL4ES', - 'Red Hat MRG Grid for RHEL' : 'RHMRGGrRHEL', - 'Red Hat Network Proxy v 4.2 (RHEL v.3 AS)' : 'RHNetPro4.2RHELV3AS', - 'Red Hat Network Proxy v 4.2 (RHEL v.4 AS)' : 'RHNetPro4.2RHELV4AS', - 'Red Hat Directory Server 8.0 (for AS v. 4)' : 'RHDirSer8.0ASV4', - 'Red Hat Directory Server 8.0 (for ES v. 4)' : 'RHDirSer8.0ESV4', - 'JBoss Enterprise Application Platform for RHEL 4 AS' : 'JBEntAppRHEL4AS', - 'JBoss Enterprise Application Platform for RHEL 4 ES' : 'JBEntAppRHEL4ES', - 'JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server' : 'JBEntApp4.3.0RHEL5Ser', - 'MRG Grid for RHEL 5 Server' : 'MRGGrRHEL5Ser', - 'Red Hat Network Proxy v 5.0 (RHEL v.4 AS)' : 'RHNetProV5.0RHELV4AS', - 'Red Hat Application Server v2 4AS' : 'RHAppSerV24AS', - 'Red Hat Application Server v2 4ES' : 'RHAppSerV24ES', - 'Red Hat Application Server v2 4WS' : 'RHAppSerV24WS', - 'Red Hat Enterprise Linux AS version 3 Extras' : 'RHELASV3Ext', - 'Red Hat Desktop version 3 Extras' : 'RHDesV3Ext', - 'Red Hat Enterprise Linux ES version 3 Extras' : 'RHELESV3Ext', - 'Red Hat Enterprise Linux WS version 3 Extras' : 'RHELWSV3Ext', - 'Red Hat Directory Server 7.1 (for AS v. 3)' : 'RHDirSer7.1ASV3', - 'Red Hat Enterprise Linux AS version 4.5.z Extras' : 'RHELASVer4.5zExt', + 'Red Hat Enterprise Linux (v. 5 server)' : 'RHENT_5', + 'Red Hat Enterprise Linux ES version 2.1' : 'RHENT_2.1', + 'Red Hat Enterprise Linux WS version 2.1' : 'RHENT_2.1', + 'Red Hat Enterprise Linux AS version 3' : 'RHENT_3', + 'Red Hat Enterprise Linux ES version 3' : 'RHENT_3', + 'Red Hat Enterprise Linux WS version 3' : 'RHENT_3', + 'Red Hat Enterprise Linux AS version 4' : 'RHENT_4', + 'Red Hat Enterprise Linux ES version 4' : 'RHENT_4', + 'Red Hat Enterprise Linux WS version 4' : 'RHENT_4', +# 'Red Hat Enterprise Linux Desktop version 4' : 'RHENT_4', +# 'Red Hat Enterprise Linux Desktop (v. 5 client)' : 'RHENT_5', +# 'Red Hat Enterprise Linux AS version 4.5.z' : 'RHENT_4.5', +# 'Red Hat Enterprise Linux ES version 4.5.z' : 'RHENT_4.5', +# 'Red Hat Enterprise Linux AS version 3 Extras' : 'RHENT_3', +# 'Red Hat Enterprise Linux ES version 3 Extras' : 'RHENT_3', +# 'Red Hat Enterprise Linux WS version 3 Extras' : 'RHENT_3', +# 'Red Hat Enterprise Linux AS version 4 Extras' : 'RHENT_4', +# 'Red Hat Enterprise Linux ES version 4 Extras' : 'RHENT_4', +# 'Red Hat Enterprise Linux WS version 4 Extras' : 'RHENT_4', +# 'Red Hat Enterprise Linux AS version 4.5.z Extras' : 'RHENT_4.5', + 'Red Hat Enterprise Linux AS (Advanced Server) version 2.1' : 'RHENT_2.1', +# 'Red Hat Desktop version 3' : 'RHDeskV3', +# 'Red Hat Desktop version 4 Extras' : 'RHDeskV4Ex', +# 'Red Hat Linux Advanced Workstation 2.1' : 'RHLAWV2.1', +# 'Red Hat Application Server v2 4AS' : 'RHAppSerV24AS', +# 'Red Hat Application Server v2 4ES' : 'RHAppSerV24ES', +# 'Red Hat Application Server v2 4WS' : 'RHAppSerV24WS', +# 'MRG Grid for RHEL 5 Server' : 'MRGGrRHEL5Ser', +# 'Red Hat MRG Grid for RHEL' : 'RHMRGGrRHEL', +# 'RHEL 4 Directory Server ES' : 'RHEL4DirSerES', +# 'RHEL 4 Directory Server AS' : 'RHEL4DirSerAS', +# 'RHEL 3 Directory Server ES' : 'RHEL3DirSerES', +# 'RHEL 3 Directory Server AS' : 'RHEL3DirSerAS', +# 'RHEL Desktop Supplementary (v. 5 client)' : 'RHELDeslSupV5Cli', +# 'RHEL Desktop Workstation (v. 5 client)' : 'RHELDesWorkV5Cli', +# 'RHEL Supplementary (v. 5 server)' : 'RHELSupV5Ser', +# 'Red Hat Desktop version 3 Extras' : 'RHDesV3Ext', +# 'Red Hat Certificate System 7.2 for 4AS' : 'RHCS7.2AS', +# 'Red Hat Certificate System 7.2 for 4ES' : 'RHCS7.2ES', +# 'MRG Realtime for RHEL 5 Server' : 'MRGRTRHEL5Ser', +# 'Red Hat Certificate System 7.3 for 4AS' : 'RHCS7.3AS', +# 'Red Hat Certificate System 7.3 for 4ES' : 'RHCS7.3ES', +# 'RHEL Desktop Multi OS (v. 5 client)' : 'RHELDesMuOSV5Cli', +# 'RHEL Virtualization (v. 5 server)' : 'RHELVirV5Ser', +# 'RHEL Optional Productivity Applications (v. 5 server)' : 'RHELOpProAppV5Ser', +# 'Red Hat Application Stack v1 for Enterprise Linux AS (v.4)' : 'RHAppStV1EntLASV4', +# 'Red Hat Application Stack v1 for Enterprise Linux ES (v.4)' : 'RHAppStV1EntLESV4', +# 'Red Hat Application Stack v2 for Enterprise Linux (v.5)' : 'RHAppStV2EntV5', +# 'Red Hat Network Satellite Server 5.1 (RHEL v.4 AS)' : 'RHNetSatSerV5.1RHELV4AS', +# 'Red Hat Network Satellite Server v 4.2 (RHEL v.3 AS)' : 'RHNetSatSerV4.2RHELV3AS', +# 'Red Hat Network Satellite Server v 4.2 (RHEL v.4 AS)' : 'RHNetSatSerV4.2RHELV4AS', +# 'Red Hat Developer Suite v.3 (AS v.4)' : 'RHDevSuV3ASV4', +# 'JBoss Enterprise Application Platform for RHEL 5 Server' : 'JBEntAppRHEL5Ser', +# 'Red Hat Network Satellite Server 5.0 (RHEL v.4 AS)' : 'RHNetSatSer5.0RHELV4AS', +# 'Red Hat IPA 1 for RHEL 5 Server' : 'RHIPA1RHEL5Ser', +# 'Red Hat Network Proxy v 5.1 (RHEL v.4 AS)' : 'RHNetProV5.1RHELV4AS', +# 'Red Hat Network Proxy v 5.0 (RHEL v.4 AS)' : 'RHNetProV5.0RHELV4AS', +# 'JBoss Enterprise Application Platform 4.3.0 for RHEL 4 AS' : 'JBEntApp4.3.0RHEL4AS', +# 'JBoss Enterprise Application Platform 4.3.0 for RHEL 4 ES' : 'JBEntApp4.3.0RHEL4ES', +# 'Red Hat Network Proxy v 4.2 (RHEL v.3 AS)' : 'RHNetPro4.2RHELV3AS', +# 'Red Hat Network Proxy v 4.2 (RHEL v.4 AS)' : 'RHNetPro4.2RHELV4AS', +# 'Red Hat Directory Server 7.1 (for AS v. 3)' : 'RHDirSer7.1ASV3', +# 'Red Hat Directory Server 8.0 (for AS v. 4)' : 'RHDirSer8.0ASV4', +# 'Red Hat Directory Server 8.0 (for ES v. 4)' : 'RHDirSer8.0ESV4', +# 'Red Hat Directory Server 8.0 (for RHEL 5 Server)' : 'RHDirSer8.0RHEL5Ser', +# 'JBoss Enterprise Application Platform for RHEL 4 AS' : 'JBEntAppRHEL4AS', +# 'JBoss Enterprise Application Platform for RHEL 4 ES' : 'JBEntAppRHEL4ES', +# 'JBoss Enterprise Application Platform 4.3.0 for RHEL 5 Server' : 'JBEntApp4.3.0RHEL5Ser', } ## Strips these from strip list Modified: trunk/openvas-plugins/extra/lsc_generator/templates/RedHat.template =================================================================== --- trunk/openvas-plugins/extra/lsc_generator/templates/RedHat.template 2009-03-05 05:25:55 UTC (rev 2663) +++ trunk/openvas-plugins/extra/lsc_generator/templates/RedHat.template 2009-03-05 07:46:34 UTC (rev 2664) @@ -49,7 +49,7 @@ script_summary(english:"Check for the Version of __SCRIPT_PKG__"); script_category(ACT_GATHER_INFO); script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); - script_family(english:"RedHat Local Security Checks"); + script_family(english:"Red Hat Local Security Checks"); script_dependencies("gather-package-list.nasl"); script_require_keys("ssh/login/release"); exit(0); Modified: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_centos.py =================================================================== --- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_centos.py 2009-03-05 05:25:55 UTC (rev 2663) +++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_centos.py 2009-03-05 07:46:34 UTC (rev 2664) @@ -131,25 +131,25 @@ def test_getFileName1(self): - req_out_put = 'CESA-2009_0004-01_openssl_CENTOS2_i386' + req_out_put = 'CESA-2009_0004-01_openssl_centos2_i386' file_name = '2009-February_015574.html' adv_id = 'CESA-2009:0004-01' prod = 'openssl' platform = 'CentOS 2' - out_put = self.centos_parser_obj.getFileName(adv_id, prod, platform) + (out_put, os, arch) = self.centos_parser_obj.getFileName(adv_id, prod, platform) self.assertEquals(out_put, req_out_put) def test_getFileName2(self): - req_out_put = 'CESA-2009_0004-01_openssl_CENTOS2' + req_out_put = 'CESA-2009_0004-01_openssl_centos2' file_name = '2009-February_015574.html' adv_id = 'CESA-2009:0004-01' prod = 'openssl' platform = 'CentOS 2' setattr(self.centos_parser_obj, 'Html_content', self.redhat_adv_con) - out_put = self.centos_parser_obj.getFileName(adv_id, prod, platform) + (out_put, os, arch) = self.centos_parser_obj.getFileName(adv_id, prod, platform) self.assertEquals(out_put, req_out_put) Modified: trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_redhat.py =================================================================== --- trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_redhat.py 2009-03-05 05:25:55 UTC (rev 2663) +++ trunk/openvas-plugins/extra/lsc_generator/test/unit_test/test_redhat.py 2009-03-05 07:46:34 UTC (rev 2664) @@ -79,7 +79,7 @@ def test_getRPM(self): - req_out_put = {'RHELASV3': ['vnc-4.0-0.beta4.1.8', 'vnc-debuginfo-4.0-0.beta4.1.8', 'vnc-server-4.0-0.beta4.1.8'], 'RHELDeskV5Cli': ['vnc-4.1.2-14.el5_3.1', 'vnc-debuginfo-4.1.2-14.el5_3.1', 'vnc-server-4.1.2-14.el5_3.1'], 'RHELV5Ser': ['vnc-4.1.2-14.el5_3.1', 'vnc-debuginfo-4.1.2-14.el5_3.1', 'vnc-server-4.1.2-14.el5_3.1']} + req_out_put = {'RHENT_5': ['vnc-4.1.2-14.el5_3.1', 'vnc-debuginfo-4.1.2-14.el5_3.1', 'vnc-server-4.1.2-14.el5_3.1'], 'RHENT_3': ['vnc-4.0-0.beta4.1.8', 'vnc-debuginfo-4.0-0.beta4.1.8', 'vnc-server-4.0-0.beta4.1.8']} prod_list = ['Red Hat Enterprise Linux AS version 3', 'Red Hat Enterprise Linux Desktop (v. 5 client)', 'Red Hat Enterprise Linux (v. 5 server)'] out_put = self.redhat_parser_obj.getRPM(prod_list) From scm-commit at wald.intevation.org Thu Mar 5 10:21:16 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 10:21:16 +0100 (CET) Subject: [Openvas-commits] r2665 - in trunk/openvas-client: . nessus src/util Message-ID: <20090305092116.8824640785@pyrosoma.intevation.org> Author: felix Date: 2009-03-05 10:21:13 +0100 (Thu, 05 Mar 2009) New Revision: 2665 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/parser.c trunk/openvas-client/nessus/parser.h trunk/openvas-client/nessus/parseutils.c trunk/openvas-client/nessus/parseutils.h trunk/openvas-client/src/util/priority.c Log: Moved code with former different copyright from parseutils module back into parser module. Credited copyright- holder of new code (intevation GmbH) and author (Joey Schulze) in parseutils, applied GPL/(c) header as in original commit of Joey. This partially reverts my changes in yesterdays rev. 2654 in which Joey Schulze as a author and the copyright- owner was not properly mentioned. Futhermore adjusted includes as a consequence of moved functionality. * nessus/parser.c (priority_name_to_type, priority_type_to_str): Moved from parseutils module. * nessus/parseutils.c (priority_name_to_type, priority_type_to_str): Moved to parser module. * nessus/parser.h: Added protos, moved various defines from parseutils module. * nessus/parseutils.h: Moved protos and defines to parser module. * src/gui/priorities_dialog.c: Added include. * src/util/prioritiy.c: Added include. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 07:46:34 UTC (rev 2664) +++ trunk/openvas-client/ChangeLog 2009-03-05 09:21:13 UTC (rev 2665) @@ -1,3 +1,29 @@ +2009-03-05 Felix Wolfsteller + + Moved code with former different copyright from parseutils module back + into parser module. Credited copyright- holder of new code (intevation + GmbH) and author (Joey Schulze) in parseutils, applied GPL/(c) header + as in original commit of Joey. + This partially reverts my changes in yesterdays rev. 2654 in which + Joey Schulze as a author and the copyright- owner was not properly + mentioned. + Futhermore adjusted includes as a consequence of moved functionality. + + * nessus/parser.c (priority_name_to_type, priority_type_to_str): Moved + from parseutils module. + + * nessus/parseutils.c (priority_name_to_type, priority_type_to_str): + Moved to parser module. + + * nessus/parser.h: Added protos, moved various defines from parseutils + module. + + * nessus/parseutils.h: Moved protos and defines to parser module. + + * src/gui/priorities_dialog.c: Added include. + + * src/util/prioritiy.c: Added include. + 2009-03-04 Michael Wiegand * nessus/rand.c: Added commented RATS ignore since moderate randomness Modified: trunk/openvas-client/nessus/parser.c =================================================================== --- trunk/openvas-client/nessus/parser.c 2009-03-05 07:46:34 UTC (rev 2664) +++ trunk/openvas-client/nessus/parser.c 2009-03-05 09:21:13 UTC (rev 2665) @@ -72,6 +72,7 @@ return 1; } + /** * nessusd does not convert the subnet by itself, so we create * this record on this fly @@ -132,6 +133,75 @@ /** + * @brief Convert message type into a human readable string + * + * Return value is the English name for the message type. + * + * @param name Message type + * @return Message type string + */ +char * +priority_type_to_str (int type) +{ + switch(type) + { + case MSG_HOLE : + return "Security Hole"; + break; + case MSG_INFO : + return "Security Warning"; + break; + case MSG_NOTE : + return "Security Note"; + break; + case MSG_FALSE : + return "False Positive"; + break; + case MSG_LOG : + return "Log Message"; + break; + case MSG_DEBUG : + return "Debug Message"; + break; + default : + fprintf(stderr, "received unknown message type (%d)\n", type); + return NULL; + } +} + + +/** + * @brief Convert internal message type into integer value + * + * Return value is one of MSG_HOLE, MSG_INFO, MSG_NOTE, MSG_FALSE, MSG_TIME, + * MSG_STAT, MSG_PORT, MSG_ERROR, MSG_FINISHED, MSG_BYE, MSG_LOG, MSG_DEBUG + * and -1 for unknown message type. + * + * @param name Internal message type name + * @return Message type code or -1 if unknown. + */ +int +priority_name_to_type (char *name) +{ +#ifdef DEBUG + fprintf(stderr, "%s:%d type : %s\n", __FILE__, __LINE__, name); +#endif + if(!strcmp(MSG_HOLE_STR, name))return(MSG_HOLE); + if(!strcmp(MSG_INFO_STR, name))return(MSG_INFO); + if(!strcmp(MSG_NOTE_STR, name))return(MSG_NOTE); + if(!strcmp(MSG_FALSE_STR, name))return(MSG_FALSE); + if(!strcmp(MSG_TIME_STR, name))return(MSG_TIME); + if(!strcmp(MSG_STAT_STR, name))return(MSG_STAT); + if(!strcmp(MSG_PORT_STR, name))return(MSG_PORT); + if(!strcmp(MSG_ERROR_STR, name))return(MSG_ERROR); + if(!strcmp(MSG_FINISHED_STR, name))return(MSG_FINISHED); + if(!strcmp(MSG_BYE_STR, name))return(MSG_BYE); + if(!strcmp(MSG_LOG_STR, name))return(MSG_LOG); + if(!strcmp(MSG_DEBUG_STR, name))return(MSG_DEBUG); + return(-1); +} + +/** * Parse a configuration of multiple of "<|> ldap (389/tcp) <|> INFO <|> NOTE <|>" * and return the new priority as integer if the line matches the current script. * Modified: trunk/openvas-client/nessus/parser.h =================================================================== --- trunk/openvas-client/nessus/parser.h 2009-03-05 07:46:34 UTC (rev 2664) +++ trunk/openvas-client/nessus/parser.h 2009-03-05 09:21:13 UTC (rev 2665) @@ -31,6 +31,35 @@ #include "context.h" +#define MSG_ERROR 1 +#define MSG_PORT 2 +#define MSG_HOLE 3 +#define MSG_BYE 4 +#define MSG_INFO 5 +#define MSG_STAT 6 +#define MSG_FINISHED 9 +#define MSG_STAT2 10 +#define MSG_NOTE 11 +#define MSG_TIME 12 +#define MSG_LOG 13 +#define MSG_DEBUG 14 +#define MSG_FALSE 15 + +#define MSG_ERROR_STR "ERROR" +#define MSG_PORT_STR "PORT" +#define MSG_HOLE_STR "HOLE" +#define MSG_INFO_STR "INFO" +#define MSG_NOTE_STR "NOTE" +#define MSG_STAT_STR "STATUS" +#define MSG_BYE_STR "BYE" +#define MSG_FINISHED_STR "FINISHED" +#define MSG_TIME_STR "TIME" +#define MSG_LOG_STR "LOG" +#define MSG_DEBUG_STR "DEBUG" +#define MSG_FALSE_STR "FALSE" + +char * priority_type_to_str (int type); +int priority_name_to_type (char *name); int parse_server_message(struct context * , char *, int, char *); void parse_host_add_port(int, char *, char *); void parse_host_add_data(int, struct context *, char *, int); Modified: trunk/openvas-client/nessus/parseutils.c =================================================================== --- trunk/openvas-client/nessus/parseutils.c 2009-03-05 07:46:34 UTC (rev 2664) +++ trunk/openvas-client/nessus/parseutils.c 2009-03-05 09:21:13 UTC (rev 2665) @@ -1,66 +1,44 @@ -/* Nessus - * Copyright (C) 1998 - 2001 Renaud Deraison - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - * - * In addition, as a special exception, Renaud Deraison - * gives permission to link the code of this program with any - * version of the OpenSSL library which is distributed under a - * license identical to that listed in the included COPYING.OpenSSL - * file, and distribute linked combinations including the two. - * You must obey the GNU General Public License in all respects - * for all of the code used other than OpenSSL. If you modify - * this file, you may extend this exception to your version of the - * file, but you are not obligated to do so. If you do not wish to - * do so, delete this exception statement from your version. - */ +/* OpenVAS-Client +* +* Description: Utilities for parsing +* +* Authors: +* Joey Schulze +* +* Copyright: +* Copyright (C) 2009 Intevation GmbH +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License version 2, +* or, at your option, any later version as published by the Free +* Software Foundation +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. �See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +* +* In addition, as a special exception, you have +* permission to link the code of this program with the OpenSSL +* library (or with modified versions of OpenSSL that use the same +* license as OpenSSL), and distribute linked combinations including +* the two. You must obey the GNU General Public License in all +* respects for all of the code used other than OpenSSL. If you +* modify this file, you may extend this exception to your version +* of the file, but you are not obligated to do so. If you do not +* wish to do so, delete this exception statement from your version. +*/ #include #include #include +#include "parser.h" #include "parseutils.h" -/** - * @brief Convert internal message type into integer value - * - * Return value is one of MSG_HOLE, MSG_INFO, MSG_NOTE, MSG_FALSE, MSG_TIME, - * MSG_STAT, MSG_PORT, MSG_ERROR, MSG_FINISHED, MSG_BYE, MSG_LOG, MSG_DEBUG - * and -1 for unknown message type. - * - * @param name Internal message type name - * @return Message type code or -1 if unknown. - */ -int -priority_name_to_type(char *name) -{ -#ifdef DEBUG - fprintf(stderr, "%s:%d type : %s\n", __FILE__, __LINE__, name); -#endif - if(!strcmp(MSG_HOLE_STR, name))return(MSG_HOLE); - if(!strcmp(MSG_INFO_STR, name))return(MSG_INFO); - if(!strcmp(MSG_NOTE_STR, name))return(MSG_NOTE); - if(!strcmp(MSG_FALSE_STR, name))return(MSG_FALSE); - if(!strcmp(MSG_TIME_STR, name))return(MSG_TIME); - if(!strcmp(MSG_STAT_STR, name))return(MSG_STAT); - if(!strcmp(MSG_PORT_STR, name))return(MSG_PORT); - if(!strcmp(MSG_ERROR_STR, name))return(MSG_ERROR); - if(!strcmp(MSG_FINISHED_STR, name))return(MSG_FINISHED); - if(!strcmp(MSG_BYE_STR, name))return(MSG_BYE); - if(!strcmp(MSG_LOG_STR, name))return(MSG_LOG); - if(!strcmp(MSG_DEBUG_STR, name))return(MSG_DEBUG); - return(-1); -} /** * @brief Convert message type into integer value @@ -115,41 +93,3 @@ break; } } - - -/** - * @brief Convert message type into a human readable string - * - * Return value is the English name for the message type. - * - * @param name Message type - * @return Message type string - */ -char * -priority_type_to_str(int type) -{ - switch(type) - { - case MSG_HOLE : - return "Security Hole"; - break; - case MSG_INFO : - return "Security Warning"; - break; - case MSG_NOTE : - return "Security Note"; - break; - case MSG_FALSE : - return "False Positive"; - break; - case MSG_LOG : - return "Log Message"; - break; - case MSG_DEBUG : - return "Debug Message"; - break; - default : - fprintf(stderr, "received unknown message type (%d)\n", type); - return NULL; - } -} Modified: trunk/openvas-client/nessus/parseutils.h =================================================================== --- trunk/openvas-client/nessus/parseutils.h 2009-03-05 07:46:34 UTC (rev 2664) +++ trunk/openvas-client/nessus/parseutils.h 2009-03-05 09:21:13 UTC (rev 2665) @@ -1,64 +1,42 @@ -/* Nessus - * Copyright (C) 1998 - 2001 Renaud Deraison - * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License version 2, - * as published by the Free Software Foundation - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. - * - * In addition, as a special exception, Renaud Deraison - * gives permission to link the code of this program with any - * version of the OpenSSL library which is distributed under a - * license identical to that listed in the included COPYING.OpenSSL - * file, and distribute linked combinations including the two. - * You must obey the GNU General Public License in all respects - * for all of the code used other than OpenSSL. If you modify - * this file, you may extend this exception to your version of the - * file, but you are not obligated to do so. If you do not wish to - * do so, delete this exception statement from your version. - */ - +/* OpenVAS-Client +* +* Description: Utilities for parsing +* +* Authors: +* Joey Schulze +* +* Copyright: +* Copyright (C) 2009 Intevation GmbH +* +* This program is free software; you can redistribute it and/or modify +* it under the terms of the GNU General Public License version 2, +* or, at your option, any later version as published by the Free +* Software Foundation +* +* This program is distributed in the hope that it will be useful, +* but WITHOUT ANY WARRANTY; without even the implied warranty of +* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. �See the +* GNU General Public License for more details. +* +* You should have received a copy of the GNU General Public License +* along with this program; if not, write to the Free Software +* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +* +* In addition, as a special exception, you have +* permission to link the code of this program with the OpenSSL +* library (or with modified versions of OpenSSL that use the same +* license as OpenSSL), and distribute linked combinations including +* the two. You must obey the GNU General Public License in all +* respects for all of the code used other than OpenSSL. If you +* modify this file, you may extend this exception to your version +* of the file, but you are not obligated to do so. If you do not +* wish to do so, delete this exception statement from your version. +*/ + #ifndef _UTIL_PARSEUTILS_H #define _UTIL_PARSEUTILS_H -#define MSG_ERROR 1 -#define MSG_PORT 2 -#define MSG_HOLE 3 -#define MSG_BYE 4 -#define MSG_INFO 5 -#define MSG_STAT 6 -#define MSG_FINISHED 9 -#define MSG_STAT2 10 -#define MSG_NOTE 11 -#define MSG_TIME 12 -#define MSG_LOG 13 -#define MSG_DEBUG 14 -#define MSG_FALSE 15 - -#define MSG_ERROR_STR "ERROR" -#define MSG_PORT_STR "PORT" -#define MSG_HOLE_STR "HOLE" -#define MSG_INFO_STR "INFO" -#define MSG_NOTE_STR "NOTE" -#define MSG_STAT_STR "STATUS" -#define MSG_BYE_STR "BYE" -#define MSG_FINISHED_STR "FINISHED" -#define MSG_TIME_STR "TIME" -#define MSG_LOG_STR "LOG" -#define MSG_DEBUG_STR "DEBUG" -#define MSG_FALSE_STR "FALSE" - -int priority_name_to_type(char *name); int priority_str_to_type(char *str); char *priority_type_to_name(int type); -char * priority_type_to_str(int type); #endif /* _UTIL_PARSEUTILS_H */ Modified: trunk/openvas-client/src/util/priority.c =================================================================== --- trunk/openvas-client/src/util/priority.c 2009-03-05 07:46:34 UTC (rev 2664) +++ trunk/openvas-client/src/util/priority.c 2009-03-05 09:21:13 UTC (rev 2665) @@ -33,6 +33,13 @@ * wish to do so, delete this exception statement from your version. */ +/** @file + * Priority management. + * Shows dialogs to allow the user to change the priority of NVTS, e.g. to mark + * False Positives or to emphasize underestemated threats (mark a certain + * message as hole). + */ + #include #include #include "context.h" @@ -42,9 +49,9 @@ #include "data_mining.h" /** - * @brief Free priority chain + * @brief Free priority chain. * - * @param priority Priority chain to free + * @param priority Priority chain to free. */ void priority_free(struct priority *priority) @@ -59,7 +66,7 @@ } /** - * @brief Add priority to chain + * @brief Add priority to chain. * * Add a priority triple (port,prio old and new) to an existing * priority chain at the proper location inside. A new priority pair @@ -69,8 +76,8 @@ * The priority chain must always contain at least one element and * thus not be NULL. * - * @param priority Priority chain - * @param element New priority to add + * @param priority Priority chain. + * @param element New priority to add. */ void priority_add(struct priority *list, struct priority *element) @@ -96,13 +103,13 @@ } /** - * @brief Determine wheather a priority as been edited by the user + * @brief Determine whether a priority as been edited by the user. * * The priority chain is searched for an element with edited priority. * - * @param priority Priority chain + * @param priority Priority chain. * - * @return 1 (true) or 0 (false) + * @return 1 (true) or 0 (false). */ int priority_has_changed(struct priority *priority) @@ -175,7 +182,7 @@ } /** - * @brief Find a matching priority element + * @brief Find a matching priority element. * * An OpenVAS plugin script may test multiple ports and thus the * priority chain may contain priority pairs for more than only one @@ -206,17 +213,17 @@ } /** - * @brief Parse a priority configuration record + * @brief Parse a priority configuration record. * * This function interprets a configuration record for one OpenVAS ID * as found in the scope configuration. * - * @param preference Configuration string + * @param preference Configuration string. * - * @return priority chain with all priority elements + * @return priority chain with all priority elements. */ struct priority * -priority_parse_preference(char *preference) +priority_parse_preference (char *preference) { char *pivot; char *port; @@ -286,7 +293,7 @@ } /** - * @brief Adjust the priority chain from the report to reality + * @brief Adjust the priority chain from the report to reality. * * This function takes the priority chain gathered from the current * report as input. It then reads the report configuration and @@ -294,12 +301,12 @@ * scope configuration is read and edited priorities added to the * chain. * - * @param priolist Priority chain + * @param priolist[in,out] Priority chain. * - * @return The supplied priority chain is modified + * @return The supplied priority chain is modified. */ void -priorities_adjust(struct arglist *priolist) +priorities_adjust (struct arglist *priolist) { struct context *report, *scope; struct arglist *preferences; @@ -390,16 +397,16 @@ } /** - * @brief Determine all visible OIDs and their priorities + * @brief Determine all visible OIDs and their priorities. * * This function reads the oids and priorities for all hosts from the * current report and adjusts priorities on the base of the report and * scope configuration. * - * @return Priority chains for all visible hosts + * @return Priority chains for all visible hosts. */ struct arglist * -get_priorities(struct arglist *ctrls) +get_priorities (struct arglist *ctrls) { struct arglist *priolist; struct arglist *hostlist; @@ -421,6 +428,13 @@ host = subset_nth_value(walk, 3); prio = priority_str_to_type(severity); + printf ("BUGME: priorities found\n"); + printf ("BUGME: \t oid %s\n", oid); + printf ("BUGME: \t port %s\n", port); + printf ("BUGME: \t severity %s\n", severity); + printf ("BUGME: \t host %s\n", severity); + printf ("BUGME: \t prio: %d\n", prio); + if ((hostlist = arg_get_value(priolist, host)) == NULL) { hostlist = emalloc(sizeof(struct arglist)); arg_add_value(priolist, host, ARG_ARGLIST, -1, hostlist); @@ -457,17 +471,17 @@ } /** - * @brief Build a configuration string for an OID + * @brief Build a configuration string for an OID. * * This function generates a configuration line for all modified * priorities in the given chain as used in the scope configuration. * * This function should only be called if priority_has_changed() - * returns true + * returns true. * - * @param priority Priority chain + * @param priority Priority chain. * - * @return String with the configuration + * @return String with the configuration. */ char * format_priorities(struct priority *priority) @@ -530,7 +544,7 @@ } /** - * @brief Delete a configuration entry + * @brief Delete a configuration entry. * * The line to be removed in the scope configuration is determined by * the hostname and the oid. If the last configuration entry has been @@ -545,7 +559,7 @@ struct context *scope; struct arglist *preferences; char *conf; - char *prefkey; + gchar *prefkey; if (!oid) return; @@ -553,16 +567,15 @@ if ((scope = context_by_type(Context, CONTEXT_SCOPE)) == NULL) return; - prefkey = emalloc(strlen("PLUGINS_PRIORITIES")+strlen(host)+2); - sprintf(prefkey, "PLUGINS_PRIORITIES_%s", host); + prefkey = g_strdup_printf ("PLUGINS_PRIORITIES_%s", host); if ((preferences = arg_get_value(scope->prefs, prefkey)) == NULL) { - efree(&prefkey); + g_free (prefkey); return; } if ((conf = arg_get_value(preferences, oid)) == NULL) { - efree(&prefkey); + g_free (prefkey); return; } @@ -575,11 +588,11 @@ arg_del_value(scope->prefs, prefkey); } - efree(&prefkey); + g_free (prefkey); } /** - * @brief Store a (new) priority override in the scope preferences + * @brief Store a (new) priority override in the scope preferences. * * A configuration line is generated for the given priority chain and * then stored in the scope configuration. @@ -589,12 +602,12 @@ * @param priority Priority chain */ void -preference_store(char *host, char *oid, struct priority *priority) +preference_store (char *host, char *oid, struct priority *priority) { struct context *scope; struct arglist *preferences; char *conf; - char *prefkey; + gchar *prefkey; char *priorities_str; if (!host || !oid || !priority) @@ -608,8 +621,7 @@ return; } - prefkey = emalloc(strlen("PLUGINS_PRIORITIES")+strlen(host)+2); - sprintf(prefkey, "PLUGINS_PRIORITIES_%s", host); + prefkey = g_strdup_printf ("PLUGINS_PRIORITIES_%s", host); priorities_str = format_priorities(priority); @@ -617,7 +629,7 @@ struct arglist *preferences = emalloc(sizeof(struct arglist)); arg_add_value(preferences, oid, ARG_STRING, strlen(priorities_str)+1, priorities_str); arg_add_value(scope->prefs, prefkey, ARG_ARGLIST, -1, preferences); - efree(&prefkey); + g_free (prefkey); return; } @@ -626,5 +638,5 @@ else arg_set_value(preferences, oid, strlen(priorities_str)+1, priorities_str); - efree(&prefkey); + g_free (prefkey); } From scm-commit at wald.intevation.org Thu Mar 5 10:24:13 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 10:24:13 +0100 (CET) Subject: [Openvas-commits] r2666 - in trunk/openvas-client: . nessus src/util Message-ID: <20090305092413.6756740785@pyrosoma.intevation.org> Author: felix Date: 2009-03-05 10:24:11 +0100 (Thu, 05 Mar 2009) New Revision: 2666 Added: trunk/openvas-client/src/util/parseutils.c trunk/openvas-client/src/util/parseutils.h Removed: trunk/openvas-client/nessus/parseutils.c trunk/openvas-client/nessus/parseutils.h Modified: trunk/openvas-client/MANIFEST trunk/openvas-client/nessus/Makefile trunk/openvas-client/src/util/Makefile Log: Moved parseutils module back into src/ directory. * nessus/parseutils.h, nessus/parseutils.c: Moved to src/util. * src/util/parseutils.c, src/util/parseutils.h: Moved from nessus/. * nessus/Makefile: Removed target. * src/util/Makefile: Added target. * MANIFEST: Updated. Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-03-05 09:21:13 UTC (rev 2665) +++ trunk/openvas-client/MANIFEST 2009-03-05 09:24:11 UTC (rev 2666) @@ -82,8 +82,6 @@ nessus/OpenVAS-Client.desktop nessus/parser.c nessus/parser.h -nessus/parseutils.c -nessus/parseutils.h nessus/pdf_output.c nessus/pdf_output.h nessus/plugin_cache.c @@ -222,6 +220,8 @@ src/util/Makefile src/util/openvas_ssh_key_create.c src/util/openvas_ssh_key_create.h +src/util/parseutils.c +src/util/parseutils.h src/xpm/logo_bsi_de.xpm src/xpm/logo_bsi.xpm src/xpm/logo_intevation.xpm Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2009-03-05 09:21:13 UTC (rev 2665) +++ trunk/openvas-client/nessus/Makefile 2009-03-05 09:24:11 UTC (rev 2666) @@ -43,7 +43,6 @@ error_dlg.o \ backend.o \ data_mining.o \ - parseutils.o \ prefs_dialog.o \ prefs_scope_tree.o \ prefs_dialog_scan_opt.o \ @@ -171,9 +170,6 @@ ssh_key_info_form.o : cflags ../src/gui/ssh_key_info_form.c ../src/gui/ssh_key_info_form.h globals.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/gui/ssh_key_info_form.c -parseutils.o: cflags parseutils.c parseutils.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c parseutils.c - prefs_dialog_plugins_prefs.o : cflags prefs_dialog/prefs_dialog_plugins_prefs.c context.h \ prefs_dialog/listnotebook.h prefs_dialog/readonly.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_dialog_plugins_prefs.c Deleted: trunk/openvas-client/nessus/parseutils.c =================================================================== --- trunk/openvas-client/nessus/parseutils.c 2009-03-05 09:21:13 UTC (rev 2665) +++ trunk/openvas-client/nessus/parseutils.c 2009-03-05 09:24:11 UTC (rev 2666) @@ -1,95 +0,0 @@ -/* OpenVAS-Client -* -* Description: Utilities for parsing -* -* Authors: -* Joey Schulze -* -* Copyright: -* Copyright (C) 2009 Intevation GmbH -* -* This program is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License version 2, -* or, at your option, any later version as published by the Free -* Software Foundation -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. �See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -* -* In addition, as a special exception, you have -* permission to link the code of this program with the OpenSSL -* library (or with modified versions of OpenSSL that use the same -* license as OpenSSL), and distribute linked combinations including -* the two. You must obey the GNU General Public License in all -* respects for all of the code used other than OpenSSL. If you -* modify this file, you may extend this exception to your version -* of the file, but you are not obligated to do so. If you do not -* wish to do so, delete this exception statement from your version. -*/ - -#include -#include -#include -#include "parser.h" -#include "parseutils.h" - - -/** - * @brief Convert message type into integer value - * - * Return value is one of MSG_HOLE, MSG_INFO, MSG_NOTE, MSG_FALSE, MSG_LOG, - * MSG_DEBUG and -1 for unknown message type. - * - * @param str Message type name - * @return Message type code or -1 if unknown. - */ -int -priority_str_to_type(char *str) -{ - if (!strcmp("Security Hole", str)) return MSG_HOLE; - if (!strcmp("Security Warning", str)) return MSG_INFO; - if (!strcmp("Security Note", str)) return MSG_NOTE; - if (!strcmp("False Positive", str)) return MSG_FALSE; - if (!strcmp("Log Message", str)) return MSG_LOG; - if (!strcmp("Debug Message", str)) return MSG_DEBUG; - - return -1; -} - -/** - * @brief Convert message type into internal message type name - * - * Return value is one of MSG_HOLE_STR, MSG_INFO_STR, MSG_NOTE_STR, - * MSG_FALSE_STR and exists for unknown message type. - * - * @param type Message type - * @return Message type name - */ -char * -priority_type_to_name(int type) -{ - switch (type) { - case MSG_HOLE: - return MSG_HOLE_STR; - break; - case MSG_NOTE: - return MSG_NOTE_STR; - break; - case MSG_INFO: - return MSG_INFO_STR; - break; - case MSG_FALSE: - return MSG_FALSE_STR; - break; - default: - fprintf(stderr, "priority_type_to_name: Unknown message type %d\n", type); - exit(1); - break; - } -} Deleted: trunk/openvas-client/nessus/parseutils.h =================================================================== --- trunk/openvas-client/nessus/parseutils.h 2009-03-05 09:21:13 UTC (rev 2665) +++ trunk/openvas-client/nessus/parseutils.h 2009-03-05 09:24:11 UTC (rev 2666) @@ -1,42 +0,0 @@ -/* OpenVAS-Client -* -* Description: Utilities for parsing -* -* Authors: -* Joey Schulze -* -* Copyright: -* Copyright (C) 2009 Intevation GmbH -* -* This program is free software; you can redistribute it and/or modify -* it under the terms of the GNU General Public License version 2, -* or, at your option, any later version as published by the Free -* Software Foundation -* -* This program is distributed in the hope that it will be useful, -* but WITHOUT ANY WARRANTY; without even the implied warranty of -* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. �See the -* GNU General Public License for more details. -* -* You should have received a copy of the GNU General Public License -* along with this program; if not, write to the Free Software -* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. -* -* In addition, as a special exception, you have -* permission to link the code of this program with the OpenSSL -* library (or with modified versions of OpenSSL that use the same -* license as OpenSSL), and distribute linked combinations including -* the two. You must obey the GNU General Public License in all -* respects for all of the code used other than OpenSSL. If you -* modify this file, you may extend this exception to your version -* of the file, but you are not obligated to do so. If you do not -* wish to do so, delete this exception statement from your version. -*/ - -#ifndef _UTIL_PARSEUTILS_H -#define _UTIL_PARSEUTILS_H - -int priority_str_to_type(char *str); -char *priority_type_to_name(int type); - -#endif /* _UTIL_PARSEUTILS_H */ Modified: trunk/openvas-client/src/util/Makefile =================================================================== --- trunk/openvas-client/src/util/Makefile 2009-03-05 09:21:13 UTC (rev 2665) +++ trunk/openvas-client/src/util/Makefile 2009-03-05 09:24:11 UTC (rev 2666) @@ -48,7 +48,7 @@ LDFLAGS+=-mwindows endif -OBJS=openvas_ssh_key_create.o priority.o +OBJS=openvas_ssh_key_create.o priority.o parseutils.o all : cflags $(OBJS) @@ -61,6 +61,9 @@ openvas_ssh_key_create.o: openvas_ssh_key_create.c openvas_ssh_key_create.