AXIGEN Web[mail|admin]+[^0-9]+([0-9.]+)

From scm-commit at wald.intevation.org Sat May 2 19:46:36 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Sat, 2 May 2009 19:46:36 +0200 (CEST) Subject: [Openvas-commits] r3224 - in trunk/openvas-plugins: . scripts Message-ID: <20090502174636.8A6B74084C@pyrosoma.intevation.org> Author: mime Date: 2009-05-02 19:46:33 +0200 (Sat, 02 May 2009) New Revision: 3224 Added: trunk/openvas-plugins/scripts/GScripts_cve_2009_1361.nasl trunk/openvas-plugins/scripts/IceWarp_Merak_Mail_Server_34739.nasl trunk/openvas-plugins/scripts/TorrentTrader_cve_2008_1173.nasl trunk/openvas-plugins/scripts/TorrentTrader_detect.nasl trunk/openvas-plugins/scripts/apache_cve_2003_0132.nasl trunk/openvas-plugins/scripts/apache_cve_2004_0747.nasl trunk/openvas-plugins/scripts/axigen_34716.nasl trunk/openvas-plugins/scripts/axigen_web_detect.nasl trunk/openvas-plugins/scripts/coppermine_34782.nasl trunk/openvas-plugins/scripts/coppermine_detect.nasl trunk/openvas-plugins/scripts/drupal_34779.nasl trunk/openvas-plugins/scripts/drupal_detect.nasl trunk/openvas-plugins/scripts/opencart_34724.nasl trunk/openvas-plugins/scripts/opencart_detect.nasl trunk/openvas-plugins/scripts/tiger_dms_34775.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/ChangeLog 2009-05-02 17:46:33 UTC (rev 3224) @@ -1,3 +1,21 @@ +2009-05-02 Michael Meyer + * scripts/TorrentTrader_detect.nasl, + scripts/opencart_detect.nasl, + scripts/axigen_web_detect.nasl, + scripts/drupal_detect.nasl, + scripts/drupal_34779.nasl, + scripts/apache_cve_2004_0747.nasl, + scripts/apache_cve_2003_0132.nasl, + scripts/opencart_34724.nasl, + scripts/axigen_34716.nasl, + scripts/tiger_dms_34775.nasl, + scripts/TorrentTrader_cve_2008_1173.nasl, + scripts/coppermine_34782.nasl, + scripts/coppermine_detect.nasl, + scripts/GScripts_cve_2009_1361.nasl + scripts/IceWarp_Merak_Mail_Server_34739.nasl: + Added new plugins + 2009-04-30 Christian Eric Edjenguele * scripts/remote-Leap_CMS_multi.nasl: New script Added: trunk/openvas-plugins/scripts/GScripts_cve_2009_1361.nasl =================================================================== --- trunk/openvas-plugins/scripts/GScripts_cve_2009_1361.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/GScripts_cve_2009_1361.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,86 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# GScripts.net DNS Tools 'dig.php' Remote Command Execution +# Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100182); + script_bugtraq_id(34559); + script_cve_id("CVE-2009-1361"); + script_version ("1.0"); + + script_name(english:"GScripts.net DNS Tools 'dig.php' Remote Command Execution Vulnerability"); + desc["english"] = " + + Overview: + GScripts.net DNS Tools is prone to a remote command-execution + vulnerability because the software fails to adequately sanitize + user-supplied input. + + Successful attacks can compromise the affected software and possibly + the computer. + + See also: + http://www.securityfocus.com/bid/34559 + + Risk factor : High"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if GScripts.net DNS Tools is vulnerable to remote command-execution"); + script_category(ACT_GATHER_INFO); + script_family(english:"Web application abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dir = make_list("/whois","/dns_tools", cgi_dirs()); + +foreach d (dir) +{ + url = string(d, "/dig.php?ns=||cat%20/etc/passwd&host=openvas.org&query_type=NS&status=digging"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); + if( buf == NULL )continue; + + if (egrep(pattern:"root:.*:0:[01]:.*", string: buf) ) + { + security_hole(port:port, data: desc); + exit(0); + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/GScripts_cve_2009_1361.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/IceWarp_Merak_Mail_Server_34739.nasl =================================================================== --- trunk/openvas-plugins/scripts/IceWarp_Merak_Mail_Server_34739.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/IceWarp_Merak_Mail_Server_34739.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,78 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# IceWarp Merak Mail Server 'Base64FileEncode()' Stack-Based Buffer Overflow Vulnerability +# +# Authors: +# Sujit Ghosal +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(100168); + script_bugtraq_id(34739); + script_copyright(english:"Copyright (C) 2009 Michael Meyer"); + script_version("Revision: 1.0"); + script_category(ACT_GATHER_INFO); + script_family(english:"SMTP problems"); + script_name(english:"IceWarp Merak Mail Server 'Base64FileEncode()' Stack-Based Buffer Overflow Vulnerability"); + script_summary(english:"Check for vulnerable version of IceWarp"); + desc["english"] = " + Overview: + IceWarp Merak Mail Server s prone to a stack-based buffer-overflow + vulnerability because the application fails to bounds-check + user-supplied data before copying it into an insufficiently sized + buffer. + + An attacker could exploit this issue to execute arbitrary code in + the context of the affected application. Failed exploit attempts + will likely result in denial-of-service conditions. + + IceWarp Merak Mail Server 9.4.1 is vulnerable; other versions may + also be affected. + + See also: + http://www.securityfocus.com/bid/34739 + + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_dependencies("find_service.nes"); + script_require_ports("Services/smtp", 25); + exit(0); +} + +include("smtp_func.inc"); + +port = get_kb_item("Services/smtp"); +if(!port){ + port = 25; +} + +if(get_port_state(port)) +{ + response = get_smtp_banner(port); + if("IceWarp" >< response) + { + if(egrep(pattern:"IceWarp 9.4.1" , string:response)){ + security_warning(port); + } + } +} Property changes on: trunk/openvas-plugins/scripts/IceWarp_Merak_Mail_Server_34739.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/TorrentTrader_cve_2008_1173.nasl =================================================================== --- trunk/openvas-plugins/scripts/TorrentTrader_cve_2008_1173.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/TorrentTrader_cve_2008_1173.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# TorrentTrader 'msg' Parameter HTML Injection Vulnerability +# +# Authors +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100181); + script_bugtraq_id(28082); + script_cve_id("CVE-2008-1173"); + script_version ("1.0"); + + script_name(english:"TorrentTrader 'msg' Parameter HTML Injection Vulnerability"); + desc["english"] = " + + Overview: + TorrentTrader is prone to an HTML-injection vulnerability because it + fails to adequately sanitize user-supplied input. + + Attacker-supplied HTML or JavaScript code could run in the context + of the affected site, potentially allowing the attacker to steal + cookie-based authentication credentials and to control how the site + is rendered to the user; other attacks are also possible. + + TorrentTrader Classic 1.08 is affected; other versions may also be vulnerable. + + Solution: + This issue has been addressed in the revision 25/03/08 of Torrent Classic 1.08. + Update to Torrent Classic 1.09. + + See also: + http://www.securityfocus.com/bid/28082 + http://sourceforge.net/project/shownotes.php?group_id=98584&release_id=545219 + http://www.torrenttrader.org/index.php + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if TorrentTrader is vulnerable to HTML Injection"); + script_category(ACT_GATHER_INFO); + script_family(english:"Web application abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("TorrentTrader_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +if(!version = get_kb_item(string("www/", port, "/torrenttrader")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_equal(version: vers, test_version: "1.08")) { + security_warning(port:port); + exit(0); + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/TorrentTrader_cve_2008_1173.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/TorrentTrader_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/TorrentTrader_detect.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/TorrentTrader_detect.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,112 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# TorrentTrader Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc["english"] = " + + Overview: + This host is running TorrentTrader Classic, a PHP/MySQL Based + BitTorrent tracker. + + See also: + http://www.torrenttrader.org/ + + Risk factor : None"; + +if (description) +{ + script_id(100180); + script_version ("1.0"); + + script_name(english:"TorrentTrader Detection"); + + script_description(english:desc["english"]); + script_summary(english:"Checks for the presence of TorrentTrader"); + script_category(ACT_GATHER_INFO); + script_family(english:"Service detection"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/torrent","/tracker",cgi_dirs()); +foreach dir (dirs) { + + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if( egrep(pattern: "Powered by TorrentTrader Classic v[0-9.]+.*www.torrenttrader.org", string: buf, icase: TRUE) ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + + ### try to get version. + + version = eregmatch(pattern: "TorrentTrader Classic v([0-9.]+)", string: buf); + + if(!isnull(version[1])) { + vers = version[1]; + } + + set_kb_item(name: string("www/", port, "/torrenttrader"), value: string(vers," under ",install)); + + info = string("None\n\nTorrentTrader Version '"); + info += vers; + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc["english"], + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); Property changes on: trunk/openvas-plugins/scripts/TorrentTrader_detect.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/apache_cve_2003_0132.nasl =================================================================== --- trunk/openvas-plugins/scripts/apache_cve_2003_0132.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/apache_cve_2003_0132.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,77 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id$ +# +# Apache Web Server Linefeed Memory Allocation Denial Of Service +# Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(100171); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2003-0132"); + script_bugtraq_id(7254); + script_name(english:"Apache Web Server Linefeed Memory Allocation Denial Of Service Vulnerability"); + desc["english"] = " + + Overview: + Apache 2.0 series webservers are prone to a denial-of-service + condition. This issue occurs because of the way that Apache handles + excessive amounts of consecutive linefeed characters. The server + may allocate large amounts of memory, resulting in a denial of + service. + + Solution: + This vulnerability does not affect Apache 2.0.45. Users are advised to upgrade. + + See also: + http://www.securityfocus.com/bid/7254 + http://httpd.apache.org/ + + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for Apache Web Server version"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Michael Meyer"); + script_family(english:"Web application abuses"); + script_dependencies("http_version.nasl", "secpod_apache_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +httpdPort = get_http_port(default:80); +if(!httpdPort){ + exit(0); +} + +version = get_kb_item("www/" + httpdPort + "/Apache"); +if(version != NULL){ + if(version_is_less(version:version, test_version:"2.0.45")){ + security_warning(httpdPort); + } +} Property changes on: trunk/openvas-plugins/scripts/apache_cve_2003_0132.nasl ___________________________________________________________________ Name: svn:executable + * Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/apache_cve_2004_0747.nasl =================================================================== --- trunk/openvas-plugins/scripts/apache_cve_2004_0747.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/apache_cve_2004_0747.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,82 @@ +############################################################################## +# OpenVAS Vulnerability Test +# $Id$ +# +# Apache Web Server Configuration File Environment Variable Local +# Buffer Overflow Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(100172); + script_version("$Revision: 1.0 $"); + script_cve_id("CVE-2004-0747"); + script_bugtraq_id(11182); + script_name(english:"Apache Web Server Configuration File Environment Variable Local Buffer Overflow Vulnerability"); + desc["english"] = " + + Overview: + According to its version number, the remote version of Apache Web + Server is prone to a local buffer-overflow vulnerability that + affects a configuration file environment variable. This occurs + because the application fails to validate user-supplied string + lengths before copying them into finite process buffers. + + An attacker may leverage this issue to execute arbitrary code on + the affected computer with the privileges of the Apache webserver + process. + + Solution: + The vendor has released an upgrade. Please see + http://www.apache.org/dist/httpd/Announcement2.html for more + information. + + See also: + http://www.securityfocus.com/bid/11182 + + Risk factor: Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Check for Apache Web Server version"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Michael Meyer"); + script_family(english:"Web application abuses"); + script_dependencies("http_version.nasl", "secpod_apache_detect.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + + +include("http_func.inc"); +include("version_func.inc"); + +httpdPort = get_http_port(default:80); +if(!httpdPort){ + exit(0); +} + +version = get_kb_item("www/" + httpdPort + "/Apache"); +if(version != NULL){ + if(version_is_less(version:version, test_version:"2.0.51")){ + security_warning(httpdPort); + } +} Property changes on: trunk/openvas-plugins/scripts/apache_cve_2004_0747.nasl ___________________________________________________________________ Name: svn:executable + * Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/axigen_34716.nasl =================================================================== --- trunk/openvas-plugins/scripts/axigen_34716.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/axigen_34716.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,92 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Axigen Mail Server HTML Injection Vulnerability +# +# Authors +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100177); + script_bugtraq_id(34716); + script_version ("1.0"); + + script_name(english:"Axigen Mail Server HTML Injection Vulnerability"); + desc["english"] = " + + Overview: + Axigen Mail Server is prone to an HTML-injection vulnerability + because the application fails to properly sanitize user-supplied + input. + + Attacker-supplied HTML and script code would run in the context of + the affected site, potentially allowing the attacker to steal + cookie-based authentication credentials or to control how the site + is rendered to the user; other attacks are also possible. + + Axigen Mail Server 6.2.2 is vulnerable; other versions may also be + affected. + + Solution: + Reports indicate that fixes are available. Please contact the vendor + for more information. + + See also: + http://www.securityfocus.com/bid/34716 + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if Axigen is vulnerable to HTML Injection"); + script_category(ACT_GATHER_INFO); + script_family(english:"Web application abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("axigen_web_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); + +#if(!version = get_kb_item(string("www/", port, "/axigen")))exit(0); +version = string("7.2.2 under /"); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_equal(version: vers, test_version: "6.2.2")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/axigen_34716.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/axigen_web_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/axigen_web_detect.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/axigen_web_detect.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,110 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Axigen Web Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc["english"] = " + + Overview: + Axigen :::AXIGEN_WEBTOOL::: is running at this Port. + + See also: + http://www.axigen.com/ + + Risk factor : None"; + +if (description) +{ + script_id(100176); + script_version ("1.0"); + + script_name(english:"Axigen Web Detection"); + + script_description(english:desc["english"]); + script_summary(english:"Checks for the presence of Axigen Webmail and Webadmin"); + script_category(ACT_GATHER_INFO); + script_family(english:"Service detection"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); + + url = string("/index.hsp?login="); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + + if( buf == NULL )continue; + if( egrep(pattern: 'Server: Axigen-.*', string: buf, icase: TRUE) ) + { + + app_found = eregmatch(string: buf, pattern: 'Server: Axigen-(Webmail|Webadmin)',icase:TRUE); + + axigen_app = app_found[1]; + + desc = ereg_replace( + string:desc["english"], + pattern:":::AXIGEN_WEBTOOL:::", + replace:axigen_app + ); + + vers = string("unknown"); + + ### try to get version. + version = eregmatch(string: buf, pattern: 'AXIGEN Web[mail|admin]+[^0-9]+([0-9.]