[Openvas-commits] r2948 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Mon Mar 30 15:53:36 CEST 2009 

Author: chandra
Date: 2009-03-30 15:53:34 +0200 (Mon, 30 Mar 2009)
New Revision: 2948

Added:
   trunk/openvas-plugins/scripts/secpod_symantec_pcanywhere_dos_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_symantec_prdts_detect.nasl
   trunk/openvas-plugins/scripts/secpod_xampp_detect.nasl
   trunk/openvas-plugins/scripts/secpod_xampp_mult_csrf_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-03-30 12:26:52 UTC (rev 2947)
+++ trunk/openvas-plugins/ChangeLog	2009-03-30 13:53:34 UTC (rev 2948)
@@ -1,3 +1,10 @@
+2009-03-30 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/secpod_xampp_detect.nasl,
+	scripts/secpod_symantec_prdts_detect.nasl,
+	scripts/secpod_symantec_pcanywhere_dos_vuln.nasl,
+	scripts/secpod_xampp_mult_csrf_vuln.nasl:
+	Added new plugins
+
 2009-03-30 Michael Meyer <mime at gmx.de>
 	* scripts/cvstrac_detect.nasl,
 	scripts/phpgroupware_detect.nasl:

Added: trunk/openvas-plugins/scripts/secpod_symantec_pcanywhere_dos_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_symantec_pcanywhere_dos_vuln.nasl	2009-03-30 12:26:52 UTC (rev 2947)
+++ trunk/openvas-plugins/scripts/secpod_symantec_pcanywhere_dos_vuln.nasl	2009-03-30 13:53:34 UTC (rev 2948)
@@ -0,0 +1,86 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_symantec_pcanywhere_dos_vuln.nasl 1022 2009-03-26 20:41:29Z mar $
+#
+# Symantec pcAnywhere Format String DoS Vulnerability
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900333);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-0538");
+  script_bugtraq_id(33845);
+  script_name(english:"Symantec pcAnywhere Format String DoS Vulnerability");
+  desc["english"] = "
+
+  Overview: This host is installed with Symantec pcAnywhere and is prone
+  to denial of service vulnerability.
+
+  Vulnerability Insight:
+  Issue exists due to improper processing of format strings within '.CHF'
+  remote control file names or associated file path.
+
+  Impact:
+  Allows a malicious user to crash an affected application, creating a denial
+  of service condition.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Symantec pcAnywhere version 12.5 and prior on Windows.
+
+  Fix: Upgrade to pcAnywhere version 12.5 SP1
+  http://www.symantec.com/norton/symantec-pcanywhere
+
+  References:
+  http://secunia.com/advisories/34305
+  http://www.layereddefense.com/pcanywhere17mar.html
+  http://securityresponse.symantec.com/avcenter/security/Content/2009.03.17.html
+
+  CVSS Score:
+    CVSS Base Score     : 4.6 (AV:L/AC:L/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 3.4
+  Risk factor: Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Symantec pcAnywhere");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_symantec_prdts_detect.nasl");
+  script_require_keys("Symantec/pcAnywhere/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+pcawVer = get_kb_item("Symantec/pcAnywhere/Ver");
+if(!pcawVer){
+  exit(0);
+}
+
+# Check for Symantec pcAnywhere version <= 12.5 (12.5.0.442)
+if(version_is_less_equal(version:pcawVer, test_version:"12.5.0.442")){
+  security_warning(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_symantec_pcanywhere_dos_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_symantec_prdts_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_symantec_prdts_detect.nasl	2009-03-30 12:26:52 UTC (rev 2947)
+++ trunk/openvas-plugins/scripts/secpod_symantec_prdts_detect.nasl	2009-03-30 13:53:34 UTC (rev 2948)
@@ -0,0 +1,79 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_symantec_prdts_detect.nasl 1022 2009-03-26 19:06:24Z mar $
+#
+# Symantec Product(s) Version Detection
+#
+# Authors:
+# Sharath S <sharaths at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900332);
+  script_version("Revision: 1.0 $");
+  script_name(english:"Symantec Product(s) Version Detection");
+  desc["english"] = "
+  Overview: This script detects the installed version of Symantec Product(s)
+  and sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Sets Symantec Product(s) Version in the KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"General");
+  script_dependencies("secpod_reg_enum.nasl");
+  script_require_keys("SMB/WindowsVersion");
+  exit(0);
+}
+
+
+include("smb_nt.inc");
+include("secpod_smb_func.inc");
+
+if(!get_kb_item("SMB/WindowsVersion")){
+  exit(0);
+}
+
+if(!registry_enum_keys(key:"SOFTWARE\Symantec")){
+  exit(0);
+}
+
+key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
+foreach item (registry_enum_keys(key:key))
+{
+  symantecName = registry_get_sz(key:key + item, item:"DisplayName");
+  if("Symantec pcAnywhere" >< symantecName)
+  {
+    pcawVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(pcawVer){