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c openvas_ssh_key_create.c +parseutils.o: parseutils.c parseutils.h + $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c parseutils.c + priority.o: priority.c priority.h $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c priority.c Copied: trunk/openvas-client/src/util/parseutils.c (from rev 2665, trunk/openvas-client/nessus/parseutils.c) Copied: trunk/openvas-client/src/util/parseutils.h (from rev 2665, trunk/openvas-client/nessus/parseutils.h) From scm-commit at wald.intevation.org Thu Mar 5 10:29:00 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 10:29:00 +0100 (CET) Subject: [Openvas-commits] r2667 - in trunk/openvas-client: . nessus Message-ID: <20090305092900.EBF6640792@pyrosoma.intevation.org> Author: felix Date: 2009-03-05 10:28:58 +0100 (Thu, 05 Mar 2009) New Revision: 2667 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/Makefile Log: * nessus/Makefile: Added parseutils.o to UTIL_OBJS. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 09:24:11 UTC (rev 2666) +++ trunk/openvas-client/ChangeLog 2009-03-05 09:28:58 UTC (rev 2667) @@ -1,5 +1,23 @@ 2009-03-05 Felix Wolfsteller + * nessus/Makefile: Added parseutils.o to UTIL_OBJS. + +2009-03-05 Felix Wolfsteller + + Moved parseutils module back into src/ directory. + + * nessus/parseutils.h, nessus/parseutils.c: Moved to src/util. + + * src/util/parseutils.c, src/util/parseutils.h: Moved from nessus/. + + * nessus/Makefile: Removed target. + + * src/util/Makefile: Added target. + + * MANIFEST: Updated. + +2009-03-05 Felix Wolfsteller + Moved code with former different copyright from parseutils module back into parser module. Credited copyright- holder of new code (intevation GmbH) and author (Joey Schulze) in parseutils, applied GPL/(c) header Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2009-03-05 09:24:11 UTC (rev 2666) +++ trunk/openvas-client/nessus/Makefile 2009-03-05 09:28:58 UTC (rev 2667) @@ -73,7 +73,7 @@ ../src/gui/ssh_key_info_form.o ../src/gui/nvt_pref_sshlogin.o \ ../src/openvas-lib/hash_table_file.o ../src/gui/priorities_dialog.o \ -UTIL_OBJS = ../src/util/priority.o +UTIL_OBJS = ../src/util/priority.o ../src/util/parseutils.o all : cflags ${make_bindir}/$(NESSUSCLIENT) From scm-commit at wald.intevation.org Thu Mar 5 10:46:34 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 10:46:34 +0100 (CET) Subject: [Openvas-commits] r2668 - in trunk/openvas-client: . doc Message-ID: <20090305094634.B6DC940796@pyrosoma.intevation.org> Author: mwiegand Date: 2009-03-05 10:46:30 +0100 (Thu, 05 Mar 2009) New Revision: 2668 Modified: trunk/openvas-client/CHANGES trunk/openvas-client/ChangeLog trunk/openvas-client/MANIFEST trunk/openvas-client/VERSION trunk/openvas-client/doc/Doxyfile trunk/openvas-client/doc/Doxyfile_full Log: Preparing the openvas-client 2.0.2 release. * VERSION: Set to 2.0.2. * CHANGES: Updated. * MANIFEST: Added missing entries. * doc/Doxyfile, doc/Doxyfile_full: Set PROJECT_NUMBER to 2.0.2. Modified: trunk/openvas-client/CHANGES =================================================================== --- trunk/openvas-client/CHANGES 2009-03-05 09:28:58 UTC (rev 2667) +++ trunk/openvas-client/CHANGES 2009-03-05 09:46:30 UTC (rev 2668) @@ -1,3 +1,58 @@ +openvas-client 2.0.2 (2009-03-05) + +This is the second maintenance release of the openvas-client module for the +Open Vulnerability Assessment System (OpenVAS) 2.0-series. + +It fixes some issues discovered after the release of openvas-client +2.0.1 and especially offers the further matured "OpenVAS LSC +Credentials Manager" that can be used in conjunction with a new +ssh_authorization.nasl which is available via the OpenVAS NVT Feed. +If you are doing a lot of local security checks this might make your +life easier. +Thanks to the continuing audit of the code, a number of obsolete, unused and/or +unnecessary functions were identified and removed. + +Effects when installing this version: + +* New default port of the server: Please be aware that openvas-server + now listens on port 9390 by default since this port has recently been + allocated by IANA for the Openvas Transport Protocol (OTP). This release + of the client now uses the same default. + +* Option "Silent dependencies" is now "on" by default. Previously it was + set to "off". If you didn't pay attention to this option in the past + you might experience larger reports now. + +Main changes since 2.0.1: + +* The timeout-setting functionality has been made more robust. It has been moved + to the plugin info dialog to make accessing this functionality easier. +* A counter column for log messages has been added. +* XML exports: A bug (http://bugs.openvas.org/867) which caused a corrupted + protocol attribute during XML export when service names contained slashes has + been fixed. This also fixes another bug which caused service names to show up + in the protocol attribute. +* A bug which prevented the display of signatures due to sometimes different + "fingerprint" lengths has been fixed. +* A bug which prevented the client from correctly determining certain server + preference settings has been fixed. +* Established automated source code documentation. HTML-Version is available + under http://www.openvas.org/src-doc/openvas-client/current/index.html +* Openvas-client now uses the IANA-assigned port 9390 for communication + with the server. +* A bug (http://bugs.openvas.org/858) which cause a segmentation fault when + trying to list preferences or plugins on the command line without enabling + batch mode has been fixed. +* Support for improved management of SSH credentials has been added in + accordance with Change Request #20 (http://www.openvas.org/openvas-cr-20.html) +* The "Silent Dependencies" option now defaults to "no". Setting this option to + "yes" causes possible error messages from NVTs executed as dependencies to not + show up in client which is not desirable from a security viewpoint. + +Many thanks to everyone who has contributed to this release: Joey Schulze, +Michael Wiegand and Felix Wolfsteller. + + openvas-client 2.0.1 (2008-12-19) This is the 2.0.1 release of OpenVAS-Client, a small maintenance release to fix Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 09:28:58 UTC (rev 2667) +++ trunk/openvas-client/ChangeLog 2009-03-05 09:46:30 UTC (rev 2668) @@ -1,3 +1,15 @@ +2009-03-05 Michael Wiegand + + Preparing the openvas-client 2.0.2 release. + + * VERSION: Set to 2.0.2. + + * CHANGES: Updated. + + * MANIFEST: Added missing entries. + + * doc/Doxyfile, doc/Doxyfile_full: Set PROJECT_NUMBER to 2.0.2. + 2009-03-05 Felix Wolfsteller * nessus/Makefile: Added parseutils.o to UTIL_OBJS. Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-03-05 09:28:58 UTC (rev 2667) +++ trunk/openvas-client/MANIFEST 2009-03-05 09:46:30 UTC (rev 2668) @@ -198,6 +198,8 @@ src/gui/error_dlg.h src/gui/nvt_pref_sshlogin.h src/gui/nvt_pref_sshlogin.c +src/gui/priorities_dialog.h +src/gui/priorities_dialog.c src/gui/ssh_key_info_form.h src/gui/ssh_key_info_form.c src/gui/ssh_keys_dialog.c @@ -220,6 +222,8 @@ src/util/Makefile src/util/openvas_ssh_key_create.c src/util/openvas_ssh_key_create.h +src/util/priority.h +src/util/priority.c src/util/parseutils.c src/util/parseutils.h src/xpm/logo_bsi_de.xpm Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2009-03-05 09:28:58 UTC (rev 2667) +++ trunk/openvas-client/VERSION 2009-03-05 09:46:30 UTC (rev 2668) @@ -1 +1 @@ -2.0.2.SVN +2.0.2 Modified: trunk/openvas-client/doc/Doxyfile =================================================================== --- trunk/openvas-client/doc/Doxyfile 2009-03-05 09:28:58 UTC (rev 2667) +++ trunk/openvas-client/doc/Doxyfile 2009-03-05 09:46:30 UTC (rev 2668) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.0.2.SVN +PROJECT_NUMBER = 2.0.2 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-client/doc/Doxyfile_full =================================================================== --- trunk/openvas-client/doc/Doxyfile_full 2009-03-05 09:28:58 UTC (rev 2667) +++ trunk/openvas-client/doc/Doxyfile_full 2009-03-05 09:46:30 UTC (rev 2668) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.0.2.SVN +PROJECT_NUMBER = 2.0.2 # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Thu Mar 5 10:51:41 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 10:51:41 +0100 (CET) Subject: [Openvas-commits] r2669 - tags Message-ID: <20090305095141.30BB740766@pyrosoma.intevation.org> Author: mwiegand Date: 2009-03-05 10:51:39 +0100 (Thu, 05 Mar 2009) New Revision: 2669 Added: tags/openvas-client-release-2.0.2/ Log: Tagging the openvas-client 2.0.2 release. Copied: tags/openvas-client-release-2.0.2 (from rev 2668, trunk/openvas-client) From scm-commit at wald.intevation.org Thu Mar 5 10:54:45 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 10:54:45 +0100 (CET) Subject: [Openvas-commits] r2670 - in trunk/openvas-client: . doc Message-ID: <20090305095445.2282140794@pyrosoma.intevation.org> Author: mwiegand Date: 2009-03-05 10:54:43 +0100 (Thu, 05 Mar 2009) New Revision: 2670 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/VERSION trunk/openvas-client/doc/Doxyfile trunk/openvas-client/doc/Doxyfile_full Log: Post release version bump. * VERSION: Set to 2.0.3.SVN. * doc/Doxyfile, doc/Doxyfile_full: Set PROJECT_NUMBER to 2.0.3.SVN. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 09:51:39 UTC (rev 2669) +++ trunk/openvas-client/ChangeLog 2009-03-05 09:54:43 UTC (rev 2670) @@ -1,5 +1,13 @@ 2009-03-05 Michael Wiegand + Post release version bump. + + * VERSION: Set to 2.0.3.SVN. + + * doc/Doxyfile, doc/Doxyfile_full: Set PROJECT_NUMBER to 2.0.3.SVN. + +2009-03-05 Michael Wiegand + Preparing the openvas-client 2.0.2 release. * VERSION: Set to 2.0.2. Modified: trunk/openvas-client/VERSION =================================================================== --- trunk/openvas-client/VERSION 2009-03-05 09:51:39 UTC (rev 2669) +++ trunk/openvas-client/VERSION 2009-03-05 09:54:43 UTC (rev 2670) @@ -1 +1 @@ -2.0.2 +2.0.3.SVN Modified: trunk/openvas-client/doc/Doxyfile =================================================================== --- trunk/openvas-client/doc/Doxyfile 2009-03-05 09:51:39 UTC (rev 2669) +++ trunk/openvas-client/doc/Doxyfile 2009-03-05 09:54:43 UTC (rev 2670) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.0.2 +PROJECT_NUMBER = 2.0.3.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. Modified: trunk/openvas-client/doc/Doxyfile_full =================================================================== --- trunk/openvas-client/doc/Doxyfile_full 2009-03-05 09:51:39 UTC (rev 2669) +++ trunk/openvas-client/doc/Doxyfile_full 2009-03-05 09:54:43 UTC (rev 2670) @@ -23,7 +23,7 @@ # This could be handy for archiving the generated documentation or # if some version control system is used. -PROJECT_NUMBER = 2.0.2 +PROJECT_NUMBER = 2.0.3.SVN # The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute) # base path where the generated documentation will be put. From scm-commit at wald.intevation.org Thu Mar 5 11:05:16 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 11:05:16 +0100 (CET) Subject: [Openvas-commits] r2671 - trunk/openvas-client Message-ID: <20090305100516.6FFAC40785@pyrosoma.intevation.org> Author: mwiegand Date: 2009-03-05 11:05:14 +0100 (Thu, 05 Mar 2009) New Revision: 2671 Modified: trunk/openvas-client/CHANGES trunk/openvas-client/ChangeLog Log: * CHANGES: Fixed misleading comment regarding silent dependencies. Modified: trunk/openvas-client/CHANGES =================================================================== --- trunk/openvas-client/CHANGES 2009-03-05 09:54:43 UTC (rev 2670) +++ trunk/openvas-client/CHANGES 2009-03-05 10:05:14 UTC (rev 2671) @@ -19,8 +19,8 @@ allocated by IANA for the Openvas Transport Protocol (OTP). This release of the client now uses the same default. -* Option "Silent dependencies" is now "on" by default. Previously it was - set to "off". If you didn't pay attention to this option in the past +* Option "Silent dependencies" is now "off" by default. Previously it was + set to "on". If you didn't pay attention to this option in the past you might experience larger reports now. Main changes since 2.0.1: Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 09:54:43 UTC (rev 2670) +++ trunk/openvas-client/ChangeLog 2009-03-05 10:05:14 UTC (rev 2671) @@ -1,5 +1,9 @@ 2009-03-05 Michael Wiegand + * CHANGES: Fixed misleading comment regarding silent dependencies. + +2009-03-05 Michael Wiegand + Post release version bump. * VERSION: Set to 2.0.3.SVN. From scm-commit at wald.intevation.org Thu Mar 5 11:09:43 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 11:09:43 +0100 (CET) Subject: [Openvas-commits] r2672 - trunk/doc/website Message-ID: <20090305100943.CB89640791@pyrosoma.intevation.org> Author: mwiegand Date: 2009-03-05 11:09:40 +0100 (Thu, 05 Mar 2009) New Revision: 2672 Modified: trunk/doc/website/code-quality.htm4 trunk/doc/website/template_header.m4 Log: Updated download link and code quality numbers openvas-client 2.0.2. Modified: trunk/doc/website/code-quality.htm4 =================================================================== --- trunk/doc/website/code-quality.htm4 2009-03-05 10:05:14 UTC (rev 2671) +++ trunk/doc/website/code-quality.htm4 2009-03-05 10:09:40 UTC (rev 2672) @@ -458,6 +458,13 @@ 158/45 2 + + 2.0.2 + 28795 + 599 + 154/44 + 2 +

How the numbers have been assembled

Modified: trunk/doc/website/template_header.m4 =================================================================== --- trunk/doc/website/template_header.m4 2009-03-05 10:05:14 UTC (rev 2671) +++ trunk/doc/website/template_header.m4 2009-03-05 10:09:40 UTC (rev 2672) @@ -147,7 +147,7 @@ openvas-server 2.0.1
openvas-plugins 1.0.5
Client:
- openvas-client 2.0.1
+ openvas-client 2.0.2

From scm-commit at wald.intevation.org Thu Mar 5 12:25:50 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 12:25:50 +0100 (CET) Subject: [Openvas-commits] r2673 - trunk/openvas-server Message-ID: <20090305112550.9648840795@pyrosoma.intevation.org> Author: felix Date: 2009-03-05 12:25:48 +0100 (Thu, 05 Mar 2009) New Revision: 2673 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/configure.in Log: Increased the required openvas-libraries version (2.0.2), for updated ssh_login datastructure. * configure.in: Increased required openvas-libraries version to 2.0.2. Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2009-03-05 10:09:40 UTC (rev 2672) +++ trunk/openvas-server/ChangeLog 2009-03-05 11:25:48 UTC (rev 2673) @@ -1,3 +1,10 @@ +2009-03-05 Felix Wolfsteller + + Increased the required openvas-libraries version (2.0.2), for updated + ssh_login datastructure. + + * configure.in: Increased required openvas-libraries version to 2.0.2. + 2009-03-02 Michael Wiegand * openvasd/oval_plugins.c: Code cleanup. Renamed child_setup to Modified: trunk/openvas-server/configure.in =================================================================== --- trunk/openvas-server/configure.in 2009-03-05 10:09:40 UTC (rev 2672) +++ trunk/openvas-server/configure.in 2009-03-05 11:25:48 UTC (rev 2673) @@ -44,7 +44,7 @@ AC_REVISION($Revision$)dnl AC_PREREQ(2.50) -NEED_OPENVASLIBS_VERSION=2.0.1 +NEED_OPENVASLIBS_VERSION=2.0.2 NEED_OPENVASLIBNASL_VERSION=2.0.1 dnl version stuff -- jordan From scm-commit at wald.intevation.org Thu Mar 5 12:43:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 12:43:54 +0100 (CET) Subject: [Openvas-commits] r2674 - trunk/openvas-client Message-ID: <20090305114354.DAD0D407A6@pyrosoma.intevation.org> Author: jan Date: 2009-03-05 12:43:52 +0100 (Thu, 05 Mar 2009) New Revision: 2674 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/MANIFEST Log: * MANIFEST: Updated (missing doxygen files) Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 11:25:48 UTC (rev 2673) +++ trunk/openvas-client/ChangeLog 2009-03-05 11:43:52 UTC (rev 2674) @@ -1,3 +1,7 @@ +2009-03-05 Jan-Oliver Wagner + + * MANIFEST: Updated (missing doxygen files) + 2009-03-05 Michael Wiegand * CHANGES: Fixed misleading comment regarding silent dependencies. Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-03-05 11:25:48 UTC (rev 2673) +++ trunk/openvas-client/MANIFEST 2009-03-05 11:43:52 UTC (rev 2674) @@ -11,6 +11,8 @@ COPYING COPYING.OpenSSL COPYING.README +doc/Doxyfile +doc/Doxyfile_full doc/nbe_file_format.txt doc/nessus.xsd doc/OpenVAS-Client.1 From scm-commit at wald.intevation.org Thu Mar 5 12:48:54 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 12:48:54 +0100 (CET) Subject: [Openvas-commits] r2675 - trunk/doc/website Message-ID: <20090305114854.20789407AB@pyrosoma.intevation.org> Author: jan Date: 2009-03-05 12:48:53 +0100 (Thu, 05 Mar 2009) New Revision: 2675 Modified: trunk/doc/website/src-doc.htm4 Log: Adding more source code documentation. Modified: trunk/doc/website/src-doc.htm4 =================================================================== --- trunk/doc/website/src-doc.htm4 2009-03-05 11:43:52 UTC (rev 2674) +++ trunk/doc/website/src-doc.htm4 2009-03-05 11:48:53 UTC (rev 2675) @@ -50,4 +50,6 @@

From scm-commit at wald.intevation.org Thu Mar 5 15:14:06 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 15:14:06 +0100 (CET) Subject: [Openvas-commits] r2676 - in trunk/openvas-client: . nessus src/gui src/openvas-lib src/util Message-ID: <20090305141406.497EE407AB@pyrosoma.intevation.org> Author: jan Date: 2009-03-05 15:14:04 +0100 (Thu, 05 Mar 2009) New Revision: 2676 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/nessus/Makefile trunk/openvas-client/src/gui/Makefile trunk/openvas-client/src/openvas-lib/Makefile trunk/openvas-client/src/util/Makefile Log: * src/openvas-lib/Makefile, src/gui/Makefile, src/util/Makefile, nessus/Makefile: Replace term "NESSUS_INCLUDE" by "OPENVAS_INCLUDE". Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 11:48:53 UTC (rev 2675) +++ trunk/openvas-client/ChangeLog 2009-03-05 14:14:04 UTC (rev 2676) @@ -1,5 +1,10 @@ 2009-03-05 Jan-Oliver Wagner + * src/openvas-lib/Makefile, src/gui/Makefile, src/util/Makefile, + nessus/Makefile: Replace term "NESSUS_INCLUDE" by "OPENVAS_INCLUDE". + +2009-03-05 Jan-Oliver Wagner + * MANIFEST: Updated (missing doxygen files) 2009-03-05 Michael Wiegand Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2009-03-05 11:48:53 UTC (rev 2675) +++ trunk/openvas-client/nessus/Makefile 2009-03-05 14:14:04 UTC (rev 2676) @@ -5,7 +5,7 @@ LIBS = $(X_LIBS) $(X_CFLAGS) $(GTKLIBS) $(GLIB_LIBS) $(GDC_LIB) \ $(RUN_LIBS) $(C_R_LIB) -lm -L../libnessus -lnessus-client -lssl -lcrypto $(DL_LIB) -lz $(SOCKET_LIB) -NESSUS_INCLUDE=`sh ./cflags` +OPENVAS_INCLUDE=`sh ./cflags` CFLAGS+=-Wall # The name of the executable: @@ -96,10 +96,10 @@ $(MAKE) -C ../libnessus context.o : cflags context.c context.h ../src/gui/error_dlg.h comm.h plugin_cache.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c context.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c context.c preferences.o : cflags preferences.c preferences.h ../src/gui/error_dlg.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c preferences.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c preferences.c prefs_dialog.o : cflags prefs_dialog/prefs_dialog.c prefs_dialog/prefs_dialog.h\ prefs_dialog/prefs_help.h globals.h context.h prefs_dialog/prefs_context.h\ @@ -108,188 +108,188 @@ xpm/access_rules.xpm xpm/credentials.xpm xpm/general_prefs.xpm \ xpm/knowledgebase.xpm xpm/plugins.xpm xpm/properties.xpm \ xpm/target_selection.xpm - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_dialog.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_dialog.c prefs_scope_tree.o : cflags prefs_dialog/prefs_scope_tree.c ../src/gui/error_dlg.h \ globals.h preferences.h context.h prefs_dialog/prefs_context.h \ prefs_dialog/prefs_dialog_auth.h xpm/connected.xpm - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_scope_tree.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_scope_tree.c prefs_dialog_scan_opt.o : cflags prefs_dialog/prefs_dialog_scan_opt.c\ prefs_dialog/prefs_dialog_scan_opt.h ../src/gui/error_dlg.h prefs_dialog/readonly.h \ globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_dialog_scan_opt.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_dialog_scan_opt.c prefs_target.o : cflags prefs_dialog/prefs_target.c\ prefs_dialog/prefs_target.h read_target_file.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_target.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_target.c prefs_dialog_user.o : cflags prefs_dialog/prefs_dialog_user.c globals.h \ prefs_dialog/readonly.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_dialog_user.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_dialog_user.c prefs_dialog_auth.o : cflags prefs_dialog/prefs_dialog_auth.c \ prefs_dialog/prefs_help.h globals.h context.h ../src/gui/error_dlg.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_dialog_auth.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_dialog_auth.c nessus_plugin.o : cflags nessus_plugin.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c nessus_plugin.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c nessus_plugin.c prefs_plugins.o : cflags prefs_dialog/prefs_plugins.c ../src/gui/error_dlg.h\ prefs_dialog/prefs_help.h prefs_dialog/prefs_plugins_tree.h\ prefs_dialog/readonly.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_plugins.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_plugins.c prefs_plugins_tree.o : cflags prefs_dialog/prefs_plugins_tree.c \ prefs_dialog/prefs_plugins_tree.h filter.h \ ../src/gui/error_dlg.h prefs_dialog/prefs_help.h globals.h \ plugin_infos.h xpm/warning_small.xpm - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_plugins_tree.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_plugins_tree.c openvas_certificates.o : cflags ../src/openvas-lib/openvas_certificates.c \ ../src/openvas-lib/openvas_certificates.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/openvas-lib/openvas_certificates.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c ../src/openvas-lib/openvas_certificates.c openvas_certificate_file.o : cflags ../src/openvas-lib/openvas_certificate_file.c \ ../src/openvas-lib/openvas_certificate_file.c \ ../src/openvas-lib/openvas_certificates.h \ ../src/openvas-lib/openvas_certificates.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/openvas-lib/openvas_certificate_file.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c ../src/openvas-lib/openvas_certificate_file.c openvas_ssh_login.o : cflags ../src/openvas-lib/openvas_ssh_login.c \ ../src/openvas-lib/openvas_ssh_login.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/openvas-lib/openvas_ssh_login.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c ../src/openvas-lib/openvas_ssh_login.c openvas_ssh_key_create.o : cflags ../src/util/openvas_ssh_key_create.c \ ../src/util/openvas_ssh_key_create.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/util/openvas_ssh_key_create.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c ../src/util/openvas_ssh_key_create.c error_dlg.o : cflags ../src/gui/error_dlg.c ../src/gui/error_dlg.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/gui/error_dlg.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c ../src/gui/error_dlg.c ssh_key_info_form.o : cflags ../src/gui/ssh_key_info_form.c ../src/gui/ssh_key_info_form.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ../src/gui/ssh_key_info_form.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c ../src/gui/ssh_key_info_form.c prefs_dialog_plugins_prefs.o : cflags prefs_dialog/prefs_dialog_plugins_prefs.c context.h \ prefs_dialog/listnotebook.h prefs_dialog/readonly.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_dialog_plugins_prefs.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_dialog_plugins_prefs.c prefs_kb.o : cflags prefs_dialog/prefs_kb.c prefs_dialog/prefs_help.h \ context.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_kb.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_kb.c prefs_context.o : cflags prefs_dialog/prefs_context.c globals.h context.h \ preferences.h ../src/gui/error_dlg.h prefs_dialog/prefs_comment.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_context.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_context.c prefs_comment.o : cflags prefs_dialog/prefs_comment.c \ prefs_dialog/prefs_comment.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_comment.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_comment.c prefs_options.o : cflags prefs_dialog/prefs_options.c \ prefs_dialog/prefs_options.h prefs_dialog/listnotebook.h \ globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_options.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_options.c prefs_report.o : cflags prefs_dialog/prefs_report.c \ prefs_dialog/prefs_report.h globals.h xpm/computer.xpm xpm/network.xpm \ xpm/warning_small.xpm xpm/info_small.xpm xpm/error_small.xpm xpm/nothing.xpm - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_report.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_report.c prefs_dialog_prefs.o : cflags prefs_dialog/prefs_dialog_prefs.c \ prefs_dialog/prefs_dialog_prefs.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_dialog_prefs.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_dialog_prefs.c prefs_scan_assistant.o : cflags prefs_dialog/prefs_scan_assistant.c \ ../src/gui/error_dlg.h context.h prefs_dialog/prefs_context.h \ prefs_dialog/prefs_scope_tree.h prefs_dialog/prefs_dialog.h \ prefs_dialog/prefs_dialog_auth.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/prefs_scan_assistant.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/prefs_scan_assistant.c listnotebook.o : cflags prefs_dialog/listnotebook.c \ prefs_dialog/listnotebook.h prefs_dialog/readonly.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/listnotebook.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/listnotebook.c readonly.o : cflags prefs_dialog/readonly.c \ prefs_dialog/readonly.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c prefs_dialog/readonly.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c prefs_dialog/readonly.c plugin_infos.o : cflags plugin_infos.c plugin_infos.h globals.h context.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c plugin_infos.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c plugin_infos.c plugin_cache.o : cflags plugin_cache.c plugin_cache.h nessus_plugin.h \ ../src/gui/error_dlg.h context.h preferences.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c plugin_cache.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c plugin_cache.c main_window.o : cflags main_window.c main_window.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c main_window.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c main_window.c nbe_output.o : cflags nbe_output.c nbe_output.h ../src/gui/error_dlg.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c nbe_output.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c nbe_output.c html_output.o : cflags html_output.c html_output.h ../src/gui/error_dlg.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c html_output.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c html_output.c text_output.o : cflags text_output.c text_output.h ../src/gui/error_dlg.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c text_output.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c text_output.c xml_output_ng.o : cflags xml_output_ng.c ../src/gui/error_dlg.h globals.h context.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c xml_output_ng.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c xml_output_ng.c latex_output.o : cflags latex_output.c latex_output.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c latex_output.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c latex_output.c html_graph_output.o : cflags html_graph_output.c html_graph_output.h ../src/gui/error_dlg.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c html_graph_output.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c html_graph_output.c pdf_output.o : cflags pdf_output.c pdf_output.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c pdf_output.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c pdf_output.c monitor_dialog.o : cflags monitor_dialog.c monitor_dialog.h globals.h \ context.h report.h xpm/computer.xpm \ prefs_dialog/prefs_context.h prefs_dialog/prefs_scope_tree.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c monitor_dialog.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c monitor_dialog.c backend.o : cflags backend.c backend.h ../src/gui/error_dlg.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c backend.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c backend.c data_mining.o : cflags data_mining.c data_mining.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c data_mining.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c data_mining.c report_utils.o : cflags report_utils.h report_utils.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c report_utils.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c report_utils.c nessus.o : cflags nessus.c globals.h context.h preferences.h nessus.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c nessus.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c nessus.c sighand.o : cflags sighand.c sighand.h ../src/gui/error_dlg.h context.h backend.h auth.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c sighand.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c sighand.c auth.o : cflags auth.c globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c auth.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c auth.c comm.o : cflags comm.c ../src/gui/error_dlg.h globals.h context.h plugin_cache.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c comm.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c comm.c report.o : cflags report.c ../src/gui/error_dlg.h globals.h context.h \ plugin_cache.h nessus_plugin.h \ prefs_dialog/prefs_scope_tree.h prefs_dialog/prefs_context.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c report.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c report.c report_save.o : cflags report_save.c preferences.h context.h ../src/gui/error_dlg.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c report_save.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c report_save.c parser.o : cflags parser.c ../src/gui/error_dlg.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c parser.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c parser.c attack.o : cflags attack.c globals.h context.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c attack.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c attack.c cli.o : cflags cli.c cli.h globals.h preferences.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c cli.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c cli.c read_target_file.o : cflags read_target_file.c ../src/gui/error_dlg.h globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c read_target_file.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c read_target_file.c openvas-lib: $(MAKE) -C ../src/openvas-lib @@ -301,13 +301,13 @@ $(MAKE) -C ../src/gui regex.o : cflags regex.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c regex.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c regex.c filter.o : cflags filter.c ../src/gui/error_dlg.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c filter.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c filter.c sslui.o : cflags sslui.c globals.h xpm/lock.xpm - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c sslui.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c sslui.c clean : rm -f *.o $(NESSUSCLIENT) *~ cflags prefs_dialog/*.o Modified: trunk/openvas-client/src/gui/Makefile =================================================================== --- trunk/openvas-client/src/gui/Makefile 2009-03-05 11:48:53 UTC (rev 2675) +++ trunk/openvas-client/src/gui/Makefile 2009-03-05 14:14:04 UTC (rev 2676) @@ -38,7 +38,7 @@ GTKLIBS= $(GTKCONFIG_LIBS) INCLUDE = ${include} $(GTKCONFIG_CFLAGS) -I../../nessus -I.. -I../../nessus/prefs_dialog -I../openvas-lib -I../../libnessus -I../util -NESSUS_INCLUDE=`sh ./cflags` +OPENVAS_INCLUDE=`sh ./cflags` CFLAGS+=-Wall # Add some specific Windows compile options for Cygwin @@ -62,28 +62,28 @@ about_dlg.o : cflags about_dlg.c ../../nessus/globals.h \ ../xpm/OpenVAS-logo.xpm ../xpm/logo_intevation.xpm ../xpm/logo_bsi.xpm \ ../xpm/logo_bsi_de.xpm - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c about_dlg.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c about_dlg.c error_dlg.o : cflags error_dlg.c error_dlg.h ../../nessus/globals.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c error_dlg.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c error_dlg.c slad_install.o : cflags slad_install.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c slad_install.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c slad_install.c ssh_keys_dialog.o : cflags ssh_keys_dialog.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ssh_keys_dialog.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c ssh_keys_dialog.c ssh_key_info_form.o : cflags ssh_key_info_form.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c ssh_key_info_form.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c ssh_key_info_form.c treeview_support.o : cflags treeview_support.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c treeview_support.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c treeview_support.c nvt_pref_sshlogin.o : cflags nvt_pref_sshlogin.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c nvt_pref_sshlogin.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c nvt_pref_sshlogin.c priorities_dialog.o : cflags priorities_dialog.c - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c priorities_dialog.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c priorities_dialog.c clean : rm -f *.o cflags Modified: trunk/openvas-client/src/openvas-lib/Makefile =================================================================== --- trunk/openvas-client/src/openvas-lib/Makefile 2009-03-05 11:48:53 UTC (rev 2675) +++ trunk/openvas-client/src/openvas-lib/Makefile 2009-03-05 14:14:04 UTC (rev 2676) @@ -38,7 +38,7 @@ GTKLIBS= $(GTKCONFIG_LIBS) INCLUDE = ${include} $(GTKCONFIG_CFLAGS) -I../../nessus -I.. -I../../include -NESSUS_INCLUDE=`sh ./cflags` +OPENVAS_INCLUDE=`sh ./cflags` CFLAGS+=-Wall # Add some specific Windows compile options for Cygwin @@ -59,7 +59,7 @@ @chmod +x cflags hash_table_file.o : cflags hash_table_file.c hash_table_file.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c hash_table_file.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c hash_table_file.c clean : rm -f *.o cflags Modified: trunk/openvas-client/src/util/Makefile =================================================================== --- trunk/openvas-client/src/util/Makefile 2009-03-05 11:48:53 UTC (rev 2675) +++ trunk/openvas-client/src/util/Makefile 2009-03-05 14:14:04 UTC (rev 2676) @@ -38,7 +38,7 @@ GTKLIBS= $(GTKCONFIG_LIBS) INCLUDE = ${include} $(GTKCONFIG_CFLAGS) -I../../nessus -I.. -I../../include -I../openvas-lib -I../gui/ -NESSUS_INCLUDE=`sh ./cflags` +OPENVAS_INCLUDE=`sh ./cflags` CFLAGS+=-Wall # Add some specific Windows compile options for Cygwin @@ -59,13 +59,13 @@ @chmod +x cflags openvas_ssh_key_create.o: openvas_ssh_key_create.c openvas_ssh_key_create.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c openvas_ssh_key_create.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c openvas_ssh_key_create.c parseutils.o: parseutils.c parseutils.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c parseutils.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c parseutils.c priority.o: priority.c priority.h - $(CC) $(CFLAGS) $(NESSUS_INCLUDE) -c priority.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c priority.c clean : rm -f *.o cflags From scm-commit at wald.intevation.org Thu Mar 5 17:05:20 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 17:05:20 +0100 (CET) Subject: [Openvas-commits] r2677 - in trunk/openvas-client: . nessus nessus/prefs_dialog src/gui Message-ID: <20090305160520.C5197407AE@pyrosoma.intevation.org> Author: jan Date: 2009-03-05 17:05:17 +0100 (Thu, 05 Mar 2009) New Revision: 2677 Added: trunk/openvas-client/src/gui/priofiltermngr_dlg.c trunk/openvas-client/src/gui/priofiltermngr_dlg.h Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/MANIFEST trunk/openvas-client/nessus/Makefile trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c trunk/openvas-client/src/gui/Makefile Log: Introducing the "Extras" menu to collect helpers and not let them distribute all over the GUI. * priofiltermngr_dlg.c, priofiltermngr_dlg.h: New. Shell for the Priority Filter Manager Dialog, currently containing only the note that it is not yet implemented. * src/gui/Makefile: Added handling of new module priofiltermngr_dlg. * nessus/Makefile: Added module "priofiltermngr_dlg" to GUI_OBJS. * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_setup): Added "Extas Menu" with "LSC Credentials Manager" and "Priority Filter Manager" and moved "SLAD Install" from "File" menu to "Extras". * nessus/prefs_dialog/prefs_dialog_prefs.c (prefs_dialog_prefs): Removed button for LSC Credentials Manager. * MANIFEST: Updated. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 14:14:04 UTC (rev 2676) +++ trunk/openvas-client/ChangeLog 2009-03-05 16:05:17 UTC (rev 2677) @@ -1,5 +1,28 @@ 2009-03-05 Jan-Oliver Wagner + Introducing the "Extras" menu to collect helpers and not let + them distribute all over the GUI. + + * priofiltermngr_dlg.c, priofiltermngr_dlg.h: New. Shell for + the Priority Filter Manager Dialog, currently containing only + the note that it is not yet implemented. + + * src/gui/Makefile: Added handling of new module priofiltermngr_dlg. + + * nessus/Makefile: Added module "priofiltermngr_dlg" to GUI_OBJS. + + * nessus/prefs_dialog/prefs_dialog.c (prefs_dialog_setup): + Added "Extas Menu" with "LSC Credentials Manager" and + "Priority Filter Manager" and moved "SLAD Install" from + "File" menu to "Extras". + + * nessus/prefs_dialog/prefs_dialog_prefs.c (prefs_dialog_prefs): + Removed button for LSC Credentials Manager. + + * MANIFEST: Updated. + +2009-03-05 Jan-Oliver Wagner + * src/openvas-lib/Makefile, src/gui/Makefile, src/util/Makefile, nessus/Makefile: Replace term "NESSUS_INCLUDE" by "OPENVAS_INCLUDE". Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-03-05 14:14:04 UTC (rev 2676) +++ trunk/openvas-client/MANIFEST 2009-03-05 16:05:17 UTC (rev 2677) @@ -200,6 +200,8 @@ src/gui/error_dlg.h src/gui/nvt_pref_sshlogin.h src/gui/nvt_pref_sshlogin.c +src/gui/priofiltermngr_dlg.c +src/gui/priofiltermngr_dlg.h src/gui/priorities_dialog.h src/gui/priorities_dialog.c src/gui/ssh_key_info_form.h Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2009-03-05 14:14:04 UTC (rev 2676) +++ trunk/openvas-client/nessus/Makefile 2009-03-05 16:05:17 UTC (rev 2677) @@ -67,7 +67,7 @@ GTK_OBJS = prefs_comment.o prefs_context.o prefs_options.o prefs_report.o \ prefs_dialog_prefs.o prefs_scan_assistant.o pdf_output.o readonly.o -GUI_OBJS = ../src/gui/about_dlg.o \ +GUI_OBJS = ../src/gui/about_dlg.o ../src/gui/priofiltermngr_dlg.o \ ../src/gui/slad_install.o ../src/gui/ssh_keys_dialog.o \ ../src/gui/treeview_support.o \ ../src/gui/ssh_key_info_form.o ../src/gui/nvt_pref_sshlogin.o \ Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2009-03-05 14:14:04 UTC (rev 2676) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog.c 2009-03-05 16:05:17 UTC (rev 2677) @@ -68,6 +68,8 @@ #endif #include "error_dlg.h" +#include "priofiltermngr_dlg.h" +#include "ssh_keys_dialog.h" #include "monitor_dialog.h" #include "report.h" #include "report_save.h" @@ -404,10 +406,6 @@ menuitem_separator(submenu); - menuitem = gtk_image_menu_item_new_with_mnemonic(_("SLAD _Install")); - menuitem_add(menuitem, submenu, NULL, "slad-install", - GTK_SIGNAL_FUNC(slad_install)); - menuitem = gtk_image_menu_item_new_with_mnemonic(_("_Scan Assistant")); menuitem_add(menuitem, submenu, NULL, "gtk-help", GTK_SIGNAL_FUNC(prefs_scan_assistant)); @@ -537,7 +535,24 @@ menuitem_add(menuitem, submenu, "PRINTREPORT_MENUITEM", NULL, GTK_SIGNAL_FUNC(report_open_pdf)); + /* Extras menu */ + menuitem = gtk_menu_item_new_with_mnemonic(_("E_xtras")); + menuitem_add(menuitem, mainmenu, NULL, NULL, NULL); + submenu = gtk_menu_new(); + gtk_menu_item_set_submenu(GTK_MENU_ITEM(menuitem), submenu); + menuitem = gtk_image_menu_item_new_with_mnemonic(_("SLAD _Install Manager")); + menuitem_add(menuitem, submenu, NULL, "slad-install", + GTK_SIGNAL_FUNC(slad_install)); + + menuitem = gtk_menu_item_new_with_mnemonic(_("LSC _Credentials Manager")); + menuitem_add(menuitem, submenu, "LSCCREDENTIALSMANAGER_MENUITEM", NULL, + GTK_SIGNAL_FUNC(ssh_manager_button_cb)); + + menuitem = gtk_menu_item_new_with_mnemonic(_("Priority _Filter Manager")); + menuitem_add(menuitem, submenu, "PRIRORITYFILTERMANAGER_MENUITEM", NULL, + GTK_SIGNAL_FUNC(priorityfiltermanager_dialog)); + /* Help menu */ menuitem = gtk_menu_item_new_with_mnemonic(_("_Help")); menuitem_add(menuitem, mainmenu, NULL, NULL, NULL); Modified: trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c =================================================================== --- trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c 2009-03-05 14:14:04 UTC (rev 2676) +++ trunk/openvas-client/nessus/prefs_dialog/prefs_dialog_prefs.c 2009-03-05 16:05:17 UTC (rev 2677) @@ -25,7 +25,6 @@ #include "nessus_i18n.h" #include "context.h" #include "preferences.h" -#include "ssh_keys_dialog.h" /** @@ -57,7 +56,6 @@ GtkWidget * entry_url_nessus; GtkWidget * entry_url_cve; GtkWidget * entry_url_bid; - GtkWidget * ssh_management_button; /* GtkTooltips * tooltips = GTK_TOOLTIPS(arg_get_value(ctrls, "TOOLTIPS")); */ @@ -268,19 +266,6 @@ prefs_get_string(Global, "url_bid")); gtk_table_attach_defaults(GTK_TABLE(table), entry_url_bid, 1, 2, 2, 3); - /* SSH Key Management */ - frame = gtk_frame_new(_("LSC Credentials Management")); - gtk_widget_show(frame); - gtk_box_pack_start(GTK_BOX(vbox), frame, TRUE, FALSE, 5); - - ssh_management_button = gtk_button_new_with_label(_("OpenVAS LSC Credentials Manager")); - gtk_widget_show(ssh_management_button); - gtk_container_add (GTK_CONTAINER (frame), ssh_management_button); - - g_signal_connect(GTK_OBJECT(ssh_management_button), "clicked", - (GtkSignalFunc) ssh_manager_button_cb, - (void*) NULL); - /* frame = gtk_frame_new(_("Debug")); gtk_widget_show(frame); Modified: trunk/openvas-client/src/gui/Makefile =================================================================== --- trunk/openvas-client/src/gui/Makefile 2009-03-05 14:14:04 UTC (rev 2676) +++ trunk/openvas-client/src/gui/Makefile 2009-03-05 16:05:17 UTC (rev 2677) @@ -49,7 +49,7 @@ endif OBJS=about_dlg.o error_dlg.o slad_install.o ssh_keys_dialog.o treeview_support.o \ - ssh_key_info_form.o nvt_pref_sshlogin.o priorities_dialog.o + ssh_key_info_form.o nvt_pref_sshlogin.o priorities_dialog.o priofiltermngr_dlg.o all : cflags $(OBJS) @@ -85,5 +85,8 @@ priorities_dialog.o : cflags priorities_dialog.c $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c priorities_dialog.c +priofiltermngr_dlg.o : cflags priofiltermngr_dlg.c + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c priofiltermngr_dlg.c + clean : rm -f *.o cflags Added: trunk/openvas-client/src/gui/priofiltermngr_dlg.c =================================================================== --- trunk/openvas-client/src/gui/priofiltermngr_dlg.c 2009-03-05 14:14:04 UTC (rev 2676) +++ trunk/openvas-client/src/gui/priofiltermngr_dlg.c 2009-03-05 16:05:17 UTC (rev 2677) @@ -0,0 +1,76 @@ +/* OpenVAS-Client + * $Id$ + * Description: Implementation of the Priority Filter Managere Dialog + * + * Authors: + * Jan-Oliver Wagner + * + * Copyright: + * Copyright (C) 2009 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +/** @file + * + * Implementation of Priority Filter Manager Dialog. + */ + +#include +#include "nessus_i18n.h" + +#include + +/** + * @brief Launches the dialog to manage the priority filter as menu call-back. + * + * @param menuitem Call-back parameter for respective widget. + * + * @param ctrls Call-back parameter (usually an arglist struct + * where the "WINDOW" is stored). + */ +void +priorityfiltermanager_dialog (GtkMenuItem * menuitem, gpointer ctrls) { + GtkWindow *window = GTK_WINDOW(arg_get_value(ctrls, "WINDOW")); + GtkWidget *dialog; + GtkWidget *label; + + dialog = gtk_dialog_new_with_buttons(_("Priority Filter Manager"), + window, GTK_DIALOG_DESTROY_WITH_PARENT, + GTK_STOCK_CLOSE, GTK_RESPONSE_CLOSE, NULL); + + gtk_window_set_transient_for(GTK_WINDOW(dialog), window); + g_signal_connect(dialog, "response", G_CALLBACK(gtk_widget_destroy), NULL); + + gtk_window_set_resizable(GTK_WINDOW(dialog), FALSE); + + label = gtk_label_new(_("The Priority Filter Manager is not yet implemented!")); + gtk_widget_show(label); + gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), label, FALSE, FALSE, 0); + gtk_misc_set_alignment(GTK_MISC(label), 0, 0.5); + gtk_label_set_selectable(GTK_LABEL(label), TRUE); + + gtk_widget_show(dialog); +} Added: trunk/openvas-client/src/gui/priofiltermngr_dlg.h =================================================================== --- trunk/openvas-client/src/gui/priofiltermngr_dlg.h 2009-03-05 14:14:04 UTC (rev 2676) +++ trunk/openvas-client/src/gui/priofiltermngr_dlg.h 2009-03-05 16:05:17 UTC (rev 2677) @@ -0,0 +1,46 @@ +/* OpenVAS-Client + * $Id$ + * Description: Proto for Priority Filter Manager Dialog + * + * Author(s): + * Jan-Oliver Wagner + * + * Copyright: + * Copyright (C) 2009 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +/** @file + * + * Proto for Priority Filter Manager Dialog. + */ + +#ifndef _OPENVAS_CLIENT_PRIOFILTERMNGR_DLG_H +#define _OPENVAS_CLIENT_PRIOFILTERMNGR_DLG_H + +void priorityfiltermanager_dialog(GtkMenuItem *, gpointer); + +#endif From scm-commit at wald.intevation.org Thu Mar 5 20:44:21 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 20:44:21 +0100 (CET) Subject: [Openvas-commits] r2678 - trunk/openvas-libnasl Message-ID: <20090305194421.D63E5407B6@pyrosoma.intevation.org> Author: kost Date: 2009-03-05 20:44:19 +0100 (Thu, 05 Mar 2009) New Revision: 2678 Modified: trunk/openvas-libnasl/ChangeLog trunk/openvas-libnasl/configure trunk/openvas-libnasl/configure.in Log: Removal of PCAP_TIMEOUT_IGNORED which is not used any more in the source Modified: trunk/openvas-libnasl/ChangeLog =================================================================== --- trunk/openvas-libnasl/ChangeLog 2009-03-05 16:05:17 UTC (rev 2677) +++ trunk/openvas-libnasl/ChangeLog 2009-03-05 19:44:19 UTC (rev 2678) @@ -1,3 +1,8 @@ +2008-04-05 Vlatko Kosturjak + + * configure, configure.in: Removal of PCAP_TIMEOUT_IGNORED which + is not used any more in the source + 2008-02-16 Michael Wiegand * CHANGES: Fixed wrong module name in header for 2.0.1 changes. Modified: trunk/openvas-libnasl/configure =================================================================== --- trunk/openvas-libnasl/configure 2009-03-05 16:05:17 UTC (rev 2677) +++ trunk/openvas-libnasl/configure 2009-03-05 19:44:19 UTC (rev 2678) @@ -26013,11 +26013,6 @@ #define LINUX 1 _ACEOF - cat >>confdefs.h <<\_ACEOF -#define PCAP_TIMEOUT_IGNORED 1 -_ACEOF - # libpcap doesn't even LOOK at - # the timeout you give it under Linux ;; *-freebsd*) cat >>confdefs.h <<\_ACEOF Modified: trunk/openvas-libnasl/configure.in =================================================================== --- trunk/openvas-libnasl/configure.in 2009-03-05 16:05:17 UTC (rev 2677) +++ trunk/openvas-libnasl/configure.in 2009-03-05 19:44:19 UTC (rev 2678) @@ -528,8 +528,6 @@ *-linux*) linux=yes AC_DEFINE(LINUX) - AC_DEFINE(PCAP_TIMEOUT_IGNORED) # libpcap doesn't even LOOK at - # the timeout you give it under Linux ;; *-freebsd*) AC_DEFINE(FREEBSD) From scm-commit at wald.intevation.org Thu Mar 5 20:46:26 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 20:46:26 +0100 (CET) Subject: [Openvas-commits] r2679 - trunk/openvas-server Message-ID: <20090305194626.DF829407B6@pyrosoma.intevation.org> Author: kost Date: 2009-03-05 20:46:25 +0100 (Thu, 05 Mar 2009) New Revision: 2679 Modified: trunk/openvas-server/ChangeLog trunk/openvas-server/configure trunk/openvas-server/configure.in Log: Removal of PCAP_TIMEOUT_IGNORED which is not used any more in the source Modified: trunk/openvas-server/ChangeLog =================================================================== --- trunk/openvas-server/ChangeLog 2009-03-05 19:44:19 UTC (rev 2678) +++ trunk/openvas-server/ChangeLog 2009-03-05 19:46:25 UTC (rev 2679) @@ -1,3 +1,8 @@ +2008-04-05 Vlatko Kosturjak + + * configure, configure.in: Removal of PCAP_TIMEOUT_IGNORED which + is not used any more in the source + 2009-03-05 Felix Wolfsteller Increased the required openvas-libraries version (2.0.2), for updated Modified: trunk/openvas-server/configure =================================================================== --- trunk/openvas-server/configure 2009-03-05 19:44:19 UTC (rev 2678) +++ trunk/openvas-server/configure 2009-03-05 19:46:25 UTC (rev 2679) @@ -12728,11 +12728,6 @@ #define LINUX 1 _ACEOF - cat >>confdefs.h <<\_ACEOF -#define PCAP_TIMEOUT_IGNORED 1 -_ACEOF - # libpcap doesn't even LOOK at - # the timeout you give it under Linux ;; *-freebsd*) cat >>confdefs.h <<\_ACEOF Modified: trunk/openvas-server/configure.in =================================================================== --- trunk/openvas-server/configure.in 2009-03-05 19:44:19 UTC (rev 2678) +++ trunk/openvas-server/configure.in 2009-03-05 19:46:25 UTC (rev 2679) @@ -661,8 +661,6 @@ *-linux*) linux=yes AC_DEFINE(LINUX) - AC_DEFINE(PCAP_TIMEOUT_IGNORED) # libpcap doesn't even LOOK at - # the timeout you give it under Linux ;; *-freebsd*) AC_DEFINE(FREEBSD) From scm-commit at wald.intevation.org Thu Mar 5 20:47:42 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Thu, 5 Mar 2009 20:47:42 +0100 (CET) Subject: [Openvas-commits] r2680 - trunk/openvas-client Message-ID: <20090305194742.586AA407B6@pyrosoma.intevation.org> Author: kost Date: 2009-03-05 20:47:40 +0100 (Thu, 05 Mar 2009) New Revision: 2680 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/configure trunk/openvas-client/configure.in Log: Removal of PCAP_TIMEOUT_IGNORED which is not used any more in the source Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 19:46:25 UTC (rev 2679) +++ trunk/openvas-client/ChangeLog 2009-03-05 19:47:40 UTC (rev 2680) @@ -1,3 +1,8 @@ +2008-04-05 Vlatko Kosturjak + + * configure, configure.in: Removal of PCAP_TIMEOUT_IGNORED which + is not used any more in the source + 2009-03-05 Jan-Oliver Wagner Introducing the "Extras" menu to collect helpers and not let Modified: trunk/openvas-client/configure =================================================================== --- trunk/openvas-client/configure 2009-03-05 19:46:25 UTC (rev 2679) +++ trunk/openvas-client/configure 2009-03-05 19:47:40 UTC (rev 2680) @@ -10985,11 +10985,6 @@ #define LINUX 1 _ACEOF - cat >>confdefs.h <<\_ACEOF -#define PCAP_TIMEOUT_IGNORED 1 -_ACEOF - # libpcap doesn't even LOOK at - # the timeout you give it under Linux ;; *-freebsd*) cat >>confdefs.h <<\_ACEOF Modified: trunk/openvas-client/configure.in =================================================================== --- trunk/openvas-client/configure.in 2009-03-05 19:46:25 UTC (rev 2679) +++ trunk/openvas-client/configure.in 2009-03-05 19:47:40 UTC (rev 2680) @@ -459,8 +459,6 @@ *-linux*) linux=yes AC_DEFINE(LINUX) - AC_DEFINE(PCAP_TIMEOUT_IGNORED) # libpcap doesn't even LOOK at - # the timeout you give it under Linux ;; *-freebsd*) AC_DEFINE(FREEBSD) From scm-commit at wald.intevation.org Fri Mar 6 00:43:04 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Mar 2009 00:43:04 +0100 (CET) Subject: [Openvas-commits] r2681 - in trunk/openvas-client: . nessus src/gui src/util Message-ID: <20090305234304.0BB19407BA@pyrosoma.intevation.org> Author: jan Date: 2009-03-06 00:42:59 +0100 (Fri, 06 Mar 2009) New Revision: 2681 Added: trunk/openvas-client/src/util/priority_filter.c trunk/openvas-client/src/util/priority_filter.h Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/MANIFEST trunk/openvas-client/nessus/Makefile trunk/openvas-client/src/gui/priofiltermngr_dlg.c trunk/openvas-client/src/util/Makefile Log: * src/util/priority_filter.c, src/util/priority_filter.h: New. Module for handling of priority filters. * src/util/Makefile, nessus/Makefile: Added handling of module priority_filter. * src/gui/priofiltermngr_dlg.c (priorityfiltermanager_dialog): For testing purpose added toggling creation of a filter and respectively removal of it. * MANIFEST: Updated. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-03-05 19:47:40 UTC (rev 2680) +++ trunk/openvas-client/ChangeLog 2009-03-05 23:42:59 UTC (rev 2681) @@ -1,5 +1,19 @@ -2008-04-05 Vlatko Kosturjak +2009-03-06 Jan-Oliver Wagner + * src/util/priority_filter.c, src/util/priority_filter.h: + New. Module for handling of priority filters. + + * src/util/Makefile, nessus/Makefile: Added handling of + module priority_filter. + + * src/gui/priofiltermngr_dlg.c (priorityfiltermanager_dialog): + For testing purpose added toggling creation of a filter and + respectively removal of it. + + * MANIFEST: Updated. + +2009-03-05 Vlatko Kosturjak + * configure, configure.in: Removal of PCAP_TIMEOUT_IGNORED which is not used any more in the source Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-03-05 19:47:40 UTC (rev 2680) +++ trunk/openvas-client/MANIFEST 2009-03-05 23:42:59 UTC (rev 2681) @@ -228,6 +228,8 @@ src/util/openvas_ssh_key_create.h src/util/priority.h src/util/priority.c +src/util/priority_filter.h +src/util/priority_filter.c src/util/parseutils.c src/util/parseutils.h src/xpm/logo_bsi_de.xpm Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2009-03-05 19:47:40 UTC (rev 2680) +++ trunk/openvas-client/nessus/Makefile 2009-03-05 23:42:59 UTC (rev 2681) @@ -73,7 +73,8 @@ ../src/gui/ssh_key_info_form.o ../src/gui/nvt_pref_sshlogin.o \ ../src/openvas-lib/hash_table_file.o ../src/gui/priorities_dialog.o \ -UTIL_OBJS = ../src/util/priority.o ../src/util/parseutils.o +UTIL_OBJS = ../src/util/priority.o ../src/util/parseutils.o \ + ../src/util/priority_filter.o all : cflags ${make_bindir}/$(NESSUSCLIENT) Modified: trunk/openvas-client/src/gui/priofiltermngr_dlg.c =================================================================== --- trunk/openvas-client/src/gui/priofiltermngr_dlg.c 2009-03-05 19:47:40 UTC (rev 2680) +++ trunk/openvas-client/src/gui/priofiltermngr_dlg.c 2009-03-05 23:42:59 UTC (rev 2681) @@ -38,8 +38,8 @@ * Implementation of Priority Filter Manager Dialog. */ -#include #include "nessus_i18n.h" +#include "priority_filter.h" #include @@ -56,7 +56,24 @@ GtkWindow *window = GTK_WINDOW(arg_get_value(ctrls, "WINDOW")); GtkWidget *dialog; GtkWidget *label; + static priority_filter_t* filter = NULL; // for testing purposes + /* Create or remove a filter for testing purposes */ + if (filter == NULL) { + filter = priority_filter_new("My priority Filter"); + priority_filter_add(filter, + priority_override_new("PriorityOverride1", + "localhost", + "general/tcp", + "1.3.6.1.4.1.25623.1.0.19506", + "This is just a test-override", + "warning", + "FP")); + } else { + priority_filter_free(filter); + filter = NULL; + } + dialog = gtk_dialog_new_with_buttons(_("Priority Filter Manager"), window, GTK_DIALOG_DESTROY_WITH_PARENT, GTK_STOCK_CLOSE, GTK_RESPONSE_CLOSE, NULL); @@ -66,7 +83,11 @@ gtk_window_set_resizable(GTK_WINDOW(dialog), FALSE); - label = gtk_label_new(_("The Priority Filter Manager is not yet implemented!")); + if (filter) + label = gtk_label_new(_("Priority Filter Manager is not yet implemented (Testfilter switched on!)")); + else + label = gtk_label_new(_("Priority Filter Manager is not yet implemented (Testfilter switched off!)")); + gtk_widget_show(label); gtk_box_pack_start(GTK_BOX(GTK_DIALOG(dialog)->vbox), label, FALSE, FALSE, 0); gtk_misc_set_alignment(GTK_MISC(label), 0, 0.5); Modified: trunk/openvas-client/src/util/Makefile =================================================================== --- trunk/openvas-client/src/util/Makefile 2009-03-05 19:47:40 UTC (rev 2680) +++ trunk/openvas-client/src/util/Makefile 2009-03-05 23:42:59 UTC (rev 2681) @@ -48,7 +48,7 @@ LDFLAGS+=-mwindows endif -OBJS=openvas_ssh_key_create.o priority.o parseutils.o +OBJS=openvas_ssh_key_create.o priority.o parseutils.o priority_filter.o all : cflags $(OBJS) @@ -67,5 +67,8 @@ priority.o: priority.c priority.h $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c priority.c +priority_filter.o: priority_filter.c priority_filter.h + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c priority_filter.c + clean : rm -f *.o cflags Added: trunk/openvas-client/src/util/priority_filter.c =================================================================== --- trunk/openvas-client/src/util/priority_filter.c 2009-03-05 19:47:40 UTC (rev 2680) +++ trunk/openvas-client/src/util/priority_filter.c 2009-03-05 23:42:59 UTC (rev 2681) @@ -0,0 +1,145 @@ +/* OpenVAS-Client + * + * Description: Functions for Priority Filters + * + * Authors: + * Jan-Oliver Wagner + * Felix Wolfsteller + * + * Copyright: + * Copyright (C) 2009 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +#include +#include +#include + +#include "priority_filter.h" + +/** + * @brief Creates a new priority override. + * + * If any of the parameter equals NULL, NULL will be returned. + * The priority_override will be returned enabled (active == TRUE). + * + * @return If none of the parameters equalled NULL, returns fresh + * priority_override, NULL otherwise. + */ +const priority_override_t * +priority_override_new (const gchar * name, const gchar * host, + const gchar * port, const gchar * oid, + const gchar * reason, const gchar * prio_from, + const gchar * prio_to) +{ + if (name == NULL || host == NULL || port == NULL || oid == NULL + || reason == NULL || prio_from == NULL || prio_to == NULL) + return NULL; + + priority_override_t* prio_override = g_malloc (sizeof (priority_override_t)); + prio_override->name = g_strdup(name); + prio_override->host = g_strdup(host); + prio_override->port = g_strdup(port); + prio_override->OID = g_strdup(oid); + prio_override->reason = g_strdup(reason); + prio_override->prio_from = g_strdup(prio_from); + prio_override->prio_to = g_strdup(prio_to); + prio_override->active = TRUE; + + return prio_override; +} + + +/** + * @brief Frees the priority_override and all its associated data. + */ +void +priority_override_free (priority_override_t * override) +{ + if (override == NULL) return; + + if (override->name != NULL) g_free (override->name); + if (override->host != NULL) g_free (override->host); + if (override->port != NULL) g_free (override->port); + if (override->OID != NULL) g_free (override->OID); + if (override->reason != NULL) g_free (override->reason); + if (override->prio_from != NULL) g_free (override->prio_from); + if (override->prio_to != NULL) g_free (override->prio_to); + g_free (override); +} + +/** + * @brief Creates a new empty priority_filter with a name. + * + * @param name User-defined name for the priority_filter. + * + * @return Fresh, named priority_filter. + */ +const priority_filter_t * +priority_filter_new (const gchar* name) +{ + priority_filter_t* filter = g_malloc (sizeof(priority_filter_t)); + filter->overrides = NULL; + filter->name = g_strdup (name); + + return(filter); +} + + +/** + * @brief Frees the priority filter and all overrides it contains. + * + * @param filter The filter to be free'd. + */ +void priority_filter_free (priority_filter_t* filter) +{ + g_free(filter->name); + g_slist_foreach(filter->overrides, (GFunc)priority_override_free, NULL); + g_free(filter); +} + + +/** + * @brief Adds a priority_override to a priority_filter. + * + * @param filter The priority_filter to add a override to. + * @param override The priority_override to add to the filter. + * The object is used directly, no copy created. + * Upon free'ing the filter, the override will be + * free'd as well. + * + * @return FALSE in case the add operation failed, else TRUE. + */ +gboolean +priority_filter_add (priority_filter_t * filter, + const priority_override_t * override) +{ + if (filter == NULL || override == NULL) return FALSE; + + filter->overrides = g_slist_prepend(filter->overrides, (void *)override); + + return TRUE; +} Added: trunk/openvas-client/src/util/priority_filter.h =================================================================== --- trunk/openvas-client/src/util/priority_filter.h 2009-03-05 19:47:40 UTC (rev 2680) +++ trunk/openvas-client/src/util/priority_filter.h 2009-03-05 23:42:59 UTC (rev 2681) @@ -0,0 +1,87 @@ +/* OpenVAS-Client + * + * Description: Structures and protos for Priority Filters + * + * Authors: + * Jan-Oliver Wagner + * + * Copyright: + * Copyright (C) 2009 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +#ifndef _UTIL_PRIORITYFILTER_H +#define _UTIL_PRIORITYFILTER_H + +#include + +/** + * @brief A priority_filter is a named collection of priority_overrides. + */ +typedef struct priority_filter { + gchar * name; /**< Name for this filter. */ + GSList * overrides; /**< List of overrides. */ +} priority_filter_t; + +/** + * @brief A priority_override maps a priority of a message under certain + * @brief conditions to a new priority. + * + * The conditions to be met are: + * - OID of script that issued the message. + * - Certain host (target). + * - Certain port or port "family". + * + * A priority_override furthermore own a name and reason (user-relavant only) + * and an active-flag (is it en- or disabled?). + * + * priority_overrides are bundled in priority_filters. + */ +typedef struct priority_override { + gchar * name; /**< A name for this override. */ + gchar * host; /**< An IP (eg. "192.168.1.1") or a name (e.g. "localhost"). */ + gchar * port; /**< A port number or something like "general/tcp" - + whatever is returned by the scan server. */ + gchar * OID; /**< The OID of the NVT. */ + gchar * reason; /**< A rationale for this priority override. */ + gchar * prio_from;/**< If this priority occurs ... */ + gchar * prio_to; /**< ... replace it with this one. */ + gboolean active; /**< FALSE = this override is not active, TRUE: is active. */ +} priority_override_t; + + +const priority_filter_t* priority_filter_new (const gchar*); +void priority_filter_free (priority_filter_t*); + +const priority_override_t * priority_override_new (const gchar *, const gchar *, + const gchar *, const gchar *, const gchar *, const gchar *, + const gchar *); + +void priority_override_free(priority_override_t * ); + +gboolean priority_filter_add(priority_filter_t *, const priority_override_t *); + +#endif /* _UTIL_PRIORITYFILTER_H */ From scm-commit at wald.intevation.org Fri Mar 6 05:27:05 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Mar 2009 05:27:05 +0100 (CET) Subject: [Openvas-commits] r2682 - in trunk/openvas-plugins: . scripts Message-ID: <20090306042705.0B5B34076E@pyrosoma.intevation.org> Author: chandra Date: 2009-03-06 05:26:55 +0100 (Fri, 06 Mar 2009) New Revision: 2682 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/flash_player_CB-A08-0059.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_005_openoffice.org_fc5.nasl trunk/openvas-plugins/scripts/gb_fedora_2007_005_openoffice.org_fc6.nasl trunk/openvas-plugins/scripts/gnutls_CB-A08-0079.nasl trunk/openvas-plugins/scripts/mozilla_CB-A08-0017.nasl trunk/openvas-plugins/scripts/openoffice_CB-A08-0068.nasl trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_dec08_lin.nasl trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_dec08_win.nasl trunk/openvas-plugins/scripts/secpod_winftp_server_dos_vuln.nasl trunk/openvas-plugins/scripts/secpod_wsftp_server_sec_bypass_vuln.nasl trunk/openvas-plugins/scripts/smbcl_flash_player_CB-A08-0059.nasl trunk/openvas-plugins/scripts/smbcl_gnutls_CB-A08-0079.nasl trunk/openvas-plugins/scripts/smbcl_mozilla.nasl trunk/openvas-plugins/scripts/smbcl_openoffice_CB-A08-0068.nasl Log: Addressed duplicate script_id and script_name Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/ChangeLog 2009-03-06 04:26:55 UTC (rev 2682) @@ -1,3 +1,23 @@ +2009-03-06 Chandrashekhar B + * scripts/secpod_wsftp_server_sec_bypass_vuln.nasl, + scripts/secpod_opera_mult_vuln_dec08_lin.nasl, + scripts/secpod_winftp_server_dos_vuln.nasl, + scripts/secpod_opera_mult_vuln_dec08_win.nasl: + Addressed duplicate Script ID issue + + * scripts/mozilla_CB-A08-0017.nasl, + scripts/gnutls_CB-A08-0079.nasl, + scripts/remote-detect-sybase-easerver-mgmt.nasl, + scripts/smbcl_flash_player_CB-A08-0059.nasl, + scripts/smbcl_gnutls_CB-A08-0079.nasl, + scripts/gb_fedora_2007_005_openoffice.org_fc6.nasl, + scripts/flash_player_CB-A08-0059.nasl, + scripts/smbcl_openoffice_CB-A08-0068.nasl, + scripts/openoffice_CB-A08-0068.nasl, + scripts/smbcl_mozilla.nasl, + scripts/gb_fedora_2007_005_openoffice.org_fc5.nasl: + Addressed duplicate script_name issue + 2009-03-05 Chandrashekhar B * extra/lsc_generator/test/unit_test/test_centos.py, extra/lsc_generator/test/unit_test/test_redhat.py, Modified: trunk/openvas-plugins/scripts/flash_player_CB-A08-0059.nasl =================================================================== --- trunk/openvas-plugins/scripts/flash_player_CB-A08-0059.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/flash_player_CB-A08-0059.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -8,7 +8,7 @@ { script_id(90018); script_version ("$Revision: 01 $"); - name["english"] = "Adobe Flash Player 9.0.115.0 and earlier vulnerability"; + name["english"] = "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Lin)"; script_name(english:name["english"]); desc["english"] = "The remote host is probably affected by the vulnerabilities Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_005_openoffice.org_fc5.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_005_openoffice.org_fc5.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_005_openoffice.org_fc5.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -1,7 +1,7 @@ ############################################################################### # OpenVAS Vulnerability Test # -# Fedora Update for openoffice.org FEDORA-2007-005 +# Fedora Update for openoffice.org FEDORA-2007-005 (FC5) # # Authors: # System Generated Check @@ -29,7 +29,7 @@ script_version("$Revision: 1.0 $"); script_xref(name: "FEDORA", value: "2007-005"); script_cve_id("CVE-2006-2198", "CVE-2006-2199", "CVE-2006-3117"); - script_name(english: "Fedora Update for openoffice.org FEDORA-2007-005"); + script_name(english: "Fedora Update for openoffice.org FEDORA-2007-005 (FC5)"); desc["english"] = " Vulnerability Insight: @@ -443,4 +443,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gb_fedora_2007_005_openoffice.org_fc6.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_fedora_2007_005_openoffice.org_fc6.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/gb_fedora_2007_005_openoffice.org_fc6.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -1,7 +1,7 @@ ############################################################################### # OpenVAS Vulnerability Test # -# Fedora Update for openoffice.org FEDORA-2007-005 +# Fedora Update for openoffice.org FEDORA-2007-005 (FC6) # # Authors: # System Generated Check @@ -29,7 +29,7 @@ script_version("$Revision: 1.0 $"); script_xref(name: "FEDORA", value: "2007-005"); script_cve_id(""); - script_name(english: "Fedora Update for openoffice.org FEDORA-2007-005"); + script_name(english: "Fedora Update for openoffice.org FEDORA-2007-005 FC(6)"); desc["english"] = " Vulnerability Insight: @@ -977,4 +977,4 @@ } exit(0); -} \ No newline at end of file +} Modified: trunk/openvas-plugins/scripts/gnutls_CB-A08-0079.nasl =================================================================== --- trunk/openvas-plugins/scripts/gnutls_CB-A08-0079.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/gnutls_CB-A08-0079.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -10,7 +10,7 @@ script_id(90026); script_version ("$Revision: 01 $"); script_cve_id("CVE-2008-1948"); - name["english"] = "GnuTLS < 2.2.5 vulnerability"; + name["english"] = "GnuTLS < 2.2.5 vulnerability (Lin)"; script_name(english:name["english"]); desc["english"] = "The remote host is probably affected by the vulnerabilities Modified: trunk/openvas-plugins/scripts/mozilla_CB-A08-0017.nasl =================================================================== --- trunk/openvas-plugins/scripts/mozilla_CB-A08-0017.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/mozilla_CB-A08-0017.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -11,7 +11,7 @@ script_id(90014); script_version ("$Revision: 01 $"); script_cve_id("CVE-2008-1238","CVE-2008-1240","CVE-2008-1241"); - name["english"] = "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys"; + name["english"] = "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Lin)"; script_name(english:name["english"]); desc["english"] = "The remote host is probable affected by the vulnerabilitys described in Modified: trunk/openvas-plugins/scripts/openoffice_CB-A08-0068.nasl =================================================================== --- trunk/openvas-plugins/scripts/openoffice_CB-A08-0068.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/openoffice_CB-A08-0068.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -11,7 +11,7 @@ script_id(90029); script_version ("$Revision: 01 $"); script_cve_id("CVE-2008-2152"); - name["english"] = "OpenOffice.org <= 2.4.1 vulnerability"; + name["english"] = "OpenOffice.org <= 2.4.1 vulnerability (Lin)"; script_name(english:name["english"]); desc["english"] = "The remote host is probably affected by the vulnerabilities described in Modified: trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl =================================================================== --- trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/remote-detect-sybase-easerver-mgmt.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -26,7 +26,7 @@ if(description) { script_id(80005); -name["english"] = "Sybase Enterprise Application Server service detection"; +name["english"] = "Sybase Enterprise Application Server Management Console detection"; script_name(english:name["english"]); desc["english"] = " Modified: trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_dec08_lin.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_dec08_lin.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_dec08_lin.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -26,7 +26,7 @@ if(description) { - script_id(900072); + script_id(900082); script_version("$Revision: 1.0 $"); script_cve_id("CVE-2008-5679", "CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5682", "CVE-2008-5683"); Modified: trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_dec08_win.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_dec08_win.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/secpod_opera_mult_vuln_dec08_win.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -26,7 +26,7 @@ if(description) { - script_id(900071); + script_id(900081); script_version("$Revision: 1.0 $"); script_cve_id("CVE-2008-5679", "CVE-2008-5680", "CVE-2008-5681", "CVE-2008-5682", "CVE-2008-5683"); Modified: trunk/openvas-plugins/scripts/secpod_winftp_server_dos_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_winftp_server_dos_vuln.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/secpod_winftp_server_dos_vuln.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -26,7 +26,7 @@ if(description) { - script_id(900070); + script_id(900450); script_version("$Revision: 1.0 $"); script_bugtraq_id(31686); script_cve_id("CVE-2008-5666"); Modified: trunk/openvas-plugins/scripts/secpod_wsftp_server_sec_bypass_vuln.nasl =================================================================== --- trunk/openvas-plugins/scripts/secpod_wsftp_server_sec_bypass_vuln.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/secpod_wsftp_server_sec_bypass_vuln.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -26,7 +26,7 @@ if(description) { - script_id(900069); + script_id(900451); script_version("$Revision: 1.0 $"); script_cve_id("CVE-2008-5692", "CVE-2008-5693"); script_bugtraq_id(27654); Modified: trunk/openvas-plugins/scripts/smbcl_flash_player_CB-A08-0059.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_flash_player_CB-A08-0059.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/smbcl_flash_player_CB-A08-0059.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -10,7 +10,7 @@ script_id(90019); script_version ("$Revision: 01 $"); - name["english"] = "Adobe Flash Player 9.0.115.0 and earlier vulnerability"; + name["english"] = "Adobe Flash Player 9.0.115.0 and earlier vulnerability (Win)"; script_name(english:name["english"]); desc["english"] = "The remote host is probably affected by the vulnerabilities described in Modified: trunk/openvas-plugins/scripts/smbcl_gnutls_CB-A08-0079.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_gnutls_CB-A08-0079.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/smbcl_gnutls_CB-A08-0079.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -11,7 +11,7 @@ script_id(90027); script_version ("$Revision: 01 $"); script_cve_id("CVE-2008-1948"); - name["english"] = "GnuTLS < 2.2.5 vulnerability"; + name["english"] = "GnuTLS < 2.2.5 vulnerability (Win)"; script_name(english:name["english"]); desc["english"] = "The remote host is probably affected by the vulnerabilities described in Modified: trunk/openvas-plugins/scripts/smbcl_mozilla.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_mozilla.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/smbcl_mozilla.