+)',icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=version[1]; + } + + set_kb_item(name: string("www/", port, "/axigen"), value: string(vers," under /")); + + info = string("None\n\nAxigen Version '"); + info += string(vers); + info += string("' was detected on the remote host\n"); + + desc = ereg_replace( + string:desc, + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } + +exit(0); Property changes on: trunk/openvas-plugins/scripts/axigen_web_detect.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/coppermine_34782.nasl =================================================================== --- trunk/openvas-plugins/scripts/coppermine_34782.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/coppermine_34782.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,108 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Coppermine Photo Gallery 'css' Parameter Cross-Site Scripting +# Vulnerability +# +# Authors +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100175); + script_bugtraq_id(34782); + script_version ("1.0"); + + script_name(english:"Coppermine Photo Gallery 'css' Parameter Cross-Site Scripting Vulnerability"); + desc["english"] = " + + Overview: + Coppermine Photo Gallery is prone to a cross-site scripting + vulnerability because the application fails to properly sanitize + user-supplied input. + + An attacker may leverage this issue to execute arbitrary script code + in the browser of an unsuspecting user in the context of the + affected site. This may allow the attacker to steal cookie-based + authentication credentials and to launch other attacks. + + Versions prior to Coppermine Photo Gallery 1.4.22 are vulnerable. + + See also: + http://www.securityfocus.com/bid/34782 + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if Coppermine is vulnerable to XSS"); + script_category(ACT_GATHER_INFO); + script_family(english:"Web application abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("coppermine_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +if(!version = get_kb_item(string("www/", port, "/coppermine")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; +dir = matches[2]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_is_less(version: vers, test_version: "1.4.22")) { + VULN = TRUE; + } + +} else { +# No version found, try to exploit. + if(!isnull(dir)) { + + url = string(dir,'/docs/showdoc.php?css=1%3E%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E'); + req = http_get(item:url, port:port); + buf = http_send_recv(port:port, data:req, bodyonly:FALSE); + + if( buf == NULL )exit(0); + if(egrep(pattern:"", string: buf)) + { + VULN = TRUE; + } + } +} + +if(VULN) { + + security_warning(port:port); + exit(0); + +} +exit(0); Property changes on: trunk/openvas-plugins/scripts/coppermine_34782.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/coppermine_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/coppermine_detect.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/coppermine_detect.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,143 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Coppermine Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc["english"] = " + + Overview: + This host is running Coppermine, a web picture gallery script + written in PHP using GD or ImageMagick as image library with a MySQL + backend. + + See also: + http://coppermine-gallery.net/ + + Risk factor : None"; + +if (description) +{ + script_id(100174); + script_version ("1.0"); + + script_name(english:"Coppermine Detection"); + + script_description(english:desc["english"]); + script_summary(english:"Checks for the presence of Coppermine"); + script_category(ACT_GATHER_INFO); + script_family(english:"Service detection"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/coppermine","/gallery",cgi_dirs()); +foreach dir (dirs) { + + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if( + egrep(pattern: 'Powered by ]+Coppermine Photo Gallery', string: buf, icase: TRUE) && + egrep(pattern: 'Set-Cookie: coppermine_data.*', string: buf, icase: TRUE)) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + + ### try to get version. + version = eregmatch(string: buf, pattern: 'Coppermine Photo Gallery ([0-9.]+)',icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=version[1]; + } else { + + version = eregmatch(string: buf, pattern: 'Coppermine version: ([0-9.]+)',icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=version[1]; + } else { + + url = string(dir, "/docs/showdoc.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + + version = eregmatch(string: buf, pattern: 'Coppermine Photo Gallery v([0-9.]+)',icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=version[1]; + } else { + + url = string(dir, "/CHANGELOG"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + + version = eregmatch(string: buf, pattern: 'Release of cpg([0-9.]+)',icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=version[1]; + } + } + } + } + + set_kb_item(name: string("www/", port, "/coppermine"), value: string(vers," under ",install)); + + info = string("None\n\nCoppermine Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc["english"], + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); Property changes on: trunk/openvas-plugins/scripts/coppermine_detect.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/drupal_34779.nasl =================================================================== --- trunk/openvas-plugins/scripts/drupal_34779.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/drupal_34779.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,91 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Drupal HTML Injection and Information Disclosure Vulnerabilities +# +# Authors +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100170); + script_bugtraq_id(34779); + script_version ("1.0"); + + script_name(english:"Drupal HTML Injection and Information Disclosure Vulnerabilities"); + desc["english"] = " + + Overview: + Drupal is prone to a cross-site scripting vulnerability and an + information-disclosure vulnerability. + + An attacker may leverage these issues to obtain potentially + sensitive information, execute arbitrary script code in the browser + of an unsuspecting user in the context of the affected site, steal + cookie-based authentication credentials, or control how the site is + rendered to the user; other attacks are also possible. + + These issues affect the following: + + Drupal 5.x (prior to 5.17) + Drupal 6.x (prior to 6.11) + + See also: + http://www.securityfocus.com/bid/34779 + http://drupal.org/node/449078 + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if Drupal is vulnerable to HTML Injection and Information Disclosure"); + script_category(ACT_GATHER_INFO); + script_family(english:"Web application abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("drupal_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +if(!version = get_kb_item(string("www/", port, "/drupal")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +vers = matches[1]; + +if(!isnull(vers) && vers >!< "unknown") { + + if(version_in_range(version:vers, test_version:"5", test_version2:"5.16") || + version_in_range(version:vers, test_version:"6", test_version2:"6.10")) { + security_warning(port:port); + exit(0); + } + +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/drupal_34779.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/drupal_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/drupal_detect.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/drupal_detect.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,120 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Drupal Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc["english"] = " + + Overview: + This host is running Drupal, an open source content management platform. + + See also: + http://drupal.org/ + + Risk factor : None"; + +if (description) +{ + script_id(100169); + script_version ("1.0"); + + script_name(english:"Drupal Detection"); + + script_description(english:desc["english"]); + script_summary(english:"Checks for the presence of Drupal"); + script_category(ACT_GATHER_INFO); + script_family(english:"General"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/drupal","/cms",cgi_dirs()); + +foreach dir (dirs) { + + url = string(dir, "/update.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if( + egrep(pattern: "Location: .*update\.php\?op=info", string: buf, icase: TRUE) || + (egrep(pattern: "Access denied", string: buf, icase: TRUE) && + egrep(pattern: "drupal", string: buf, icase: TRUE) && + egrep(pattern: "\$access_check", string: buf, icase: TRUE) )) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + + ### try to get version. + + url = string(dir, "/CHANGELOG.txt"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:TRUE); + + version = eregmatch(string: buf, pattern: 'Drupal ([0-9.]+), [0-9]{4}-[0-9]{2}-[0-9]{2}',icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=chomp(version[1]); + } + + set_kb_item(name: string("www/", port, "/drupal"), value: string(vers," under ",install)); + + info = string("None\n\nDrupal Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc["english"], + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); Property changes on: trunk/openvas-plugins/scripts/drupal_detect.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/opencart_34724.nasl =================================================================== --- trunk/openvas-plugins/scripts/opencart_34724.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/opencart_34724.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,96 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# OpenCart 'index.php' Local File Include Vulnerability +# +# Authors +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100179); + script_bugtraq_id(34724); + script_version ("1.0"); + + script_name(english:"OpenCart 'index.php' Local File Include Vulnerability"); + desc["english"] = " + + Overview: + OpenCart is prone to a local file-include vulnerability because it + fails to properly sanitize user-supplied input. + + An attacker can exploit this vulnerability to view files and execute + local scripts in the context of the webserver process. This may aid + in further attacks. + + OpenCart 1.1.8 is vulnerable; other versions may also be affected. + + Solution: + Update to newer Version. See http://www.opencart.com/ for more information. + + See also: + http://www.securityfocus.com/bid/34724 + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if OpenCart is vulnerable to Local File Include"); + script_category(ACT_GATHER_INFO); + script_family(english:"Web application abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("opencart_detect.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +if(!version = get_kb_item(string("www/", port, "/opencart")))exit(0); +if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0); + +dir = matches[2]; + + if(!isnull(dir)) { + + foreach file (make_list("etc/passwd", "boot.ini")) { + url = string(dir, "/index.php?route=../../../../../../../../../../../../../../../", file,"%00"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern:"(root:.*:0:[01]:|\[boot loader\])", string: buf)) + { + security_warning(port:port); + exit(0); + } + } + } + + +exit(0); Property changes on: trunk/openvas-plugins/scripts/opencart_34724.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/opencart_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/opencart_detect.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/opencart_detect.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,107 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# OpenCart Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc["english"] = " + + Overview: + This host is running OpenCart, an open source PHP-based online + shopping cart system. + + See also: + http://www.opencart.com/ + + Risk factor : None"; + +if (description) +{ + script_id(100178); + script_version ("1.0"); + + script_name(english:"OpenCart Detection"); + + script_description(english:desc["english"]); + script_summary(english:"Checks for the presence of OpenCart"); + script_category(ACT_GATHER_INFO); + script_family(english:"Service detection"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/shop","/store","/opencart",cgi_dirs()); +foreach dir (dirs) { + + url = string(dir, "/index.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if( + (egrep(pattern: "Powered By ]+>OpenCart", string: buf, icase: TRUE) || + egrep(pattern: ".* $Powered By OpenCart$", string: buf, icase: TRUE)) && + egrep(pattern: 'Set-Cookie: language=', string: buf, icase: TRUE) ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + + ### try to get version. Seems not to be possible + set_kb_item(name: string("www/", port, "/opencart"), value: string(vers," under ",install)); + + info = string("None\n\nOpenCart "); + info += string("was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc["english"], + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); Property changes on: trunk/openvas-plugins/scripts/opencart_detect.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/tiger_dms_34775.nasl =================================================================== --- trunk/openvas-plugins/scripts/tiger_dms_34775.nasl 2009-04-30 21:55:19 UTC (rev 3223) +++ trunk/openvas-plugins/scripts/tiger_dms_34775.nasl 2009-05-02 17:46:33 UTC (rev 3224) @@ -0,0 +1,104 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# Tiger DMS Login SQL Injection Vulnerability +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100173); + script_bugtraq_id(34775); + script_version ("1.0"); + + script_name(english:"Tiger DMS Login SQL Injection Vulnerability"); + desc["english"] = " + + Overview: + Tiger DMS is prone to an SQL-injection vulnerability because it + fails to sufficiently sanitize user-supplied data before using it in + an SQL query. + + Exploiting this issue could allow an attacker to compromise the + application, access or modify data, or exploit latent + vulnerabilities in the underlying database. + + See also: + http://www.securityfocus.com/bid/34775 + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if Tiger DMS is vulnerable to SQL Injection"); + script_category(ACT_GATHER_INFO); + script_family(english:"Web application abuses"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/dms",cgi_dirs()); +foreach dir (dirs) { + + url = string(dir, "/login.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: 'Powered by ]+>Tiger DMS', string: buf) ) { + sess = eregmatch(pattern: "Set-Cookie: ([a-zA-Z0-9]+)=([a-f0-9]{32})", string: buf); + + variables = string(sess[1],"=",sess[2],"&username=%27%20or%20%271=1&password=%27%20or%20%271=1%27%20limit%201%20--%20&login=Submit"); + filename = string(dir,"/login.php"); + host=get_host_name(); + + req = string( + "POST ", filename, " HTTP/1.1\r\n", + "Referer: ","http://", host, filename, "\r\n", + "Host: ", host, ":", port, "\r\n", + "Content-Type: application/x-www-form-urlencoded\r\n", + "Content-Length: ", strlen(variables), + "\r\n\r\n", + variables + ); +; + result = http_send_recv(port:port, data:req, bodyonly:FALSE); + if( result == NULL )continue; + + if(egrep(pattern: "Location: index.php", string: result)) + { + security_warning(port); + exit(0); + } + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/tiger_dms_34775.nasl ___________________________________________________________________ Name: svn:keyword + ID From scm-commit at wald.intevation.org Mon May 4 08:57:17 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 4 May 2009 08:57:17 +0200 (CEST) Subject: [Openvas-commits] r3225 - in trunk/openvas-plugins: . scripts Message-ID: <20090504065717.E30944080A@pyrosoma.intevation.org> Author: mwiegand Date: 2009-05-04 08:57:16 +0200 (Mon, 04 May 2009) New Revision: 3225 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/remote-Leap_CMS_multi.nasl Log: * scripts/remote-Leap_CMS_multi.nasl: Fixed typo in include. Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-05-02 17:46:33 UTC (rev 3224) +++ trunk/openvas-plugins/ChangeLog 2009-05-04 06:57:16 UTC (rev 3225) @@ -1,3 +1,7 @@ +2009-05-04 Michael Wiegand + + * scripts/remote-Leap_CMS_multi.nasl: Fixed typo in include. + 2009-05-02 Michael Meyer * scripts/TorrentTrader_detect.nasl, scripts/opencart_detect.nasl, Modified: trunk/openvas-plugins/scripts/remote-Leap_CMS_multi.nasl =================================================================== --- trunk/openvas-plugins/scripts/remote-Leap_CMS_multi.nasl 2009-05-02 17:46:33 UTC (rev 3224) +++ trunk/openvas-plugins/scripts/remote-Leap_CMS_multi.nasl 2009-05-04 06:57:16 UTC (rev 3225) @@ -64,7 +64,7 @@ # include("misc_func.inc"); -include("revision-lib.inc"); +include("revisions-lib.inc"); port = get_kb_item("LeapCMS/port"); version = get_kb_item("LeapCMS/version"); From scm-commit at wald.intevation.org Mon May 4 09:29:55 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 4 May 2009 09:29:55 +0200 (CEST) Subject: [Openvas-commits] r3226 - trunk/doc/website Message-ID: <20090504072955.480FC40824@pyrosoma.intevation.org> Author: mwiegand Date: 2009-05-04 09:29:54 +0200 (Mon, 04 May 2009) New Revision: 3226 Modified: trunk/doc/website/openvas-cr-31.htm4 trunk/doc/website/openvas-crs.htm4 Log: Updated status for CR #31. Modified: trunk/doc/website/openvas-cr-31.htm4 =================================================================== --- trunk/doc/website/openvas-cr-31.htm4 2009-05-04 06:57:16 UTC (rev 3225) +++ trunk/doc/website/openvas-cr-31.htm4 2009-05-04 07:29:54 UTC (rev 3226) @@ -29,7 +29,7 @@

