[Openvas-commits] r2716 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Tue Mar 10 11:59:27 CET 2009
Author: chandra
Date: 2009-03-10 11:59:23 +0100 (Tue, 10 Mar 2009)
New Revision: 2716
Added:
trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_lin.nasl
trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_win.nasl
trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_bof_vuln.nasl
trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_lin.nasl
trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_win.nasl
trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_lin.nasl
trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_win.nasl
trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_lin.nasl
trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_win.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_lin.nasl
trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl
Log:
Added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/ChangeLog 2009-03-10 10:59:23 UTC (rev 2716)
@@ -1,4 +1,18 @@
2009-03-10 Chandrashekhar B <bchandra at secpod.com>
+ * scripts/gb_adobe_flash_player_detect_win.nasl,
+ scripts/gb_firefox_mult_vuln_mar09_lin.nasl,
+ scripts/gb_adobe_flash_player_mult_vuln_mar09_win.nasl,
+ scripts/gb_thunderbird_mult_vuln_mar09_win.nasl,
+ scripts/gb_seamonkey_mult_vuln_mar09_win.nasl,
+ scripts/gb_adobe_flash_player_detect_lin.nasl,
+ scripts/gb_bpsoft_hex_workshop_bof_vuln.nasl,
+ scripts/gb_adobe_flash_player_mult_vuln_mar09_lin.nasl,
+ scripts/gb_firefox_mult_vuln_mar09_win.nasl,
+ scripts/gb_thunderbird_mult_vuln_mar09_lin.nasl,
+ scripts/gb_seamonkey_mult_vuln_mar09_lin.nasl:
+ Added new plugins
+
+2009-03-10 Chandrashekhar B <bchandra at secpod.com>
* scripts/apoll_7_5_sql_injection.nasl,
scripts/vBulletin_3_7_4_multiple_sql_injection.nasl,
scripts/vBulletin_3_7_3_pl1_sql_injection.nasl,
Modified: trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_lin.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_lin.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -30,8 +30,8 @@
script_version("$Revision: 1.0 $");
script_name(english:"Adobe Flash Player Version Detection (Linux)");
desc["english"] = "
- Overview: This script detects the version from binary file(s) and sets
- the Adobe Flash Player version in the KB.
+ Overview: This script detects the version of Adobe Product(s) and sets the
+ result in the KB.
Risk factor : Informational";
@@ -59,29 +59,43 @@
garg[2] = "-a";
garg[3] = string("[0-9]\\+,[0-9]\\+,[0-9]\\+,[0-9]\\+");
+# Set KB for Adobe Flash Player
flashName = find_file(file_name:"libflashplayer.so", file_path:"/",
useregex:TRUE, regexpar:"$", sock:sock);
-foreach binaryName (flashName)
+if(flashName != NULL)
{
- binaryName = chomp(binaryName);
- if(islocalhost())
+ foreach binaryName (flashName)
{
- garg[4] = binaryName;
- arg = garg;
+ binaryName = chomp(binaryName);
+ if(islocalhost())
+ {
+ garg[4] = binaryName;
+ arg = garg;
+ }
+ else
+ {
+ arg = garg[0]+" "+garg[1]+" "+garg[2]+" "+
+ raw_string(0x22)+garg[3]+raw_string(0x22)+" "+binaryName;
+ }
+
+ flashVer = get_bin_version(full_prog_name:grep, version_argv:arg, sock:sock,
+ ver_pattern:"([0-9]+,[0-9]+,[0-9]+,[0-9]+)");
+ if(flashVer[0] != NULL)
+ {
+ set_kb_item(name:"AdobeFlashPlayer/Linux/Ver", value:flashVer[0]);
+ break;
+ }
}
- else
- {
- arg = garg[0]+" "+garg[1]+" "+garg[2]+" "+
- raw_string(0x22)+garg[3]+raw_string(0x22)+" "+binaryName;
- }
+}
- flashVer = get_bin_version(full_prog_name:grep, version_argv:arg,
- ver_pattern:"([0-9]+,[0-9]+,[0-9]+,[0-9]+)");
- if(flashVer)
- {
- set_kb_item(name:"AdobeFlashPlayer/Linux/Ver", value:flashVer[0]);
- ssh_close_connection();
- exit(0);
+# Set KB for Adobe AIR
+path = "/opt/Adobe\ AIR/Versions/1.0/Resources/ApolloVersion";
+if(path != NULL)
+{
+ airVer = get_bin_version(full_prog_name:"cat", version_argv:path,
+ ver_pattern:"", sock:sock);
+ if(airVer[1] != NULL){
+ set_kb_item(name:"Adobe/Air/Linux/Ver", value:airVer[1]);
}
}
ssh_close_connection();
Modified: trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_detect_win.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -30,8 +30,8 @@
script_version("$Revision: 1.0 $");
script_name(english:"Adobe Flash Player Version Detection (Win)");
desc["english"] = "
- Overview: This script detects the version from registry/file and sets the
- Adobe Flash Player version in the KB.