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -11,7 +11,7 @@ script_id(90013); script_version ("$Revision: 01 $"); script_cve_id("CVE-2008-1238","CVE-2008-1240","CVE-2008-1241"); - name["english"] = "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys"; + name["english"] = "Mozilla Firefox, Thunderbird, Seamonkey. Several vulnerabilitys (Win)"; script_name(english:name["english"]); desc["english"] = "The remote host is probable affected by the vulnerabilitys described in Modified: trunk/openvas-plugins/scripts/smbcl_openoffice_CB-A08-0068.nasl =================================================================== --- trunk/openvas-plugins/scripts/smbcl_openoffice_CB-A08-0068.nasl 2009-03-05 23:42:59 UTC (rev 2681) +++ trunk/openvas-plugins/scripts/smbcl_openoffice_CB-A08-0068.nasl 2009-03-06 04:26:55 UTC (rev 2682) @@ -11,7 +11,7 @@ script_id(90030); script_version ("$Revision: 01 $"); script_cve_id("CVE-2008-2152"); - name["english"] = "OpenOffice.org <= 2.4.1 vulnerability"; + name["english"] = "OpenOffice.org <= 2.4.1 vulnerability (Win)"; script_name(english:name["english"]); desc["english"] = "The remote host is probably affected by the vulnerabilities described in From scm-commit at wald.intevation.org Fri Mar 6 07:22:26 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Mar 2009 07:22:26 +0100 (CET) Subject: [Openvas-commits] r2683 - in trunk/openvas-plugins: . extra/lsc_generator/parser Message-ID: <20090306062226.6B4EB407B5@pyrosoma.intevation.org> Author: chandra Date: 2009-03-06 07:22:21 +0100 (Fri, 06 Mar 2009) New Revision: 2683 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/extra/lsc_generator/parser/redhat.py Log: Fixed a minor issue with redhat parser Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-06 04:26:55 UTC (rev 2682) +++ trunk/openvas-plugins/ChangeLog 2009-03-06 06:22:21 UTC (rev 2683) @@ -1,4 +1,8 @@ 2009-03-06 Chandrashekhar B + * extra/lsc_generator/parser/redhat.py: + Fixed a minor issue with the parser + +2009-03-06 Chandrashekhar B * scripts/secpod_wsftp_server_sec_bypass_vuln.nasl, scripts/secpod_opera_mult_vuln_dec08_lin.nasl, scripts/secpod_winftp_server_dos_vuln.nasl, Modified: trunk/openvas-plugins/extra/lsc_generator/parser/redhat.py =================================================================== --- trunk/openvas-plugins/extra/lsc_generator/parser/redhat.py 2009-03-06 04:26:55 UTC (rev 2682) +++ trunk/openvas-plugins/extra/lsc_generator/parser/redhat.py 2009-03-06 06:22:21 UTC (rev 2683) @@ -133,6 +133,7 @@ Html_content = '' XREF = [] FileName = '' + total_prod_list = [] def _getYearLinks(self, link, year, debug=0): @@ -357,6 +358,7 @@ ## Don't include Product/Platform, If not in "os_map" Dict ref_list = [] + self.total_prod_list = prd_list for prod in prd_list: if os_map.has_key(prod): ref_list.append(prod) @@ -365,8 +367,8 @@ print "If Needed to generate code, then "+ \ "add into dict variable os_map in parser" - if ref_list and debug: - print "\nGenerating Code for (%s) Products " %(ref_list) + if ref_list and debug: + print "\nGenerating Code for (%s) Products " %(ref_list) return ref_list @@ -394,6 +396,10 @@ for prod in prod_list: rpm_list = [] + + if debug: + print "\nGetting RPM For : ", prod + if string.find(data, prod) == -1: if debug: print "\nERROR: Product not found in the data : ", prod @@ -407,7 +413,7 @@ if not line: continue - if line in prod_list: + if line in self.total_prod_list: break flag = 1 @@ -429,6 +435,9 @@ rpm_list = utils.stripIt(rpm_list, strip_val) rpm_list = utils.removeDups(rpm_list) + if debug: + print "Found PRMS are : ", rpm_list + if os_map.has_key(prod): os_pkg_dict[os_map[prod]] = rpm_list From scm-commit at wald.intevation.org Fri Mar 6 07:30:49 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Fri, 6 Mar 2009 07:30:49 +0100 (CET) Subject: [Openvas-commits] r2684 - in trunk/openvas-plugins: . scripts Message-ID: <20090306063049.1948A407B5@pyrosoma.intevation.org> Author: chandra Date: 2009-03-06 07:30:35 +0100 (Fri, 06 Mar 2009) New Revision: 2684 Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_0993-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1049-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1059-01_pcre.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1063-01_pcre.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1065-01_pcre.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1068-01_pcre.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1076-02_python.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1077-01_python.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1078-02_cairo.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1083-01_thunderbird.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1090-01_openoffice.org2.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1095-01_htdig.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1104-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1114-01_samba.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1128-01_autofs.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1129-01_autofs5.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1130-01_squid.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1155-01_mysql.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1165-01_libexif.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1166-01_libexif.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1176-01_autofs.nasl trunk/openvas-plugins/scripts/gb_RHSA-2007_1177-01_autofs5.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0002-01_tog-pegasus.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0003-01_e2fsprogs.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0004-01_apache.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0005-01_httpd.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0006-01_httpd.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0008-01_httpd.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0029-01_XFree86.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0030-01_xorg-x11.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0031-01_xorg-x11-server.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0032-01_libxml2.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0038-01_postgresql.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0039-01_postgresql.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0042-01_tomcat.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0055-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0058-01_wireshark.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0059-01_wireshark.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0061-02_setroubleshoot.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0064-01_libXfont.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0089-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0090-01_icu.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0103-01_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0104-01_seamonkey.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0105-01_thunderbird.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0105-02_thunderbird.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0110-01_openldap.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0129-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0131-01_netpbm.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0133-01_IBMJava2.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0134-01_tcltk.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0135-02_tk.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0136-01_tk.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0145-01_ImageMagick.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0146-01_gd.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0153-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0154-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0155-01_ghostscript.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0157-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0159-01_dbus.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0161-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0164-01_krb5.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0165-01_ImageMagick.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0167-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0175-01_openoffice.org.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0176-01_openoffice.org.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0177-01_evolution.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0180-01_krb5.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0181-01_krb5.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0192-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0194-01_xen.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0196-01_unzip.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0197-01_gnome-screensaver.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0206-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0207-01_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0208-01_seamonkey.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0209-01_thunderbird.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0211-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0214-01_squid.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0218-01_gnome-screensaver.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0222-02_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0223-02_seamonkey.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0224-01_thunderbird.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0233-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0235-01_speex.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0237-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0238-01_kdegraphics.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0239-01_poppler.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0240-01_xpdf.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0262-01_gpdf.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0270-01_libvorbis.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0271-01_libvorbis.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0275-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0287-01_libxslt.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0288-01_samba.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0290-01_samba.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0295-01_vsftpd.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0297-02_dovecot.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0300-02_bind.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0364-01_mysql.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0389-02_nss_ldap.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0486-01_nfs-utils.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0489-01_gnutls.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0492-01_gnutls.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0497-01_sblim.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0498-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0502-01_XFree86.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0503-01_xorg-x11.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0504-01_xorg-x11-server.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0508-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0512-01_XFree86.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0515-01_evolution28.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0516-01_evolution.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0519-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0522-01_perl.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0528-01_ucd-snmp.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0529-01_net-snmp.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0533-01_bind.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0537-01_openoffice.org.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0538-01_openoffice.org.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0544-01_php.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0545-01_php.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0546-01_php.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0547-01_seamonkey.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0549-01_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0556-01_freetype.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0558-01_freetype.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0561-01_ruby.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0562-01_ruby.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0569-01_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0575-01_rdesktop.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0576-01_rdesktop.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0579-01_vsftpd.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0580-01_vim.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0581-01_bluez-libs and bluez-utils.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0583-01_openldap.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0584-01_pidgin.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0597-01_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0598-02_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0599-01_seamonkey.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0607-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0612-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0616-01_thunderbird.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0617-01_vim.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0618-01_vim.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0648-01_tomcat.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0649-01_libxslt.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0680-01_vsftpd.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0715-01_nss_ldap.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0725-01_rdesktop.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0768-01_mysql.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0780-01_coreutils.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0789-01_dnsmasq.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0815-01_yum-rhn-plugin.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0818-02_hplip.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0836-02_libxml2.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0839-01_postfix.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0847-01_libtiff.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0848-01_libtiff.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0849-01_ipsec-tools.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0855-01_openssh.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0863-01_libtiff.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0879-01_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0882-01_seamonkey.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0884-01_libxml2.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0885-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0886-01_libxml2.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0890-01_wireshark.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0892-01_xen.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0893-01_bzip2.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0895-02_ruby.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0896-01_ruby.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0897-01_ruby.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0908-01_thunderbird.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0937-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0939-00_openoffice.org.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0946-01_ed.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0957-02_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0965-01_lynx.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0967-01_httpd.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0971-01_net-snmp.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0972-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0973-03_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0976-01_thunderbird.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0977-01_seamonkey.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0978-01_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0981-02_ruby.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0982-01_gnutls.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_0988-01_libxml2.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1001-01_tog-pegasus.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1016-01_enscript.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1017-01_kernel.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1021-02_enscript.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1023-01_pidgin.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1028-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1029-01_cups.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1036-01_firefox.nasl trunk/openvas-plugins/scripts/gb_RHSA-2008_1037-01_seamonkey.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new local checks for RedHat Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/ChangeLog 2009-03-06 06:30:35 UTC (rev 2684) @@ -1,4 +1,207 @@ 2009-03-06 Chandrashekhar B + * scripts/gb_RHSA-2008_0497-01_sblim.nasl + scripts/gb_RHSA-2008_0528-01_ucd-snmp.nasl + scripts/gb_RHSA-2008_0145-01_ImageMagick.nasl + scripts/gb_RHSA-2008_0059-01_wireshark.nasl + scripts/gb_RHSA-2008_0133-01_IBMJava2.nasl + scripts/gb_RHSA-2008_0648-01_tomcat.nasl + scripts/gb_RHSA-2008_0032-01_libxml2.nasl + scripts/gb_RHSA-2008_0486-01_nfs-utils.nasl + scripts/gb_RHSA-2008_0544-01_php.nasl + scripts/gb_RHSA-2008_0239-01_poppler.nasl + scripts/gb_RHSA-2008_0815-01_yum-rhn-plugin.nasl + scripts/gb_RHSA-2008_0580-01_vim.nasl + scripts/gb_RHSA-2008_0489-01_gnutls.nasl + scripts/gb_RHSA-2007_1049-01_kernel.nasl + scripts/gb_RHSA-2008_0136-01_tk.nasl + scripts/gb_RHSA-2008_0039-01_postgresql.nasl + scripts/gb_RHSA-2007_1177-01_autofs5.nasl + scripts/gb_RHSA-2008_0131-01_netpbm.nasl + scripts/gb_RHSA-2007_1166-01_libexif.nasl + scripts/gb_RHSA-2008_0725-01_rdesktop.nasl + scripts/gb_RHSA-2008_0197-01_gnome-screensaver.nasl + scripts/gb_RHSA-2008_0211-01_kernel.nasl + scripts/gb_RHSA-2008_0522-01_perl.nasl + scripts/gb_RHSA-2008_1001-01_tog-pegasus.nasl + scripts/gb_RHSA-2008_0224-01_thunderbird.nasl + scripts/gb_RHSA-2008_0839-01_postfix.nasl + scripts/gb_RHSA-2007_1128-01_autofs.nasl + scripts/gb_RHSA-2008_0006-01_httpd.nasl + scripts/gb_RHSA-2008_0583-01_openldap.nasl + scripts/gb_RHSA-2008_0976-01_thunderbird.nasl + scripts/gb_RHSA-2008_1016-01_enscript.nasl + scripts/gb_RHSA-2008_0290-01_samba.nasl + scripts/gb_RHSA-2008_0194-01_xen.nasl + scripts/gb_RHSA-2008_0576-01_rdesktop.nasl + scripts/gb_RHSA-2008_0818-02_hplip.nasl + scripts/gb_RHSA-2008_0545-01_php.nasl + scripts/gb_RHSA-2008_1017-01_kernel.nasl + scripts/gb_RHSA-2008_0002-01_tog-pegasus.nasl + scripts/gb_RHSA-2008_0270-01_libvorbis.nasl + scripts/gb_RHSA-2008_0029-01_XFree86.nasl + scripts/gb_RHSA-2008_0967-01_httpd.nasl + scripts/gb_RHSA-2008_0155-01_ghostscript.nasl + scripts/gb_RHSA-2008_0849-01_ipsec-tools.nasl + scripts/gb_RHSA-2008_0157-01_cups.nasl + scripts/gb_RHSA-2008_0218-01_gnome-screensaver.nasl + scripts/gb_RHSA-2008_0897-01_ruby.nasl + scripts/gb_RHSA-2008_0105-01_thunderbird.nasl + scripts/gb_RHSA-2008_0549-01_firefox.nasl + scripts/gb_RHSA-2008_0893-01_bzip2.nasl + scripts/gb_RHSA-2008_0104-01_seamonkey.nasl + scripts/gb_RHSA-2008_0882-01_seamonkey.nasl + scripts/gb_RHSA-2008_0988-01_libxml2.nasl + scripts/gb_RHSA-2008_0207-01_firefox.nasl + scripts/gb_RHSA-2008_0042-01_tomcat.nasl + scripts/gb_RHSA-2008_0300-02_bind.nasl + scripts/gb_RHSA-2008_0895-02_ruby.nasl + scripts/gb_RHSA-2008_0607-01_kernel.nasl + scripts/gb_RHSA-2007_1068-01_pcre.nasl + scripts/gb_RHSA-2008_0598-02_firefox.nasl + scripts/gb_RHSA-2008_0165-01_ImageMagick.nasl + scripts/gb_RHSA-2008_0971-01_net-snmp.nasl + scripts/gb_RHSA-2008_0288-01_samba.nasl + scripts/gb_RHSA-2008_0569-01_firefox.nasl + scripts/gb_RHSA-2007_1130-01_squid.nasl + scripts/gb_RHSA-2007_1077-01_python.nasl + scripts/gb_RHSA-2007_1083-01_thunderbird.nasl + scripts/gb_RHSA-2008_0508-01_kernel.nasl + scripts/gb_RHSA-2008_0896-01_ruby.nasl + scripts/gb_RHSA-2008_0159-01_dbus.nasl + scripts/gb_RHSA-2008_0546-01_php.nasl + scripts/gb_RHSA-2008_0206-01_cups.nasl + scripts/gb_RHSA-2008_0965-01_lynx.nasl + scripts/gb_RHSA-2008_0038-01_postgresql.nasl + scripts/gb_RHSA-2008_0715-01_nss_ldap.nasl + scripts/gb_RHSA-2008_0233-01_kernel.nasl + scripts/gb_RHSA-2008_0058-01_wireshark.nasl + scripts/gb_RHSA-2007_0993-01_kernel.nasl + scripts/gb_RHSA-2008_0031-01_xorg-x11-server.nasl + scripts/gb_RHSA-2008_0556-01_freetype.nasl + scripts/gb_RHSA-2008_0135-02_tk.nasl + scripts/gb_RHSA-2008_0209-01_thunderbird.nasl + scripts/gb_RHSA-2008_0287-01_libxslt.nasl + scripts/gb_RHSA-2008_0885-01_kernel.nasl + scripts/gb_RHSA-2008_0516-01_evolution.nasl + scripts/gb_RHSA-2008_0680-01_vsftpd.nasl + scripts/gb_RHSA-2007_1078-02_cairo.nasl + scripts/gb_RHSA-2008_0502-01_XFree86.nasl + scripts/gb_RHSA-2008_0599-01_seamonkey.nasl + scripts/gb_RHSA-2008_0146-01_gd.nasl + scripts/gb_RHSA-2008_0977-01_seamonkey.nasl + scripts/gb_RHSA-2008_0558-01_freetype.nasl + scripts/gb_RHSA-2008_0005-01_httpd.nasl + scripts/gb_RHSA-2008_0492-01_gnutls.nasl + scripts/gb_RHSA-2008_0519-01_kernel.nasl + scripts/gb_RHSA-2008_0533-01_bind.nasl + scripts/gb_RHSA-2007_1059-01_pcre.nasl + scripts/gb_RHSA-2008_0538-01_openoffice.org.nasl + scripts/gb_RHSA-2008_0181-01_krb5.nasl + scripts/gb_RHSA-2008_1037-01_seamonkey.nasl + scripts/gb_RHSA-2008_0848-01_libtiff.nasl + scripts/gb_RHSA-2008_0110-01_openldap.nasl + scripts/gb_RHSA-2008_0154-01_kernel.nasl + scripts/gb_RHSA-2008_0389-02_nss_ldap.nasl + scripts/gb_RHSA-2007_1129-01_autofs5.nasl + scripts/gb_RHSA-2008_0030-01_xorg-x11.nasl + scripts/gb_RHSA-2008_0089-01_kernel.nasl + scripts/gb_RHSA-2008_0584-01_pidgin.nasl + scripts/gb_RHSA-2008_0617-01_vim.nasl + scripts/gb_RHSA-2007_1104-01_kernel.nasl + scripts/gb_RHSA-2008_0973-03_kernel.nasl + scripts/gb_RHSA-2008_0090-01_icu.nasl + scripts/gb_RHSA-2008_0235-01_speex.nasl + scripts/gb_RHSA-2008_0937-01_cups.nasl + scripts/gb_RHSA-2008_0884-01_libxml2.nasl + scripts/gb_RHSA-2008_0103-01_firefox.nasl + scripts/gb_RHSA-2008_0161-01_cups.nasl + scripts/gb_RHSA-2008_0055-01_kernel.nasl + scripts/gb_RHSA-2008_0981-02_ruby.nasl + scripts/gb_RHSA-2008_0515-01_evolution28.nasl + scripts/gb_RHSA-2008_0208-01_seamonkey.nasl + scripts/gb_RHSA-2008_0180-01_krb5.nasl + scripts/gb_RHSA-2008_0222-02_firefox.nasl + scripts/gb_RHSA-2008_0581-01_bluez-libs + scripts/gb_RHSA-2007_1065-01_pcre.nasl + scripts/gb_RHSA-2008_0003-01_e2fsprogs.nasl + scripts/gb_RHSA-2007_1165-01_libexif.nasl + scripts/gb_RHSA-2007_1114-01_samba.nasl + scripts/gb_RHSA-2008_0982-01_gnutls.nasl + scripts/gb_RHSA-2008_0192-01_cups.nasl + scripts/gb_RHSA-2008_0297-02_dovecot.nasl + scripts/gb_RHSA-2008_0008-01_httpd.nasl + scripts/gb_RHSA-2008_0886-01_libxml2.nasl + scripts/gb_RHSA-2008_0547-01_seamonkey.nasl + scripts/gb_RHSA-2008_0939-00_openoffice.org.nasl + scripts/gb_RHSA-2008_0240-01_xpdf.nasl + scripts/gb_RHSA-2008_0537-01_openoffice.org.nasl + scripts/gb_RHSA-2007_1090-01_openoffice.org2.nasl + scripts/gb_RHSA-2008_0223-02_seamonkey.nasl + scripts/gb_RHSA-2007_1155-01_mysql.nasl + scripts/gb_RHSA-2008_0907-01_pam_krb5.nasl + scripts/gb_RHSA-2007_1095-01_htdig.nasl + scripts/gb_RHSA-2007_1176-01_autofs.nasl + scripts/gb_RHSA-2008_0153-01_cups.nasl + scripts/gb_RHSA-2008_0972-01_kernel.nasl + scripts/gb_RHSA-2008_0879-01_firefox.nasl + scripts/gb_RHSA-2008_0575-01_rdesktop.nasl + scripts/gb_RHSA-2008_0061-02_setroubleshoot.nasl + scripts/gb_RHSA-2008_1023-01_pidgin.nasl + scripts/gb_RHSA-2008_0618-01_vim.nasl + scripts/gb_RHSA-2008_0579-01_vsftpd.nasl + scripts/gb_RHSA-2008_0275-01_kernel.nasl + scripts/gb_RHSA-2008_0957-02_kernel.nasl + scripts/gb_RHSA-2008_0529-01_net-snmp.nasl + scripts/gb_RHSA-2008_0504-01_xorg-x11-server.nasl + scripts/gb_RHSA-2008_0177-01_evolution.nasl + scripts/gb_RHSA-2008_0855-01_openssh.nasl + scripts/gb_RHSA-2008_0978-01_firefox.nasl + scripts/gb_RHSA-2008_0064-01_libXfont.nasl + scripts/gb_RHSA-2008_0004-01_apache.nasl + scripts/gb_RHSA-2008_0214-01_squid.nasl + scripts/gb_RHSA-2008_0649-01_libxslt.nasl + scripts/gb_RHSA-2008_0237-01_kernel.nasl + scripts/gb_RHSA-2008_0616-01_thunderbird.nasl + scripts/gb_RHSA-2008_0768-01_mysql.nasl + scripts/gb_RHSA-2008_0946-01_ed.nasl + scripts/gb_RHSA-2008_0164-01_krb5.nasl + scripts/gb_RHSA-2008_0176-01_openoffice.org.nasl + scripts/gb_RHSA-2008_0364-01_mysql.nasl + scripts/gb_RHSA-2008_0780-01_coreutils.nasl + scripts/gb_RHSA-2008_0498-01_cups.nasl + scripts/gb_RHSA-2008_0295-01_vsftpd.nasl + scripts/gb_RHSA-2008_0238-01_kdegraphics.nasl + scripts/gb_RHSA-2007_1063-01_pcre.nasl + scripts/gb_RHSA-2008_0105-02_thunderbird.nasl + scripts/gb_RHSA-2008_0167-01_kernel.nasl + scripts/gb_RHSA-2008_0890-01_wireshark.nasl + scripts/gb_RHSA-2008_0271-01_libvorbis.nasl + scripts/gb_RHSA-2008_0562-01_ruby.nasl + scripts/gb_RHSA-2008_0262-01_gpdf.nasl + scripts/gb_RHSA-2008_1021-02_enscript.nasl + scripts/gb_RHSA-2008_1029-01_cups.nasl + scripts/gb_RHSA-2008_0908-01_thunderbird.nasl + scripts/gb_RHSA-2008_0836-02_libxml2.nasl + scripts/gb_RHSA-2008_0196-01_unzip.nasl + scripts/gb_RHSA-2008_0612-01_kernel.nasl + scripts/gb_RHSA-2008_0129-01_kernel.nasl + scripts/gb_RHSA-2008_0597-01_firefox.nasl + scripts/gb_RHSA-2008_1036-01_firefox.nasl + scripts/gb_RHSA-2008_0134-01_tcltk.nasl + scripts/gb_RHSA-2007_1076-02_python.nasl + scripts/gb_RHSA-2008_0175-01_openoffice.org.nasl + scripts/gb_RHSA-2008_0863-01_libtiff.nasl + scripts/gb_RHSA-2008_0892-01_xen.nasl + scripts/gb_RHSA-2008_0561-01_ruby.nasl + scripts/gb_RHSA-2008_1028-01_cups.nasl + scripts/gb_RHSA-2008_0503-01_xorg-x11.nasl + scripts/gb_RHSA-2008_0789-01_dnsmasq.nasl + scripts/gb_RHSA-2008_0512-01_XFree86.nasl + scripts/gb_RHSA-2008_0847-01_libtiff.nasl: + Added new local checks for RedHat + + +2009-03-06 Chandrashekhar B * extra/lsc_generator/parser/redhat.py: Fixed a minor issue with the parser Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_0993-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_0993-01_kernel.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_0993-01_kernel.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,189 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for kernel RHSA-2007:0993-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870182); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:0993-01"); + script_cve_id("CVE-2007-4571", "CVE-2007-4997", "CVE-2007-5494"); + script_name(english: "RedHat Update for kernel RHSA-2007:0993-01"); + desc["english"] = " + + Vulnerability Insight: + The Linux kernel handles the basic functions of the operating system. + + These new kernel packages contain fixes for the following security issues: + + A memory leak was found in the Red Hat Content Accelerator kernel patch. A + local user could use this flaw to cause a denial of service (memory + exhaustion). (CVE-2007-5494, Important) + + A flaw was found in the handling of IEEE 802.11 frames affecting several + wireless LAN modules. In certain circumstances, a remote attacker could + trigger this flaw by sending a malicious packet over a wireless network and + cause a denial of service (kernel crash). (CVE-2007-4997, Important). + + A flaw was found in the Advanced Linux Sound Architecture (ALSA). A local + user who had the ability to read the /proc/driver/snd-page-alloc file could + see portions of kernel memory. (CVE-2007-4571, Moderate). + + In addition to the security issues described above, several bug fixes + preventing possible memory corruption, system crashes, SCSI I/O fails, + networking drivers performance regression and journaling block device layer + issue were also included. + + Red Hat Enterprise Linux 5 users are advised to upgrade to these packages, + which contain backported patches to resolve these issues. + + Red Hat would like to credit Vasily Averin, Chris Evans, and Neil Kettle + for reporting the security issues corrected by this update. + + + Affected Software/OS: + kernel on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-November/msg00001.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~53.1.4.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1049-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1049-01_kernel.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1049-01_kernel.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,165 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for kernel RHSA-2007:1049-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870197); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1049-01"); + script_cve_id("CVE-2007-2172", "CVE-2007-3848", "CVE-2006-4538", "CVE-2007-3739", "CVE-2007-4308"); + script_name(english: "RedHat Update for kernel RHSA-2007:1049-01"); + desc["english"] = " + + Vulnerability Insight: + The kernel packages contain the Linux kernel, the core of any Linux + operating system. + + A flaw was found in the handling of process death signals. This allowed a + local user to send arbitrary signals to the suid-process executed by that + user. A successful exploitation of this flaw depends on the structure of + the suid-program and its signal handling. (CVE-2007-3848, Important) + + A flaw was found in the IPv4 forwarding base. This allowed a local user to + cause a denial of service. (CVE-2007-2172, Important) + + A flaw was found where a corrupted executable file could cause cross-region + memory mappings on Itanium systems. This allowed a local user to cause a + denial of service. (CVE-2006-4538, Moderate) + + A flaw was found in the stack expansion when using the hugetlb kernel on + PowerPC systems. This allowed a local user to cause a denial of service. + (CVE-2007-3739, Moderate) + + A flaw was found in the aacraid SCSI driver. This allowed a local user to + make ioctl calls to the driver that should be restricted to privileged + users. (CVE-2007-4308, Moderate) + + As well, these updated packages fix the following bug: + + * a bug in the TCP header prediction code may have caused "TCP: Treason + uncloaked!" messages to be logged. In certain situations this may have lead + to TCP connections hanging or aborting. + + Red Hat Enterprise Linux 3 users are advised to upgrade to these updated + packages, which contain backported patches to resolve these issues. + + + Affected Software/OS: + kernel on Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00000.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-BOOT", rpm:"kernel-BOOT~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-hugemem-unsupported", rpm:"kernel-hugemem-unsupported~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-smp-unsupported", rpm:"kernel-smp-unsupported~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-source", rpm:"kernel-source~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-unsupported", rpm:"kernel-unsupported~2.4.21~53.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1059-01_pcre.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1059-01_pcre.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1059-01_pcre.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,102 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for pcre RHSA-2007:1059-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870181); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1059-01"); + script_cve_id("CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7228", "CVE-2006-7230"); + script_name(english: "RedHat Update for pcre RHSA-2007:1059-01"); + desc["english"] = " + + Vulnerability Insight: + PCRE is a Perl-compatible regular expression library. + + Flaws were discovered in the way PCRE handles certain malformed regular + expressions. If an application linked against PCRE, such as Konqueror, + parses a malicious regular expression, it may have been possible to run + arbitrary code as the user running the application. + (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230) + + Users of PCRE are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + Red Hat would like to thank Ludwig Nussel for reporting these issues. + + + Affected Software/OS: + pcre on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-November/msg00002.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of pcre"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"pcre", rpm:"pcre~6.6~2.el5_1.7", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"pcre-debuginfo", rpm:"pcre-debuginfo~6.6~2.el5_1.7", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~6.6~2.el5_1.7", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1063-01_pcre.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1063-01_pcre.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1063-01_pcre.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,104 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for pcre RHSA-2007:1063-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870198); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1063-01"); + script_cve_id("CVE-2006-7228", "CVE-2007-1660"); + script_name(english: "RedHat Update for pcre RHSA-2007:1063-01"); + desc["english"] = " + + Vulnerability Insight: + PCRE is a Perl-compatible regular expression library. + + Flaws were discovered in the way PCRE handles certain malformed regular + expressions. If an application linked against PCRE, such as Konqueror, + parsed a malicious regular expression, it may have been possible to run + arbitrary code as the user running the application. (CVE-2006-7228, + CVE-2007-1660) + + Users of PCRE are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + Red Hat would like to thank Ludwig Nussel for reporting these issues. + + + Affected Software/OS: + pcre on Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-November/msg00003.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of pcre"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"pcre", rpm:"pcre~3.9~10.4", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"pcre-debuginfo", rpm:"pcre-debuginfo~3.9~10.4", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~3.9~10.4", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1065-01_pcre.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1065-01_pcre.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1065-01_pcre.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for pcre RHSA-2007:1065-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870191); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1065-01"); + script_cve_id("CVE-2006-7228", "CVE-2007-1660"); + script_name(english: "RedHat Update for pcre RHSA-2007:1065-01"); + desc["english"] = " + + Vulnerability Insight: + PCRE is a Perl-compatible regular expression library. + + Flaws were discovered in the way PCRE handles certain malformed regular + expressions. If an application linked against PCRE parses a malicious + regular expression, it may have been possible to run arbitrary code as the + user running the application. (CVE-2006-7228, CVE-2007-1660) + + Users of PCRE are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + Red Hat would like to thank Ludwig Nussel for reporting these issues. + + + Affected Software/OS: + pcre on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-November/msg00004.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of pcre"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"pcre", rpm:"pcre~3.4~2.4", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~3.4~2.4", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1068-01_pcre.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1068-01_pcre.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1068-01_pcre.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,104 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for pcre RHSA-2007:1068-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870178); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1068-01"); + script_cve_id("CVE-2006-7225", "CVE-2006-7226", "CVE-2006-7228", "CVE-2006-7230", "CVE-2007-1659"); + script_name(english: "RedHat Update for pcre RHSA-2007:1068-01"); + desc["english"] = " + + Vulnerability Insight: + PCRE is a Perl-compatible regular expression library. + + Flaws were discovered in the way PCRE handles certain malformed regular + expressions. If an application linked against PCRE, such as Konqueror, + parses a malicious regular expression, it may have been possible to run + arbitrary code as the user running the application. + (CVE-2006-7225, CVE-2006-7226, CVE-2006-7228, CVE-2006-7230, CVE-2007-1659) + + Users of PCRE are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + Red Hat would like to thank Ludwig Nussel for reporting these issues. + + + Affected Software/OS: + pcre on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-November/msg00005.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of pcre"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"pcre", rpm:"pcre~4.5~4.el4_6.6", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"pcre-debuginfo", rpm:"pcre-debuginfo~4.5~4.el4_6.6", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"pcre-devel", rpm:"pcre-devel~4.5~4.el4_6.6", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1076-02_python.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1076-02_python.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1076-02_python.