OpenVAS Change Request #31: OpenVAS-Server: Remove support for plaintext password storage

-Status: In discussion. +Status: Voted +7. In progress.

Purpose

@@ -138,6 +138,8 @@

History

2009-05-04 Michael Wiegand <michael.wiegand at intevation.de>:
+ Updated status with voting results.
2009-04-29 Michael Wiegand <michael.wiegand at intevation.de>:
Initial text.

Modified: trunk/doc/website/openvas-crs.htm4 =================================================================== --- trunk/doc/website/openvas-crs.htm4 2009-05-04 06:57:16 UTC (rev 3225) +++ trunk/doc/website/openvas-crs.htm4 2009-05-04 07:29:54 UTC (rev 3226) @@ -74,7 +74,7 @@

OpenVAS Change Request #28: OpenVAS Management Protocol (OMP) (in discussion)

OpenVAS Change Request #29: OpenVAS Unified Logging (in discussion)

OpenVAS Change Request #30: OpenVAS Configuration Management Protocol (OMP) (in discussion) -

OpenVAS Change Request #31: OpenVAS-Server: Remove support for plaintext password storage (in discussion) +

OpenVAS Change Request #31: OpenVAS-Server: Remove support for plaintext password storage (in progress)

How to write a change request

From scm-commit at wald.intevation.org Mon May 4 10:55:21 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 4 May 2009 10:55:21 +0200 (CEST) Subject: [Openvas-commits] r3227 - in trunk/openvas-plugins: . scripts Message-ID: <20090504085521.0814C40808@pyrosoma.intevation.org> Author: mime Date: 2009-05-04 10:55:20 +0200 (Mon, 04 May 2009) New Revision: 3227 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/sip_detection.nasl Log: Fixed typo. Added detection of Asterisk PBX Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-05-04 07:29:54 UTC (rev 3226) +++ trunk/openvas-plugins/ChangeLog 2009-05-04 08:55:20 UTC (rev 3227) @@ -1,3 +1,8 @@ +2009-05-04 Michael Meyer + * scripts/sip_detection.nasl: + Fixed typo which prevented detection of sip. + Added detection of Asterisk PBX. + 2009-05-04 Michael Wiegand * scripts/remote-Leap_CMS_multi.nasl: Fixed typo in include. Modified: trunk/openvas-plugins/scripts/sip_detection.nasl =================================================================== --- trunk/openvas-plugins/scripts/sip_detection.nasl 2009-05-04 07:29:54 UTC (rev 3226) +++ trunk/openvas-plugins/scripts/sip_detection.nasl 2009-05-04 08:55:20 UTC (rev 3227) @@ -1,6 +1,8 @@ # # This script was written by Noam Rathaus # +# Modified by Michael Meyer 2009-05-04 +# # See the Nessus Scripts License for details # @@ -107,23 +109,47 @@ if (debug) { display("data: ", data, "\n"); - } +} - if ("SIP/2.0 " >< data) + if ("SIP/2.0" >< data) { if (egrep(pattern: '^Server:', string: data)) { banner = egrep(pattern: '^Server:', string: data); banner -= "Server: "; banner -= string("\r\n"); + } + + else if (egrep(pattern: '^User-Agent:', string: data)) { + + banner = egrep(pattern: '^User-Agent:', string: data); + banner -= "User-Agent: "; + banner -= string("\r\n"); + } + + if( banner ) { if(!get_kb_item("sip/banner/5060")) { set_kb_item(name:"sip/banner/5060", value:banner); } } - desc["english"] += '\n\nPlugin output :\n\n' + banner; + desc["english"] += '\n\nPlugin output :\n\n' + banner + '\n'; + + if(egrep(pattern:"Allow:.*OPTIONS.*", string: data)) { + + OPTIONS = egrep(pattern:"Allow:.*OPTIONS.*", string: data); + OPTIONS -= "Allow: "; + OPTIONS = chomp(OPTIONS); + } + + if(!isnull(OPTIONS)) { + + desc["english"] += '\nSupported Options:\n' + OPTIONS + '\n'; + + } + security_note(port:5060, protocol:"udp", data:desc["english"]); register_service(port: 5060, ipproto: "udp", proto: "sip"); } From scm-commit at wald.intevation.org Mon May 4 13:08:56 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 4 May 2009 13:08:56 +0200 (CEST) Subject: [Openvas-commits] r3228 - in trunk/openvas-client: . nessus src/gui src/util Message-ID: <20090504110856.C8D0B40870@pyrosoma.intevation.org> Author: felix Date: 2009-05-04 13:08:55 +0200 (Mon, 04 May 2009) New Revision: 3228 Added: trunk/openvas-client/src/util/openvas_lsc_user_makensis.c trunk/openvas-client/src/util/openvas_lsc_user_makensis.h Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/MANIFEST trunk/openvas-client/nessus/Makefile trunk/openvas-client/src/gui/ssh_keys_dialog.c trunk/openvas-client/src/util/Makefile Log: Work-in-progress of new .exe export functionality for credentials. This functionality will ease installation of new users to perform local security checks on certain platforms (analog to RPMs). * src/util/openvas_lsc_user_makensis.c, src/util/openvas_lsc_user_makensis.h: New module to create .exe from credentials account information. * src/util/Makefile: Included new module. * src/gui/ssh_keys_dialog.c (ssh_keys_dialog_create_exe_click, ssh_keys_dialog_show): Added Button and callback for click on button. * nessus/Makefile: Included new module. * MANIFEST: Updated. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-05-04 08:55:20 UTC (rev 3227) +++ trunk/openvas-client/ChangeLog 2009-05-04 11:08:55 UTC (rev 3228) @@ -1,3 +1,22 @@ +2009-05-04 Felix Wolfsteller + + Work-in-progress of new .exe export functionality for credentials. + This functionality will ease installation of new users to perform + local security checks on certain platforms (analog to RPMs). + + * src/util/openvas_lsc_user_makensis.c, + src/util/openvas_lsc_user_makensis.h: New module to create .exe from + credentials account information. + + * src/util/Makefile: Included new module. + + * src/gui/ssh_keys_dialog.c (ssh_keys_dialog_create_exe_click, + ssh_keys_dialog_show): Added Button and callback for click on button. + + * nessus/Makefile: Included new module. + + * MANIFEST: Updated. + 2009-04-28 Felix Wolfsteller * src/util/openvas_ssh_rpm.c: Cleaned up, searches for the generator Modified: trunk/openvas-client/MANIFEST =================================================================== --- trunk/openvas-client/MANIFEST 2009-05-04 08:55:20 UTC (rev 3227) +++ trunk/openvas-client/MANIFEST 2009-05-04 11:08:55 UTC (rev 3228) @@ -233,6 +233,8 @@ src/util/file_utils.c src/util/file_utils.h src/util/Makefile +src/util/openvas_lsc_user_makensis.c +src/util/openvas_lsc_user_makensis.h src/util/openvas_ssh_key_create.c src/util/openvas_ssh_key_create.h src/util/openvas_ssh_rpm.c Modified: trunk/openvas-client/nessus/Makefile =================================================================== --- trunk/openvas-client/nessus/Makefile 2009-05-04 08:55:20 UTC (rev 3227) +++ trunk/openvas-client/nessus/Makefile 2009-05-04 11:08:55 UTC (rev 3228) @@ -78,7 +78,8 @@ ../src/util/file_utils.o \ ../src/util/openvas_ssh_rpm.o \ ../src/util/severity_filter.o \ - ../src/openvas-lib/hash_table_file.o + ../src/openvas-lib/hash_table_file.o \ + ../src/util/openvas_lsc_user_makensis.o all : cflags ${make_bindir}/$(NESSUSCLIENT) Modified: trunk/openvas-client/src/gui/ssh_keys_dialog.c =================================================================== --- trunk/openvas-client/src/gui/ssh_keys_dialog.c 2009-05-04 08:55:20 UTC (rev 3227) +++ trunk/openvas-client/src/gui/ssh_keys_dialog.c 2009-05-04 11:08:55 UTC (rev 3228) @@ -254,6 +254,49 @@ } /** + * @brief Attempts building ms installer package (exe) that installs the + * @brief selected user in an ms windows environment. + */ +static void +ssh_keys_dialog_create_exe_click (GtkWidget* parent, GtkWidget* notebook) +{ + /** @TODO Following code duplicate of create_rpm_ click, refactor. */ + const char* selected_account = listnotebook_get_selected (notebook); + openvas_ssh_login* login = g_hash_table_lookup(Global->sshkeys, selected_account); + GtkWidget* file_chooser; + gchar* filename; + + if (login == NULL) + { + show_error ("Cannot find credentials to create RPM for."); + return; + } + + file_chooser = gtk_file_chooser_dialog_new (_("Export to"), + NULL,//GTK_WINDOW(arg_get_value(MainDialog, "WINDOW")), + GTK_FILE_CHOOSER_ACTION_SAVE, + GTK_STOCK_CANCEL, GTK_RESPONSE_CANCEL, + GTK_STOCK_SAVE, GTK_RESPONSE_ACCEPT, + NULL); + gtk_file_chooser_set_do_overwrite_confirmation (GTK_FILE_CHOOSER (file_chooser), TRUE); + gtk_file_chooser_set_current_name (GTK_FILE_CHOOSER (file_chooser), g_build_filename ("installuser.exe", NULL) ); + + if (gtk_dialog_run (GTK_DIALOG (file_chooser)) != GTK_RESPONSE_ACCEPT) + { + gtk_widget_destroy (file_chooser); + // NTBD + return; + } + + filename = gtk_file_chooser_get_filename (GTK_FILE_CHOOSER (file_chooser)); + + // create nsi, makensis + // if( + openvas_lsc_user_makensis (login, filename); + gtk_widget_destroy (file_chooser); +} + +/** * @brief Attempts building RPM packages that install a public key. */ static void @@ -353,6 +396,10 @@ GtkWidget* button_rpm = gtk_button_new_with_label(_("Create RPM")); gtk_box_pack_start (GTK_BOX(buttonbox), button_rpm, TRUE, TRUE, 5); + // MS Windows installer via nsis + GtkWidget* button_exe = gtk_button_new_with_label(_("Create EXE")); + gtk_box_pack_start (GTK_BOX(buttonbox), button_exe, TRUE, TRUE, 5); + // Close dialog button gtk_dialog_add_buttons (GTK_DIALOG(win), GTK_STOCK_CLOSE, GTK_RESPONSE_ACCEPT, NULL); @@ -363,6 +410,8 @@ (GtkSignalFunc) ssh_keys_dialog_delete_login, key_notebook); g_signal_connect (button_rpm, "clicked", (GtkSignalFunc) ssh_keys_dialog_create_rpm_click, key_notebook); + g_signal_connect (button_exe, "clicked", + (GtkSignalFunc) ssh_keys_dialog_create_exe_click, key_notebook); g_signal_connect_swapped (win, "response", G_CALLBACK (gtk_widget_destroy), win); Modified: trunk/openvas-client/src/util/Makefile =================================================================== --- trunk/openvas-client/src/util/Makefile 2009-05-04 08:55:20 UTC (rev 3227) +++ trunk/openvas-client/src/util/Makefile 2009-05-04 11:08:55 UTC (rev 3228) @@ -49,7 +49,7 @@ endif OBJS=openvas_ssh_key_create.o parseutils.o severity_filter.o file_utils.o\ - openvas_ssh_rpm.o + openvas_ssh_rpm.o openvas_lsc_user_makensis.o all : cflags $(OBJS) @@ -74,5 +74,9 @@ severity_filter.o: severity_filter.c severity_filter.h $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c severity_filter.c +openvas_lsc_user_makensis.o: openvas_lsc_user_makensis.c\ + openvas_lsc_user_makensis.h + $(CC) $(CFLAGS) $(OPENVAS_INCLUDE) -c openvas_lsc_user_makensis.c + clean : rm -f *.o cflags Added: trunk/openvas-client/src/util/openvas_lsc_user_makensis.c =================================================================== --- trunk/openvas-client/src/util/openvas_lsc_user_makensis.c 2009-05-04 08:55:20 UTC (rev 3227) +++ trunk/openvas-client/src/util/openvas_lsc_user_makensis.c 2009-05-04 11:08:55 UTC (rev 3228) @@ -0,0 +1,161 @@ +/* OpenVAS-Client + * $Id$ + * Description: Create user install executables for ms windows systems using + * nsis. + * + * Authors: + * Felix Wolfsteller + * + * Copyright: + * Copyright (C) 2009 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +/** + * @file + * + * The OpenVAS Credentials Manager allows the user to create "accounts" that + * are used to perform local checks. + * + * For *nix- systems RPM packages can be created that install the public key of + * the 'account'. + * + * For ms windows systems an executable can be created that installs the user. + * To arrive at a windows executable, the nsis (nulsoft scriptable installer + * system) is used. + * With nsis executables are created from .nsi files with the tool makensis. + */ + +#include "openvas_ssh_login.h" +#include "file_utils.h" +#include "nessus_i18n.h" +#include "error_dlg.h" +#include +#include "includes.h" /* For stdio (function: remove) */ +#include "preferences.h" /* For prefs_get_nessushome */ +#include "context.h" /* For check_is_dir (!) and context_remove_directory (!): @TODO */ +#include "openvas_lsc_user_makensis.h" + +/** @TODO code duplicate of openvas_ssh_rpm.c */ +/** + * @brief Creates a temporary directory to place copy of key and as working + * @brief directory for the RPM generator script. + * + * Default directory is .openvas/.ssh/.tmprpm . + * + * @return Path to the temporary directory if directory successfully created or + * @return exists, NULL in case of error (and will show the error). + */ +static gchar* +create_tmp_dir () +{ + gchar* tmpdir = g_build_filename (prefs_get_nessushome(), ".openvas", ".ssh", + ".tmprpm", NULL); + if (file_utils_ensure_dir(tmpdir) == FALSE) + { + show_error ("Could not create temporary dir %s.", tmpdir); + g_free (tmpdir); + tmpdir = NULL; + } + return tmpdir; +} + +/** + * @brief Writes a nsi file to be used with the 'nulsoft scriptable installer + * @brief system'. + */ +static gboolean +create_nsi_file (gchar* nsifilename, openvas_ssh_login* loginfo, + const gchar* outfilename) +{ + FILE* fd; + fd = fopen (nsifilename, "w"); + if (fd <= 0) + return FALSE; + + // Write part about default section + fprintf (fd, "#Installer name\n"); + fprintf (fd, "outfile "); + fprintf (fd, outfilename); + fprintf (fd, "\n\n"); + + fprintf (fd, "# Set desktop as install directory\n"); + fprintf (fd, "installDir $DESKTOP\n\n"); + + fprintf (fd, "#\n# Default (installer) section.\n#\n"); + fprintf (fd, "section\n\n"); + + fprintf (fd, "# Define output path\n"); + fprintf (fd, "setOutPath $INSTDIR\n\n"); + + fprintf (fd, "# Uninstaller name\n"); + fprintf (fd, "writeUninstaller $INSTDIR\\openvas_lsc_remove_account.exe\n"); + + // # Run cmd to add user + + fprintf (fd, "# Default (install) section end\n"); + fprintf (fd, "sectionEnd\n\n"); + + // Write part about uninstall section + fprintf (fd, "#\n# Uninstaller section.\n#\n"); + fprintf (fd, "section \"Uninstall\"\n\n"); + + // # Run cmd to remove user + + fprintf (fd, "# Uninstaller section end\n"); + fprintf (fd, "sectionEnd\n\n"); + + fclose (fd); + + return FALSE; +} + +/** + * @brief Execute makensis to create an executable installer from a .nsi file. + */ +static gboolean +execute_makensis (gchar* filename) +{ + return FALSE; +} + +/** + * @brief Attempts creation of RPM packages to install a users public key file. + * + * @param loginfo openvas_ssh_login struct to create rpm for. + * + * @return Path to rpm file if successfull, NULL otherwise. + */ +gboolean +openvas_lsc_user_makensis (openvas_ssh_login* loginfo, const gchar* to_filename) +{ + gchar* tmpdir = create_tmp_dir (); + gchar* nsifile = g_build_filename (tmpdir, "lsc_user_installer.nsi", NULL); + create_nsi_file (nsifile, loginfo, to_filename); + execute_makensis (nsifile); + //del tmp dir + return FALSE; +} Added: trunk/openvas-client/src/util/openvas_lsc_user_makensis.h =================================================================== --- trunk/openvas-client/src/util/openvas_lsc_user_makensis.h 2009-05-04 08:55:20 UTC (rev 3227) +++ trunk/openvas-client/src/util/openvas_lsc_user_makensis.h 2009-05-04 11:08:55 UTC (rev 3228) @@ -0,0 +1,46 @@ +/* OpenVAS-Client + * $Id$ + * Description: Create user install executables for ms windows systems using + * nsis. + * + * Authors: + * Felix Wolfsteller + * + * Copyright: + * Copyright (C) 2009 Intevation GmbH + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License version 2, + * or, at your option, any later version as published by the Free + * Software Foundation + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * In addition, as a special exception, you have + * permission to link the code of this program with the OpenSSL + * library (or with modified versions of OpenSSL that use the same + * license as OpenSSL), and distribute linked combinations including + * the two. You must obey the GNU General Public License in all + * respects for all of the code used other than OpenSSL. If you + * modify this file, you may extend this exception to your version + * of the file, but you are not obligated to do so. If you do not + * wish to do so, delete this exception statement from your version. + */ + +#ifndef _OPENVAS_LSC_USER_MAKENSIS_H +#define _OPENVAS_LSC_USER_MAKENSIS_H + +#include +#include "openvas_ssh_login.h" + +gboolean openvas_lsc_user_makensis (openvas_ssh_login* loginfo, + const gchar* to_filename); + +#endif /* _OPENVAS_LSC_NSI_EXPORT_H */ From scm-commit at wald.intevation.org Mon May 4 20:25:04 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Mon, 4 May 2009 20:25:04 +0200 (CEST) Subject: [Openvas-commits] r3229 - in trunk/openvas-plugins: . scripts Message-ID: <20090504182504.A542640844@pyrosoma.intevation.org> Author: mime Date: 2009-05-04 20:25:02 +0200 (Mon, 04 May 2009) New Revision: 3229 Added: trunk/openvas-plugins/scripts/jetty_34800.nasl trunk/openvas-plugins/scripts/webcalendar_detect.