+ Overview: This script detects the version of Adobe Product(s) and sets the
+ result the KB.
Risk factor : Informational";
@@ -47,20 +47,57 @@
include("smb_nt.inc");
+include("secpod_smb_func.inc");
if(!get_kb_item("SMB/WindowsVersion")){
exit(0);
}
-flashVer = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
- "\Uninstall\Adobe Flash Player Plugin",
- item:"DisplayVersion");
-if(!flashVer){
- flashVer = registry_get_sz(key:"SOFTWARE\Microsoft\Windows\CurrentVersion" +
- "\Uninstall\Adobe Flash Player Activex",
- item:"DisplayVersion");
-}
+# Set KB for Adobe Flash Player, Adobe Flash CS Professional and Adobe Flex
+playerFlag = 0; airFlag = 0; csFlag = 0; flexFlag = 0;
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
-if(flashVer){
- set_kb_item(name:"AdobeFlashPlayer/Win/Ver", value:flashVer);
+foreach item (registry_enum_keys(key:key))
+{
+ adobeName = registry_get_sz(key:key + item, item:"DisplayName");
+
+ if("Adobe AIR" >< adobeName && airFlag == 0)
+ {
+ airVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(airVer != NULL)
+ {
+ set_kb_item(name:"Adobe/Air/Win/Ver", value:airVer);
+ airFlag = 1;
+ }
+ }
+
+ else if("Adobe Flash CS" >< adobeName && csFlag == 0)
+ {
+ fcsVer = eregmatch(pattern:"Flash (CS[0-9])", string:adobeName);
+ if(fcsVer[1] != NULL)
+ {
+ set_kb_item(name:"Adobe/FlashCS/Win/Ver", value:fcsVer[1]);
+ csFlag = 1;
+ }
+ }
+
+ else if("Adobe Flash Player" >< adobeName && playerFlag == 0)
+ {
+ playerVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(playerVer != NULL)
+ {
+ set_kb_item(name:"AdobeFlashPlayer/Win/Ver", value:playerVer);
+ playerFlag = 1;
+ }
+ }
+
+ else if("Adobe Flex" >< adobeName && flexFlag == 0)
+ {
+ flexVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+ if(flexVer != NULL)
+ {
+ set_kb_item(name:"Adobe/Flex/Win/Ver", value:flexVer);
+ flexFlag = 1;
+ }
+ }
}
Added: trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_lin.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_lin.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,111 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_flash_player_mult_vuln_mar09_lin.nasl 631 2009-03-09 12:10:34Z mar $
+#
+# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800360);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520",
+ "CVE-2009-0521", "CVE-2009-0522");
+ script_bugtraq_id(33890);
+ script_name(english:"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Linux)");
+ desc["english"] = "
+
+ Overview: This host is installed with Adobe Products and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ - Error while processing multiple references to an unspecified object which
+ can be exploited by tricking the user to access a malicious crafted
+ SWF file.
+ - Input validation error in the processing of SWF file.
+ - Error while displaying the mouse pointer on Windows which may cause
+ 'Clickjacking' attacks.
+ - Error in the Linux Flash Player binaries which can cause disclosure of
+ sensitive information.