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,172 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for python RHSA-2007:1076-02 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870180); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1076-02"); + script_cve_id("CVE-2006-7228", "CVE-2007-2052", "CVE-2007-4965"); + script_name(english: "RedHat Update for python RHSA-2007:1076-02"); + desc["english"] = " + + Vulnerability Insight: + Python is an interpreted, interactive, object-oriented programming + language. + + An integer overflow flaw was discovered in the way Python's pcre module + handled certain regular expressions. If a Python application used the pcre + module to compile and execute untrusted regular expressions, it may be + possible to cause the application to crash, or allow arbitrary code + execution with the privileges of the Python interpreter. (CVE-2006-7228) + + A flaw was discovered in the strxfrm() function of Python's locale module. + Strings generated by this function were not properly NULL-terminated. This + may possibly cause disclosure of data stored in the memory of a Python + application using this function. (CVE-2007-2052) + + Multiple integer overflow flaws were discovered in Python's imageop module. + If an application written in Python used the imageop module to process + untrusted images, it could cause the application to crash, enter an + infinite loop, or possibly execute arbitrary code with the privileges of + the Python interpreter. (CVE-2007-4965) + + Users of Python are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + + Affected Software/OS: + python on Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3, + Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00007.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of python"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"python", rpm:"python~2.3.4~14.4.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-debuginfo", rpm:"python-debuginfo~2.3.4~14.4.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-devel", rpm:"python-devel~2.3.4~14.4.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-docs", rpm:"python-docs~2.3.4~14.4.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-tools", rpm:"python-tools~2.3.4~14.4.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tkinter", rpm:"tkinter~2.3.4~14.4.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"python", rpm:"python~2.2.3~6.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-debuginfo", rpm:"python-debuginfo~2.2.3~6.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-devel", rpm:"python-devel~2.2.3~6.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-tools", rpm:"python-tools~2.2.3~6.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tkinter", rpm:"tkinter~2.2.3~6.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1077-01_python.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1077-01_python.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1077-01_python.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,120 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for python RHSA-2007:1077-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870189); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1077-01"); + script_cve_id("CVE-2006-7228", "CVE-2007-2052"); + script_name(english: "RedHat Update for python RHSA-2007:1077-01"); + desc["english"] = " + + Vulnerability Insight: + Python is an interpreted, interactive, object-oriented programming + language. + + An integer overflow flaw was discovered in the way Python's pcre module + handled certain regular expressions. If a Python application used the pcre + module to compile and execute untrusted regular expressions, it may be + possible to cause the application to crash, or allow arbitrary code + execution with the privileges of the Python interpreter. (CVE-2006-7228) + + A flaw was discovered in the strxfrm() function of Python's locale module. + Strings generated by this function were not properly NULL-terminated, which + could possibly cause disclosure of data stored in the memory of a Python + application using this function. (CVE-2007-2052) + + Users of Python are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + + Affected Software/OS: + python on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00004.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of python"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"python", rpm:"python~1.5.2~43.72.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-devel", rpm:"python-devel~1.5.2~43.72.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-docs", rpm:"python-docs~1.5.2~43.72.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"python-tools", rpm:"python-tools~1.5.2~43.72.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tkinter", rpm:"tkinter~1.5.2~43.72.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1078-02_cairo.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1078-02_cairo.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1078-02_cairo.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,100 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for cairo RHSA-2007:1078-02 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870188); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1078-02"); + script_cve_id("CVE-2007-5503"); + script_name(english: "RedHat Update for cairo RHSA-2007:1078-02"); + desc["english"] = " + + Vulnerability Insight: + Cairo is a vector graphics library designed to provide high-quality display + and print output. + + An integer overflow flaw was found in the way Cairo processes PNG images. + If an application linked against Cairo processes a malicious PNG image, it + is possible to execute arbitrary code as the user running the application. + (CVE-2007-5503) + + Users of Cairo are advised to upgrade to these updated packages, which + contain a backported patch to resolve this issue. + + + Affected Software/OS: + cairo on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-November/msg00006.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of cairo"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"cairo", rpm:"cairo~1.2.4~3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"cairo-debuginfo", rpm:"cairo-debuginfo~1.2.4~3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"cairo-devel", rpm:"cairo-devel~1.2.4~3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1083-01_thunderbird.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1083-01_thunderbird.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1083-01_thunderbird.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,106 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for thunderbird RHSA-2007:1083-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870194); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1083-01"); + script_cve_id("CVE-2007-5947", "CVE-2007-5959", "CVE-2007-5960"); + script_name(english: "RedHat Update for thunderbird RHSA-2007:1083-01"); + desc["english"] = " + + Vulnerability Insight: + Mozilla Thunderbird is a standalone mail and newsgroup client. + + A cross-site scripting flaw was found in the way Thunderbird handled the + jar: URI scheme. It may be possible for a malicious HTML mail message to + leverage this flaw, and conduct a cross-site scripting attack against a + user running Thunderbird. (CVE-2007-5947) + + Several flaws were found in the way Thunderbird processed certain malformed + HTML mail content. A HTML mail message containing malicious content could + cause Thunderbird to crash, or potentially execute arbitrary code as the + user running Thunderbird. (CVE-2007-5959) + + A race condition existed when Thunderbird set the "window.location" + property when displaying HTML mail content. This flaw could allow a HTML + mail message to set an arbitrary Referer header, which may lead to a + Cross-site Request Forgery (CSRF) attack against websites that rely only on + the Referer header for protection. (CVE-2007-5960) + + All users of thunderbird are advised to upgrade to these updated packages, + which contain backported patches to resolve these issues. + + + Affected Software/OS: + thunderbird on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00017.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of thunderbird"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"thunderbird", rpm:"thunderbird~1.5.0.12~7.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"thunderbird-debuginfo", rpm:"thunderbird-debuginfo~1.5.0.12~7.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1090-01_openoffice.org2.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1090-01_openoffice.org2.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1090-01_openoffice.org2.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,438 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for openoffice.org2 RHSA-2007:1090-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870179); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1090-01"); + script_cve_id("CVE-2007-4575"); + script_name(english: "RedHat Update for openoffice.org2 RHSA-2007:1090-01"); + desc["english"] = " + + Vulnerability Insight: + OpenOffice.org is an office productivity suite. + HSQLDB is the default database engine shipped with OpenOffice.org 2. + + It was discovered that HSQLDB could allow the execution of arbitrary public + static Java methods. A carefully crafted odb file opened in OpenOffice.org + Base could execute arbitrary commands with the permissions of the user + running OpenOffice.org. (CVE-2007-4575) + + All users of OpenOffice.org are advised to upgrade to these updated + packages, which contain a backported patch to resolve this issue. + + + Affected Software/OS: + openoffice.org2 on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00003.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of openoffice.org2"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"openoffice.org2-base", rpm:"openoffice.org2-base~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-calc", rpm:"openoffice.org2-calc~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-core", rpm:"openoffice.org2-core~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-debuginfo", rpm:"openoffice.org2-debuginfo~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-draw", rpm:"openoffice.org2-draw~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-emailmerge", rpm:"openoffice.org2-emailmerge~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-graphicfilter", rpm:"openoffice.org2-graphicfilter~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-impress", rpm:"openoffice.org2-impress~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-javafilter", rpm:"openoffice.org2-javafilter~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-af_ZA", rpm:"openoffice.org2-langpack-af_ZA~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-ar", rpm:"openoffice.org2-langpack-ar~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-bg_BG", rpm:"openoffice.org2-langpack-bg_BG~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-bn", rpm:"openoffice.org2-langpack-bn~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-ca_ES", rpm:"openoffice.org2-langpack-ca_ES~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-cs_CZ", rpm:"openoffice.org2-langpack-cs_CZ~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-cy_GB", rpm:"openoffice.org2-langpack-cy_GB~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-da_DK", rpm:"openoffice.org2-langpack-da_DK~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-de", rpm:"openoffice.org2-langpack-de~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-el_GR", rpm:"openoffice.org2-langpack-el_GR~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-es", rpm:"openoffice.org2-langpack-es~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-et_EE", rpm:"openoffice.org2-langpack-et_EE~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-eu_ES", rpm:"openoffice.org2-langpack-eu_ES~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-fi_FI", rpm:"openoffice.org2-langpack-fi_FI~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-fr", rpm:"openoffice.org2-langpack-fr~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-ga_IE", rpm:"openoffice.org2-langpack-ga_IE~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-gl_ES", rpm:"openoffice.org2-langpack-gl_ES~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-gu_IN", rpm:"openoffice.org2-langpack-gu_IN~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-he_IL", rpm:"openoffice.org2-langpack-he_IL~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-hi_IN", rpm:"openoffice.org2-langpack-hi_IN~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-hr_HR", rpm:"openoffice.org2-langpack-hr_HR~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-hu_HU", rpm:"openoffice.org2-langpack-hu_HU~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-it", rpm:"openoffice.org2-langpack-it~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-ja_JP", rpm:"openoffice.org2-langpack-ja_JP~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-ko_KR", rpm:"openoffice.org2-langpack-ko_KR~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-lt_LT", rpm:"openoffice.org2-langpack-lt_LT~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-ms_MY", rpm:"openoffice.org2-langpack-ms_MY~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-nb_NO", rpm:"openoffice.org2-langpack-nb_NO~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-nl", rpm:"openoffice.org2-langpack-nl~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-nn_NO", rpm:"openoffice.org2-langpack-nn_NO~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-pa_IN", rpm:"openoffice.org2-langpack-pa_IN~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-pl_PL", rpm:"openoffice.org2-langpack-pl_PL~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-pt_BR", rpm:"openoffice.org2-langpack-pt_BR~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-pt_PT", rpm:"openoffice.org2-langpack-pt_PT~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-ru", rpm:"openoffice.org2-langpack-ru~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-sk_SK", rpm:"openoffice.org2-langpack-sk_SK~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-sl_SI", rpm:"openoffice.org2-langpack-sl_SI~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-sr_CS", rpm:"openoffice.org2-langpack-sr_CS~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-sv", rpm:"openoffice.org2-langpack-sv~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-ta_IN", rpm:"openoffice.org2-langpack-ta_IN~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-th_TH", rpm:"openoffice.org2-langpack-th_TH~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-tr_TR", rpm:"openoffice.org2-langpack-tr_TR~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-zh_CN", rpm:"openoffice.org2-langpack-zh_CN~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-zh_TW", rpm:"openoffice.org2-langpack-zh_TW~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-langpack-zu_ZA", rpm:"openoffice.org2-langpack-zu_ZA~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-math", rpm:"openoffice.org2-math~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-pyuno", rpm:"openoffice.org2-pyuno~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-testtools", rpm:"openoffice.org2-testtools~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-writer", rpm:"openoffice.org2-writer~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openoffice.org2-xsltfilter", rpm:"openoffice.org2-xsltfilter~2.0.4~5.7.0.3.0", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1095-01_htdig.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1095-01_htdig.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1095-01_htdig.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,128 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for htdig RHSA-2007:1095-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870187); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1095-01"); + script_cve_id("CVE-2007-6110"); + script_name(english: "RedHat Update for htdig RHSA-2007:1095-01"); + desc["english"] = " + + Vulnerability Insight: + The ht://Dig system is a complete World Wide Web indexing and searching + system for a small domain or intranet. + + A cross-site scripting flaw was discovered in a htdig search page. An + attacker could construct a carefully crafted URL, which once visited by an + unsuspecting user, could cause a user's Web browser to execute malicious + script in the context of the visited htdig search Web page. (CVE-2007-6110) + + Users of htdig are advised to upgrade to these updated packages, which + contain backported patch to resolve this issue. + + + Affected Software/OS: + htdig on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00001.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of htdig"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"htdig", rpm:"htdig~3.2.0b6~9.0.1.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"htdig-debuginfo", rpm:"htdig-debuginfo~3.2.0b6~9.0.1.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"htdig-web", rpm:"htdig-web~3.2.0b6~9.0.1.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"htdig", rpm:"htdig~3.2.0b6~4.el4_6", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"htdig-debuginfo", rpm:"htdig-debuginfo~3.2.0b6~4.el4_6", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"htdig-web", rpm:"htdig-web~3.2.0b6~4.el4_6", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1104-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1104-01_kernel.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1104-01_kernel.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,188 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for kernel RHSA-2007:1104-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870177); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1104-01"); + script_cve_id("CVE-2007-4997", "CVE-2007-5494"); + script_name(english: "RedHat Update for kernel RHSA-2007:1104-01"); + desc["english"] = " + + Vulnerability Insight: + The kernel packages contain the Linux kernel, the core of any Linux + operating system. + + These updated packages fix the following security issues: + + A flaw was found in the handling of IEEE 802.11 frames, which affected + several wireless LAN modules. In certain situations, a remote attacker + could trigger this flaw by sending a malicious packet over a wireless + network, causing a denial of service (kernel crash). + (CVE-2007-4997, Important) + + A memory leak was found in the Red Hat Content Accelerator kernel patch. + A local user could use this flaw to cause a denial of service (memory + exhaustion). (CVE-2007-5494, Important) + + Additionally, the following bugs were fixed: + + * when running the "ls -la" command on an NFSv4 mount point, incorrect + file attributes, and outdated file size and timestamp information were + returned. As well, symbolic links may have been displayed as actual files. + + * a bug which caused the cmirror write path to appear deadlocked after a + successful recovery, which may have caused syncing to hang, has been + resolved. + + * a kernel panic which occurred when manually configuring LCS interfaces on + the IBM S/390 has been resolved. + + * when running a 32-bit binary on a 64-bit system, it was possible to + mmap page at address 0 without flag MAP_FIXED set. This has been + resolved in these updated packages. + + * the Non-Maskable Interrupt (NMI) Watchdog did not increment the NMI + interrupt counter in "/proc/interrupts" on systems running an AMD Opteron + CPU. This caused systems running NMI Watchdog to restart at regular + intervals. + + * a bug which caused the diskdump utility to run very slowly on devices + using Fusion MPT has been resolved. + + All users are advised to upgrade to these updated packages, which resolve + these issues. + + + Affected Software/OS: + kernel on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00018.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-hugemem-devel", rpm:"kernel-hugemem-devel~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xenU", rpm:"kernel-xenU~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xenU-devel", rpm:"kernel-xenU-devel~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-largesmp", rpm:"kernel-largesmp~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-largesmp-devel", rpm:"kernel-largesmp-devel~2.6.9~67.0.1.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1114-01_samba.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1114-01_samba.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1114-01_samba.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,232 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for samba RHSA-2007:1114-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870186); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1114-01"); + script_cve_id("CVE-2007-6015", "CVE-2007-4572"); + script_name(english: "RedHat Update for samba RHSA-2007:1114-01"); + desc["english"] = " + + Vulnerability Insight: + Samba is a suite of programs used by machines to share files, printers, and + other information. + + A stack buffer overflow flaw was found in the way Samba authenticates + remote users. A remote unauthenticated user could trigger this flaw to + cause the Samba server to crash, or execute arbitrary code with the + permissions of the Samba server. (CVE-2007-6015) + + Red Hat would like to thank Alin Rad Pop of Secunia Research for + responsibly disclosing this issue. + + This update also fixes a regression caused by the fix for CVE-2007-4572, + which prevented some clients from being able to properly access shares. + + Users of Samba are advised to upgrade to these updated packages, which + contain a backported patch to resolve these issues. + + + Affected Software/OS: + samba on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1, + Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3, + Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00005.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of samba"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"samba", rpm:"samba~2.2.12~1.21as.8.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~2.2.12~1.21as.8.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~2.2.12~1.21as.8.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~2.2.12~1.21as.8.2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.25b~1.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.25b~1.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.25b~1.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.25b~1.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.25b~1.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.25b~1.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.25b~1.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.25b~1.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.25b~1.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.25b~1.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"samba", rpm:"samba~3.0.9~1.3E.14.3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-client", rpm:"samba-client~3.0.9~1.3E.14.3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-common", rpm:"samba-common~3.0.9~1.3E.14.3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-debuginfo", rpm:"samba-debuginfo~3.0.9~1.3E.14.3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"samba-swat", rpm:"samba-swat~3.0.9~1.3E.14.3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1128-01_autofs.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1128-01_autofs.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1128-01_autofs.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,106 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for autofs RHSA-2007:1128-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870190); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1128-01"); + script_cve_id("CVE-2007-5964"); + script_name(english: "RedHat Update for autofs RHSA-2007:1128-01"); + desc["english"] = " + + Vulnerability Insight: + The autofs utility controls the operation of the automount daemon, which + automatically mounts and unmounts file systems after a period of + inactivity. + + There was a security issue with the default installed configuration of + autofs version 5 whereby the entry for the "hosts" map did not specify the + "nosuid" mount option. A local user with control of a remote nfs server + could create a setuid root executable within an exported filesystem on the + remote nfs server that, if mounted using the default hosts map, would allow + the user to gain root privileges. (CVE-2007-5964) + + Due to the fact that autofs always mounted hosts map entries suid by + default, autofs has now been altered to always use the "nosuid" option when + mounting from the default hosts map. The "suid" option must be explicitly + given in the master map entry to revert to the old behavior. This change + affects only the hosts map which corresponds to the /net entry in the + default configuration. + + Users are advised to upgrade to these updated autofs packages, which + resolve this issue. + + Red Hat would like to thank Josh Lange for reporting this issue. + + + Affected Software/OS: + autofs on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00009.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of autofs"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"autofs", rpm:"autofs~5.0.1~0.rc2.55.el5.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"autofs-debuginfo", rpm:"autofs-debuginfo~5.0.1~0.rc2.55.el5.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1129-01_autofs5.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1129-01_autofs5.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1129-01_autofs5.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for autofs5 RHSA-2007:1129-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870193); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1129-01"); + script_cve_id("CVE-2007-5964"); + script_name(english: "RedHat Update for autofs5 RHSA-2007:1129-01"); + desc["english"] = " + + Vulnerability Insight: + The autofs utility controls the operation of the automount daemon, which + automatically mounts and unmounts file systems after a period of + inactivity. The autofs version 5 package was made available as a + technology preview in Red Hat Enterprise Linux version 4.6. + + There was a security issue with the default installed configuration of + autofs version 5 whereby the entry for the "hosts" map did not specify the + "nosuid" mount option. A local user with control of a remote nfs server + could create a setuid root executable within an exported filesystem on the + remote nfs server that, if mounted using the default hosts map, would allow + the user to gain root privileges. (CVE-2007-5964) + + Due to the fact that autofs version 5 always mounted hosts map entries suid + by default, autofs has now been altered to always use the "nosuid" option + when mounting from the default hosts map. The "suid" option must be + explicitly given in the master map entry to revert to the old behavior. + This change affects only the hosts map which corresponds to the /net entry + in the default configuration. + + Users are advised to upgrade to these updated autofs5 packages, which + resolve this issue. + + Red Hat would like to thank Josh Lange for reporting this issue. + + + Affected Software/OS: + autofs5 on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00010.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of autofs5"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"autofs5", rpm:"autofs5~5.0.1~0.rc2.55.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"autofs5-debuginfo", rpm:"autofs5-debuginfo~5.0.1~0.rc2.55.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1130-01_squid.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1130-01_squid.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1130-01_squid.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,153 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for squid RHSA-2007:1130-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870196); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1130-01"); + script_cve_id("CVE-2007-6239"); + script_name(english: "RedHat Update for squid RHSA-2007:1130-01"); + desc["english"] = " + + Vulnerability Insight: + Squid is a high-performance proxy caching server for Web clients, + supporting FTP, gopher, and HTTP data objects. + + A flaw was found in the way squid stored HTTP headers for cached objects + in system memory. An attacker could cause squid to use additional memory, + and trigger high CPU usage when processing requests for certain cached + objects, possibly leading to a denial of service. (CVE-2007-6239) + + Users of squid are advised to upgrade to these updated packages, which + contain a backported patch to resolve this issue. + + + Affected Software/OS: + squid on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3, + Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00011.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of squid"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~2.4.STABLE7~1.21as.11", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~2.6.STABLE6~5.el5_1.2", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squid-debuginfo", rpm:"squid-debuginfo~2.6.STABLE6~5.el5_1.2", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~2.5.STABLE14~1.4E.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squid-debuginfo", rpm:"squid-debuginfo~2.5.STABLE14~1.4E.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"squid", rpm:"squid~2.5.STABLE3~8.3E", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"squid-debuginfo", rpm:"squid-debuginfo~2.5.STABLE3~8.3E", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1155-01_mysql.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1155-01_mysql.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1155-01_mysql.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,167 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for mysql RHSA-2007:1155-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870195); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1155-01"); + script_cve_id("CVE-2007-5969", "CVE-2007-5925"); + script_name(english: "RedHat Update for mysql RHSA-2007:1155-01"); + desc["english"] = " + + Vulnerability Insight: + MySQL is a multi-user, multi-threaded SQL database server. MySQL is a + client/server implementation consisting of a server daemon (mysqld), and + many different client programs and libraries. + + A flaw was found in a way MySQL handled symbolic links when database tables + were created with explicit "DATA" and "INDEX DIRECTORY" options. An + authenticated user could create a table that would overwrite tables in + other databases, causing destruction of data or allowing the user to + elevate privileges. (CVE-2007-5969) + + A flaw was found in a way MySQL's InnoDB engine handled spatial indexes. An + authenticated user could create a table with spatial indexes, which are not + supported by the InnoDB engine, that would cause the mysql daemon to crash + when used. This issue only causes a temporary denial of service, as the + mysql daemon will be automatically restarted after the crash. + (CVE-2007-5925) + + All mysql users are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + + Affected Software/OS: + mysql on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00012.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of mysql"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"mysql", rpm:"mysql~5.0.22~2.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-bench", rpm:"mysql-bench~5.0.22~2.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-debuginfo", rpm:"mysql-debuginfo~5.0.22~2.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-devel", rpm:"mysql-devel~5.0.22~2.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-server", rpm:"mysql-server~5.0.22~2.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-test", rpm:"mysql-test~5.0.22~2.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"mysql", rpm:"mysql~4.1.20~3.RHEL4.1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-bench", rpm:"mysql-bench~4.1.20~3.RHEL4.1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-debuginfo", rpm:"mysql-debuginfo~4.1.20~3.RHEL4.1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-devel", rpm:"mysql-devel~4.1.20~3.RHEL4.1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mysql-server", rpm:"mysql-server~4.1.20~3.RHEL4.1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1165-01_libexif.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1165-01_libexif.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1165-01_libexif.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,106 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for libexif RHSA-2007:1165-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870184); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1165-01"); + script_cve_id("CVE-2007-6351", "CVE-2007-6352"); + script_name(english: "RedHat Update for libexif RHSA-2007:1165-01"); + desc["english"] = " + + Vulnerability Insight: + The libexif packages contain the Exif library. Exif is an image file format + specification that enables metadata tags to be added to existing JPEG, TIFF + and RIFF files. The Exif library makes it possible to parse an Exif file + and read this metadata. + + An infinite recursion flaw was found in the way libexif parses Exif image + tags. If a victim opens a carefully crafted Exif image file, it could cause + the application linked against libexif to crash. (CVE-2007-6351) + + An integer overflow flaw was found in the way libexif parses Exif image + tags. If a victim opens a carefully crafted Exif image file, it could cause + the application linked against libexif to execute arbitrary code, or crash. + (CVE-2007-6352) + + Users of libexif are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + + Affected Software/OS: + libexif on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00014.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of libexif"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"libexif", rpm:"libexif~0.6.13~4.0.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libexif-debuginfo", rpm:"libexif-debuginfo~0.6.13~4.0.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.6.13~4.0.2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1166-01_libexif.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1166-01_libexif.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1166-01_libexif.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,104 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for libexif RHSA-2007:1166-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870185); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1166-01"); + script_cve_id("CVE-2007-6352"); + script_name(english: "RedHat Update for libexif RHSA-2007:1166-01"); + desc["english"] = " + + Vulnerability Insight: + The libexif packages contain the Exif library. Exif is an image file format + specification that enables metadata tags to be added to existing JPEG, TIFF + and RIFF files. The Exif library makes it possible to parse an Exif file + and read this metadata. + + An integer overflow flaw was found in the way libexif parses Exif image + tags. If a victim opens a carefully crafted Exif image file, it could cause + the application linked against libexif to execute arbitrary code, or crash. + (CVE-2007-6352) + + Users of libexif are advised to upgrade to these updated packages, which + contain a backported patch to resolve this issue. + + + Affected Software/OS: + libexif on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00015.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of libexif"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"libexif", rpm:"libexif~0.5.12~5.1.0.2.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libexif-debuginfo", rpm:"libexif-debuginfo~0.5.12~5.1.0.2.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libexif-devel", rpm:"libexif-devel~0.5.12~5.1.0.2.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1176-01_autofs.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1176-01_autofs.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1176-01_autofs.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,110 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for autofs RHSA-2007:1176-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870192); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1176-01"); + script_cve_id("CVE-2007-6285", "CVE-2007-5964"); + script_name(english: "RedHat Update for autofs RHSA-2007:1176-01"); + desc["english"] = " + + Vulnerability Insight: + The autofs utility controls the operation of the automount daemon, which + automatically mounts file systems when you use them, and unmounts them when + you are not using them. This can include network file systems and CD-ROMs. + + There was a security issue with the default configuration of autofs version + 5, whereby the entry for the "-hosts" map did not specify the "nodev" mount + option. A local user with control of a remote NFS server could create + special device files on the remote file system, that if mounted using the + default "-hosts" map, could allow the user to access important system + devices. (CVE-2007-6285) + + This issue is similar to CVE-2007-5964, which fixed a missing "nosuid" + mount option in autofs. Both the "nodev" and "nosuid" options should be + enabled to prevent a possible compromise of machine integrity. + + Due to the fact that autofs always mounted "-hosts" map entries "dev" by + default, autofs has now been altered to always use the "nodev" option when + mounting from the default "-hosts" map. The "dev" option must be explicitly + given in the master map entry to revert to the old behavior. This change + affects only the "-hosts" map which corresponds to the "/net" entry in the + default configuration. + + All autofs users are advised to upgrade to these updated packages, which + resolve this issue. + + Red Hat would like to thank Tim Baum for reporting this issue. + + + Affected Software/OS: + autofs on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00019.