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added new plugins Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-05-04 11:08:55 UTC (rev 3228) +++ trunk/openvas-plugins/ChangeLog 2009-05-04 18:25:02 UTC (rev 3229) @@ -1,4 +1,9 @@ 2009-05-04 Michael Meyer + * scripts/webcalendar_detect.nasl + scripts/jetty_34800.nasl: + Added new plugins + +2009-05-04 Michael Meyer * scripts/sip_detection.nasl: Fixed typo which prevented detection of sip. Added detection of Asterisk PBX. Added: trunk/openvas-plugins/scripts/jetty_34800.nasl =================================================================== --- trunk/openvas-plugins/scripts/jetty_34800.nasl 2009-05-04 11:08:55 UTC (rev 3228) +++ trunk/openvas-plugins/scripts/jetty_34800.nasl 2009-05-04 18:25:02 UTC (rev 3229) @@ -0,0 +1,88 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id:$ +# +# Jetty Cross Site Scripting and Information Disclosure +# Vulnerabilities +# +# Authors +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if (description) +{ + script_id(100183); + script_bugtraq_id(34800); + script_version ("1.0"); + + script_name(english:"Jetty Cross Site Scripting and Information Disclosure Vulnerabilities"); + desc["english"] = " + + Overview: + Jetty is prone to a cross-site scripting vulnerability and an + information-disclosure vulnerability. + + An attacker may leverage these issues to execute arbitrary script + code in the browser of an unsuspecting user in the context of the + affected site, steal cookie-based authentication credentials, and + obtain sensitive information. + + Jetty 6.1.16 and prior versions are affected. + + Solution: + The vendor has released an update. See http://jetty.mortbay.org/jetty/index.html + for more information. + + See also: + http://www.securityfocus.com/bid/34800 + + Risk factor : Medium"; + + script_description(english:desc["english"]); + script_summary(english:"Determine if Jetty is vulnerable to XSS and Information Disclosure"); + script_category(ACT_GATHER_INFO); + script_family(english:"Web Servers"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + exit(0); +} + +include("misc_func.inc"); +include("http_func.inc"); +include("version_func.inc"); + +port = get_http_port(default:80); +if(!get_port_state(port)) exit(0); +if(get_kb_item("Services/www/" + port + "/embedded" ))exit(0); + +banner = get_http_banner(port:port); +if (!banner)exit(0); +if(!egrep(pattern:"Server: Jetty", string:banner) ) exit(0); + +version = eregmatch(pattern: "Server: Jetty$([0-9.]+[pre0-9]*)$", string: banner); + +if(!isnull(version[1])) { + if(version_is_less_equal(version: version[1], test_version: "6.1.16")) { + security_warning(port:port); + exit(0); + } +} + +exit(0); Property changes on: trunk/openvas-plugins/scripts/jetty_34800.nasl ___________________________________________________________________ Name: svn:keyword + ID Added: trunk/openvas-plugins/scripts/webcalendar_detect.nasl =================================================================== --- trunk/openvas-plugins/scripts/webcalendar_detect.nasl 2009-05-04 11:08:55 UTC (rev 3228) +++ trunk/openvas-plugins/scripts/webcalendar_detect.nasl 2009-05-04 18:25:02 UTC (rev 3229) @@ -0,0 +1,111 @@ +############################################################################### +# OpenVAS Vulnerability Test +# $Id$ +# +# WebCalendar Detection +# +# Authors: +# Michael Meyer +# +# Copyright: +# Copyright (c) 2009 Michael Meyer +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +# need desc here to modify it later in script. +desc["english"] = " + + Overview: + This host is running WebCalendar, a PHP-based calendar application. + + See also: + http://www.k5n.us/webcalendar.php + + Risk factor : None"; + +if (description) +{ + script_id(100184); + script_version ("1.0"); + + script_name(english:"WebCalendar Detection"); + + script_description(english:desc["english"]); + script_summary(english:"Checks for the presence of WebCalendar"); + script_category(ACT_GATHER_INFO); + script_family(english:"Service detection"); + script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer"); + script_dependencie("find_service.nes", "http_version.nasl"); + script_require_ports("Services/www", 80); + script_exclude_keys("Settings/disable_cgi_scanning"); + exit(0); +} + +include("http_func.inc"); +include("http_keepalive.inc"); +include("global_settings.inc"); + +port = get_http_port(default:80); + +if(!get_port_state(port))exit(0); +if(!can_host_php(port:port))exit(0); + +dirs = make_list("/webcalendar","/calendar",cgi_dirs()); +foreach dir (dirs) { + + url = string(dir, "/login.php"); + req = http_get(item:url, port:port); + buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE); + if( buf == NULL )continue; + + if(egrep(pattern: "WebCalendar", string: buf, icase: TRUE) && + egrep(pattern:"Set-Cookie: webcalendar", string: buf) ) + { + if(strlen(dir)>0) { + install=dir; + } else { + install=string("/"); + } + + vers = string("unknown"); + + ### try to get version. + version = eregmatch(string: buf, pattern: "WebCalendar v([0-9.]+) \(",icase:TRUE); + + if ( !isnull(version[1]) ) { + vers=version[1]; + } + + set_kb_item(name: string("www/", port, "/webcalendar"), value: string(vers," under ",install)); + + info = string("None\n\nWebCalendar Version '"); + info += string(vers); + info += string("' was detected on the remote host in the following directory(s):\n\n"); + info += string(install, "\n"); + + desc = ereg_replace( + string:desc["english"], + pattern:"None$", + replace:info + ); + + if(report_verbosity > 0) { + security_note(port:port,data:desc); + } + exit(0); + + } +} +exit(0); Property changes on: trunk/openvas-plugins/scripts/webcalendar_detect.nasl ___________________________________________________________________ Name: svn:keyword + ID From scm-commit at wald.intevation.org Tue May 5 01:14:05 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 01:14:05 +0200 (CEST) Subject: [Openvas-commits] r3230 - in trunk/openvas-libraries: . packaging/debian Message-ID: <20090504231405.31E174082B@pyrosoma.intevation.org> Author: waja Date: 2009-05-05 01:14:04 +0200 (Tue, 05 May 2009) New Revision: 3230 Modified: trunk/openvas-libraries/ChangeLog trunk/openvas-libraries/packaging/debian/changelog trunk/openvas-libraries/packaging/debian/copyright Log: add copyrights and bump version Modified: trunk/openvas-libraries/ChangeLog =================================================================== --- trunk/openvas-libraries/ChangeLog 2009-05-04 18:25:02 UTC (rev 3229) +++ trunk/openvas-libraries/ChangeLog 2009-05-04 23:14:04 UTC (rev 3230) @@ -1,3 +1,8 @@ +2009-05-05 Jan Wagner + + * packaging/debian/copyright, packaging/debian/changelog: Added some + copyright notices and bumped version number + 2009-04-20 Jan-Oliver Wagner * libopenvas/openvas_server.c (openvas_server_sendf): Fixed forgotten name change. Modified: trunk/openvas-libraries/packaging/debian/changelog =================================================================== --- trunk/openvas-libraries/packaging/debian/changelog 2009-05-04 18:25:02 UTC (rev 3229) +++ trunk/openvas-libraries/packaging/debian/changelog 2009-05-04 23:14:04 UTC (rev 3230) @@ -1,10 +1,14 @@ -openvas-libraries (2.0.1-1) unstable; urgency=low +openvas-libraries (2.0.2-1) unstable; urgency=low + [ Tim Brown ] * New upstream release * Updated the control file to take account of translation work as part of the Smith review project - * Fixed broken linking (linker-libs.dpatch) + * Include dpatch infrastructure + [ Jan Wagner ] + * Add some copyright and author + -- Tim Brown Sun, 22 Feb 2009 02:17:44 +0000 openvas-libraries (2.0.0-2) unstable; urgency=low Modified: trunk/openvas-libraries/packaging/debian/copyright =================================================================== --- trunk/openvas-libraries/packaging/debian/copyright 2009-05-04 18:25:02 UTC (rev 3229) +++ trunk/openvas-libraries/packaging/debian/copyright 2009-05-04 23:14:04 UTC (rev 3230) @@ -17,6 +17,7 @@ (Royal Institute of Technology, Stockholm, Sweden). [snprintf] * Copyright 1988-2002, Patrick Powell, San Diego, CA [proctitle] * Copyright 2001 Niels Provos [share_fd] + * Copyright (C) 2008 Intevation GmbH Other copyrights: @@ -36,6 +37,7 @@ * Michael Wiegand * Tim Brown * Vlatko Kosturjak + * Felix Wolfsteller License: From scm-commit at wald.intevation.org Tue May 5 01:51:53 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 01:51:53 +0200 (CEST) Subject: [Openvas-commits] r3231 - in trunk/openvas-libnasl: . packaging/debian Message-ID: <20090504235153.1E7A640817@pyrosoma.intevation.org> Author: waja Date: 2009-05-05 01:51:49 +0200 (Tue, 05 May 2009) New Revision: 3231 Modified: trunk/openvas-libnasl/ChangeLog trunk/openvas-libnasl/packaging/debian/changelog Log: new version and add last changes Modified: trunk/openvas-libnasl/ChangeLog =================================================================== --- trunk/openvas-libnasl/ChangeLog 2009-05-04 23:14:04 UTC (rev 3230) +++ trunk/openvas-libnasl/ChangeLog 2009-05-04 23:51:49 UTC (rev 3231) @@ -1,3 +1,7 @@ +2009-05-05 Jan Wagner + + * packaging/debian/changelog: Add new version and insert last changes + 2009-04-20 Michael Wiegand * packaging/debian/control: Adjusted overly strict build dependencies Modified: trunk/openvas-libnasl/packaging/debian/changelog =================================================================== --- trunk/openvas-libnasl/packaging/debian/changelog 2009-05-04 23:14:04 UTC (rev 3230) +++ trunk/openvas-libnasl/packaging/debian/changelog 2009-05-04 23:51:49 UTC (rev 3231) @@ -1,3 +1,16 @@ +openvas-libnasl (2.0.1-1) unstable; urgency=low + + [ Jan Wagner ] + * New upstream release + * Update the changelog + + [ Michael Wiegand ] + * Build-Depend on libpcap-dev instead of libpcap0.8-dev and rais to + libopenvas2-dev (>= 2.0.1) + * Set the value for sysconfdir to /etc + + -- Jan Wagner Tue, 05 May 2009 01:26:16 +0200 + openvas-libnasl (2.0.0-2) unstable; urgency=low * Brown paper bug upload: restore changes introduced since 1.0.1-1 From scm-commit at wald.intevation.org Tue May 5 10:12:47 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 10:12:47 +0200 (CEST) Subject: [Openvas-commits] r3232 - in trunk/openvas-libnasl: . packaging/debian packaging/debian/patches Message-ID: <20090505081247.0C8DD4086E@pyrosoma.intevation.org> Author: waja Date: 2009-05-05 10:12:46 +0200 (Tue, 05 May 2009) New Revision: 3232 Added: trunk/openvas-libnasl/packaging/debian/patches/ trunk/openvas-libnasl/packaging/debian/patches/00list trunk/openvas-libnasl/packaging/debian/patches/10_fix_gcrypt.dpatch Modified: trunk/openvas-libnasl/ChangeLog trunk/openvas-libnasl/packaging/debian/changelog trunk/openvas-libnasl/packaging/debian/control trunk/openvas-libnasl/packaging/debian/rules Log: add gcrypt fix Modified: trunk/openvas-libnasl/ChangeLog =================================================================== --- trunk/openvas-libnasl/ChangeLog 2009-05-04 23:51:49 UTC (rev 3231) +++ trunk/openvas-libnasl/ChangeLog 2009-05-05 08:12:46 UTC (rev 3232) @@ -2,6 +2,11 @@ * packaging/debian/changelog: Add new version and insert last changes + * packaging/debian/control, packaging/debian/rules: include dpatch + infrastructure + + * packaging/debian/patches: Add gcrypt fix + 2009-04-20 Michael Wiegand * packaging/debian/control: Adjusted overly strict build dependencies Modified: trunk/openvas-libnasl/packaging/debian/changelog =================================================================== --- trunk/openvas-libnasl/packaging/debian/changelog 2009-05-04 23:51:49 UTC (rev 3231) +++ trunk/openvas-libnasl/packaging/debian/changelog 2009-05-05 08:12:46 UTC (rev 3232) @@ -3,6 +3,8 @@ [ Jan Wagner ] * New upstream release * Update the changelog + * include dpatch infrastructure + * add 10_fix_gcrypt.dpatch [ Michael Wiegand ] * Build-Depend on libpcap-dev instead of libpcap0.8-dev and rais to Modified: trunk/openvas-libnasl/packaging/debian/control =================================================================== --- trunk/openvas-libnasl/packaging/debian/control 2009-05-04 23:51:49 UTC (rev 3231) +++ trunk/openvas-libnasl/packaging/debian/control 2009-05-05 08:12:46 UTC (rev 3232) @@ -3,7 +3,7 @@ Priority: optional Maintainer: Debian OpenVAS Maintainers Uploaders: Tim Brown , Javier Fernandez-Sanguino Pen~a , Jan Wagner -Build-Depends: debhelper (>= 5), autotools-dev, libopenvas2-dev (>= 2.0.1) , libgpgme11-dev (>= 1.1.2), bison, libpcap-dev, libgcrypt11-dev, libgnutls-dev, libglib2.0-dev +Build-Depends: debhelper (>= 5), autotools-dev, libopenvas2-dev (>= 2.0.1) , libgpgme11-dev (>= 1.1.2), bison, libpcap-dev, libgcrypt11-dev, libgnutls-dev, libglib2.0-dev, dpatch Homepage: http://www.openvas.org/ Vcs-Browser: http://wald.intevation.org/plugins/scmsvn/viewcvs.php/trunk/openvas-libnasl/packaging/debian/?root=openvas Vcs-Svn: https://svn.wald.intevation.org/svn/openvas/trunk/openvas-libnasl/packaging/debian/ Added: trunk/openvas-libnasl/packaging/debian/patches/00list =================================================================== --- trunk/openvas-libnasl/packaging/debian/patches/00list 2009-05-04 23:51:49 UTC (rev 3231) +++ trunk/openvas-libnasl/packaging/debian/patches/00list 2009-05-05 08:12:46 UTC (rev 3232) @@ -0,0 +1 @@ +10_fix_gcrypt.dpatch Added: trunk/openvas-libnasl/packaging/debian/patches/10_fix_gcrypt.dpatch =================================================================== --- trunk/openvas-libnasl/packaging/debian/patches/10_fix_gcrypt.dpatch 2009-05-04 23:51:49 UTC (rev 3231) +++ trunk/openvas-libnasl/packaging/debian/patches/10_fix_gcrypt.dpatch 2009-05-05 08:12:46 UTC (rev 3232) @@ -0,0 +1,18 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 10_fix_gcrypt.dpatch by Jan Wagner +## +## DP: add gcrypt to flags + + at DPATCH@ +diff -urNad openvas-libnasl-2.0.1~/nasl/Makefile openvas-libnasl-2.0.1/nasl/Makefile +--- openvas-libnasl-2.0.1~/nasl/Makefile 2009-01-26 08:24:46.000000000 +0100 ++++ openvas-libnasl-2.0.1/nasl/Makefile 2009-05-05 09:46:46.000000000 +0200 +@@ -24,7 +24,7 @@ + + include ../nasl.tmpl + NESSUS_CFLAGS= -I../include $(OPTIMIZE) `$(LIBOPENVASCONFIG) --cflags` `$(GPGME_CONFIG) --cflags` -DNESSUS_EXTENSIONS $(GLIB_CFLAGS) +-NESSUS_LIBS = $(LIBS) `$(LIBOPENVASCONFIG) --libs` `$(GPGME_CONFIG) --libs` $(GLIB_LIBS) ++NESSUS_LIBS = $(LIBS) -lgcrypt `$(LIBOPENVASCONFIG) --libs` `$(GPGME_CONFIG) --libs` $(GLIB_LIBS) + + NESSUS_INCLUDE = $(NESSUS_CFLAGS) $(include) $(DEFS) + Property changes on: trunk/openvas-libnasl/packaging/debian/patches/10_fix_gcrypt.dpatch ___________________________________________________________________ Name: svn:executable + * Modified: trunk/openvas-libnasl/packaging/debian/rules =================================================================== --- trunk/openvas-libnasl/packaging/debian/rules 2009-05-04 23:51:49 UTC (rev 3231) +++ trunk/openvas-libnasl/packaging/debian/rules 2009-05-05 08:12:46 UTC (rev 3232) @@ -21,8 +21,8 @@ endif +include /usr/share/dpatch/dpatch.make - # shared library versions, option 1 version=2.0.5 major=2 @@ -32,7 +32,7 @@ #major=`ls src/.libs/lib*.so.