+
+ Impact:
+ Successful exploitation will let the remote attackers to cause remote code
+ execution, compromise system privileges or may cause exposure of sensitive
+ information.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Adobe AIR version prior to 1.5.1
+ Adobe Flash Player 9 version prior to 9.0.159.0
+ Adobe Flash Player 10 version prior to 10.0.22.87
+
+ Fix:
+ Upgrade to version Adobe Flash Player 9.0.159.0 or 10.0.22.87
+ http://get.adobe.com/flashplayer
+
+ Update to version 1.5.1 for Adobe AIR
+ http://get.adobe.com/air
+
+ References:
+ http://secunia.com/advisories/34012
+ http://www.adobe.com/support/security/bulletins/apsb09-01.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Adobe Flash Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_adobe_flash_player_detect_lin.nasl");
+ script_require_keys("AdobeFlashPlayer/Linux/Ver", "Adobe/Air/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player version < 9.0.159.0/10.0.22.87
+playerVer = get_kb_item("AdobeFlashPlayer/Linux/Ver");
+if(playerVer != NULL)
+{
+ if(version_is_less(version:playerVer, test_version:"9.0.159.0") ||
+ version_in_range(version:playerVer, test_version:"10.0",
+ test_version2:"10.0.22.86"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Check for Adobe Air version < 1.5.1
+airVer = get_kb_item("Adobe/Air/Linux/Ver");
+if(airVer =~ "^[0-9]")
+{
+ if(version_is_less(version:airVer, test_version:"1.5.1")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_win.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_win.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,112 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_adobe_flash_player_mult_vuln_mar09_win.nasl 631 2009-03-09 14:10:34Z mar $
+#
+# Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800359);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0114", "CVE-2009-0519", "CVE-2009-0520", "CVE-2009-0522");
+ script_bugtraq_id(33890);
+ script_name(english:"Adobe Flash Player Multiple Vulnerabilities - Mar09 (Win)");
+ desc["english"] = "
+
+ Overview: This host is installed with Adobe Products and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ - Error while processing multiple references to an unspecified object which
+ can be exploited by tricking the user to accessing a malicious crafted SWF
+ file.
+ - Input validation error in the processing of SWF file.
+ - Error while displaying the mouse pointer on Windows which may cause
+ 'Clickjacking' attacks.
+
+ Impact:
+ Successful exploitation will let the remote attackers to cause remote code
+ execution, compromise system privileges or may cause exposure of sensitive
+ information.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Adobe Flex version 3.x or 2.x
+ Adobe AIR version prior to 1.5.1
+ Adobe Flash CS3/CS4 Professional
+ Adobe Flash Player 9 version prior to 9.0.159.0
+ Adobe Flash Player 10 version prior to 10.0.22.87
+
+ Fix:
+ Update to version 1.5.1 for Adobe Air.
+ http://get.adobe.com/air
+
+ Update to Adobe Flash Player 9.0.159.0 or 10.0.22.87 and
+ Adobe CS3/CS4, Flex 3
+ http://get.adobe.com/flashplayer
+ http://www.adobe.com/support/flashplayer/downloads.html#fp9
+
+ References:
+ http://secunia.com/advisories/34012
+ http://www.adobe.com/support/security/bulletins/apsb09-01.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 6.9
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Adobe Flash Player");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_adobe_flash_player_detect_win.nasl");
+ script_require_keys("AdobeFlashPlayer/Win/Ver", "Adobe/Air/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+# Check for Adobe Flash Player version prior to 9.0.159.0 or 10.0.22.87
+playerVer = get_kb_item("AdobeFlashPlayer/Win/Ver");
+if(playerVer != NULL)
+{
+ if(version_is_less(version:playerVer, test_version:"9.0.159.0") ||
+ version_in_range(version:playerVer, test_version:"10.0",
+ test_version2:"10.0.22.86"))
+ {
+ security_hole(0);
+ exit(0);
+ }
+}
+
+# Check for Adobe Air version prior to 1.5.1
+airVer = get_kb_item("Adobe/Air/Win/Ver");
+if(airVer != NULL)
+{
+ if(version_is_less(version:airVer, test_version:"1.5.1")){
+ security_hole(0);
+ }
+}
Property changes on: trunk/openvas-plugins/scripts/gb_adobe_flash_player_mult_vuln_mar09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_bof_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_bof_vuln.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_bof_vuln.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,85 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_bpsoft_hex_workshop_bof_vuln.nasl 751 2009-03-09 13:08:24Z mar $
+#
+# BreakPoint Software, Hex Workshop Buffer Overflow vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800528);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0812");
+ script_bugtraq_id(33932);
+ script_name(english:"BreakPoint Software, Hex Workshop Buffer Overflow vulnerability");
+ desc["english"] = "
+
+ Overview: This host has Hex Workshop installed and is prone to Stack
+ based Buffer Overflow vulnerability.