+      set_kb_item(name:"Symantec/pcAnywhere/Ver", value:pcawVer);
+    }
+  }
+
+  if("Norton Internet Security" >< symantecName)
+  {
+    nisVer = registry_get_sz(key:key + item, item:"DisplayVersion");
+    if(nisVer){
+      set_kb_item(name:"Norton/InetSec/Ver", value:nisVer);
+    }
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_symantec_prdts_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_xampp_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xampp_detect.nasl	2009-03-30 12:26:52 UTC (rev 2947)
+++ trunk/openvas-plugins/scripts/secpod_xampp_detect.nasl	2009-03-30 13:53:34 UTC (rev 2948)
@@ -0,0 +1,78 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xampp_detect_win.nasl 1065 2009-03-20 16:25:36Z mar $
+#
+# XAMPP Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900526);
+  script_version("Revision: 1.0 ");
+  script_name(english:"XAMPP Version Detection");
+  desc["english"] = "
+  Overview: This script finds the installed XAMPP version and saves the
+  version in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set the Version of XAMPP in KB");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"General");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80, 8080);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("http_keepalive.inc");
+
+xamppPort = get_kb_item("Services/www");
+if(!xamppPort){
+  exit(0);
+}
+
+foreach path (make_list("/", "/xampp", cgi_dirs()))
+{
+  sndReq = http_get(item:string(path, "/index.php"), port:xamppPort);
+  rcvRes = http_keepalive_send_recv(port:xamppPort, data:sndReq);
+
+  if("XAMPP" >!< rcvRes)
+  {
+    sndReq = http_get(item:string(dir,"/start.php"), port:xamppPort);
+    rcvRes = http_keepalive_send_recv(port:xamppPort, data:sndReq);
+  }
+
+  if("XAMPP" >< rcvRes)
+  {
+    xamppVer = eregmatch(pattern:"XAMPP.* ([0-9.]+)", string:rcvRes);
+    if(xamppVer[1] != NULL)
+    {
+      set_kb_item(name:"www/" + xamppPort + "/XAMPP", value:xamppVer[1]);
+      exit(0);
+    }
+    exit(0);
+  }
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_xampp_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_xampp_mult_csrf_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xampp_mult_csrf_vuln.nasl	2009-03-30 12:26:52 UTC (rev 2947)
+++ trunk/openvas-plugins/scripts/secpod_xampp_mult_csrf_vuln.nasl	2009-03-30 13:53:34 UTC (rev 2948)
@@ -0,0 +1,97 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xampp_mult_csrf_vuln.nasl 1065 2009-03-23 15:13:23Z mar $
+#
+# XAMPP Multiple Cross-Site Request Forgery Vulnerability
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900527);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-6498", "CVE-2008-6499");
+  script_name(english:"XAMPP Multiple Cross-Site Request Forgery Vulnerability");
+  desc["english"] = "
+
+  Overview: The host is installed with XAMPP and is prone to multiple
+  cross-site request forgery vulnerability.
+
+  Vulnerability Insight:
+  Multiple flaws are due to,
+  - Lack of input validation checking for the user-supplied data provided
+    to 'security/xamppsecurity.php' which lets change admin password through
+    CSRF attack.
+  - Input passed to some certain parameters like 'dbserver', 'host', 'password',
+    'database' and 'table' in not properly sanitised before being returned to a
+    user.
+
+  Impact:
+  Successful exploitation will let the attacker execute crafted malicious
+  queries in the vulnerable parameters or can change admin authentication data
+  via crafted CSRF queries.
+
+  Impact Level: Application/Network
+
+  Affected Software/OS:
+  XAMPP version 1.6.8 or prior on all platforms.
+
+  Fix: No solution or patch is available as on 30th March, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.apachefriends.org/en/xampp.htm
+
+  References:
+  http://secunia.com/advisories/32134
+  http://www.milw0rm.com/exploits/7384
+  http://securityreason.com/securityalert/5434
+
+ CVSS Score:
+    CVSS Base Score     : 6.8 (AV:N/AC:M/Au:NR/C:P/I:P/A:P)
+    CVSS Temporal Score : 6.1
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of XAMPP");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Web application abuses");
+  script_dependencies("secpod_xampp_detect.nasl");
+  script_require_ports("Services/www", 80, 8080);
+  exit(0);
+}
+
+
+include("version_func.inc");
+include("http_func.inc");
+
+xamppPort = get_kb_item("Services/www");
+if(!xamppPort){
+  exit(0);
+}
+
+xamppVer = get_kb_item("www/" + xamppPort + "/XAMPP");
+if(!xamppVer){
+  exit(0);
+}
+
+if(version_is_less_equal(version:xamppVer, test_version:"1.6.8")){
+  security_hole(xamppPort);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_xampp_mult_csrf_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

More information about the Openvas-commits mailing list