* | \ # awk '{if (match($$0,/\.so\.[0-9]+$$/)) print substr($$0,RSTART+4)}'` -config.status: configure +config.status: patch-stamp configure dh_testdir # Add here commands to configure the package. ifneq "$(wildcard /usr/share/misc/config.sub)" "" @@ -52,7 +52,7 @@ $(MAKE) touch $@ -clean: +clean: unpatch dh_testdir dh_testroot rm -f build-stamp From scm-commit at wald.intevation.org Tue May 5 11:33:03 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 11:33:03 +0200 (CEST) Subject: [Openvas-commits] r3233 - in trunk/openvas-client: . libnessus nessus Message-ID: <20090505093303.176714080B@pyrosoma.intevation.org> Author: felix Date: 2009-05-05 11:33:01 +0200 (Tue, 05 May 2009) New Revision: 3233 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/libnessus/addslashes.c trunk/openvas-client/libnessus/network.c trunk/openvas-client/libnessus/system.c trunk/openvas-client/nessus/cli.c Log: Cosmetics. * libnessus/addslashes.c: Reformatting and doc. * libnessus/network.c: Reformatting, minor doc. * libnessus/system.c: Minor reformatting. * nessus/cli.c: Reformatting, doc, added comment. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-05-05 08:12:46 UTC (rev 3232) +++ trunk/openvas-client/ChangeLog 2009-05-05 09:33:01 UTC (rev 3233) @@ -1,5 +1,17 @@ 2009-05-04 Felix Wolfsteller + Cosmetics. + + * libnessus/addslashes.c: Reformatting and doc. + + * libnessus/network.c: Reformatting, minor doc. + + * libnessus/system.c: Minor reformatting. + + * nessus/cli.c: Reformatting, doc, added comment. + +2009-05-04 Felix Wolfsteller + Work-in-progress of new .exe export functionality for credentials. This functionality will ease installation of new users to perform local security checks on certain platforms (analog to RPMs). Modified: trunk/openvas-client/libnessus/addslashes.c =================================================================== --- trunk/openvas-client/libnessus/addslashes.c 2009-05-05 08:12:46 UTC (rev 3232) +++ trunk/openvas-client/libnessus/addslashes.c 2009-05-05 09:33:01 UTC (rev 3233) @@ -2,20 +2,22 @@ #include - - -/* - * Escapes \n and \r properly. The resulting string - * is copied in another buffer. +/** + * @brief Escapes \\n and \\r \\ properly. The resulting string + * @brief is copied in another buffer and returned. + * + * @param in The string in which to escape newlines, carriage returns and + * backslashes. + * + * @return Parameter in, escaped or NULL if in equals NULL. */ -ExtFunc char * -addslashes(in) - char * in; +ExtFunc char * +addslashes (char* in) { char * ret; char * out; - if ( in == NULL ) return NULL; + if (in == NULL) return NULL; out = malloc(strlen(in) * 2 + 1); bzero(out, strlen(in) * 2 + 1); @@ -47,13 +49,14 @@ return realloc(ret, strlen(ret) + 1); } -/* - * Replaces escape codes (\n, \r) by the real value +/** + * @brief Replaces escape codes (\n, \r) by the real value. + * * The resulting string is stored in another buffer + * @see addslashes */ -ExtFunc char * -rmslashes(in) - char * in; +ExtFunc char * +rmslashes (char * in) { char * out = malloc(strlen(in) + 1); char * ret = out; Modified: trunk/openvas-client/libnessus/network.c =================================================================== --- trunk/openvas-client/libnessus/network.c 2009-05-05 08:12:46 UTC (rev 3232) +++ trunk/openvas-client/libnessus/network.c 2009-05-05 09:33:01 UTC (rev 3233) @@ -47,33 +47,32 @@ #endif - /*----------------------------------------------------------------* * Low-level connection management * *----------------------------------------------------------------*/ - + /** Nessus "FILE" structure */ typedef struct { - int fd; /**< socket number, or whatever */ - int transport; /**< "transport" layer code when stream is encapsultated. - * Negative transport signals a free descriptor */ - int timeout; /**< timeout, in seconds special values: -2 for default */ - int options; /**< Misc options - see libnessus.h */ - - int port; - SSL_CTX* ssl_ctx; /**< SSL context */ - SSL_METHOD* ssl_mt; /**< SSL method */ - SSL* ssl; /**< SSL handler */ - int last_ssl_err; /**< Last SSL error code */ - pid_t pid; /**< Owner - for debugging only */ + int fd; /**< socket number, or whatever */ + int transport; /**< "transport" layer code when stream is encapsultated. + * Negative transport signals a free descriptor */ + int timeout; /**< timeout, in seconds special values: -2 for default */ + int options; /**< Misc options - see libnessus.h */ + + int port; + SSL_CTX* ssl_ctx; /**< SSL context. */ + SSL_METHOD* ssl_mt; /**< SSL method. */ + SSL* ssl; /**< SSL handler. */ + int last_ssl_err; /**< Last SSL error code. */ + pid_t pid; /**< Owner - for debugging only. */ #if 0 - int last_sock_err; /**< last socket level error */ + int last_sock_err;/**< last socket level error */ #endif - char* buf; /**< NULL if unbuffered */ - int bufsz, bufcnt, bufptr; + char* buf; /**< NULL if unbuffered. */ + int bufsz, bufcnt, bufptr; } nessus_connection; -/* +/** * The role of this offset is: * 1. To detect bugs when the program tries to write to a bad fd * 2. See if a fd is a real socket or a "nessus descriptor". This is a @@ -89,11 +88,10 @@ */ #define NESSUS_STREAM(x) (((x - NESSUS_FD_OFF) < NESSUS_FD_MAX) && ((x - NESSUS_FD_OFF) >=0)) - /** * @brief Same as perror(), but prefixes the data by our pid. */ -static int +static int nessus_perror (const char* error) { fprintf(stderr, "[%d] %s : %s\n", getpid(), error, strerror(errno)); @@ -109,7 +107,7 @@ get_connection_fd() { int i; - + for ( i = 0; i < NESSUS_FD_MAX ; i++) { if(connections[i].transport <= 0) /* Not used */ @@ -135,8 +133,8 @@ errno = EINVAL; return -1; } - - + + p = &(connections[fd - NESSUS_FD_OFF]); efree(&p->buf); @@ -146,10 +144,8 @@ if (p->ssl_ctx != NULL) SSL_CTX_free(p->ssl_ctx); -/* - * So far, fd is always a socket. If this is changed in the future, this - * code shall be fixed - */ +/* So far, fd is always a socket. If this is changed in the future, this + * code shall be fixed. */ if (p->fd >= 0) { if (shutdown(p->fd, 2) < 0) @@ -161,7 +157,7 @@ * (ie: http), so we don't show this error by default */ nessus_perror("release_connection_fd: shutdown()"); -#endif +#endif } if (socket_close(p->fd) < 0) nessus_perror("release_connection_fd: close()"); @@ -266,9 +262,8 @@ * its PRNG */ - #if 0 - RAND_screen(); /* Only available under MSWin */ + RAND_screen(); /* Only available under MSWin */ #endif #ifdef EGD_PATH @@ -298,7 +293,7 @@ return -1; RAND_write_file(path); return 0; - } + } return -1; } @@ -404,7 +399,7 @@ } -static int +static int read_stream_connection_unbuffered (int fd, void* buf0, int min_len, int max_len) { int ret, realfd, trp, t, err; @@ -416,7 +411,6 @@ time_t now, then; int select_status; - if (NESSUS_STREAM(fd)) { @@ -791,19 +785,19 @@ /* Trying OS's send() */ openvas_sock_block(fd); - do + do { struct timeval tv = {0,5}; fd_set wr; int e; - + FD_ZERO(&wr); FD_SET(fd, &wr); - + errno = 0; e = select(fd + 1, NULL, &wr, NULL, &tv); - if ( e > 0 ) - n = os_send(fd, data, length, i_opt); + if (e > 0) + n = os_send (fd, data, length, i_opt); else if ( e < 0 && errno == EINTR ) continue; else break; } @@ -812,7 +806,7 @@ fprintf(stderr, "[%d] nsend():send %s\n", getpid(), strerror(errno)); return n; } - + ExtFunc int nrecv (int fd, void* data, int length, int i_opt) { @@ -834,7 +828,6 @@ } while ( e < 0 && errno == EINTR ); return e; } - ExtFunc int close_stream_connection (int fd) @@ -883,7 +876,6 @@ return -1; } - if (openvas_sock_connect(soc, (struct sockaddr*) paddr, sizeof(*paddr)) < 0) { #if debug_SSL > 2 @@ -929,7 +921,7 @@ socket_close(soc); return -1; } - + if (opt == 0) break; #if DEBUG_SSL > 2 @@ -982,20 +974,20 @@ * @brief Reads a text from the socket stream into the argument buffer, always * @brief appending a '\\0' byte. * + * @param buf Buffer to read into. + * * @return Number of bytes read, without the trailing '\\0'. */ ExtFunc int recv_line (int soc, char* buf, size_t bufsiz) { int n, ret = 0; - - /* - * Dirty SSL hack - */ + + /* Dirty SSL hack */ if(NESSUS_STREAM(soc)) { buf[0] = '\0'; - + do { n = read_stream_connection_min (soc, buf + ret, 1, 1); @@ -1004,37 +996,38 @@ case -1 : if(ret == 0) return -1; - else + else return ret; break; - + case 0: return ret; break; - + default : ret ++; } } while (buf [ret-1] != '\0' && buf [ret-1] != '\n' && ret < bufsiz) ; - - if(ret > 0 ) - { - if (buf[ret - 1] != '\0') - { - if ( ret < bufsiz ) - buf[ ret ] = '\0'; - else - buf [ bufsiz - 1 ] = '\0'; - } - } - return ret; + + if (ret > 0 ) + { + if (buf[ret - 1] != '\0') + { + if (ret < bufsiz) + buf[ ret ] = '\0'; + else + buf[ bufsiz - 1 ] = '\0'; + } + } + + return ret; } else { fd_set rd; struct timeval tv; - + do { int e; @@ -1050,26 +1043,26 @@ { n = recv(soc, buf + ret, 1, 0); switch(n) - { - case -1 : - if ( errno == EINTR ) continue; - if(ret == 0) - return -1; - else - return ret; - break; - case 0 : - return ret; - break; - default: - ret ++; + { + case -1 : + if (errno == EINTR) continue; + if (ret == 0) + return -1; + else + return ret; + break; + case 0 : + return ret; + break; + default: + ret ++; } - } + } else break; tv.tv_sec = 1; tv.tv_usec = 0; } while(buf[ret -1 ] != '\0' && buf[ret -1 ] != '\n' && ret < bufsiz); - + if(ret > 0) { if(buf[ret - 1] != '\0') @@ -1081,6 +1074,7 @@ } } } + return ret; } @@ -1125,7 +1119,7 @@ } else sent+=n; } - + if(confirm) { /* Modified: trunk/openvas-client/libnessus/system.c =================================================================== --- trunk/openvas-client/libnessus/system.c 2009-05-05 08:12:46 UTC (rev 3232) +++ trunk/openvas-client/libnessus/system.c 2009-05-05 09:33:01 UTC (rev 3233) @@ -30,11 +30,9 @@ emalloc (size_t size) { void * ptr; - - /* - * Just for our personal safety, we increase the - * size by one - */ + + /* Just for our personal safety, we increase the + * size by one */ if((int)size < 0) { fprintf(stderr, "[%d] Won't allocate a pointer of size %d !\n", getpid(), size); @@ -42,14 +40,11 @@ } size++; - - - /* - * If no memory can be allocated, then wait a little. + + /* If no memory can be allocated, then wait a little. * It's very likely that another nessusd child will free * the size of memory we need. So we make 10 attempts, - * and if nothing happens, then we exit - */ + * and if nothing happens, then we exit. */ ptr = malloc(size); if(!ptr){ #ifndef _WIN32 @@ -72,12 +67,12 @@ return(ptr); } -ExtFunc char * +ExtFunc char * estrdup (const char* str) { char * buf; int len; - + if (!str) return NULL; len = strlen(str); @@ -88,14 +83,15 @@ } -ExtFunc void +ExtFunc void efree (void * ptr) { char ** p = ptr; - if(p && *p){ - free(*p); - *p=NULL; - } + if (p && *p) + { + free(*p); + *p=NULL; + } } ExtFunc void * @@ -122,12 +118,11 @@ ExtFunc size_t -estrlen(s,n) - const char * s; - size_t n; +estrlen (const char * s, size_t n) { size_t i; - for(i = 0; (*(s+i) != '\0' && i < n); i++); + for (i = 0; (*(s+i) != '\0' && i < n); i++); + return i; } Modified: trunk/openvas-client/nessus/cli.c =================================================================== --- trunk/openvas-client/nessus/cli.c 2009-05-05 08:12:46 UTC (rev 3232) +++ trunk/openvas-client/nessus/cli.c 2009-05-05 09:33:01 UTC (rev 3233) @@ -355,8 +355,13 @@ return 0; } -int cli_test_network(cli) - struct cli_args * cli; +/** + * + * @return -1 If targetfile could not be converted to a list or attack failed, + * 0 otherwise. + */ +int +cli_test_network (struct cli_args * cli) { /* If we fail to turn the target file into a list then * We should _NOT_ try to attack anything */ @@ -376,9 +381,11 @@ return -1; } +/** + * @brief Exports a report with the output function set. + */ void -cli_report(cli) - struct cli_args * cli; +cli_report (struct cli_args * cli) { if(!cli->backend_output_func) cli->output(backend_convert(cli->backend), cli->results); @@ -386,10 +393,10 @@ cli->output((struct arglist*)GSIZE_TO_POINTER(cli->backend), cli->results); } - +/* Only difference to addslashes from addslashes.c is that single "'"s are escaped, too. + Should verify if that is of any use and merge. */ static char* -sql_addslashes(in) - char *in; +sql_addslashes (char *in) { char * ret; char * out; From scm-commit at wald.intevation.org Tue May 5 12:03:09 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 12:03:09 +0200 (CEST) Subject: [Openvas-commits] r3234 - in trunk/openvas-config-manager: . src Message-ID: <20090505100309.456A64080B@pyrosoma.intevation.org> Author: mwiegand Date: 2009-05-05 12:03:09 +0200 (Tue, 05 May 2009) New Revision: 3234 Modified: trunk/openvas-config-manager/ChangeLog trunk/openvas-config-manager/src/openvascd.c Log: Added support for setting user rules. Functionality for adding and deleting users and setting user rules is now exposed via the Command Line Interface. Improved message handling. Minor reformatting and cleanup. * src/openvascd.c: (main) Expose new functionality to the command line parser. Make sure pointers are correctly initialized. Reverted exposure of daemon functionality in preparation for the upcoming release. Handle the verbose (-v) flag by suppressing the output of debug messages unless this flag is set. (openvas_config_add_user) Adjusted function definition. Reworked variable allocation and freeing. Don't create a rules directory since it is supposed to be a file. (openvas_config_remove_user) Adjusted function definition. Make sure allocated memory is freed. (openvas_config_set_rules) New. Sets the rules for an existing user. (silence_messages) New. Empty convenience function to suppress log messages. Modified: trunk/openvas-config-manager/ChangeLog =================================================================== --- trunk/openvas-config-manager/ChangeLog 2009-05-05 09:33:01 UTC (rev 3233) +++ trunk/openvas-config-manager/ChangeLog 2009-05-05 10:03:09 UTC (rev 3234) @@ -1,3 +1,22 @@ +2009-05-05 Michael Wiegand + + Added support for setting user rules. Functionality for adding and + deleting users and setting user rules is now exposed via the Command + Line Interface. Improved message handling. Minor reformatting and + cleanup. + + * src/openvascd.c: (main) Expose new functionality to the command line + parser. Make sure pointers are correctly initialized. Reverted exposure + of daemon functionality in preparation for the upcoming release. Handle + the verbose (-v) flag by suppressing the output of debug messages + unless this flag is set. (openvas_config_add_user) Adjusted function + definition. Reworked variable allocation and freeing. Don't create a + rules directory since it is supposed to be a file. + (openvas_config_remove_user) Adjusted function definition. Make sure + allocated memory is freed. (openvas_config_set_rules) New. Sets the + rules for an existing user. (silence_messages) New. Empty convenience + function to suppress log messages. + 2009-04-30 Michael Wiegand Added preliminary support for removing users. This functionality is Modified: trunk/openvas-config-manager/src/openvascd.c =================================================================== --- trunk/openvas-config-manager/src/openvascd.c 2009-05-05 09:33:01 UTC (rev 3233) +++ trunk/openvas-config-manager/src/openvascd.c 2009-05-05 10:03:09 UTC (rev 3234) @@ -76,7 +76,8 @@ print_users_xml (GSList *); gboolean -openvas_config_add_user (gchar *, gchar *, gchar *, const gchar *); +openvas_config_add_user (const gchar *, const gchar *, const gchar *, + const gchar *); gchar * digest_hex (int, const guchar *); @@ -85,7 +86,7 @@ get_password_hashes (int, const gchar *); gboolean -openvas_config_remove_user (gchar *, const gchar *); +openvas_config_remove_user (const gchar *, const gchar *); int remove_recurse (const gchar *); @@ -93,6 +94,12 @@ int check_is_dir (const char *); +gboolean +openvas_config_set_rules (const gchar *, const gchar *, const gchar *); + +void +silence_messages (const gchar *, GLogLevelFlags, const gchar *, gpointer); + /** * @brief Convenience function to produce XML output from key/value pairs of * preferences. @@ -131,9 +138,12 @@ static gboolean print_version = FALSE; static gboolean be_verbose = FALSE; static gboolean daemon = FALSE; - static gchar *command; - static const gchar *users_dir; - static const gchar *config_file; + static gchar *command = NULL; + static const gchar *users_dir = NULL; + static const gchar *config_file = NULL; + static const gchar *name = NULL; + static const gchar *password = NULL; + static const gchar *rules_file = NULL; GError *error = NULL; @@ -144,10 +154,18 @@ "Print version.", NULL }, { "verbose", 'v', 0, G_OPTION_ARG_NONE, &be_verbose, "Verbose messages.", NULL }, + /* Don't expose daemon mode just yet. { "daemon", 'd', 0, G_OPTION_ARG_NONE, &daemon, - "Start in daemon mode.", NULL }, + "Start in daemon mode.", NULL },*/ { "command", 'c', 0, G_OPTION_ARG_STRING, &command, - "OCP command", "" }, + "OCP command (e.g. add_user, remove_user, list_users)", "" }, + { "name", 'n', 0, G_OPTION_ARG_STRING, &name, + "Username when creating, editing or removing a user", "" }, + { "password", 'p', 0, G_OPTION_ARG_STRING, &password, + "Password for the new user", "" }, + { "rules-file", 'r', 0, G_OPTION_ARG_FILENAME, &rules_file, + "File containing the rules for the user", + "" }, { "users-dir", 'u', 0, G_OPTION_ARG_FILENAME, &users_dir, "Directory containing the OpenVAS user data (default: " OPENVAS_USERS_DIR ")", "" }, @@ -164,6 +182,12 @@ g_error ("%s\n\n", error->message); } + if (!be_verbose) + { + g_log_set_handler (NULL, G_LOG_LEVEL_INFO | G_LOG_LEVEL_DEBUG, + silence_messages, NULL); + } + if (users_dir == NULL) { g_debug ("users_dir not set, setting to default."); @@ -188,7 +212,7 @@ if (command) { - GString *response = g_string_new(NULL); + GString *response = g_string_new (NULL); g_strstrip(command); if (g_strcasecmp (command, "list_users") == 0) { @@ -202,6 +226,64 @@ response = print_preferences_xml (all_prefs); g_hash_table_destroy (all_prefs); } + else if (g_strcasecmp (command, "add_user") == 0) + { + if (name == NULL || password == NULL) + { + g_warning ("You need to provide both a username and a password to create a new user."); + exit (EXIT_FAILURE); + } + if (rules_file == NULL) + { + g_warning ("No rules file provided, the new user will have no restrictions."); + } + if (openvas_config_add_user (name, password, rules_file, users_dir)) + { + g_message ("User %s has been successfully created.", name); + exit (EXIT_SUCCESS); + } + else + { + g_warning ("Failed to create user %s!", name); + exit (EXIT_FAILURE); + } + } + else if (g_strcasecmp (command, "remove_user") == 0) + { + if (name == NULL) + { + g_warning ("You need to provide the name of the user to be deleted"); + exit (EXIT_FAILURE); + } + if (openvas_config_remove_user (name, users_dir)) + { + g_message ("User %s has been successfully removed.", name); + exit (EXIT_SUCCESS); + } + else + { + g_warning ("Failed to remove user %s!", name); + exit (EXIT_FAILURE); + } + } + else if (g_strcasecmp (command, "set_rules") == 0) + { + if (name == NULL || rules_file == NULL) + { + g_warning ("You need to provide both the name of the user and the file containing the new rules to set new rules."); + exit (EXIT_FAILURE); + } + if (openvas_config_set_rules (name, rules_file, users_dir)) + { + g_message ("The rules for user %s have been successfully changed.", name); + exit (EXIT_SUCCESS); + } + else + { + g_warning ("Failed to change the rules for user %s!", name); + exit (EXIT_FAILURE); + } + } else { g_string_printf (response, "", command); @@ -382,7 +464,7 @@ users_dir = g_dir_open (directory, 0, &error); if (users_dir == NULL) { - g_debug (error->message); + g_warning (error->message); g_error_free (error); } else @@ -406,7 +488,7 @@ } else { - g_debug ("Could not find %s!", directory); + g_warning ("Could not find %s!", directory); return NULL; } } @@ -450,7 +532,7 @@ } else { - g_debug ("%s", error->message); + g_warning ("%s", error->message); g_key_file_free (config_key_file); g_error_free (error); return NULL; @@ -558,18 +640,18 @@ * * @param name The name of the new user. * @param password The password of the new user. - * @param rules The rules to be applied to the new user. + * @param rules_file A file containing the rules to be applied to the new + * user. * @param directory The directory containing the user directories. * - * \todo TODO: The rules parameter is currently ignored. * \todo TODO: Adding users authenticating with certificates is not yet * implemented. * * @return TRUE if the user has been added successfully, FALSE if not. */ gboolean -openvas_config_add_user (gchar * name, gchar * password, gchar * rules, - const gchar * directory) +openvas_config_add_user (const gchar * name, const gchar * password, + const gchar * rules_file, const gchar * directory) { if (g_file_test (directory, G_FILE_TEST_EXISTS) && g_file_test (directory, G_FILE_TEST_IS_DIR)) @@ -579,58 +661,98 @@ if (g_file_test (user_dir_name, G_FILE_TEST_EXISTS) && g_file_test (user_dir_name, G_FILE_TEST_IS_DIR)) { - g_debug ("User %s already exists!", name); + g_warning ("User %s already exists!", name); g_free (user_dir_name); return FALSE; } else { - gchar *user_auth_dir_name = g_build_filename (user_dir_name, "auth", NULL); - gchar *user_rules_dir_name = g_build_filename (user_dir_name, "rules", NULL); - gchar *user_hash_file_name = g_build_filename (user_auth_dir_name, "hash", NULL); + gchar *rules = NULL; GError *error = NULL; - if (g_mkdir (user_dir_name, 0700) != 0) + if (rules_file != NULL) { - g_debug ("Could not create %s!", user_dir_name); - return FALSE; + if (!g_file_test (rules_file, G_FILE_TEST_EXISTS)) + { + g_warning ("Could not find rules file %s!", rules_file); + g_free (user_dir_name); + return FALSE; + } + if (!g_file_get_contents (rules_file, &rules, NULL, &error)) + { + g_warning ("Could not read contents of %s!", rules_file); + g_warning ("%s", error->message); + g_error_free (error); + g_free (user_dir_name); + return FALSE; + } } - if (g_mkdir (user_auth_dir_name, 0700) != 0) + gchar *user_auth_dir_name = g_build_filename (user_dir_name, "auth", NULL); + gchar *user_rules_file_name = g_build_filename (user_auth_dir_name, "rules", NULL); + gchar *user_hash_file_name = g_build_filename (user_auth_dir_name, "hash", NULL); + gboolean directories_created = TRUE; + + if (g_mkdir (user_dir_name, 0700) != 0) { - g_debug ("Could not create %s!", user_auth_dir_name); - return FALSE; + g_warning ("Could not create %s!", user_dir_name); + directories_created = FALSE; } - - if (g_mkdir (user_rules_dir_name, 0700) != 0) + else if (g_mkdir (user_auth_dir_name, 0700) != 0) { - g_debug ("Could not create %s!", user_rules_dir_name); - return FALSE; + g_warning ("Could not create %s!", user_auth_dir_name); + directories_created = FALSE; } + if (!directories_created) { + g_free (user_dir_name); + g_free (user_auth_dir_name); + g_free (user_rules_file_name); + g_free (user_hash_file_name); + g_warning ("Failed to set up user directories for user %s", name); + return FALSE; + } + gchar * hashes_out = get_password_hashes (GCRY_MD_MD5, password); if (!g_file_set_contents (user_hash_file_name, hashes_out, -1, &error)) { - g_debug ("%s", error->message); + g_warning ("%s", error->message); g_error_free (error); + g_free (hashes_out); + g_free (user_dir_name); + g_free (user_auth_dir_name); + g_free (user_rules_file_name); + g_free (user_hash_file_name); return FALSE; } g_chmod (user_hash_file_name, 0600); + if (!g_file_set_contents (user_rules_file_name, rules, -1, &error)) + { + g_warning ("%s", error->message); + g_error_free (error); + g_free (hashes_out); + g_free (user_dir_name); + g_free (user_auth_dir_name); + g_free (user_rules_file_name); + g_free (user_hash_file_name); + return FALSE; + } + g_chmod (user_rules_file_name, 0600); + g_free (hashes_out); + g_free (user_dir_name); g_free (user_auth_dir_name); - g_free (user_rules_dir_name); + g_free (user_rules_file_name); g_free (user_hash_file_name); - g_debug ("User %s created successfully!", name); - g_free (user_dir_name); return TRUE; } } else { - g_debug ("Could not find %s!", directory); + g_warning ("Could not find %s!", directory); return FALSE; } } @@ -652,7 +774,7 @@ gcry_error_t err = gcry_md_test_algo (gcrypt_algorithm); if (err != 0) { - g_debug ("Could not select gcrypt algorithm: %s", + g_warning ("Could not select gcrypt algorithm: %s", gcry_strerror (err)); return NULL; } @@ -693,7 +815,7 @@ gcry_error_t err = gcry_md_test_algo (gcrypt_algorithm); if (err != 0) { - g_debug ("Could not select gcrypt algorithm: %s", + g_warning ("Could not select gcrypt algorithm: %s", gcry_strerror (err)); return NULL; } @@ -735,7 +857,7 @@ * @return TRUE if the user has been removed successfully, FALSE if not. */ gboolean -openvas_config_remove_user (gchar * name, const gchar * directory) +openvas_config_remove_user (const gchar * name, const gchar * directory) { if (g_file_test (directory, G_FILE_TEST_EXISTS) && g_file_test (directory, G_FILE_TEST_IS_DIR)) @@ -747,23 +869,26 @@ { if (remove_recurse (user_dir_name) == 0) { + g_free (user_dir_name); return TRUE; } else { - g_debug ("Failed to remove %s!", user_dir_name); + g_warning ("Failed to remove %s!", user_dir_name); + g_free (user_dir_name); return FALSE; } } else { - g_debug ("User %s does not exist!", name); + g_free (user_dir_name); + g_warning ("User %s does not exist!", name); return FALSE; } } else { - g_debug ("Could not find %s!", directory); + g_warning ("Could not find %s!", directory); return FALSE; } } @@ -790,7 +915,7 @@ if (directory == NULL) { - g_debug ("g_dir_open(%s) failed - %s\n", pathname, error->message); + g_warning ("g_dir_open(%s) failed - %s\n", pathname, error->message); g_error_free (error); // errno should be set when we return -1 to maintain remove() // compatibility. @@ -806,10 +931,12 @@ ret = remove_recurse (g_build_filename (pathname, entry, NULL)); if (ret != 0) { - g_debug ("Failed to remove %s from %s!", entry, pathname); + g_warning ("Failed to remove %s from %s!", entry, pathname); + g_dir_close (directory); return ret; } } + g_dir_close (directory); } } @@ -834,13 +961,94 @@ { struct stat sb; - if (stat(name, &sb)) + if (stat (name, &sb)) { return -1; } else { - return (S_ISDIR(sb.st_mode)); + return (S_ISDIR (sb.st_mode)); } } +/** + * @brief Sets the rules for an existing user. + * + * @param name The name of the new user. + * @param rules_file A file containing the new rules to be applied to the + * user. Note that the new rules will overwrite all old rules. + * @param directory The directory containing the user directories. + * + * @return TRUE if the rules have been changed successfully, FALSE if not. + */ +gboolean +openvas_config_set_rules (const gchar * name, const gchar * rules_file, + const gchar * directory) +{ + if (name == NULL || rules_file == NULL) + { + g_warning ("Missing name or rules_file!"); + return FALSE; + } + if (g_file_test (directory, G_FILE_TEST_EXISTS) && + g_file_test (directory, G_FILE_TEST_IS_DIR)) + { + gchar *user_dir_name = g_build_filename (directory, name, NULL); + + if (g_file_test (user_dir_name, G_FILE_TEST_EXISTS) && + g_file_test (user_dir_name, G_FILE_TEST_IS_DIR)) + { + gchar *new_rules = NULL; + GError *error = NULL; + gchar *user_rules_file_name = NULL; + + if (!g_file_test (rules_file, G_FILE_TEST_EXISTS)) + { + g_warning ("Could not find rules file %s!", rules_file); + g_free (user_dir_name); + return FALSE; + } + if (!g_file_get_contents (rules_file, &new_rules, NULL, &error)) + { + g_warning ("Could not read contents of %s!", rules_file); + g_warning ("%s", error->message); + g_error_free (error); + g_free (user_dir_name); + return FALSE; + } + + user_rules_file_name = g_build_filename (user_dir_name, "auth", "rules", NULL); + + if (!g_file_set_contents (user_rules_file_name, new_rules, -1, &error)) + { + g_warning ("%s", error->message); + g_error_free (error); + g_free (user_dir_name); + g_free (user_rules_file_name); + return FALSE; + } + g_chmod (user_rules_file_name, 0600); + + g_free (user_rules_file_name); + g_free (user_dir_name); + return TRUE; + } + else + { + g_warning ("User %s does not exist!", name); + g_free (user_dir_name); + return FALSE; + } + } + else + { + g_warning ("Could not find %s!", directory); + return FALSE; + } +} + +void +silence_messages (const gchar *log_domain, GLogLevelFlags log_level, + const gchar *message, gpointer user_data) +{ +} From scm-commit at wald.intevation.org Tue May 5 12:35:49 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 12:35:49 +0200 (CEST) Subject: [Openvas-commits] r3236 - in trunk/openvas-plugins: . scripts Message-ID: <20090505103549.8DA604082B@pyrosoma.intevation.org> Author: chandra Date: 2009-05-05 12:35:44 +0200 (Tue, 05 May 2009) New Revision: 3236 Modified: trunk/openvas-plugins/ChangeLog trunk/openvas-plugins/scripts/gather-package-list.nasl Log: Added HP-UX support Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-05-05 10:14:23 UTC (rev 3235) +++ trunk/openvas-plugins/ChangeLog 2009-05-05 10:35:44 UTC (rev 3236) @@ -1,4 +1,8 @@ 2009-05-05 Chandrashekhar B + * scripts/gather-package-list.nasl: + Added HP-UX support + +2009-05-05 Chandrashekhar B * scripts/gb_hp_ux_HPSBUX02365.nasl scripts/gb_hp_ux_HPSBUX01137.nasl scripts/gb_hp_ux_HPSBUX02082.nasl Modified: trunk/openvas-plugins/scripts/gather-package-list.nasl =================================================================== --- trunk/openvas-plugins/scripts/gather-package-list.nasl 2009-05-05 10:14:23 UTC (rev 3235) +++ trunk/openvas-plugins/scripts/gather-package-list.nasl 2009-05-05 10:35:44 UTC (rev 3236) @@ -798,6 +798,121 @@ # Non GNU/Linux platforms: + +## HP-UX Operating System + +if ("HP-UX" >< uname){ + rls = ssh_cmd(socket:sock, cmd:"uname -r"); +} + +if("10.01"> Author: felix Date: 2009-05-05 13:01:20 +0200 (Tue, 05 May 2009) New Revision: 3237 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/src/util/openvas_lsc_user_makensis.c Log: Can noe build executable with nsis that installs a user on win xp machines if executed with admin rights. * src/util/openvas_lsc_user_makensis.c (execute_makensis): Executes makensis on a given (.nis) file. * src/util/openvas_lsc_user_makensis.c (create_nsi_file): Adjusted resulting nsi script, so that it calls 'net user ...' in install and uninstall process, todos added. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-05-05 10:35:44 UTC (rev 3236) +++ trunk/openvas-client/ChangeLog 2009-05-05 11:01:20 UTC (rev 3237) @@ -1,5 +1,17 @@ -2009-05-04 Felix Wolfsteller +2009-05-05 Felix Wolfsteller + Can now build executable with nsis that installs a user on win xp + machines if executed with admin rights. + + * src/util/openvas_lsc_user_makensis.c (execute_makensis): Executes + makensis on a given (.nis) file. + + * src/util/openvas_lsc_user_makensis.c (create_nsi_file): Adjusted + resulting nsi script, so that it calls 'net user ...' in install and + uninstall process, todos added. + +2009-05-05 Felix Wolfsteller + Cosmetics. * libnessus/addslashes.c: Reformatting and doc. Modified: trunk/openvas-client/src/util/openvas_lsc_user_makensis.c =================================================================== --- trunk/openvas-client/src/util/openvas_lsc_user_makensis.c 2009-05-05 10:35:44 UTC (rev 3236) +++ trunk/openvas-client/src/util/openvas_lsc_user_makensis.c 2009-05-05 11:01:20 UTC (rev 3237) @@ -44,9 +44,17 @@ * the 'account'. * * For ms windows systems an executable can be created that installs the user. - * To arrive at a windows executable, the nsis (nulsoft scriptable installer + * To arrive at a windows executable, the nsis (Nullsoft scriptable installer * system) is used. * With nsis executables are created from .nsi files with the tool makensis. + * + * Users are managed on ms windos systems using 'net': + at verbatim + net user /add /active:yes + net user /delete + // Currently not done: + net localgroup / + at endverbatim */ #include "openvas_ssh_login.h" @@ -84,20 +92,21 @@ } /** - * @brief Writes a nsi file to be used with the 'nulsoft scriptable installer + * @brief Writes a nsi file to be used with the 'Nullsoft scriptable installer * @brief system'. */ static gboolean -create_nsi_file (gchar* nsifilename, openvas_ssh_login* loginfo, +create_nsi_file (const gchar* nsifilename, const openvas_ssh_login* loginfo, const gchar* outfilename) { FILE* fd; + fd = fopen (nsifilename, "w"); if (fd <= 0) return FALSE; // Write part about default section - fprintf (fd, "#Installer name\n"); + fprintf (fd, "#Installer filename\n"); fprintf (fd, "outfile "); fprintf (fd, outfilename); fprintf (fd, "\n\n"); @@ -107,15 +116,22 @@ fprintf (fd, "#\n# Default (installer) section.\n#\n"); fprintf (fd, "section\n\n"); + /** TODO check if we have admin rights, fail with a message if not */ fprintf (fd, "# Define output path\n"); fprintf (fd, "setOutPath $INSTDIR\n\n"); fprintf (fd, "# Uninstaller name\n"); - fprintf (fd, "writeUninstaller $INSTDIR\\openvas_lsc_remove_account.exe\n"); + fprintf (fd, "writeUninstaller $INSTDIR\\openvas_lsc_remove_%s.exe\n\n", + loginfo->username); - // # Run cmd to add user + fprintf (fd, "# Run cmd to add user\n"); + /** TODO pick up return value, fail with a message if bad */ + fprintf (fd, "ExecWait \"net user %s %s /add /active:yes\"\n\n", + loginfo->username, loginfo->userpassword); + /** TODO Display message that everything seems to be fine */ + fprintf (fd, "# Default (install) section end\n"); fprintf (fd, "sectionEnd\n\n"); @@ -123,8 +139,14 @@ fprintf (fd, "#\n# Uninstaller section.\n#\n"); fprintf (fd, "section \"Uninstall\"\n\n"); - // # Run cmd to remove user + fprintf (fd, "# Run cmd to remove user\n"); + /** TODO pick up return value, fail with a message if bad */ + fprintf (fd, "ExecWait \"net user %s /delete\"\n\n", + loginfo->username); + /** @TODO Uninstaller should remove itself */ + fprintf (fd, "# Unistaller should remove itself (from desktop/installdir)\n\n"); + fprintf (fd, "# Uninstaller section end\n"); fprintf (fd, "sectionEnd\n\n"); @@ -137,9 +159,41 @@ * @brief Execute makensis to create an executable installer from a .nsi file. */ static gboolean -execute_makensis (gchar* filename) +execute_makensis (const gchar* filename) { - return FALSE; + gchar** cmd; + gint exit_status; + + cmd = (gchar **) g_malloc (3 * sizeof (gchar *)); + + cmd[0] = g_strdup ("makensis"); + cmd[1] = g_strdup (filename); + cmd[2] = NULL; + printf ("--- executing makensis.\n"); + if (g_spawn_sync (".", + cmd, + NULL, // env + G_SPAWN_SEARCH_PATH, + NULL, // setup func + NULL, + NULL, + NULL, + &exit_status, + NULL ) == FALSE + || exit_status != 0) + { + show_error(_("Error (%d) creating the rpm with.\n" + "For further information consult your shell."), exit_status, cmd); + exit_status = -1; + } + + g_free (cmd[0]); + g_free (cmd[1]); + g_free (cmd[2]); + g_free (cmd); + + printf ("--- makensis finished happily.\n"); + return (exit_status == 0); } /** @@ -152,10 +206,21 @@ gboolean openvas_lsc_user_makensis (openvas_ssh_login* loginfo, const gchar* to_filename) { - gchar* tmpdir = create_tmp_dir (); + gboolean success = FALSE; + /* + // Check if makensis is found in path + gchar* makensis_path = g_find_program_in_path ("makensis"); + + if (makensis_path == NULL) + { + show_error ("makensis not found."); + return FALSE; + } + */ + gchar* tmpdir = create_tmp_dir (); gchar* nsifile = g_build_filename (tmpdir, "lsc_user_installer.nsi", NULL); create_nsi_file (nsifile, loginfo, to_filename); - execute_makensis (nsifile); - //del tmp dir - return FALSE; + success = execute_makensis (nsifile); + /** @TODO delete tmp dir and contents */ + return success; } From scm-commit at wald.intevation.org Tue May 5 13:16:43 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 13:16:43 +0200 (CEST) Subject: [Openvas-commits] r3238 - in trunk/openvas-client: . packaging/debian packaging/debian/patches Message-ID: <20090505111643.96B8D407DD@pyrosoma.intevation.org> Author: waja Date: 2009-05-05 13:16:43 +0200 (Tue, 05 May 2009) New Revision: 3238 Added: trunk/openvas-client/packaging/debian/patches/02_de-fix.dpatch Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/packaging/debian/changelog trunk/openvas-client/packaging/debian/copyright trunk/openvas-client/packaging/debian/patches/00list Log: Update changelog and fix german translation Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-05-05 11:01:20 UTC (rev 3237) +++ trunk/openvas-client/ChangeLog 2009-05-05 11:16:43 UTC (rev 3238) @@ -1,3 +1,12 @@ +2009-05-05 Jan Wagner + + Update debian packaging + + * patches/02_de-fix.dpatch, patches/00list, changelog: Fix german + translation + + * copyright, changelog: Update changelog for new upstream code + 2009-05-05 Felix Wolfsteller Can now build executable with nsis that installs a user on win xp Modified: trunk/openvas-client/packaging/debian/changelog =================================================================== --- trunk/openvas-client/packaging/debian/changelog 2009-05-05 11:01:20 UTC (rev 3237) +++ trunk/openvas-client/packaging/debian/changelog 2009-05-05 11:16:43 UTC (rev 3238) @@ -1,3 +1,11 @@ +openvas-client (2.0.3-1) unstable; urgency=low + + * New upstream release + * Update changelog for new code + * add debian/patches/02_de-fix.dpatch to fix german translation + + -- Jan Wagner Tue, 05 May 2009 11:45:56 +0200 + openvas-client (2.0.1-2) unstable; urgency=low * Brown paper bag release: Integrate changes missing in previous upload which @@ -3,17 +11,17 @@ had been introduced after 1.0.3-2. * Do not patch nessus/Makefile with gdchart0.94b (we didn't intend to) - * Remove from 01_libgdchart-gd2-noxpm-dev.dpatch patch the changes to + * Remove from 01_libgdchart-gd2-noxpm-dev.dpatch patch the changes to nessus/Makefile: - - Removal of gdchart0.94b targets + - Removal of gdchart0.94b targets - Add -lgdc, as it is already defined by the configure script by setting GDC_LIB The rest of the patch remains there since otherwise the pie charts would end up ugly (background edges visible, see - http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326502). + http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=326502). -- Javier Fernandez-Sanguino Pen~a Fri, 16 Jan 2009 01:19:17 +0100 openvas-client (2.0.1-1) unstable; urgency=low - * New upstream version. + * New upstream version. -- Javier Fernandez-Sanguino Pen~a Fri, 02 Jan 2009 01:43:18 +0100 Modified: trunk/openvas-client/packaging/debian/copyright =================================================================== --- trunk/openvas-client/packaging/debian/copyright 2009-05-05 11:01:20 UTC (rev 3237) +++ trunk/openvas-client/packaging/debian/copyright 2009-05-05 11:16:43 UTC (rev 3238) @@ -8,7 +8,7 @@ Copyright: - OpenVAS GUI and documentation: - * Copyright (C) 2004, 2005, 2007 Intevation GmbH + * Copyright (C) 2004, 2005, 2007-2009 Intevation GmbH * Copyright (C) 2005 by DN-Systems GmbH * Copyright (C) 1998-2006 Renaud Deraison * Copyright (C) 1993 Free Software Foundation, Inc [regex library] @@ -51,6 +51,8 @@ * Michael Arboi [ssl] * Michael Wiegand * Tim Brown + * Felix Wolfsteller + * Joey Schulze - Translations: * Marco Fradin [fr] Modified: trunk/openvas-client/packaging/debian/patches/00list =================================================================== --- trunk/openvas-client/packaging/debian/patches/00list 2009-05-05 11:01:20 UTC (rev 3237) +++ trunk/openvas-client/packaging/debian/patches/00list 2009-05-05 11:16:43 UTC (rev 3238) @@ -1 +1,2 @@ 01_libgdchart-gd2-noxpm-dev.dpatch +02_de-fix.dpatch Added: trunk/openvas-client/packaging/debian/patches/02_de-fix.dpatch =================================================================== --- trunk/openvas-client/packaging/debian/patches/02_de-fix.dpatch 2009-05-05 11:01:20 UTC (rev 3237) +++ trunk/openvas-client/packaging/debian/patches/02_de-fix.dpatch 2009-05-05 11:16:43 UTC (rev 3238) @@ -0,0 +1,69 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## 02_de-fix.dpatch by Jan Wagner +## +## DP: Fix german translation + + at DPATCH@ +diff -urNad openvas-client-2.0.3~/po/de.po openvas-client-2.0.3/po/de.po +--- openvas-client-2.0.3~/po/de.po 2009-04-16 08:12:06.000000000 +0200 ++++ openvas-client-2.0.3/po/de.po 2009-05-05 12:59:10.000000000 +0200 +@@ -545,12 +545,12 @@ + msgstr "Unbekanntes Berichtsformat - bitte geben Sie eine Dateierweiterung an." + + #: nessus/backend.c:651 +-#, fuzzy + msgid "" + "This file format can not be read back by the OpenVAS-Client.\n" + "Please provide a nbe file." + msgstr "" +-"Dieses Dateiformat kann nicht erneut in den OpenVAS-Client geladen werden" ++"Dieses Dateiformat kann nicht erneut in den OpenVAS-Client geladen werden." ++"Bitte w?hlen Sie eine Datei im NBE-Format aus." + + #: nessus/filter.c:66 nessus/filter.c:79 + msgid "Filter plugins..." +@@ -612,7 +612,7 @@ + msgstr "Regul?rer Ausdruck ung?ltig" + + #: nessus/parser.c:293 +-#, fuzzy, c-format ++#, c-format + msgid "" + "\n" + "Priority changed from %s to %s\n" +@@ -1532,7 +1532,6 @@ + msgstr "OK" + + #: nessus/sslui.c:194 +-#, fuzzy + msgid "" + "Please choose your level of SSL paranoia (Hint: if you want to manage\n" + "many servers from your client, choose 2. Otherwise, choose 1. Or 3,\n" +@@ -1708,7 +1707,6 @@ + msgstr "E_xtras" + + #: nessus/prefs_dialog/prefs_dialog.c:593 +-#, fuzzy + msgid "SLAD _Install Manager" + msgstr "SLAD _Installieren" + +@@ -2557,7 +2555,7 @@ + "The severity of this NVT has been mapped from %s!\n" + "\n" + msgstr "" +-"Der Schweregrad dieses NVTs wurde ?bersteuert (von %s nach %s)!\n" ++"Der Schweregrad dieses NVTs wurde ?bersteuert (von %s)!\n" + + + #: nessus/prefs_dialog/prefs_report.c:717 +@@ -2798,9 +2796,8 @@ + msgstr "Niedrig" + + #: nessus/prefs_dialog/prefs_scope_tree.c:913 +-#, fuzzy + msgid "FP" +-msgstr "FM" ++msgstr "FP" + + #: nessus/prefs_dialog/prefs_scope_tree.c:925 + msgid "Log" Property changes on: trunk/openvas-client/packaging/debian/patches/02_de-fix.dpatch ___________________________________________________________________ Name: svn:executable + * From scm-commit at wald.intevation.org Tue May 5 13:26:18 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 13:26:18 +0200 (CEST) Subject: [Openvas-commits] r3239 - in trunk/openvas-client: . src/gui Message-ID: <20090505112618.5C83E407DD@pyrosoma.intevation.org> Author: felix Date: 2009-05-05 13:26:17 +0200 (Tue, 05 May 2009) New Revision: 3239 Modified: trunk/openvas-client/ChangeLog trunk/openvas-client/src/gui/ssh_keys_dialog.c Log: * src/gui/ssh_keys_dialog.c: Added missing include. Modified: trunk/openvas-client/ChangeLog =================================================================== --- trunk/openvas-client/ChangeLog 2009-05-05 11:16:43 UTC (rev 3238) +++ trunk/openvas-client/ChangeLog 2009-05-05 11:26:17 UTC (rev 3239) @@ -1,3 +1,7 @@ +2009-05-05 Felix Wolfsteller + + * src/gui/ssh_keys_dialog.c: Added missing include. + 2009-05-05 Jan Wagner Update debian packaging Modified: trunk/openvas-client/src/gui/ssh_keys_dialog.c =================================================================== --- trunk/openvas-client/src/gui/ssh_keys_dialog.c 2009-05-05 11:16:43 UTC (rev 3238) +++ trunk/openvas-client/src/gui/ssh_keys_dialog.c 2009-05-05 11:26:17 UTC (rev 3239) @@ -44,6 +44,7 @@ #include "preferences.h" #include "nvt_pref_sshlogin.h" #include "ssh_keys_dialog.h" +#include "openvas_lsc_user_makensis.h" #include "openvas_ssh_key_create.h" #include "openvas_ssh_rpm.h" #include "ssh_key_info_form.h" From scm-commit at wald.intevation.org Tue May 5 12:14:33 2009 From: scm-commit at wald.intevation.org (scm-commit@wald.intevation.org) Date: Tue, 5 May 2009 12:14:33 +0200 (CEST) Subject: [Openvas-commits] r3235 - in trunk/openvas-plugins: . scripts Message-ID: <20090505101433.152304080B@pyrosoma.intevation.org> Author: chandra Date: 2009-05-05 12:14:23 +0200 (Tue, 05 May 2009) New Revision: 3235 Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00111.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00129.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00132.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00133.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00137.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00141.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00144.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00147.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00148.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00151.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00153.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00156.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00159.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00160.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00162.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00163.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00165.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00167.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00168.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00169.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00175.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00178.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00179.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00180.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00181.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00183.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00187.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00188.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00191.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00192.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00194.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00197.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00198.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00199.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00202.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00205.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00206.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00207.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00209.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00213.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00215.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00221.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00224.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00228.