+
+ Vulnerability Insight:
+ Application fails to adequately sanitize user input data, which in turn
+ leads to boundary error while processing of Intel .hex files.
+
+ Impact:
+ Successful exploitation could allow remote attacker to execute arbitrary
+ code and can cause denial-of-service.
+
+ Impact Level: Application
+
+ Affected Software/OS:
+ BreakPoint Software, Hex Workshop version 6.0.1.4603 and prior on Windows.
+
+ Fix: No solution or patch is available as on 09th March, 2009. Information
+ regarding this issue will be updated once the solution details are available.
+ For updates refer, http://www.bpsoft.com/downloads
+
+ References:
+ http://secunia.com/advisories/34021
+ http://www.milw0rm.com/exploits/8121
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 8.4
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the Version of Hex Workshop");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_bpsoft_hex_workshop_detect.nasl");
+ script_require_keys("BPSoft/HexWorkshop/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+hwVer = get_kb_item("BPSoft/HexWorkshop/Ver");
+if(!hwVer){
+ exit(0);
+}
+
+if(version_is_less_equal(version:hwVer, test_version:"6.0.1.4603")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_bpsoft_hex_workshop_bof_vuln.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_lin.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_lin.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,109 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_vuln_mar09_lin.nasl 758 2009-03-05 16:07:33Z mar $
+#
+# Mozilla Firefox Multiple Vulnerabilities Mar-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800362);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774",
+ "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777", "CVE-2009-0821");
+ script_bugtraq_id(33969, 33990);
+ script_name(english:"Mozilla Firefox Multiple Vulnerabilities Mar-09 (Linux)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Firefox browser and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws due to
+ - Layout engine error which causes memory corruption and assertion failures.
+ - Layout engine error related to 'nsCSSStyleSheet::GetOwnerNode', events and
+ garage collection which triggers memory corruption.
+ - Layout engine error through a splice of an array that contains 'non-set'
+ elements which causes 'jsarray.cpp' to pass an incorrect argument to the
+ 'ResizeSlots' function which causes application crash.
+ - Vectors related to js_DecompileValueGenerator, jsopcode.cpp,
+ __defineSetter__ and watch which causes a segmentation fault.
+ - Layout engine error in the vector related to 'gczeal'.
+ - Double free vulnerability in Firefox via 'cloned XUL DOM elements' which
+ were linked as a parent and child are not properly handled during garbage
+ collection which causes arbitrary code execution.
+ - 'nsIRDFService' in Firefox allows to bypass the same origin policy and
+ read XML data through another domain by cross-domain redirect.
+ - Error while decoding invisible characters when they are displayed in the
+ location bar which causes incorrect address to be displayed in the URL bar
+ and causes spoofing attacks.
+ - Error in 'window.print' function which causes dos attack via nested calls
+ in the 'onclick' attribute of an 'INPUT' element.
+
+ Impact:
+ Successful exploitation will let attacker execute arbitrary code in the
+ context of an affected web application or can cause URL address bar
+ spoofing attacks or may cause denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Firefox version prior to 3.0.7 on Linux.
+
+ Fix: Upgrade to Firefox version 3.0.7
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ https://rhn.redhat.com/errata/RHSA-2009-0315.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-09.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
+ http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_firefox_detect_lin.nasl");
+ script_require_keys("Firefox/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Linux/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version < 3.0.7
+if(version_is_less(version:ffVer, test_version:"3.0.7")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_win.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_win.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,108 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_firefox_mult_vuln_mar09_win.nasl 758 2009-03-05 13:07:33Z mar $
+#
+# Mozilla Firefox Multiple Vulnerabilities Mar-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800361);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774",
+ "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777", "CVE-2009-0821");
+ script_bugtraq_id(33969, 33990);
+ script_name(english:"Mozilla Firefox Multiple Vulnerabilities Mar-09 (Win)");
+ desc["english"] = "
+
+ Overview: This host is installed with Mozilla Firefox and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws due to
+ - Layout engine error which causes memory corruption and assertion failures.