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of autofs"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"autofs", rpm:"autofs~5.0.1~0.rc2.55.el5.2", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"autofs-debuginfo", rpm:"autofs-debuginfo~5.0.1~0.rc2.55.el5.2", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2007_1177-01_autofs5.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2007_1177-01_autofs5.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2007_1177-01_autofs5.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,114 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for autofs5 RHSA-2007:1177-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870183); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2007:1177-01"); + script_cve_id("CVE-2007-6285", "CVE-2007-5964"); + script_name(english: "RedHat Update for autofs5 RHSA-2007:1177-01"); + desc["english"] = " + + Vulnerability Insight: + The autofs utility controls the operation of the automount daemon, which + automatically mounts file systems when you use them, and unmounts them when + you are not using them. This can include network file systems and CD-ROMs. + The autofs5 packages were made available as a technology preview in Red Hat + Enterprise Linux 4.6. + + There was a security issue with the default configuration of autofs version + 5, whereby the entry for the "-hosts" map did not specify the "nodev" mount + option. A local user with control of a remote NFS server could create + special device files on the remote file system, that if mounted using the + default "-hosts" map, could allow the user to access important system + devices. (CVE-2007-6285) + + This issue is similar to CVE-2007-5964, which fixed a missing "nosuid" + mount option in autofs. Both the "nodev" and "nosuid" options should be + enabled to prevent a possible compromise of machine integrity. + + Due to the fact that autofs always mounted "-hosts" map entries "dev" by + default, autofs has now been altered to always use the "nodev" option when + mounting from the default "-hosts" map. The "dev" option must be explicitly + given in the master map entry to revert to the old behavior. This change + affects only the "-hosts" map which corresponds to the "/net" entry in the + default configuration. + + All autofs5 users are advised to upgrade to these updated packages, which + resolve this issue. + + Red Hat would like to thank Tim Baum for reporting this issue. + + + Affected Software/OS: + autofs5 on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2007-December/msg00020.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of autofs5"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"autofs5", rpm:"autofs5~5.0.1~0.rc2.55.el4_6.2", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"autofs5-debuginfo", rpm:"autofs5-debuginfo~5.0.1~0.rc2.55.el4_6.2", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0002-01_tog-pegasus.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0002-01_tog-pegasus.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0002-01_tog-pegasus.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,144 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for tog-pegasus RHSA-2008:0002-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870162); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0002-01"); + script_cve_id("CVE-2008-0003"); + script_name(english: "RedHat Update for tog-pegasus RHSA-2008:0002-01"); + desc["english"] = " + + Vulnerability Insight: + The tog-pegasus packages provide OpenPegasus Web-Based Enterprise + Management (WBEM) services. WBEM is a platform and resource independent + DMTF standard that defines a common information model, and communication + protocol for monitoring and controlling resources. + + During a security audit, a stack buffer overflow flaw was found in the PAM + authentication code in the OpenPegasus CIM management server. An + unauthenticated remote user could trigger this flaw and potentially execute + arbitrary code with root privileges. (CVE-2008-0003) + + Note that the tog-pegasus packages are not installed by default on Red Hat + Enterprise Linux. The Red Hat Security Response Team believes that it would + be hard to remotely exploit this issue to execute arbitrary code, due to + the default SELinux targeted policy on Red Hat Enterprise Linux 4 and 5, + and the SELinux memory protection tests enabled by default on Red Hat + Enterprise Linux 5. + + Users of tog-pegasus should upgrade to these updated packages, which + contain a backported patch to resolve this issue. After installing the + updated packages the tog-pegasus service should be restarted. + + + Affected Software/OS: + tog-pegasus on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00000.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of tog-pegasus"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"tog-pegasus", rpm:"tog-pegasus~2.6.1~2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tog-pegasus-debuginfo", rpm:"tog-pegasus-debuginfo~2.6.1~2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tog-pegasus-devel", rpm:"tog-pegasus-devel~2.6.1~2.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"tog-pegasus", rpm:"tog-pegasus~2.5.1~5.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tog-pegasus-debuginfo", rpm:"tog-pegasus-debuginfo~2.5.1~5.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tog-pegasus-devel", rpm:"tog-pegasus-devel~2.5.1~5.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tog-pegasus-test", rpm:"tog-pegasus-test~2.5.1~5.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0003-01_e2fsprogs.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0003-01_e2fsprogs.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0003-01_e2fsprogs.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,190 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for e2fsprogs RHSA-2008:0003-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870091); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0003-01"); + script_cve_id("CVE-2007-5497"); + script_name(english: "RedHat Update for e2fsprogs RHSA-2008:0003-01"); + desc["english"] = " + + Vulnerability Insight: + The e2fsprogs packages contain a number of utilities for creating, + checking, modifying, and correcting any inconsistencies in second and third + extended (ext2/ext3) file systems. + + Multiple integer overflow flaws were found in the way e2fsprogs processes + file system content. If a victim opens a carefully crafted file system with + a program using e2fsprogs, it may be possible to execute arbitrary code + with the permissions of the victim. It may be possible to leverage this + flaw in a virtualized environment to gain access to other virtualized + hosts. (CVE-2007-5497) + + Red Hat would like to thank Rafal Wojtczuk of McAfee Avert Research for + responsibly disclosing these issues. + + Users of e2fsprogs are advised to upgrade to these updated packages, which + contain a backported patch to resolve these issues. + + + Affected Software/OS: + e2fsprogs on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1, + Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3, + Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00001.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of e2fsprogs"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"e2fsprogs", rpm:"e2fsprogs~1.26~1.73", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"e2fsprogs-devel", rpm:"e2fsprogs-devel~1.26~1.73", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"e2fsprogs", rpm:"e2fsprogs~1.39~10.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"e2fsprogs-debuginfo", rpm:"e2fsprogs-debuginfo~1.39~10.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"e2fsprogs-devel", rpm:"e2fsprogs-devel~1.39~10.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"e2fsprogs-libs", rpm:"e2fsprogs-libs~1.39~10.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"e2fsprogs", rpm:"e2fsprogs~1.35~12.11.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"e2fsprogs-debuginfo", rpm:"e2fsprogs-debuginfo~1.35~12.11.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"e2fsprogs-devel", rpm:"e2fsprogs-devel~1.35~12.11.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"e2fsprogs", rpm:"e2fsprogs~1.32~15.4", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"e2fsprogs-debuginfo", rpm:"e2fsprogs-debuginfo~1.32~15.4", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"e2fsprogs-devel", rpm:"e2fsprogs-devel~1.32~15.4", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0004-01_apache.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0004-01_apache.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0004-01_apache.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,116 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for apache RHSA-2008:0004-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870175); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0004-01"); + script_cve_id("CVE-2007-4465", "CVE-2007-5000", "CVE-2007-6388", "CVE-2008-0005"); + script_name(english: "RedHat Update for apache RHSA-2008:0004-01"); + desc["english"] = " + + Vulnerability Insight: + The Apache HTTP Server is a popular Web server. + + A flaw was found in the mod_imap module. On sites where mod_imap was + enabled and an imagemap file was publicly available, a cross-site scripting + attack was possible. (CVE-2007-5000) + + A flaw was found in the mod_autoindex module. On sites where directory + listings are used, and the "AddDefaultCharset" directive has been removed + from the configuration, a cross-site scripting attack was possible against + Web browsers which did not correctly derive the response character set + following the rules in RFC 2616. (CVE-2007-4465) + + A flaw was found in the mod_status module. On sites where mod_status was + enabled and the status pages were publicly available, a cross-site + scripting attack was possible. (CVE-2007-6388) + + A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp + was enabled and a forward proxy was configured, a cross-site scripting + attack was possible against Web browsers which did not correctly derive the + response character set following the rules in RFC 2616. (CVE-2008-0005) + + Users of Apache should upgrade to these updated packages, which contain + backported patches to resolve these issues. Users should restart Apache + after installing this update. + + + Affected Software/OS: + apache on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00005.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of apache"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"apache", rpm:"apache~1.3.27~14.ent", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"apache-devel", rpm:"apache-devel~1.3.27~14.ent", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"apache-manual", rpm:"apache-manual~1.3.27~14.ent", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0005-01_httpd.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0005-01_httpd.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0005-01_httpd.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,130 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for httpd RHSA-2008:0005-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870081); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0005-01"); + script_cve_id("CVE-2007-3847", "CVE-2007-4465", "CVE-2007-5000", "CVE-2007-6388", "CVE-2008-0005"); + script_name(english: "RedHat Update for httpd RHSA-2008:0005-01"); + desc["english"] = " + + Vulnerability Insight: + The Apache HTTP Server is a popular Web server. + + A flaw was found in the mod_imap module. On sites where mod_imap was + enabled and an imagemap file was publicly available, a cross-site scripting + attack was possible. (CVE-2007-5000) + + A flaw was found in the mod_autoindex module. On sites where directory + listings are used, and the "AddDefaultCharset" directive has been removed + from the configuration, a cross-site scripting attack was possible against + Web browsers which did not correctly derive the response character set + following the rules in RFC 2616. (CVE-2007-4465) + + A flaw was found in the mod_proxy module. On sites where a reverse proxy is + configured, a remote attacker could send a carefully crafted request that + would cause the Apache child process handling that request to crash. On + sites where a forward proxy is configured, an attacker could cause a + similar crash if a user could be persuaded to visit a malicious site using + the proxy. This could lead to a denial of service if using a threaded + Multi-Processing Module. (CVE-2007-3847) + + A flaw was found in the mod_status module. On sites where mod_status was + enabled and the status pages were publicly available, a cross-site + scripting attack was possible. (CVE-2007-6388) + + A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp + was enabled and a forward proxy was configured, a cross-site scripting + attack was possible against Web browsers which did not correctly derive the + response character set following the rules in RFC 2616. (CVE-2008-0005) + + Users of Apache httpd should upgrade to these updated packages, which + contain backported patches to resolve these issues. Users should restart + httpd after installing this update. + + + Affected Software/OS: + httpd on Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00006.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of httpd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"httpd", rpm:"httpd~2.0.46~70.ent", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-debuginfo", rpm:"httpd-debuginfo~2.0.46~70.ent", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-devel", rpm:"httpd-devel~2.0.46~70.ent", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mod_ssl", rpm:"mod_ssl~2.0.46~70.ent", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0006-01_httpd.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0006-01_httpd.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0006-01_httpd.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,134 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for httpd RHSA-2008:0006-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870119); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0006-01"); + script_cve_id("CVE-2007-4465", "CVE-2007-5000", "CVE-2007-6388", "CVE-2008-0005"); + script_name(english: "RedHat Update for httpd RHSA-2008:0006-01"); + desc["english"] = " + + Vulnerability Insight: + The Apache HTTP Server is a popular Web server. + + A flaw was found in the mod_imap module. On sites where mod_imap was + enabled and an imagemap file was publicly available, a cross-site scripting + attack was possible. (CVE-2007-5000) + + A flaw was found in the mod_autoindex module. On sites where directory + listings are used, and the "AddDefaultCharset" directive has been removed + from the configuration, a cross-site scripting attack was possible against + Web browsers which do not correctly derive the response character set + following the rules in RFC 2616. (CVE-2007-4465) + + A flaw was found in the mod_status module. On sites where mod_status was + enabled and the status pages were publicly available, a cross-site + scripting attack was possible. (CVE-2007-6388) + + A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp + was enabled and a forward proxy was configured, a cross-site scripting + attack was possible against Web browsers which do not correctly derive the + response character set following the rules in RFC 2616. (CVE-2008-0005) + + Users of Apache httpd should upgrade to these updated packages, which + contain backported patches to resolve these issues. Users should restart + httpd after installing this update. + + + Affected Software/OS: + httpd on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00007.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of httpd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"httpd", rpm:"httpd~2.0.52~38.ent.2", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-debuginfo", rpm:"httpd-debuginfo~2.0.52~38.ent.2", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-devel", rpm:"httpd-devel~2.0.52~38.ent.2", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-manual", rpm:"httpd-manual~2.0.52~38.ent.2", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-suexec", rpm:"httpd-suexec~2.0.52~38.ent.2", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mod_ssl", rpm:"mod_ssl~2.0.52~38.ent.2", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0008-01_httpd.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0008-01_httpd.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0008-01_httpd.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,136 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for httpd RHSA-2008:0008-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870034); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0008-01"); + script_cve_id("CVE-2007-4465", "CVE-2007-5000", "CVE-2007-6388", "CVE-2007-6421", "CVE-2007-6422", "CVE-2008-0005"); + script_name(english: "RedHat Update for httpd RHSA-2008:0008-01"); + desc["english"] = " + + Vulnerability Insight: + The Apache HTTP Server is a popular Web server. + + A flaw was found in the mod_imagemap module. On sites where mod_imagemap + was enabled and an imagemap file was publicly available, a cross-site + scripting attack was possible. (CVE-2007-5000) + + A flaw was found in the mod_autoindex module. On sites where directory + listings are used, and the "AddDefaultCharset" directive has been removed + from the configuration, a cross-site scripting attack might have been + possible against Web browsers which do not correctly derive the response + character set following the rules in RFC 2616. (CVE-2007-4465) + + A flaw was found in the mod_status module. On sites where mod_status was + enabled and the status pages were publicly available, a cross-site + scripting attack was possible. (CVE-2007-6388) + + A flaw was found in the mod_proxy_balancer module. On sites where + mod_proxy_balancer was enabled, a cross-site scripting attack against an + authorized user was possible. (CVE-2007-6421) + + A flaw was found in the mod_proxy_balancer module. On sites where + mod_proxy_balancer was enabled, an authorized user could send a carefully + crafted request that would cause the Apache child process handling that + request to crash. This could lead to a denial of service if using a + threaded Multi-Processing Module. (CVE-2007-6422) + + A flaw was found in the mod_proxy_ftp module. On sites where mod_proxy_ftp + was enabled and a forward proxy was configured, a cross-site scripting + attack was possible against Web browsers which do not correctly derive the + response character set following the rules in RFC 2616. (CVE-2008-0005) + + Users of Apache httpd should upgrade to these updated packages, which + contain backported patches to resolve these issues. Users should restart + httpd after installing this update. + + + Affected Software/OS: + httpd on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00009.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of httpd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"httpd", rpm:"httpd~2.2.3~11.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-debuginfo", rpm:"httpd-debuginfo~2.2.3~11.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-devel", rpm:"httpd-devel~2.2.3~11.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"httpd-manual", rpm:"httpd-manual~2.2.3~11.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"mod_ssl", rpm:"mod_ssl~2.2.3~11.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0029-01_XFree86.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0029-01_XFree86.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0029-01_XFree86.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,419 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for XFree86 RHSA-2008:0029-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870005); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0029-01"); + script_cve_id("CVE-2007-4568", "CVE-2007-4990", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006"); + script_name(english: "RedHat Update for XFree86 RHSA-2008:0029-01"); + desc["english"] = " + + Vulnerability Insight: + XFree86 is an implementation of the X Window System, which provides the + core functionality for the Linux graphical desktop. + + Two integer overflow flaws were found in the XFree86 server's EVI and + MIT-SHM modules. A malicious authorized client could exploit these issues + to cause a denial of service (crash), or potentially execute arbitrary code + with root privileges on the XFree86 server. (CVE-2007-6429) + + A heap based buffer overflow flaw was found in the way the XFree86 server + handled malformed font files. A malicious local user could exploit this + issue to potentially execute arbitrary code with the privileges of the + XFree86 server. (CVE-2008-0006) + + A memory corruption flaw was found in the XFree86 server's XInput + extension. A malicious authorized client could exploit this issue to cause + a denial of service (crash), or potentially execute arbitrary code with + root privileges on the XFree86 server. (CVE-2007-6427) + + An information disclosure flaw was found in the XFree86 server's TOG-CUP + extension. A malicious authorized client could exploit this issue to cause + a denial of service (crash), or potentially view arbitrary memory content + within the XFree86 server's address space. (CVE-2007-6428) + + An integer and heap overflow flaw were found in the X.org font server, xfs. + A user with the ability to connect to the font server could have been able + to cause a denial of service (crash), or potentially execute arbitrary code + with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) + + A flaw was found in the XFree86 server's XC-SECURITY extension, that could + have allowed a local user to verify the existence of an arbitrary file, + even in directories that are not normally accessible to that user. + (CVE-2007-5958) + + Users of XFree86 are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + + Affected Software/OS: + XFree86 on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1, + Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00013.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of XFree86"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"XFree86-100dpi-fonts", rpm:"XFree86-100dpi-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86", rpm:"XFree86~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-75dpi-fonts", rpm:"XFree86-75dpi-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-15-100dpi-fonts", rpm:"XFree86-ISO8859-15-100dpi-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-15-75dpi-fonts", rpm:"XFree86-ISO8859-15-75dpi-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-2-100dpi-fonts", rpm:"XFree86-ISO8859-2-100dpi-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-2-75dpi-fonts", rpm:"XFree86-ISO8859-2-75dpi-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-9-100dpi-fonts", rpm:"XFree86-ISO8859-9-100dpi-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-9-75dpi-fonts", rpm:"XFree86-ISO8859-9-75dpi-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-Xnest", rpm:"XFree86-Xnest~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-Xvfb", rpm:"XFree86-Xvfb~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-cyrillic-fonts", rpm:"XFree86-cyrillic-fonts~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-devel", rpm:"XFree86-devel~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-doc", rpm:"XFree86-doc~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-libs", rpm:"XFree86-libs~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-tools", rpm:"XFree86-tools~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-twm", rpm:"XFree86-twm~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-xdm", rpm:"XFree86-xdm~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-xf86cfg", rpm:"XFree86-xf86cfg~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-xfs", rpm:"XFree86-xfs~4.1.0~85.EL", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"XFree86-100dpi-fonts", rpm:"XFree86-100dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86", rpm:"XFree86~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-75dpi-fonts", rpm:"XFree86-75dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-14-100dpi-fonts", rpm:"XFree86-ISO8859-14-100dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-14-75dpi-fonts", rpm:"XFree86-ISO8859-14-75dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-15-100dpi-fonts", rpm:"XFree86-ISO8859-15-100dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-15-75dpi-fonts", rpm:"XFree86-ISO8859-15-75dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-2-100dpi-fonts", rpm:"XFree86-ISO8859-2-100dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-2-75dpi-fonts", rpm:"XFree86-ISO8859-2-75dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-9-100dpi-fonts", rpm:"XFree86-ISO8859-9-100dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-ISO8859-9-75dpi-fonts", rpm:"XFree86-ISO8859-9-75dpi-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-Mesa-libGL", rpm:"XFree86-Mesa-libGL~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-Mesa-libGLU", rpm:"XFree86-Mesa-libGLU~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-Xnest", rpm:"XFree86-Xnest~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-Xvfb", rpm:"XFree86-Xvfb~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-base-fonts", rpm:"XFree86-base-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-cyrillic-fonts", rpm:"XFree86-cyrillic-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-devel", rpm:"XFree86-devel~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-doc", rpm:"XFree86-doc~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-font-utils", rpm:"XFree86-font-utils~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-libs", rpm:"XFree86-libs~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-libs-data", rpm:"XFree86-libs-data~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-sdk", rpm:"XFree86-sdk~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-syriac-fonts", rpm:"XFree86-syriac-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-tools", rpm:"XFree86-tools~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-truetype-fonts", rpm:"XFree86-truetype-fonts~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-twm", rpm:"XFree86-twm~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-xauth", rpm:"XFree86-xauth~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-xdm", rpm:"XFree86-xdm~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"XFree86-xfs", rpm:"XFree86-xfs~4.3.0~125.EL", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0030-01_xorg-x11.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0030-01_xorg-x11.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0030-01_xorg-x11.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,223 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for xorg-x11 RHSA-2008:0030-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870070); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0030-01"); + script_cve_id("CVE-2007-4568", "CVE-2007-4990", "CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429", "CVE-2008-0006"); + script_name(english: "RedHat Update for xorg-x11 RHSA-2008:0030-01"); + desc["english"] = " + + Vulnerability Insight: + The xorg-x11 packages contain X.Org, an open source implementation of the X + Window System. It provides the basic low-level functionality that + full-fledged graphical user interfaces are designed upon. + + Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM + modules. A malicious authorized client could exploit these issues to cause + a denial of service (crash), or potentially execute arbitrary code with + root privileges on the X.Org server. (CVE-2007-6429) + + A heap based buffer overflow flaw was found in the way the X.Org server + handled malformed font files. A malicious local user could exploit these + issues to potentially execute arbitrary code with the privileges of the + X.Org server. (CVE-2008-0006) + + A memory corruption flaw was found in the X.Org server's XInput extension. + A malicious authorized client could exploit this issue to cause a denial of + service (crash), or potentially execute arbitrary code with root privileges + on the X.Org server. (CVE-2007-6427) + + An input validation flaw was found in the X.Org server's XFree86-Misc + extension. A malicious authorized client could exploit this issue to cause + a denial of service (crash), or potentially execute arbitrary code with + root privileges on the X.Org server. (CVE-2007-5760) + + An information disclosure flaw was found in the X.Org server's TOG-CUP + extension. A malicious authorized client could exploit this issue to cause + a denial of service (crash), or potentially view arbitrary memory content + within the X server's address space. (CVE-2007-6428) + + An integer and heap overflow flaw were found in the X.Org font server, xfs. + A user with the ability to connect to the font server could have been able + to cause a denial of service (crash), or potentially execute arbitrary code + with the permissions of the font server. (CVE-2007-4568, CVE-2007-4990) + + A flaw was found in the X.Org server's XC-SECURITY extension, that could + have allowed a local user to verify the existence of an arbitrary file, + even in directories that are not normally accessible to that user. + (CVE-2007-5958) + + Users of xorg-x11 should upgrade to these updated packages, which contain + backported patches to resolve these issues. + + + Affected Software/OS: + xorg-x11 on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00010.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of xorg-x11"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"xorg-x11", rpm:"xorg-x11~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-Mesa-libGL", rpm:"xorg-x11-Mesa-libGL~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-Mesa-libGLU", rpm:"xorg-x11-Mesa-libGLU~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-Xdmx", rpm:"xorg-x11-Xdmx~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-Xnest", rpm:"xorg-x11-Xnest~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-Xvfb", rpm:"xorg-x11-Xvfb~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-deprecated-libs", rpm:"xorg-x11-deprecated-libs~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-deprecated-libs-devel", rpm:"xorg-x11-deprecated-libs-devel~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-devel", rpm:"xorg-x11-devel~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-doc", rpm:"xorg-x11-doc~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-font-utils", rpm:"xorg-x11-font-utils~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-libs", rpm:"xorg-x11-libs~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-sdk", rpm:"xorg-x11-sdk~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-tools", rpm:"xorg-x11-tools~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-twm", rpm:"xorg-x11-twm~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-xauth", rpm:"xorg-x11-xauth~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-xdm", rpm:"xorg-x11-xdm~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-xfs", rpm:"xorg-x11-xfs~6.8.2~1.EL.33.0.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0031-01_xorg-x11-server.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0031-01_xorg-x11-server.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0031-01_xorg-x11-server.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,145 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for xorg-x11-server RHSA-2008:0031-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870156); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0031-01"); + script_cve_id("CVE-2007-5760", "CVE-2007-5958", "CVE-2007-6427", "CVE-2007-6428", "CVE-2007-6429"); + script_name(english: "RedHat Update for xorg-x11-server RHSA-2008:0031-01"); + desc["english"] = " + + Vulnerability Insight: + X.Org is an open source implementation of the X Window System. It provides + basic low-level functionality that full-fledged graphical user interfaces + are designed upon. + + Two integer overflow flaws were found in the X.Org server's EVI and MIT-SHM + modules. A malicious authorized client could exploit these issues to cause + a denial of service (crash), or potentially execute arbitrary code with + root privileges on the X.Org server. (CVE-2007-6429) + + A memory corruption flaw was found in the X.Org server's XInput extension. + A malicious authorized client could exploit this issue to cause a denial of + service (crash), or potentially execute arbitrary code with root privileges + on the X.Org server. (CVE-2007-6427) + + An input validation flaw was found in the X.Org server's XFree86-Misc + extension. A malicious authorized client could exploit this issue to cause + a denial of service (crash), or potentially execute arbitrary code with + root privileges on the X.Org server. (CVE-2007-5760) + + An information disclosure flaw was found in the X.Org server's TOG-CUP + extension. A malicious authorized client could exploit this issue to cause + a denial of service (crash), or potentially view arbitrary memory content + within the X server's address space. (CVE-2007-6428) + + A flaw was found in the X.Org server's XC-SECURITY extension, that could + have allowed a local user to verify the existence of an arbitrary file, + even in directories that are not normally accessible to that user. + (CVE-2007-5958) + + Users of xorg-x11-server should upgrade to these updated packages, which + contain backported patches to resolve these issues. + + + Affected Software/OS: + xorg-x11-server on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00011.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of xorg-x11-server"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"xorg-x11-server-Xdmx", rpm:"xorg-x11-server-Xdmx~1.1.1~48.26.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-server-Xephyr", rpm:"xorg-x11-server-Xephyr~1.1.1~48.26.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-server-Xnest", rpm:"xorg-x11-server-Xnest~1.1.1~48.26.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-server-Xorg", rpm:"xorg-x11-server-Xorg~1.1.1~48.26.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-server-Xvfb", rpm:"xorg-x11-server-Xvfb~1.1.1~48.26.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-server-debuginfo", rpm:"xorg-x11-server-debuginfo~1.1.1~48.26.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"xorg-x11-server-sdk", rpm:"xorg-x11-server-sdk~1.1.1~48.26.el5_1.4", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0032-01_libxml2.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0032-01_libxml2.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0032-01_libxml2.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,204 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for libxml2 RHSA-2008:0032-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870066); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0032-01"); + script_cve_id("CVE-2007-6284"); + script_name(english: "RedHat Update for libxml2 RHSA-2008:0032-01"); + desc["english"] = " + + Vulnerability Insight: + The libxml2 packages provide a library that allows you to manipulate XML + files. It includes support to read, modify, and write XML and HTML files. + + A denial of service flaw was found in the way libxml2 processes certain + content. If an application linked against libxml2 processes malformed XML + content, it could cause the application to stop responding. (CVE-2007-6284) + + Red Hat would like to thank the Google Security Team for responsibly + disclosing this issue. + + All users are advised to upgrade to these updated packages, which contain a + backported patch to resolve this issue. + + + Affected Software/OS: + libxml2 on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1, + Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3, + Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00002.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of libxml2"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"libxml2", rpm:"libxml2~2.4.19~7.ent", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-devel", rpm:"libxml2-devel~2.4.19~7.ent", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-python", rpm:"libxml2-python~2.4.19~7.ent", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"libxml2", rpm:"libxml2~2.6.26~2.1.2.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-debuginfo", rpm:"libxml2-debuginfo~2.6.26~2.1.2.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-devel", rpm:"libxml2-devel~2.6.26~2.1.2.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-python", rpm:"libxml2-python~2.6.26~2.1.2.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"libxml2", rpm:"libxml2~2.6.16~10.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-debuginfo", rpm:"libxml2-debuginfo~2.6.16~10.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-devel", rpm:"libxml2-devel~2.6.16~10.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-python", rpm:"libxml2-python~2.6.16~10.