[Openvas-commits] r2663 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Thu Mar 5 06:26:00 CET 2009 

Author: chandra
Date: 2009-03-05 06:25:55 +0100 (Thu, 05 Mar 2009)
New Revision: 2663

Added:
   trunk/openvas-plugins/scripts/gb_apple_safari_uri_dos_vuln_win.nasl
   trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-03-04 13:45:17 UTC (rev 2662)
+++ trunk/openvas-plugins/ChangeLog	2009-03-05 05:25:55 UTC (rev 2663)
@@ -1,3 +1,8 @@
+2009-03-05 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_apple_safari_uri_dos_vuln_win.nasl,
+	scripts/secpod_ms_dns_mem_corr_vuln.nasl:
+	Added new plugins
+
 2009-03-04 Vlatko Kosturjak <kost at linux.hr>
 
 	* plugins/linux_tftp/Makefile.darwin, plugins/linux_tftp/Makefile, 

Added: trunk/openvas-plugins/scripts/gb_apple_safari_uri_dos_vuln_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_apple_safari_uri_dos_vuln_win.nasl	2009-03-04 13:45:17 UTC (rev 2662)
+++ trunk/openvas-plugins/scripts/gb_apple_safari_uri_dos_vuln_win.nasl	2009-03-05 05:25:55 UTC (rev 2663)
@@ -0,0 +1,87 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_apple_safari_uri_dos_vuln_win.nasl 629 2009-03-04 10:40:26Z mar $
+#
+# Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800524);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-0744");
+  script_bugtraq_id(33909);
+  script_name(english:"Apple Safari URI NULL Pointer Dereference DoS Vulnerability (Win)");
+  desc["english"] = "
+
+  Overview: This host is running Apple Safari web browser and is prone
+  to denial of service vulnerability.
+
+  Vulnerability Insight:
+  Browser fails to adequately sanitize user supplied input in URI feeds.
+  Hence when certain characters are passed at the begining of the URI,
+  the NULL Pointer Dereference bug occurs, using '%', '{', '}', '`', '^', '|'
+  and '&' characters.
+
+  Impact:
+  Successful exploitation could allow remote attackers to cause browser crash.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Apple Safari version 4 beta and prior on Windows.
+
+  Fix: No solution or patch is available as on 04th March, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.apple.com/support/downloads
+
+  References:
+  http://xforce.iss.net/xforce/xfdb/48943
+  http://www.securityfocus.com/archive/1/archive/1/501229/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 5.0 (AV:N/AC:L/Au:NR/C:N/I:N/A:P)
+    CVSS Temporal Score : 4.5
+  Risk factor : Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Apple Safari");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_apple_safari_detect_win_900003.nasl");
+  script_require_keys("AppleSafari/Version");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+safariVer = get_kb_item("AppleSafari/Version");
+if(!safariVer){
+  exit(0);
+}
+
+# Apple Safari Version <= (4.28.16.0) 4 build 528.16
+if(version_is_less_equal(version:safariVer, test_version:"4.28.16.0")){
+  security_warning(0);
+}

Added: trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl	2009-03-04 13:45:17 UTC (rev 2662)
+++ trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl	2009-03-05 05:25:55 UTC (rev 2663)
@@ -0,0 +1,126 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_ms_dns_mem_corr_vuln.nasl 1050 2009-03-03 15:00:29Z mar $
+#
+# Microsoft Windows DNS Memory Corruption Vulnerability - Mar09
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900465);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-6194");
+  script_name(english:"Microsoft Windows DNS Memory Corruption Vulnerability - Mar09");
+  desc["english"] = "
+
+  Overview: This host is running Microsoft Windows and is prone to DNS Memory
+  Corruption Vulnerability.
+
+  Vulnerability Insight:
+  This flaw is due to memory leak vulnerability in Microsoft Windows DNS
+  Server through DNS packets.
+
+  Impact:
+  Successful exploitation will let the attacker execute arbitrary codes in
+  the context of the application and can cause memory corruption in the DNS
+  service.
+
+  Impact level: System
+
+  Affected Software/OS:
+  Microsoft Windows Server 2000 and 2003.
+
+  Fix: No solution or patch is available as on 04th March, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For further updates refer, http://www.microsoft.com
+
+  References:
+  http://www.microsoft.com/technet/security/bulletin/ms07-062.mspx
+  http://www.securityfocus.com/archive/1/archive/1/491831/100/0/threaded
+  http://www.securityfocus.com/archive/1/archive/1/491815/100/0/threaded
+
+  CVSS Score:
+    CVSS Base Score     : 7.8 (AV:N/AC:L/Au:NR/C:N/I:N/A:C)
+    CVSS Temporal Score : 6.6
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of DNS Executable");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Windows");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_reg.inc");
+include("version_func.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(hotfix_check_sp(win2k:5, win2003:3) <= 0){
+  exit(0);
+}
+
+sys32Path = registry_get_sz(key:"SOFTWARE\Microsoft\COM3\Setup",
+                            item:"Install Path");
+if(!sys32Path){
+  exit(0);
+}
+
+share = ereg_replace(pattern:"([A-Z]):.*", replace:"\1$", string:sys32Path);
+file = ereg_replace(pattern:"[A-Z]:(.*)", replace:"\1", string:sys32Path + "\dns.exe");
+
+dnsVer = GetVer(file:file, share:share);
+if(dnsVer != NULL)
+{
+  if(get_kb_item("SMB/Win2K/ServicePack")) # Win-2000 SP4 and prior
+  {
+    if(version_is_less_equal(version:dnsVer, test_version:"5.0.2195.7147")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+
+  SP = get_kb_item("SMB/Win2003/ServicePack");
+  if("Service Pack 1" >< SP) # Win-2003 SP1
+  {
+    if(version_is_less_equal(version:dnsVer, test_version:"5.2.3790.3027")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  else if("Service Pack 2" >< SP) # Win-2003 SP2
+  {
+    if(version_is_less_equal(version:dnsVer, test_version:"5.2.3790.4171")){
+      security_hole(0);
+    }
+    exit(0);
+  }
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_ms_dns_mem_corr_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

More information about the Openvas-commits mailing list