+ - Layout engine error related to 'nsCSSStyleSheet::GetOwnerNode', events and
+ garage collection which triggers memory corruption.
+ - Layout engine error through a splice of an array that contains 'non-set'
+ elements which causes 'jsarray.cpp' to pass an incorrect argument to the
+ 'ResizeSlots' function which causes application crash.
+ - Vectors related to js_DecompileValueGenerator, jsopcode.cpp,
+ __defineSetter__ and watch which causes a segmentation fault.
+ - Layout engine error in the vector related to 'gczeal'.
+ - Double free vulnerability in Firefox via 'cloned XUL DOM elements' which
+ were linked as a parent and child are not properly handled during garbage
+ collection which causes arbitrary code execution.
+ - 'nsIRDFService' in Firefox allows to bypass the same origin policy and
+ read XML data through another domain by cross-domain redirect.
+ - Error while decoding invisible characters when they are displayed in the
+ location bar which causes incorrect address to be displayed in the URL bar
+ and causes spoofing attacks.
+ - Error in 'window.print' function which causes dos attack via nested calls
+ in the 'onclick' attribute of an 'INPUT' element.
+
+ Impact:
+ Successful exploitation will let attacker execute arbitrary code in the
+ context of an affected web application or can cause URL address bar
+ spoofing attacks or may cause denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Firefox version prior to 3.0.7 on Windows.
+
+ Fix: Upgrade to Firefox version 3.0.7
+ http://www.mozilla.com/en-US/firefox/all.html
+
+ References:
+ http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-09.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
+ http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Firefox");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_firefox_detect_win.nasl");
+ script_require_keys("Firefox/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+ffVer = get_kb_item("Firefox/Win/Ver");
+if(!ffVer){
+ exit(0);
+}
+
+# Grep for Firefox version < 3.0.7
+if(version_is_less(version:ffVer, test_version:"3.0.7")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_firefox_mult_vuln_mar09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_lin.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_lin.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_seamonkey_mult_vuln_mar09_lin.nasl 758 2009-03-05 17:57:33Z mar $
+#
+# Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800366);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774",
+ "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777");
+ script_bugtraq_id(33990);
+ script_name(english:"Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Linux)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Seamonkey browser and is prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws due to,
+ - Layout engine error which causes memory corruption and assertion failures.
+ - Layout engine error related to 'nsCSSStyleSheet::GetOwnerNode', events and
+ garage collection which triggers memory corruption.
+ - Layout engine error through a splice of an array that contains 'non-set'
+ elements which causes 'jsarray.cpp' to pass an incorrect argument to the
+ 'ResizeSlots' function which causes application crash.
+ - Vectors related to js_DecompileValueGenerator, jsopcode.cpp,
+ __defineSetter__ and watch which causes a segmentation fault.
+ - Layout engine error in the vector related to 'gczeal'.
+ - Double free vulnerability in Seamonkey via 'cloned XUL DOM elements' which
+ were linked as a parent and child are not properly handled during garbage
+ collection which causes arbitrary code execution.
+ - 'nsIRDFService' in Seamonkey allows to bypass the same origin policy and
+ read XML data through another domain by cross-domain redirect.
+ - Error while decoding invisible characters when they are displayed in the
+ location bar which causes incorrect address to be displayed in the URL bar
+ and causes spoofing attacks.
+
+ Impact:
+ Successful exploitation will let attacker execute arbitrary code in the
+ context of an affected web application or can cause URL address bar
+ spoofing attacks or may cause denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Seamonkey version prior to 1.1.15 on Linux.