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"libxml2", rpm:"libxml2~2.5.10~8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-debuginfo", rpm:"libxml2-debuginfo~2.5.10~8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-devel", rpm:"libxml2-devel~2.5.10~8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libxml2-python", rpm:"libxml2-python~2.5.10~8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0038-01_postgresql.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0038-01_postgresql.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0038-01_postgresql.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,247 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for postgresql RHSA-2008:0038-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870092); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0038-01"); + script_cve_id("CVE-2007-3278", "CVE-2007-4769", "CVE-2007-4772", "CVE-2007-6067", "CVE-2007-6600", "CVE-2007-6601"); + script_name(english: "RedHat Update for postgresql RHSA-2008:0038-01"); + desc["english"] = " + + Vulnerability Insight: + PostgreSQL is an advanced Object-Relational database management system + (DBMS). The postgresql packages include the client programs and libraries + needed to access a PostgreSQL DBMS server. + + Will Drewry discovered multiple flaws in PostgreSQL's regular expression + engine. An authenticated attacker could use these flaws to cause a denial + of service by causing the PostgreSQL server to crash, enter an infinite + loop, or use extensive CPU and memory resources while processing queries + containing specially crafted regular expressions. Applications that accept + regular expressions from untrusted sources may expose this problem to + unauthorized attackers. (CVE-2007-4769, CVE-2007-4772, CVE-2007-6067) + + A privilege escalation flaw was discovered in PostgreSQL. An authenticated + attacker could create an index function that would be executed with + administrator privileges during database maintenance tasks, such as + database vacuuming. (CVE-2007-6600) + + A privilege escalation flaw was discovered in PostgreSQL's Database Link + library (dblink). An authenticated attacker could use dblink to possibly + escalate privileges on systems with "trust" or "ident" authentication + configured. Please note that dblink functionality is not enabled by + default, and can only by enabled by a database administrator on systems + with the postgresql-contrib package installed. (CVE-2007-3278, + CVE-2007-6601) + + All postgresql users should upgrade to these updated packages, which + include PostgreSQL 7.4.19 and 8.1.11, and resolve these issues. + + + Affected Software/OS: + postgresql on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00003.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of postgresql"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"postgresql", rpm:"postgresql~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-contrib", rpm:"postgresql-contrib~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-debuginfo", rpm:"postgresql-debuginfo~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-devel", rpm:"postgresql-devel~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-docs", rpm:"postgresql-docs~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-libs", rpm:"postgresql-libs~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-pl", rpm:"postgresql-pl~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-python", rpm:"postgresql-python~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-server", rpm:"postgresql-server~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-tcl", rpm:"postgresql-tcl~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~8.1.11~1.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"postgresql", rpm:"postgresql~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-contrib", rpm:"postgresql-contrib~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-debuginfo", rpm:"postgresql-debuginfo~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-devel", rpm:"postgresql-devel~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-docs", rpm:"postgresql-docs~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-jdbc", rpm:"postgresql-jdbc~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-libs", rpm:"postgresql-libs~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-pl", rpm:"postgresql-pl~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-python", rpm:"postgresql-python~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-server", rpm:"postgresql-server~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-tcl", rpm:"postgresql-tcl~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"postgresql-test", rpm:"postgresql-test~7.4.19~1.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0039-01_postgresql.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0039-01_postgresql.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0039-01_postgresql.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,165 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for postgresql RHSA-2008:0039-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870102); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0039-01"); + script_cve_id("CVE-2007-3278", "CVE-2007-6600", "CVE-2007-6601"); + script_name(english: "RedHat Update for postgresql RHSA-2008:0039-01"); + desc["english"] = " + + Vulnerability Insight: + PostgreSQL is an advanced Object-Relational database management system + (DBMS). The postgresql packages include the client programs and libraries + needed to access a PostgreSQL DBMS server. + + A privilege escalation flaw was discovered in PostgreSQL. An authenticated + attacker could create an index function that would be executed with + administrator privileges during database maintenance tasks, such as + database vacuuming. (CVE-2007-6600) + + A privilege escalation flaw was discovered in PostgreSQL's Database Link + library (dblink). An authenticated attacker could use dblink to possibly + escalate privileges on systems with "trust" or "ident" authentication + configured. Please note that dblink functionality is not enabled by + default, and can only by enabled by a database administrator on systems + with the postgresql-contrib package installed. + (CVE-2007-3278, CVE-2007-6601) + + All postgresql users should upgrade to these updated packages, which + include PostgreSQL 7.3.21 and resolve these issues. + + + Affected Software/OS: + postgresql on Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00004.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of postgresql"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"rh-postgresql", rpm:"rh-postgresql~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-contrib", rpm:"rh-postgresql-contrib~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-debuginfo", rpm:"rh-postgresql-debuginfo~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-devel", rpm:"rh-postgresql-devel~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-docs", rpm:"rh-postgresql-docs~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-jdbc", rpm:"rh-postgresql-jdbc~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-libs", rpm:"rh-postgresql-libs~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-pl", rpm:"rh-postgresql-pl~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-python", rpm:"rh-postgresql-python~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-server", rpm:"rh-postgresql-server~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-tcl", rpm:"rh-postgresql-tcl~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"rh-postgresql-test", rpm:"rh-postgresql-test~7.3.21~1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0042-01_tomcat.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0042-01_tomcat.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0042-01_tomcat.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,158 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for tomcat RHSA-2008:0042-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870029); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0042-01"); + script_cve_id("CVE-2007-5461", "CVE-2007-5342"); + script_name(english: "RedHat Update for tomcat RHSA-2008:0042-01"); + desc["english"] = " + + Vulnerability Insight: + Tomcat is a servlet container for Java Servlet and JavaServer Pages + technologies. + + A directory traversal vulnerability existed in the Apache Tomcat webdav + servlet. In some configurations it allowed remote authenticated users to + read files accessible to the local tomcat process. (CVE-2007-5461) + + The default security policy in the JULI logging component did not restrict + access permissions to files. This could be misused by untrusted web + applications to access and write arbitrary files in the context of the + tomcat process. (CVE-2007-5342) + + Users of Tomcat should update to these errata packages, which contain + backported patches and are not vulnerable to these issues. + + + Affected Software/OS: + tomcat on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-March/msg00005.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of tomcat"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"tomcat5", rpm:"tomcat5~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-admin-webapps", rpm:"tomcat5-admin-webapps~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-common-lib", rpm:"tomcat5-common-lib~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-debuginfo", rpm:"tomcat5-debuginfo~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-jasper", rpm:"tomcat5-jasper~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-jasper-javadoc", rpm:"tomcat5-jasper-javadoc~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-jsp", rpm:"tomcat5-jsp~2.0~api~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-jsp", rpm:"tomcat5-jsp~2.0~api~javadoc~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-server-lib", rpm:"tomcat5-server-lib~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-servlet", rpm:"tomcat5-servlet~2.4~api~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-servlet", rpm:"tomcat5-servlet~2.4~api~javadoc~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tomcat5-webapps", rpm:"tomcat5-webapps~5.5.23~0jpp.3.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0055-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0055-01_kernel.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0055-01_kernel.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,190 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for kernel RHSA-2008:0055-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870100); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0055-01"); + script_cve_id("CVE-2007-4130", "CVE-2007-5500", "CVE-2007-6063", "CVE-2007-6151", "CVE-2007-6206", "CVE-2007-6694", "CVE-2008-0001"); + script_name(english: "RedHat Update for kernel RHSA-2008:0055-01"); + desc["english"] = " + + Vulnerability Insight: + The kernel packages contain the Linux kernel, the core of any Linux + operating system. + + These updated kernel packages fix the following security issues: + + A flaw was found in the virtual filesystem (VFS). A local unprivileged + user could truncate directories to which they had write permission; this + could render the contents of the directory inaccessible. (CVE-2008-0001, + Important) + + A flaw was found in the implementation of ptrace. A local unprivileged user + could trigger this flaw and possibly cause a denial of service (system + hang). (CVE-2007-5500, Important) + + A flaw was found in the way the Red Hat Enterprise Linux 4 kernel handled + page faults when a CPU used the NUMA method for accessing memory on Itanium + architectures. A local unprivileged user could trigger this flaw and cause + a denial of service (system panic). (CVE-2007-4130, Important) + + A possible NULL pointer dereference was found in the chrp_show_cpuinfo + function when using the PowerPC architecture. This may have allowed a local + unprivileged user to cause a denial of service (crash). + (CVE-2007-6694, Moderate) + + A flaw was found in the way core dump files were created. If a local user + can get a root-owned process to dump a core file into a directory, which + the user has write access to, they could gain read access to that core + file. This could potentially grant unauthorized access to sensitive + information. (CVE-2007-6206, Moderate) + + Two buffer overflow flaws were found in the Linux kernel ISDN subsystem. A + local unprivileged user could use these flaws to cause a denial of + service. (CVE-2007-6063, CVE-2007-6151, Moderate) + + As well, these updated packages fix the following bug: + + * when moving volumes that contain multiple segments, and a mirror segment + is not the first in the mapping table, running the "pvmove /dev/[device] + /dev/[device]" command caused a kernel panic. A "kernel: Unable to handle + kernel paging request at virtual address [address]" error was logged by + syslog. + + Red Hat Enterprise Linux 4 users are advised to upgrade to these updated + packages, which contain backported patches to resolve these issues. + + + Affected Software/OS: + kernel on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00019.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-hugemem", rpm:"kernel-hugemem~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-hugemem-devel", rpm:"kernel-hugemem-devel~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-smp", rpm:"kernel-smp~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-smp-devel", rpm:"kernel-smp-devel~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xenU", rpm:"kernel-xenU~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xenU-devel", rpm:"kernel-xenU-devel~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-largesmp", rpm:"kernel-largesmp~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-largesmp-devel", rpm:"kernel-largesmp-devel~2.6.9~67.0.4.EL", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0058-01_wireshark.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0058-01_wireshark.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0058-01_wireshark.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,173 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for wireshark RHSA-2008:0058-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870170); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0058-01"); + script_cve_id("CVE-2007-6111", "CVE-2007-6112", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6116", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6119", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6438", "CVE-2007-6439", "CVE-2007-6441", "CVE-2007-6450", "CVE-2007-6451"); + script_name(english: "RedHat Update for wireshark RHSA-2008:0058-01"); + desc["english"] = " + + Vulnerability Insight: + Wireshark is a program for monitoring network traffic. Wireshark was + previously known as Ethereal. + + Several flaws were found in Wireshark. Wireshark could crash or possibly + execute arbitrary code as the user running Wireshark if it read a malformed + packet off the network. (CVE-2007-6112, CVE-2007-6114, CVE-2007-6115, + CVE-2007-6117) + + Several denial of service bugs were found in Wireshark. Wireshark could + crash or stop responding if it read a malformed packet off the network. + (CVE-2007-6111, CVE-2007-6113, CVE-2007-6116, CVE-2007-6118, CVE-2007-6119, + CVE-2007-6120, CVE-2007-6121, CVE-2007-6438, CVE-2007-6439, CVE-2007-6441, + CVE-2007-6450, CVE-2007-6451) + + As well, Wireshark switched from using net-snmp to libsmi, which is + included in this errata. + + Users of wireshark should upgrade to these updated packages, which contain + Wireshark version 0.99.7, and resolve these issues. + + + Affected Software/OS: + wireshark on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00014.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"libsmi", rpm:"libsmi~0.4.5~2.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libsmi-debuginfo", rpm:"libsmi-debuginfo~0.4.5~2.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libsmi-devel", rpm:"libsmi-devel~0.4.5~2.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~0.99.7~1.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-debuginfo", rpm:"wireshark-debuginfo~0.99.7~1.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-gnome", rpm:"wireshark-gnome~0.99.7~1.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"libsmi", rpm:"libsmi~0.4.5~2.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libsmi-debuginfo", rpm:"libsmi-debuginfo~0.4.5~2.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libsmi-devel", rpm:"libsmi-devel~0.4.5~2.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~0.99.7~1.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-debuginfo", rpm:"wireshark-debuginfo~0.99.7~1.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-gnome", rpm:"wireshark-gnome~0.99.7~1.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0059-01_wireshark.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0059-01_wireshark.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0059-01_wireshark.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,128 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for wireshark RHSA-2008:0059-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870085); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0059-01"); + script_cve_id("CVE-2007-3389", "CVE-2007-3390", "CVE-2007-3391", "CVE-2007-3392", "CVE-2007-3393", "CVE-2007-6113", "CVE-2007-6114", "CVE-2007-6115", "CVE-2007-6117", "CVE-2007-6118", "CVE-2007-6120", "CVE-2007-6121", "CVE-2007-6450", "CVE-2007-6451"); + script_name(english: "RedHat Update for wireshark RHSA-2008:0059-01"); + desc["english"] = " + + Vulnerability Insight: + Wireshark is a program for monitoring network traffic. Wireshark was + previously known as Ethereal. + + Several flaws were found in Wireshark. Wireshark could crash or possibly + execute arbitrary code as the user running Wireshark if it read a malformed + packet off the network. (CVE-2007-6114, CVE-2007-6115, CVE-2007-6117) + + Several denial of service bugs were found in Wireshark. Wireshark could + crash or stop responding if it read a malformed packet off the network. + (CVE-2007-3389, CVE-2007-3390, CVE-2007-3391, CVE-2007-3392, CVE-2007-3392, + CVE-2007-3393, CVE-2007-6113, CVE-2007-6118, CVE-2007-6120, CVE-2007-6121, + CVE-2007-6450, CVE-2007-6451) + + As well, Wireshark switched from using net-snmp to libsmi, which is + included in this errata. + + Users of wireshark should upgrade to these updated packages, which contain + Wireshark version 0.99.7, and resolve these issues. + + + Affected Software/OS: + wireshark on Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00015.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of wireshark"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"libsmi", rpm:"libsmi~0.4.5~3.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libsmi-debuginfo", rpm:"libsmi-debuginfo~0.4.5~3.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libsmi-devel", rpm:"libsmi-devel~0.4.5~3.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark", rpm:"wireshark~0.99.7~EL3.1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-debuginfo", rpm:"wireshark-debuginfo~0.99.7~EL3.1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"wireshark-gnome", rpm:"wireshark-gnome~0.99.7~EL3.1", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0061-02_setroubleshoot.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0061-02_setroubleshoot.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0061-02_setroubleshoot.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,142 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for setroubleshoot RHSA-2008:0061-02 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870012); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0061-02"); + script_cve_id("CVE-2007-5495", "CVE-2007-5496"); + script_name(english: "RedHat Update for setroubleshoot RHSA-2008:0061-02"); + desc["english"] = " + + Vulnerability Insight: + The setroubleshoot packages provide tools to help diagnose SELinux + problems. When AVC messages occur, an alert is generated that gives + information about the problem, and how to create a resolution. + + A flaw was found in the way sealert wrote diagnostic messages to a + temporary file. A local unprivileged user could perform a symbolic link + attack, and cause arbitrary files, writable by other users, to be + overwritten when a victim runs sealert. (CVE-2007-5495) + + A flaw was found in the way sealert displayed records from the + setroubleshoot database as unescaped HTML. An local unprivileged attacker + could cause AVC denial events with carefully crafted process or file names, + injecting arbitrary HTML tags into the logs, which could be used as a + scripting attack, or to confuse the user running sealert. (CVE-2007-5496) + + Additionally, the following bugs have been fixed in these update packages: + + * in certain situations, the sealert process used excessive CPU. These + alerts are now capped at a maximum of 30, D-Bus is used instead of polling, + threads causing excessive wake-up have been removed, and more robust + exception-handling has been added. + + * different combinations of the sealert '-a', '-l', '-H', and '-v' options + did not work as documented. + + * the SETroubleShoot browser did not allow multiple entries to be deleted. + + * the SETroubleShoot browser did not display statements that displayed + whether SELinux was using Enforcing or Permissive mode, particularly when + warning about SELinux preventions. + + * in certain cases, the SETroubleShoot browser gave incorrect instructions + regarding paths, and would not display the full paths to files. + + * adding an email recipient to the recipients option from the + /etc/setroubleshoot/setroubleshoot.cfg file and then generating an SELinux + denial caused a traceback error. The recipients option has been removed; + email addresses are now managed through the SETroubleShoot browser by + navigating to File -> Edit Email Alert List, or by editing the + /var/lib/setroubleshoot/email_alert_recipients file. + + * the setroubleshoot browser incorrectly displayed a period between the + httpd_sys_content_t context and the directory path. + + * on the PowerPC architecture, The get_credentials() function in + access_control.py would generate an exception when it called the + socket.getsockopt() function. + + * The code which handles path information has been completely rewritten so + that assumptions on path information which were misleading are no longer + made. If the path inf ... + + Description truncated, for more information please check the Reference URL + + Affected Software/OS: + setroubleshoot on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-May/msg00017.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of setroubleshoot"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"setroubleshoot", rpm:"setroubleshoot~2.0.5~3.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"setroubleshoot-plugins", rpm:"setroubleshoot-plugins~2.0.4~2.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"setroubleshoot-server", rpm:"setroubleshoot-server~2.0.5~3.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0064-01_libXfont.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0064-01_libXfont.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0064-01_libXfont.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,99 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for libXfont RHSA-2008:0064-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870025); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0064-01"); + script_cve_id("CVE-2008-0006"); + script_name(english: "RedHat Update for libXfont RHSA-2008:0064-01"); + desc["english"] = " + + Vulnerability Insight: + The libXfont package contains the X.Org X11 libXfont runtime library. + + A heap based buffer overflow flaw was found in the way the X.Org server + handled malformed font files. A malicious local user could exploit this + issue to potentially execute arbitrary code with the privileges of the + X.Org server. (CVE-2008-0006) + + Users of X.Org libXfont should upgrade to these updated packages, which + contain a backported patch to resolve this issue. + + + Affected Software/OS: + libXfont on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00012.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of libXfont"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"libXfont", rpm:"libXfont~1.2.2~1.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libXfont-debuginfo", rpm:"libXfont-debuginfo~1.2.2~1.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libXfont-devel", rpm:"libXfont-devel~1.2.2~1.0.3.el5_1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0089-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0089-01_kernel.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0089-01_kernel.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,208 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for kernel RHSA-2008:0089-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870168); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0089-01"); + script_cve_id("CVE-2007-3104", "CVE-2007-5904", "CVE-2007-6206", "CVE-2007-6416", "CVE-2008-0001"); + script_name(english: "RedHat Update for kernel RHSA-2008:0089-01"); + desc["english"] = " + + Vulnerability Insight: + The kernel packages contain the Linux kernel, the core of any Linux + operating system. + + These new kernel packages fix the following security issues: + + A flaw was found in the virtual filesystem (VFS). An unprivileged local + user could truncate directories to which they had write permission; this + could render the contents of the directory inaccessible. (CVE-2008-0001, + Important) + + A flaw was found in the Xen PAL emulation on Intel 64 platforms. A guest + Hardware-assisted virtual machine (HVM) could read the arbitrary physical + memory of the host system, which could make information available to + unauthorized users. (CVE-2007-6416, Important) + + A flaw was found in the way core dump files were created. If a local user + can get a root-owned process to dump a core file into a directory, which + the user has write access to, they could gain read access to that core + file, potentially containing sensitive information. (CVE-2007-6206, Moderate) + + A buffer overflow flaw was found in the CIFS virtual file system. A + remote,authenticated user could issue a request that could lead to a denial + of service. (CVE-2007-5904, Moderate) + + A flaw was found in the "sysfs_readdir" function. A local user could create + a race condition which would cause a denial of service (kernel oops). + (CVE-2007-3104, Moderate) + + As well, these updated packages fix the following bugs: + + * running the "strace -f" command caused strace to hang, without displaying + information about child processes. + + * unmounting an unresponsive, interruptable NFS mount, for example, one + mounted with the "intr" option, may have caused a system crash. + + * a bug in the s2io.ko driver prevented VLAN devices from being added. + Attempting to add a device to a VLAN, for example, running the "vconfig + add [device-name] [vlan-id]" command caused vconfig to fail. + + * tux used an incorrect open flag bit. This caused problems when building + packages in a chroot environment, such as mock, which is used by the koji + build system. + + Red Hat Enterprise Linux 5 users are advised to upgrade to these updated + packages, which contain backported patches to resolve these issues. + + + Affected Software/OS: + kernel on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00017.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~53.1.6.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0090-01_icu.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0090-01_icu.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0090-01_icu.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,113 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for icu RHSA-2008:0090-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870004); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0090-01"); + script_cve_id("CVE-2007-4770", "CVE-2007-4771"); + script_name(english: "RedHat Update for icu RHSA-2008:0090-01"); + desc["english"] = " + + Vulnerability Insight: + The International Components for Unicode (ICU) library provides robust and + full-featured Unicode services. + + Will Drewry reported multiple flaws in the way libicu processed certain + malformed regular expressions. If an application linked against ICU, such + as OpenOffice.org, processed a carefully crafted regular expression, it may + be possible to execute arbitrary code as the user running the application. + (CVE-2007-4770, CVE-2007-4771) + + All users of icu should upgrade to these updated packages, which contain + backported patches to resolve these issues. + + + Affected Software/OS: + icu on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-January/msg00018.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of icu"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"icu", rpm:"icu~3.6~5.11.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"icu-debuginfo", rpm:"icu-debuginfo~3.6~5.11.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libicu", rpm:"libicu~3.6~5.11.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libicu-devel", rpm:"libicu-devel~3.6~5.11.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"libicu-doc", rpm:"libicu-doc~3.6~5.11.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0103-01_firefox.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0103-01_firefox.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0103-01_firefox.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,141 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for firefox RHSA-2008:0103-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870023); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0103-01"); + script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); + script_name(english: "RedHat Update for firefox RHSA-2008:0103-01"); + desc["english"] = " + + Vulnerability Insight: + Mozilla Firefox is an open source Web browser. + + Several flaws were found in the way Firefox processed certain malformed web + content. A webpage containing malicious content could cause Firefox to + crash, or potentially execute arbitrary code as the user running Firefox. + (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) + + Several flaws were found in the way Firefox displayed malformed web + content. A webpage containing specially-crafted content could trick a user + into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) + + A flaw was found in the way Firefox stored password data. If a user saves + login information for a malicious website, it could be possible to corrupt + the password database, preventing the user from properly accessing saved + password data. (CVE-2008-0417) + + A flaw was found in the way Firefox handles certain chrome URLs. If a user + has certain extensions installed, it could allow a malicious website to + steal sensitive session data. Note: this flaw does not affect a default + installation of Firefox. (CVE-2008-0418) + + A flaw was found in the way Firefox saves certain text files. If a + website offers a file of type "plain/text", rather than "text/plain", + Firefox will not show future "text/plain" content to the user in the + browser, forcing them to save those files locally to view the content. + (CVE-2008-0592) + + Users of firefox are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + + Affected Software/OS: + firefox on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00001.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of firefox"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"firefox", rpm:"firefox~1.5.0.12~9.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~1.5.0.12~9.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"firefox-devel", rpm:"firefox-devel~1.5.0.12~9.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"firefox", rpm:"firefox~1.5.0.12~0.10.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"firefox-debuginfo", rpm:"firefox-debuginfo~1.5.0.12~0.10.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0104-01_seamonkey.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0104-01_seamonkey.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0104-01_seamonkey.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,316 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for seamonkey RHSA-2008:0104-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870039); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0104-01"); + script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0417", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); + script_name(english: "RedHat Update for seamonkey RHSA-2008:0104-01"); + desc["english"] = " + + Vulnerability Insight: + SeaMonkey is an open source Web browser, advanced email and newsgroup + client, IRC chat client, and HTML editor. + + Several flaws were found in the way SeaMonkey processed certain malformed + web content. A webpage containing malicious content could cause SeaMonkey + to crash, or potentially execute arbitrary code as the user running + SeaMonkey. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, CVE-2008-0419) + + Several flaws were found in the way SeaMonkey displayed malformed web + content. A webpage containing specially-crafted content could trick a user + into surrendering sensitive information. (CVE-2008-0591, CVE-2008-0593) + + A flaw was found in the way SeaMonkey stored password data. If a user + saves login information for a malicious website, it could be possible + to corrupt the password database, preventing the user from properly + accessing saved password data. (CVE-2008-0417) + + A flaw was found in the way SeaMonkey handles certain chrome URLs. If a + user has certain extensions installed, it could allow a malicious website + to steal sensitive session data. Note: this flaw does not affect a default + installation of SeaMonkey. (CVE-2008-0418) + + A flaw was found in the way SeaMonkey saves certain text files. If a + website offers a file of type "plain/text", rather than "text/plain", + SeaMonkey will not show future "text/plain" content to the user in the + browser, forcing them to save those files locally to view the content. + (CVE-2008-0592) + + Users of SeaMonkey are advised to upgrade to these updated packages, which + contain backported patches to resolve these issues. + + + Affected Software/OS: + seamonkey on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1, + Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3, + Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00002.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of seamonkey"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~0.9.el2", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~9.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"seamonkey", rpm:"seamonkey~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-chat", rpm:"seamonkey-chat~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-debuginfo", rpm:"seamonkey-debuginfo~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-devel", rpm:"seamonkey-devel~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-dom-inspector", rpm:"seamonkey-dom-inspector~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-js-debugger", rpm:"seamonkey-js-debugger~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-mail", rpm:"seamonkey-mail~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nspr", rpm:"seamonkey-nspr~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nspr-devel", rpm:"seamonkey-nspr-devel~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nss", rpm:"seamonkey-nss~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"seamonkey-nss-devel", rpm:"seamonkey-nss-devel~1.0.9~0.9.el3", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0105-01_thunderbird.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0105-01_thunderbird.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0105-01_thunderbird.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,114 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for thunderbird RHSA-2008:0105-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870047); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0105-01"); + script_cve_id("CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); + script_name(english: "RedHat Update for thunderbird RHSA-2008:0105-01"); + desc["english"] = " + + Vulnerability Insight: + Mozilla Thunderbird is a standalone mail and newsgroup client. + + Several flaws were found in the way Thunderbird processed certain malformed + HTML mail content. A HTML mail message containing malicious content could + cause Thunderbird to crash, or potentially execute arbitrary code as the + user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, + CVE-2008-0419) + + Several flaws were found in the way Thunderbird displayed malformed HTML + mail content. A HTML mail message containing specially-crafted content + could trick a user into surrendering sensitive information. (CVE-2008-0591, + CVE-2008-0593) + + A flaw was found in the way Thunderbird handles certain chrome URLs. If a + user has certain extensions installed, it could allow a malicious HTML mail + message to steal sensitive session data. Note: this flaw does not affect a + default installation of Thunderbird. (CVE-2008-0418) + + Note: JavaScript support is disabled by default in Thunderbird; the above + issues are not exploitable unless JavaScript is enabled. + + A flaw was found in the way Thunderbird saves certain text files. If a + remote site offers a file of type "plain/text", rather than "text/plain", + Thunderbird will not show future "text/plain" content to the user, forcing + them to save those files locally to view the content. (CVE-2008-0592) + + Users of thunderbird are advised to upgrade to these updated packages, + which contain backported patches to resolve these issues. + + + Affected Software/OS: + thunderbird on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00003.