+
+ Fix: Upgrade to Seamonkey version 1.1.15
+ http://www.seamonkey-project.org/releases
+
+ References:
+ http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-09.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
+ http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Seamonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_seamonkey_detect_lin.nasl");
+ script_require_keys("Seamonkey/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+smVer = get_kb_item("Seamonkey/Linux/Ver");
+if(!smVer){
+ exit(0);
+}
+
+# Grep for Seamonkey version < 1.1.15
+if(version_is_less(version:smVer, test_version:"1.1.15")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_win.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_win.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_seamonkey_mult_vuln_mar09_win.nasl 758 2009-03-05 17:28:33Z mar $
+#
+# Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800365);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774",
+ "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777");
+ script_bugtraq_id(33990);
+ script_name(english:"Mozilla Seamonkey Multiple Vulnerabilities Mar-09 (Win)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Seamonkey browser and is prone
+ to multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws due to,
+ - Layout engine error which causes memory corruption and assertion failures.
+ - Layout engine error related to 'nsCSSStyleSheet::GetOwnerNode', events and
+ garage collection which triggers memory corruption.
+ - Layout engine error through a splice of an array that contains 'non-set'
+ elements which causes 'jsarray.cpp' to pass an incorrect argument to the
+ 'ResizeSlots' function which causes application crash.
+ - Vectors related to js_DecompileValueGenerator, jsopcode.cpp,
+ __defineSetter__ and watch which causes a segmentation fault.
+ - Layout engine error in the vector related to 'gczeal'.
+ - Double free vulnerability in Seamonkey via 'cloned XUL DOM elements' which
+ were linked as a parent and child are not properly handled during garbage
+ collection which causes arbitrary code execution.
+ - 'nsIRDFService' in Seamonkey allows to bypass the same origin policy and
+ read XML data through another domain by cross-domain redirect.
+ - Error while decoding invisible characters when they are displayed in the
+ location bar which causes incorrect address to be displayed in the URL bar
+ and causes spoofing attacks.
+
+ Impact:
+ Successful exploitation will let attacker execute arbitrary code in the
+ context of an affected web application or can cause URL address bar
+ spoofing attacks or may cause denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Seamonkey version prior to 1.1.15 on Windows.
+
+ Fix: Upgrade to Seamonkey version 1.1.15
+ http://www.seamonkey-project.org/releases
+
+ References:
+ http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-09.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
+ http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Seamonkey");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_seamonkey_detect_win.nasl");
+ script_require_keys("Seamonkey/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+smVer = get_kb_item("Seamonkey/Win/Ver");
+if(!smVer){
+ exit(0);
+}
+
+# Grep for Seamonkey version < 1.1.15
+if(version_is_less(version:smVer, test_version:"1.1.15")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_seamonkey_mult_vuln_mar09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_lin.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_lin.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_lin.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_thunderbird_mult_vuln_mar09_lin.nasl 758 2009-03-05 17:15:33Z mar $
+#
+# Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Linux)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800364);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774",
+ "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777");
+ script_bugtraq_id(33990);
+ script_name(english:"Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Linux)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Thunderbird and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws due to,
+ - Layout engine error which causes memory corruption and assertion failures.
+ - Layout engine error related to 'nsCSSStyleSheet::GetOwnerNode', events and
+ garage collection which triggers memory corruption.
+ - Layout engine error through a splice of an array that contains 'non-set'
+ elements which causes 'jsarray.cpp' to pass an incorrect argument to the
+ 'ResizeSlots' function which causes application crash.
+ - Vectors related to js_DecompileValueGenerator, jsopcode.cpp,
+ __defineSetter__ and watch which causes a segmentation fault.
+ - Layout engine error in the vector related to 'gczeal'.
+ - Double free vulnerability in Thunderbird via 'cloned XUL DOM elements'
+ which were linked as a parent and child are not properly handled during
+ garbage collection which causes arbitrary code execution.
+ - 'nsIRDFService' in Thunderbird allows to bypass the same origin policy and
+ read XML data through another domain by cross-domain redirect.
+ - Error while decoding invisible characters when they are displayed in the
+ location bar which causes incorrect address to be displayed in the URL bar
+ and causes spoofing attacks.
+
+ Impact:
+ Successful exploitation will let attacker execute arbitrary code in the
+ context of an affected web application or can cause URL address bar
+ spoofing attacks or may cause denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Thunderbird version prior to 2.0.0.21 on Linux.