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of thunderbird"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"thunderbird", rpm:"thunderbird~1.5.0.12~8.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"thunderbird-debuginfo", rpm:"thunderbird-debuginfo~1.5.0.12~8.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0105-02_thunderbird.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0105-02_thunderbird.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0105-02_thunderbird.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,120 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for thunderbird RHSA-2008:0105-02 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870044); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0105-02"); + script_cve_id("CVE-2008-0304", "CVE-2008-0412", "CVE-2008-0413", "CVE-2008-0415", "CVE-2008-0418", "CVE-2008-0419", "CVE-2008-0420", "CVE-2008-0591", "CVE-2008-0592", "CVE-2008-0593"); + script_name(english: "RedHat Update for thunderbird RHSA-2008:0105-02"); + desc["english"] = " + + Vulnerability Insight: + Mozilla Thunderbird is a standalone mail and newsgroup client. + + A heap-based buffer overflow flaw was found in the way Thunderbird + processed messages with external-body Multipurpose Internet Message + Extensions (MIME) types. A HTML mail message containing malicious content + could cause Thunderbird to execute arbitrary code as the user running + Thunderbird. (CVE-2008-0304) + + Several flaws were found in the way Thunderbird processed certain malformed + HTML mail content. A HTML mail message containing malicious content could + cause Thunderbird to crash, or potentially execute arbitrary code as the + user running Thunderbird. (CVE-2008-0412, CVE-2008-0413, CVE-2008-0415, + CVE-2008-0419) + + Several flaws were found in the way Thunderbird displayed malformed HTML + mail content. A HTML mail message containing specially-crafted content + could trick a user into surrendering sensitive information. (CVE-2008-0420, + CVE-2008-0591, CVE-2008-0593) + + A flaw was found in the way Thunderbird handles certain chrome URLs. If a + user has certain extensions installed, it could allow a malicious HTML mail + message to steal sensitive session data. Note: this flaw does not affect a + default installation of Thunderbird. (CVE-2008-0418) + + Note: JavaScript support is disabled by default in Thunderbird; the above + issues are not exploitable unless JavaScript is enabled. + + A flaw was found in the way Thunderbird saves certain text files. If a + remote site offers a file of type "plain/text", rather than "text/plain", + Thunderbird will not show future "text/plain" content to the user, forcing + them to save those files locally to view the content. (CVE-2008-0592) + + Users of thunderbird are advised to upgrade to these updated packages, + which contain backported patches to resolve these issues. + + + Affected Software/OS: + thunderbird on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00020.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of thunderbird"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"thunderbird", rpm:"thunderbird~1.5.0.12~8.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"thunderbird-debuginfo", rpm:"thunderbird-debuginfo~1.5.0.12~8.el4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0110-01_openldap.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0110-01_openldap.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0110-01_openldap.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,178 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for openldap RHSA-2008:0110-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870149); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0110-01"); + script_cve_id("CVE-2007-6698", "CVE-2008-0658"); + script_name(english: "RedHat Update for openldap RHSA-2008:0110-01"); + desc["english"] = " + + Vulnerability Insight: + OpenLDAP is an open source suite of Lightweight Directory Access Protocol + (LDAP) applications and development tools. LDAP is a set of protocols for + accessing directory services. + + These updated openldap packages fix a flaw in the way the OpenLDAP slapd + daemon handled modify and modrdn requests with NOOP control on objects + stored in a Berkeley DB (BDB) storage backend. An authenticated attacker + with permission to perform modify or modrdn operations on such LDAP objects + could cause slapd to crash. (CVE-2007-6698, CVE-2008-0658) + + Users of openldap should upgrade to these updated packages, which contain a + backported patch to correct this issue. + + + Affected Software/OS: + openldap on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00007.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of openldap"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"compat-openldap", rpm:"compat-openldap~2.3.27_2.2.29~8.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap", rpm:"openldap~2.3.27~8.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-clients", rpm:"openldap-clients~2.3.27~8.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-debuginfo", rpm:"openldap-debuginfo~2.3.27~8.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-devel", rpm:"openldap-devel~2.3.27~8.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-servers", rpm:"openldap-servers~2.3.27~8.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-servers-sql", rpm:"openldap-servers-sql~2.3.27~8.el5_1.3", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"compat-openldap", rpm:"compat-openldap~2.1.30~8.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap", rpm:"openldap~2.2.13~8.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-clients", rpm:"openldap-clients~2.2.13~8.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-debuginfo", rpm:"openldap-debuginfo~2.2.13~8.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-devel", rpm:"openldap-devel~2.2.13~8.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-servers", rpm:"openldap-servers~2.2.13~8.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"openldap-servers-sql", rpm:"openldap-servers-sql~2.2.13~8.el4_6.4", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0129-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0129-01_kernel.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0129-01_kernel.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,174 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for kernel RHSA-2008:0129-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870062); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0129-01"); + script_cve_id("CVE-2008-0600"); + script_name(english: "RedHat Update for kernel RHSA-2008:0129-01"); + desc["english"] = " + + Vulnerability Insight: + The kernel packages contain the Linux kernel, the core of any Linux + operating system. + + A flaw was found in vmsplice. An unprivileged local user could use this + flaw to gain root privileges. (CVE-2008-0600) + + Red Hat is aware that a public exploit for this issue is available. This + issue did not affect the Linux kernels distributed with Red Hat Enterprise + Linux 2.1, 3, or 4. + + Red Hat Enterprise Linux 5 users are advised to upgrade to these updated + packages, which contain a backported patch to resolve this issue. + + + Affected Software/OS: + kernel on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00005.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~53.1.13.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0131-01_netpbm.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0131-01_netpbm.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0131-01_netpbm.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,174 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for netpbm RHSA-2008:0131-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870101); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0131-01"); + script_cve_id("CVE-2008-0554"); + script_name(english: "RedHat Update for netpbm RHSA-2008:0131-01"); + desc["english"] = " + + Vulnerability Insight: + The netpbm package contains a library of functions for editing and + converting between various graphics file formats, including .pbm (portable + bitmaps), .pgm (portable graymaps), .pnm (portable anymaps), .ppm (portable + pixmaps) and others. The package includes no interactive tools and is + primarily used by other programs (eg CGI scripts that manage web-site + images). + + An input validation flaw was discovered in the GIF-to-PNM converter + (giftopnm) shipped with the netpbm package. An attacker could create a + carefully crafted GIF file which could cause giftopnm to crash or possibly + execute arbitrary code as the user running giftopnm. (CVE-2008-0554) + + All users are advised to upgrade to these updated packages which contain a + backported patch which resolves this issue. + + + Affected Software/OS: + netpbm on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1, + Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3, + Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00018.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of netpbm"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"netpbm", rpm:"netpbm~9.24~9.AS21.7", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"netpbm-devel", rpm:"netpbm-devel~9.24~9.AS21.7", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"netpbm-progs", rpm:"netpbm-progs~9.24~9.AS21.7", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"netpbm", rpm:"netpbm~10.25~2.EL4.6.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"netpbm-debuginfo", rpm:"netpbm-debuginfo~10.25~2.EL4.6.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"netpbm-devel", rpm:"netpbm-devel~10.25~2.EL4.6.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"netpbm-progs", rpm:"netpbm-progs~10.25~2.EL4.6.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"netpbm", rpm:"netpbm~9.24~11.30.5", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"netpbm-debuginfo", rpm:"netpbm-debuginfo~9.24~11.30.5", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"netpbm-devel", rpm:"netpbm-devel~9.24~11.30.5", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"netpbm-progs", rpm:"netpbm-progs~9.24~11.30.5", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0133-01_IBMJava2.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0133-01_IBMJava2.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0133-01_IBMJava2.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,117 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for IBMJava2 RHSA-2008:0133-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870143); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0133-01"); + script_cve_id("CVE-2007-3922", "CVE-2007-3004", "CVE-2007-3005"); + script_name(english: "RedHat Update for IBMJava2 RHSA-2008:0133-01"); + desc["english"] = " + + Vulnerability Insight: + IBM's 1.3.1 Java release includes the IBM Java 2 Runtime Environment and + the IBM Java 2 Software Development Kit. + + A buffer overflow was found in the Java Runtime Environment image-handling + code. An untrusted applet or application could use this flaw to elevate its + privileges and potentially execute arbitrary code as the user running the + java virtual machine. (CVE-2007-3004) + + An unspecified vulnerability was discovered in the Java Runtime + Environment. An untrusted applet or application could cause the java + virtual machine to become unresponsive. (CVE-2007-3005) + + A flaw was found in the applet class loader. An untrusted applet could use + this flaw to circumvent network access restrictions, possibly connecting to + services hosted on the machine that executed the applet. (CVE-2007-3922) + + These updated packages also add the following enhancements: + + * Time zone information has been updated to the latest available + information, 2007h. + + * Accessibility support in AWT can now be disabled through a system + property, java.assistive. To support this change, permission to read this + property must be added to /opt/IBMJava2-131/jre/lib/security/java.policy. + Users of IBMJava2 who have modified this file should add this following + line to the grant section: + + permission java.util.PropertyPermission "java.assistive", "read"; + + All users of IBMJava2 should upgrade to these updated packages, which + contain IBM's 1.3.1 SR11 Java release, which resolves these issues. + + + Affected Software/OS: + IBMJava2 on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-June/msg00018.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of IBMJava2"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"IBMJava2-JRE", rpm:"IBMJava2-JRE~1.3.1~17", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"IBMJava2-SDK", rpm:"IBMJava2-SDK~1.3.1~17", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0134-01_tcltk.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0134-01_tcltk.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0134-01_tcltk.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,208 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for tcltk RHSA-2008:0134-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870139); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0134-01"); + script_cve_id("CVE-2008-0553", "CVE-2007-5378", "CVE-2007-4772"); + script_name(english: "RedHat Update for tcltk RHSA-2008:0134-01"); + desc["english"] = " + + Vulnerability Insight: + Tcl is a scripting language designed for embedding into other applications + and for use with Tk, a widget set. + + An input validation flaw was discovered in Tk's GIF image handling. A + code-size value read from a GIF image was not properly validated before + being used, leading to a buffer overflow. A specially crafted GIF file + could use this to cause a crash or, potentially, execute code with the + privileges of the application using the Tk graphical toolkit. + (CVE-2008-0553) + + A buffer overflow flaw was discovered in Tk's animated GIF image handling. + An animated GIF containing an initial image smaller than subsequent images + could cause a crash or, potentially, execute code with the privileges of + the application using the Tk library. (CVE-2007-5378) + + A flaw in the Tcl regular expression handling engine was discovered by Will + Drewry. This flaw, first discovered in the Tcl regular expression engine + used in the PostgreSQL database server, resulted in an infinite loop when + processing certain regular expressions. (CVE-2007-4772) + + All users are advised to upgrade to these updated packages which contain + backported patches which resolve these issues. + + + Affected Software/OS: + tcltk on Red Hat Enterprise Linux AS (Advanced Server) version 2.1, + Red Hat Enterprise Linux ES version 2.1, + Red Hat Enterprise Linux WS version 2.1, + Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00008.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of tcltk"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_2.1") +{ + + if(isrpmvuln(pkg:"expect", rpm:"expect~5.38.0~75", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"itcl", rpm:"itcl~3.2~75", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tcl", rpm:"tcl~8.3.3~75", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tcllib", rpm:"tcllib~1.0~75", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tclx", rpm:"tclx~8.3~75", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tix", rpm:"tix~8.2.0b1~75", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tk", rpm:"tk~8.3.3~75", rls:"RHENT_2.1")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"expect", rpm:"expect~5.38.0~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"expect-devel", rpm:"expect-devel~5.38.0~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"itcl", rpm:"itcl~3.2~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tcl", rpm:"tcl~8.3.5~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tcl-devel", rpm:"tcl-devel~8.3.5~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tcltk-debuginfo", rpm:"tcltk-debuginfo~8.3.5~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tclx", rpm:"tclx~8.3~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tix", rpm:"tix~8.1.4~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tk", rpm:"tk~8.3.5~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tk-devel", rpm:"tk-devel~8.3.5~92.8", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0135-02_tk.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0135-02_tk.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0135-02_tk.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for tk RHSA-2008:0135-02 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870145); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0135-02"); + script_cve_id("CVE-2008-0553", "CVE-2007-5378"); + script_name(english: "RedHat Update for tk RHSA-2008:0135-02"); + desc["english"] = " + + Vulnerability Insight: + Tk is a graphical toolkit for the Tcl scripting language. + + An input validation flaw was discovered in Tk's GIF image handling. A + code-size value read from a GIF image was not properly validated before + being used, leading to a buffer overflow. A specially crafted GIF file + could use this to cause a crash or, potentially, execute code with the + privileges of the application using the Tk graphical toolkit. + (CVE-2008-0553) + + A buffer overflow flaw was discovered in Tk's animated GIF image handling. + An animated GIF containing an initial image smaller than subsequent images + could cause a crash or, potentially, execute code with the privileges of + the application using the Tk library. (CVE-2007-5378) + + All users are advised to upgrade to these updated packages which contain a + backported patches to resolve these issues. + + + Affected Software/OS: + tk on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00012.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of tk"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"tk", rpm:"tk~8.4.7~3.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tk-debuginfo", rpm:"tk-debuginfo~8.4.7~3.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tk-devel", rpm:"tk-devel~8.4.7~3.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0136-01_tk.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0136-01_tk.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0136-01_tk.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,106 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for tk RHSA-2008:0136-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870169); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0136-01"); + script_cve_id("CVE-2008-0553", "CVE-2007-5137"); + script_name(english: "RedHat Update for tk RHSA-2008:0136-01"); + desc["english"] = " + + Vulnerability Insight: + Tk is a graphical toolkit for the Tcl scripting language. + + An input validation flaw was discovered in Tk's GIF image handling. A + code-size value read from a GIF image was not properly validated before + being used, leading to a buffer overflow. A specially crafted GIF file + could use this to cause a crash or, potentially, execute code with the + privileges of the application using the Tk graphical toolkit. + (CVE-2008-0553) + + A buffer overflow flaw was discovered in Tk's animated GIF image handling. + An animated GIF containing an initial image smaller than subsequent images + could cause a crash or, potentially, execute code with the privileges of + the application using the Tk library. (CVE-2007-5137) + + All users are advised to upgrade to these updated packages which contain a + backported patches to resolve these issues. + + + Affected Software/OS: + tk on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00010.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of tk"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"tk", rpm:"tk~8.4.13~5.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tk-debuginfo", rpm:"tk-debuginfo~8.4.13~5.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"tk-devel", rpm:"tk-devel~8.4.13~5.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0145-01_ImageMagick.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0145-01_ImageMagick.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0145-01_ImageMagick.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,235 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for ImageMagick RHSA-2008:0145-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870057); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0145-01"); + script_cve_id("CVE-2007-1797", "CVE-2007-4985", "CVE-2007-4986", "CVE-2007-4988", "CVE-2008-1096", "CVE-2008-1097"); + script_name(english: "RedHat Update for ImageMagick RHSA-2008:0145-01"); + desc["english"] = " + + Vulnerability Insight: + ImageMagick is an image display and manipulation tool for the X Window + System that can read and write multiple image formats. + + Several heap-based buffer overflow flaws were found in ImageMagick. If a + victim opened a specially crafted DCM or XWD file, an attacker could + potentially execute arbitrary code on the victim's machine. (CVE-2007-1797) + + Several denial of service flaws were found in ImageMagick's parsing of XCF + and DCM files. Attempting to process a specially-crafted input file in + these formats could cause ImageMagick to enter an infinite loop. + (CVE-2007-4985) + + Several integer overflow flaws were found in ImageMagick. If a victim + opened a specially-crafted DCM, DIB, XBM, XCF or XWD file, an attacker + could potentially execute arbitrary code with the privileges of the user + running ImageMagick. (CVE-2007-4986) + + An integer overflow flaw was found in ImageMagick's DIB parsing code. If a + victim opened a specially-crafted DIB file, an attacker could potentially + execute arbitrary code with the privileges of the user running ImageMagick. + (CVE-2007-4988) + + A heap-based buffer overflow flaw was found in the way ImageMagick parsed + XCF files. If a specially-crafted XCF image was opened, ImageMagick could + be made to overwrite heap memory beyond the bounds of its allocated memory. + This could, potentially, allow an attacker to execute arbitrary code on the + machine running ImageMagick. (CVE-2008-1096) + + A heap-based buffer overflow flaw was found in ImageMagick's processing of + certain malformed PCX images. If a victim opened a specially-crafted PCX + file, an attacker could possibly execute arbitrary code on the victim's + machine. (CVE-2008-1097) + + All users of ImageMagick should upgrade to these updated packages, which + contain backported patches to correct these issues. + + + Affected Software/OS: + ImageMagick on Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3, + Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-April/msg00013.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of ImageMagick"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"ImageMagick", rpm:"ImageMagick~6.2.8.0~4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-c++", rpm:"ImageMagick-c++~6.2.8.0~4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-c++-devel", rpm:"ImageMagick-c++-devel~6.2.8.0~4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-debuginfo", rpm:"ImageMagick-debuginfo~6.2.8.0~4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-devel", rpm:"ImageMagick-devel~6.2.8.0~4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-perl", rpm:"ImageMagick-perl~6.2.8.0~4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"ImageMagick", rpm:"ImageMagick~6.0.7.1~17.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-c++", rpm:"ImageMagick-c++~6.0.7.1~17.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-c++-devel", rpm:"ImageMagick-c++-devel~6.0.7.1~17.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-debuginfo", rpm:"ImageMagick-debuginfo~6.0.7.1~17.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-devel", rpm:"ImageMagick-devel~6.0.7.1~17.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-perl", rpm:"ImageMagick-perl~6.0.7.1~17.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"ImageMagick", rpm:"ImageMagick~5.5.6~28", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-c++", rpm:"ImageMagick-c++~5.5.6~28", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-c++-devel", rpm:"ImageMagick-c++-devel~5.5.6~28", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-debuginfo", rpm:"ImageMagick-debuginfo~5.5.6~28", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-devel", rpm:"ImageMagick-devel~5.5.6~28", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"ImageMagick-perl", rpm:"ImageMagick-perl~5.5.6~28", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0146-01_gd.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0146-01_gd.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0146-01_gd.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,157 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for gd RHSA-2008:0146-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870013); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0146-01"); + script_cve_id("CVE-2006-4484", "CVE-2007-0455", "CVE-2007-2756", "CVE-2007-3472", "CVE-2007-3473", "CVE-2007-3475", "CVE-2007-3476"); + script_name(english: "RedHat Update for gd RHSA-2008:0146-01"); + desc["english"] = " + + Vulnerability Insight: + The gd package contains a graphics library used for the dynamic creation of + images such as PNG and JPEG. + + Multiple issues were discovered in the gd GIF image-handling code. A + carefully-crafted GIF file could cause a crash or possibly execute code + with the privileges of the application using the gd library. + (CVE-2006-4484, CVE-2007-3475, CVE-2007-3476) + + An integer overflow was discovered in the gdImageCreateTrueColor() + function, leading to incorrect memory allocations. A carefully crafted + image could cause a crash or possibly execute code with the privileges of + the application using the gd library. (CVE-2007-3472) + + A buffer over-read flaw was discovered. This could cause a crash in an + application using the gd library to render certain strings using a + JIS-encoded font. (CVE-2007-0455) + + A flaw was discovered in the gd PNG image handling code. A truncated PNG + image could cause an infinite loop in an application using the gd library. + (CVE-2007-2756) + + A flaw was discovered in the gd X BitMap (XBM) image-handling code. A + malformed or truncated XBM image could cause a crash in an application + using the gd library. (CVE-2007-3473) + + Users of gd should upgrade to these updated packages, which contain + backported patches which resolve these issues. + + + Affected Software/OS: + gd on Red Hat Enterprise Linux AS version 4, + Red Hat Enterprise Linux ES version 4, + Red Hat Enterprise Linux WS version 4, + Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00019.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of gd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"gd", rpm:"gd~2.0.33~9.4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"gd-debuginfo", rpm:"gd-debuginfo~2.0.33~9.4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"gd-devel", rpm:"gd-devel~2.0.33~9.4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"gd-progs", rpm:"gd-progs~2.0.33~9.4.el5_1.1", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "RHENT_4") +{ + + if(isrpmvuln(pkg:"gd", rpm:"gd~2.0.28~5.4E.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"gd-debuginfo", rpm:"gd-debuginfo~2.0.28~5.4E.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"gd-devel", rpm:"gd-devel~2.0.28~5.4E.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"gd-progs", rpm:"gd-progs~2.0.28~5.4E.el4_6.1", rls:"RHENT_4")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0153-01_cups.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0153-01_cups.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0153-01_cups.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,125 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for cups RHSA-2008:0153-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870161); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0153-01"); + script_cve_id("CVE-2008-0596", "CVE-2008-0597", "CVE-2008-0882"); + script_name(english: "RedHat Update for cups RHSA-2008:0153-01"); + desc["english"] = " + + Vulnerability Insight: + The Common UNIX Printing System (CUPS) provides a portable printing layer + for UNIX(R) operating systems. + + A flaw was found in the way CUPS handled the addition and removal of remote + shared printers via IPP. A remote attacker could send malicious UDP IPP + packets causing the CUPS daemon to attempt to dereference already freed + memory and crash. (CVE-2008-0597) + + A memory management flaw was found in the way CUPS handled the addition and + removal of remote shared printers via IPP. When shared printer was + removed, allocated memory was not properly freed, leading to a memory leak + possibly causing CUPS daemon crash after exhausting available memory. + (CVE-2008-0596) + + These issues were found during the investigation of CVE-2008-0882, which + did not affect Red Hat Enterprise Linux 3. + + Note that the default configuration of CUPS on Red Hat Enterprise Linux + 3 allow requests of this type only from the local subnet. + + In addition, these updated cups packages fix a bug that occurred when using + the CUPS polling daemon. Excessive debugging log information was saved to + the error_log file regardless of the LogLevel setting, which filled up disk + space rapidly. + + All CUPS users are advised to upgrade to these updated packages, which + contain backported patches to resolve this issue. + + + Affected Software/OS: + cups on Red Hat Enterprise Linux AS version 3, + Red Hat Enterprise Linux ES version 3, + Red Hat Enterprise Linux WS version 3 + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-February/msg00014.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of cups"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_3") +{ + + if(isrpmvuln(pkg:"cups", rpm:"cups~1.1.17~13.3.51", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"cups-debuginfo", rpm:"cups-debuginfo~1.1.17~13.3.51", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"cups-devel", rpm:"cups-devel~1.1.17~13.3.51", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"cups-libs", rpm:"cups-libs~1.1.17~13.3.51", rls:"RHENT_3")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0154-01_kernel.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0154-01_kernel.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0154-01_kernel.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,219 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for kernel RHSA-2008:0154-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870067); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0154-01"); + script_cve_id("CVE-2006-6921", "CVE-2007-5938", "CVE-2007-6063", "CVE-2007-6207", "CVE-2007-6694"); + script_name(english: "RedHat Update for kernel RHSA-2008:0154-01"); + desc["english"] = " + + Vulnerability Insight: + The kernel packages contain the Linux kernel, the core of any Linux + operating system. + + These updated packages fix the following security issues: + + * a flaw in the hypervisor for hosts running on Itanium architectures + allowed an Intel VTi domain to read arbitrary physical memory from other + Intel VTi domains, which could make information available to unauthorized + users. (CVE-2007-6207, Important) + + * two buffer overflow flaws were found in ISDN subsystem. A local + unprivileged user could use these flaws to cause a denial of service. + (CVE-2007-5938: Important, CVE-2007-6063: Moderate) + + * a possible NULL pointer dereference was found in the subsystem used for + showing CPU information, as used by CHRP systems on PowerPC architectures. + This may have allowed a local unprivileged user to cause a denial of + service (crash). (CVE-2007-6694, Moderate) + + * a flaw was found in the handling of zombie processes. A local user could + create processes that would not be properly reaped, possibly causing a + denial of service. (CVE-2006-6921, Moderate) + + As well, these updated packages fix the following bugs: + + * a bug was found in the Linux kernel audit subsystem. When the audit + daemon was setup to log the execve system call with a large number of + arguments, the kernel could run out of memory, causing a kernel panic. + + * on IBM System z architectures, using the IBM Hardware Management Console + to toggle IBM FICON channel path ids (CHPID) caused a file ID miscompare, + possibly causing data corruption. + + * when running the IA-32 Execution Layer (IA-32EL) or a Java VM on Itanium + architectures, a bug in the address translation in the hypervisor caused + the wrong address to be registered, causing Dom0 to hang. + + * on Itanium architectures, frequent Corrected Platform Error errors may + have caused the hypervisor to hang. + + * when enabling a CPU without hot plug support, routines for checking the + presence of the CPU were missing. The CPU tried to access its own + resources, causing a kernel panic. + + * after updating to kernel-2.6.18-53.el5, a bug in the CCISS driver caused + the HP Array Configuration Utility CLI to become unstable, possibly causing + a system hang, or a kernel panic. + + * a bug in NFS directory caching could have caused different hosts to have + different views of NFS directories. + + * on Itanium architectures, the Corrected Machine Check Interrupt masked + hot-added CPUs as disabled. + + * when running Oracle database software on the Intel 64 and AMD64 + architectures, if an SGA larger than 4GB was crea ... + + Description truncated, for more information please check the Reference URL + + Affected Software/OS: + kernel on Red Hat Enterprise Linux (v. 5 server) + + Fix: Please Install the Updated Packages. + + References: + https://www.redhat.com/archives/rhsa-announce/2008-March/msg00003.html + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of kernel"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"Red Hat Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-rpm.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "RHENT_5") +{ + + if(isrpmvuln(pkg:"kernel", rpm:"kernel~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE", rpm:"kernel-PAE~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE-debuginfo", rpm:"kernel-PAE-debuginfo~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-PAE-devel", rpm:"kernel-PAE-devel~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug", rpm:"kernel-debug~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug-debuginfo", rpm:"kernel-debug-debuginfo~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debug-devel", rpm:"kernel-debug-devel~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo", rpm:"kernel-debuginfo~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-debuginfo-common", rpm:"kernel-debuginfo-common~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-devel", rpm:"kernel-devel~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-headers", rpm:"kernel-headers~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen", rpm:"kernel-xen~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen-debuginfo", rpm:"kernel-xen-debuginfo~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-xen-devel", rpm:"kernel-xen-devel~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + if(isrpmvuln(pkg:"kernel-doc", rpm:"kernel-doc~2.6.18~53.1.14.el5", rls:"RHENT_5")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_RHSA-2008_0155-01_ghostscript.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_RHSA-2008_0155-01_ghostscript.nasl 2009-03-06 06:22:21 UTC (rev 2683) +++ trunk/openvas-plugins/scripts/gb_RHSA-2008_0155-01_ghostscript.nasl 2009-03-06 06:30:35 UTC (rev 2684) @@ -0,0 +1,177 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# RedHat Update for ghostscript RHSA-2008:0155-01 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(870133); + script_version("$Revision: 1.0 $"); + script_xref(name: "RHSA", value: "2008:0155-01"); + script_cve_id("CVE-2008-0411"); + script_name(english: "RedHat Update for ghostscript RHSA-2008:0155-01"); + desc["english"] = " + + Vulnerability Insight: + Ghostscript is a program for displaying PostScript files, or printing them + to non-PostScript printers. + + Chris Evans from the Google Security Team reported a stack-based buffer + overflow flaw in Ghostscript's zseticcspace() function. An attacker could + create a malicious PostScript file that would cause Ghostscript to execute + arbitrary code when opened. (CVE-2008-0411) + + These updated packages also fix a bug, which prevented the pxlmono printer + driver from producing valid out