+
+ Fix: Upgrade to Thunderbird version 2.0.0.21
+ http://www.mozilla.com/en-US/thunderbird
+
+ References:
+ http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-09.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
+ http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_thunderbird_detect_lin.nasl");
+ script_require_keys("Thunderbird/Linux/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+tbVer = get_kb_item("Thunderbird/Linux/Ver");
+if(!tbVer){
+ exit(0);
+}
+
+# Grep for Thunderbird version < 2.0.0.21
+if(version_is_less(version:tbVer, test_version:"2.0.0.21")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_lin.nasl
___________________________________________________________________
Name: svn:executable
+ *
Added: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_win.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_win.nasl 2009-03-10 07:59:36 UTC (rev 2715)
+++ trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_win.nasl 2009-03-10 10:59:23 UTC (rev 2716)
@@ -0,0 +1,106 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_thunderbird_mult_vuln_mar09_win.nasl 758 2009-03-05 16:47:33Z mar $
+#
+# Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Win)
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+ script_id(800363);
+ script_version("$Revision: 1.0 $");
+ script_cve_id("CVE-2009-0771", "CVE-2009-0772", "CVE-2009-0773", "CVE-2009-0774",
+ "CVE-2009-0775", "CVE-2009-0776", "CVE-2009-0777");
+ script_bugtraq_id(33990);
+ script_name(english:"Mozilla Thunderbird Multiple Vulnerabilities Mar-09 (Win)");
+ desc["english"] = "
+
+ Overview: The host is installed with Mozilla Thunderbird and is prone to
+ multiple vulnerabilities.
+
+ Vulnerability Insight:
+ Multiple flaws due to,
+ - Layout engine error which causes memory corruption and assertion failures.
+ - Layout engine error related to 'nsCSSStyleSheet::GetOwnerNode', events and
+ garage collection which triggers memory corruption.
+ - Layout engine error through a splice of an array that contains 'non-set'
+ elements which causes 'jsarray.cpp' to pass an incorrect argument to the
+ 'ResizeSlots' function which causes application crash.
+ - Vectors related to js_DecompileValueGenerator, jsopcode.cpp,
+ __defineSetter__ and watch which causes a segmentation fault.
+ - Layout engine error in the vector related to 'gczeal'.
+ - Double free vulnerability in Thunderbird via 'cloned XUL DOM elements'
+ which were linked as a parent and child are not properly handled during
+ garbage collection which causes arbitrary code execution.
+ - 'nsIRDFService' in Thunderbird allows to bypass the same origin policy and
+ read XML data through another domain by cross-domain redirect.
+ - Error while decoding invisible characters when they are displayed in the
+ location bar which causes incorrect address to be displayed in the URL bar
+ and causes spoofing attacks.
+
+ Impact:
+ Successful exploitation will let attacker execute arbitrary code in the
+ context of an affected web application or can cause URL address bar
+ spoofing attacks or may cause denial of service.
+
+ Impact Level: System/Application
+
+ Affected Software/OS:
+ Thunderbird version prior to 2.0.0.21 on Windows.
+
+ Fix: Upgrade to Thunderbird version 2.0.0.21
+ http://www.mozilla.com/en-US/thunderbird
+
+ References:
+ http://www.mozilla.org/security/announce/2009/mfsa2009-07.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-08.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-09.html
+ http://www.mozilla.org/security/announce/2009/mfsa2009-11.html
+ http://downloads.securityfocus.com/vulnerabilities/exploits/33969.html
+
+ CVSS Score:
+ CVSS Base Score : 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
+ CVSS Temporal Score : 7.3
+ Risk factor: High";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check for the version of Thunderbird");
+ script_category(ACT_GATHER_INFO);
+ script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+ script_family(english:"Buffer overflow");
+ script_dependencies("gb_thunderbird_detect_win.nasl");
+ script_require_keys("Thunderbird/Win/Ver");
+ exit(0);
+}
+
+
+include("version_func.inc");
+
+tbVer = get_kb_item("Thunderbird/Win/Ver");
+if(!tbVer){
+ exit(0);
+}
+
+# Grep for Thunderbird version < 2.0.0.21
+if(version_is_less(version:tbVer, test_version:"2.0.0.21")){
+ security_hole(0);
+}
Property changes on: trunk/openvas-plugins/scripts/gb_thunderbird_mult_vuln_mar09_win.nasl
___________________________________________________________________
Name: svn:executable
+ *
More information about the Openvas-commits
mailing list