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00232.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00233.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00237.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00242.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00246.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00249.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00250.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00251.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00252.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00253.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00254.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00255.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00256.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00258.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00262.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00263.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00264.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00266.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00267.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00268.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00271.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00272.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00274.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00275.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00276.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00280.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00281.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00282.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00286.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00287.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00288.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00289.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00290.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00292.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00293.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00294.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00295.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00296.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00297.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00299.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00300.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00301.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00303.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00304.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00307.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00308.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00309.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00310.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00312.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01002.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01006.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01011.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01018.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01019.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01020.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01022.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01038.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01044.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01050.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01054.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01061.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01062.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01064.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01065.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01070.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01086.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01088.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01090.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01100.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01102.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01104.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01105.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01117.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01118.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01119.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01123.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01133.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01137.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01165.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01214.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01218.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01219.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01230.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX01232.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02072.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02073.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02076.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02082.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02087.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02108.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02129.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02153.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02156.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02181.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02183.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02186.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02192.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02195.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02196.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02203.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02204.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02205.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02217.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02218.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02219.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02225.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02247.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02248.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02249.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02251.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02259.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02262.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02273.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02277.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02284.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02285.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02286.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02287.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02289.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02292.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02294.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02295.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02296.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02303.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02306.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02308.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02313.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02316.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02324.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02330.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02332.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02334.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02335.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02337.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02341.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02342.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02351.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02354.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02356.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02365.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02370.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02375.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02381.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02389.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02393.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02401.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02407.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02408.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02409.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02411.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02415.nasl trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX02418.nasl Modified: trunk/openvas-plugins/ChangeLog Log: Added HP-UX Local Security Checks Modified: trunk/openvas-plugins/ChangeLog =================================================================== --- trunk/openvas-plugins/ChangeLog 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/ChangeLog 2009-05-05 10:14:23 UTC (rev 3235) @@ -1,3 +1,202 @@ +2009-05-05 Chandrashekhar B + * scripts/gb_hp_ux_HPSBUX02365.nasl + scripts/gb_hp_ux_HPSBUX01137.nasl + scripts/gb_hp_ux_HPSBUX02082.nasl + scripts/gb_hp_ux_HPSBUX00250.nasl + scripts/gb_hp_ux_HPSBUX00233.nasl + scripts/gb_hp_ux_HPSBUX00194.nasl + scripts/gb_hp_ux_HPSBUX01070.nasl + scripts/gb_hp_ux_HPSBUX02156.nasl + scripts/gb_hp_ux_HPSBUX02303.nasl + scripts/gb_hp_ux_HPSBUX02411.nasl + scripts/gb_hp_ux_HPSBUX00307.nasl + scripts/gb_hp_ux_HPSBUX02247.nasl + scripts/gb_hp_ux_HPSBUX00268.nasl + scripts/gb_hp_ux_HPSBUX01019.nasl + scripts/gb_hp_ux_HPSBUX01088.nasl + scripts/gb_hp_ux_HPSBUX00132.nasl + scripts/gb_hp_ux_HPSBUX02072.nasl + scripts/gb_hp_ux_HPSBUX01218.nasl + scripts/gb_hp_ux_HPSBUX00206.nasl + scripts/gb_hp_ux_HPSBUX00292.nasl + scripts/gb_hp_ux_HPSBUX00167.nasl + scripts/gb_hp_ux_HPSBUX02129.nasl + scripts/gb_hp_ux_HPSBUX02401.nasl + scripts/gb_hp_ux_HPSBUX00275.nasl + scripts/gb_hp_ux_HPSBUX00258.nasl + scripts/gb_hp_ux_HPSBUX01117.nasl + scripts/gb_hp_ux_HPSBUX02289.nasl + scripts/gb_hp_ux_HPSBUX00191.nasl + scripts/gb_hp_ux_HPSBUX00213.nasl + scripts/gb_hp_ux_HPSBUX02153.nasl + scripts/gb_hp_ux_HPSBUX01050.nasl + scripts/gb_hp_ux_HPSBUX00282.nasl + scripts/gb_hp_ux_HPSBUX00304.nasl + scripts/gb_hp_ux_HPSBUX02335.nasl + scripts/gb_hp_ux_HPSBUX01232.nasl + scripts/gb_hp_ux_HPSBUX02296.nasl + scripts/gb_hp_ux_HPSBUX02409.nasl + scripts/gb_hp_ux_HPSBUX00181.nasl + scripts/gb_hp_ux_HPSBUX02251.nasl + scripts/gb_hp_ux_HPSBUX00272.nasl + scripts/gb_hp_ux_HPSBUX00147.nasl + scripts/gb_hp_ux_HPSBUX02087.nasl + scripts/gb_hp_ux_HPSBUX00255.nasl + scripts/gb_hp_ux_HPSBUX01006.nasl + scripts/gb_hp_ux_HPSBUX02195.nasl + scripts/gb_hp_ux_HPSBUX02342.nasl + scripts/gb_hp_ux_HPSBUX02217.nasl + scripts/gb_hp_ux_HPSBUX00199.nasl + scripts/gb_hp_ux_HPSBUX02286.nasl + scripts/gb_hp_ux_HPSBUX02308.nasl + scripts/gb_hp_ux_HPSBUX00301.nasl + scripts/gb_hp_ux_HPSBUX00262.nasl + scripts/gb_hp_ux_HPSBUX00137.nasl + scripts/gb_hp_ux_HPSBUX02332.nasl + scripts/gb_hp_ux_HPSBUX00228.nasl + scripts/gb_hp_ux_HPSBUX01104.nasl + scripts/gb_hp_ux_HPSBUX01065.nasl + scripts/gb_hp_ux_HPSBUX00297.nasl + scripts/gb_hp_ux_HPSBUX02259.nasl + scripts/gb_hp_ux_HPSBUX00144.nasl + scripts/gb_hp_ux_HPSBUX01020.nasl + scripts/gb_hp_ux_HPSBUX00252.nasl + scripts/gb_hp_ux_HPSBUX02192.nasl + scripts/gb_hp_ux_HPSBUX00179.nasl + scripts/gb_hp_ux_HPSBUX00287.nasl + scripts/gb_hp_ux_HPSBUX00309.nasl + scripts/gb_hp_ux_HPSBUX01038.nasl + scripts/gb_hp_ux_HPSBUX02249.nasl + scripts/gb_hp_ux_HPSBUX00151.nasl + scripts/gb_hp_ux_HPSBUX00242.nasl + scripts/gb_hp_ux_HPSBUX02204.nasl + scripts/gb_hp_ux_HPSBUX01062.nasl + scripts/gb_hp_ux_HPSBUX02273.nasl + scripts/gb_hp_ux_HPSBUX00294.nasl + scripts/gb_hp_ux_HPSBUX00169.nasl + scripts/gb_hp_ux_HPSBUX02381.nasl + scripts/gb_hp_ux_HPSBUX01119.nasl + scripts/gb_hp_ux_HPSBUX00141.nasl + scripts/gb_hp_ux_HPSBUX00232.nasl + scripts/gb_hp_ux_HPSBUX00215.nasl + scripts/gb_hp_ux_HPSBUX00159.nasl + scripts/gb_hp_ux_HPSBUX00267.nasl + scripts/gb_hp_ux_HPSBUX01018.nasl + scripts/gb_hp_ux_HPSBUX02354.nasl + scripts/gb_hp_ux_HPSBUX02337.nasl + scripts/gb_hp_ux_HPSBUX02389.nasl + scripts/gb_hp_ux_HPSBUX00183.nasl + scripts/gb_hp_ux_HPSBUX00205.nasl + scripts/gb_hp_ux_HPSBUX00274.nasl + scripts/gb_hp_ux_HPSBUX01133.nasl + scripts/gb_hp_ux_HPSBUX02219.nasl + scripts/gb_hp_ux_HPSBUX02418.nasl + scripts/gb_hp_ux_HPSBUX00281.nasl + scripts/gb_hp_ux_HPSBUX00156.nasl + scripts/gb_hp_ux_HPSBUX00303.nasl + scripts/gb_hp_ux_HPSBUX00264.nasl + scripts/gb_hp_ux_HPSBUX02351.nasl + scripts/gb_hp_ux_HPSBUX01123.nasl + scripts/gb_hp_ux_HPSBUX02334.nasl + scripts/gb_hp_ux_HPSBUX02295.nasl + scripts/gb_hp_ux_HPSBUX01214.nasl + scripts/gb_hp_ux_HPSBUX00299.nasl + scripts/gb_hp_ux_HPSBUX00111.nasl + scripts/gb_hp_ux_HPSBUX02408.nasl + scripts/gb_hp_ux_HPSBUX00180.nasl + scripts/gb_hp_ux_HPSBUX00202.nasl + scripts/gb_hp_ux_HPSBUX00163.nasl + scripts/gb_hp_ux_HPSBUX00310.nasl + scripts/gb_hp_ux_HPSBUX00271.nasl + scripts/gb_hp_ux_HPSBUX01022.nasl + scripts/gb_hp_ux_HPSBUX02108.nasl + scripts/gb_hp_ux_HPSBUX00254.nasl + scripts/gb_hp_ux_HPSBUX00129.nasl + scripts/gb_hp_ux_HPSBUX02341.nasl + scripts/gb_hp_ux_HPSBUX00237.nasl + scripts/gb_hp_ux_HPSBUX02324.nasl + scripts/gb_hp_ux_HPSBUX00198.nasl + scripts/gb_hp_ux_HPSBUX02285.nasl + scripts/gb_hp_ux_HPSBUX02393.nasl + scripts/gb_hp_ux_HPSBUX02415.nasl + scripts/gb_hp_ux_HPSBUX00289.nasl + scripts/gb_hp_ux_HPSBUX01165.nasl + scripts/gb_hp_ux_HPSBUX00153.nasl + scripts/gb_hp_ux_HPSBUX00300.nasl + scripts/gb_hp_ux_HPSBUX02076.nasl + scripts/gb_hp_ux_HPSBUX02292.nasl + scripts/gb_hp_ux_HPSBUX00188.nasl + scripts/gb_hp_ux_HPSBUX01064.nasl + scripts/gb_hp_ux_HPSBUX00296.nasl + scripts/gb_hp_ux_HPSBUX00160.nasl + scripts/gb_hp_ux_HPSBUX00251.nasl + scripts/gb_hp_ux_HPSBUX01002.nasl + scripts/gb_hp_ux_HPSBUX00178.nasl + scripts/gb_hp_ux_HPSBUX01054.nasl + scripts/gb_hp_ux_HPSBUX00286.nasl + scripts/gb_hp_ux_HPSBUX00308.nasl + scripts/gb_hp_ux_HPSBUX02248.nasl + scripts/gb_hp_ux_HPSBUX02356.nasl + scripts/gb_hp_ux_HPSBUX00133.nasl + scripts/gb_hp_ux_HPSBUX02073.nasl + scripts/gb_hp_ux_HPSBUX01219.nasl + scripts/gb_hp_ux_HPSBUX02181.nasl + scripts/gb_hp_ux_HPSBUX02203.nasl + scripts/gb_hp_ux_HPSBUX00224.nasl + scripts/gb_hp_ux_HPSBUX01100.nasl + scripts/gb_hp_ux_HPSBUX01061.nasl + scripts/gb_hp_ux_HPSBUX00207.nasl + scripts/gb_hp_ux_HPSBUX00293.nasl + scripts/gb_hp_ux_HPSBUX00168.nasl + scripts/gb_hp_ux_HPSBUX01044.nasl + scripts/gb_hp_ux_HPSBUX00276.nasl + scripts/gb_hp_ux_HPSBUX01118.nasl + scripts/gb_hp_ux_HPSBUX00192.nasl + scripts/gb_hp_ux_HPSBUX00175.nasl + scripts/gb_hp_ux_HPSBUX02262.nasl + scripts/gb_hp_ux_HPSBUX02370.nasl + scripts/gb_hp_ux_HPSBUX00266.nasl + scripts/gb_hp_ux_HPSBUX00249.nasl + scripts/gb_hp_ux_HPSBUX01086.nasl + scripts/gb_hp_ux_HPSBUX00221.nasl + scripts/gb_hp_ux_HPSBUX00290.nasl + scripts/gb_hp_ux_HPSBUX00165.nasl + scripts/gb_hp_ux_HPSBUX00312.nasl + scripts/gb_hp_ux_HPSBUX00148.nasl + scripts/gb_hp_ux_HPSBUX00256.nasl + scripts/gb_hp_ux_HPSBUX02196.nasl + scripts/gb_hp_ux_HPSBUX02218.nasl + scripts/gb_hp_ux_HPSBUX02287.nasl + scripts/gb_hp_ux_HPSBUX00280.nasl + scripts/gb_hp_ux_HPSBUX00263.nasl + scripts/gb_hp_ux_HPSBUX02225.nasl + scripts/gb_hp_ux_HPSBUX00246.nasl + scripts/gb_hp_ux_HPSBUX02186.nasl + scripts/gb_hp_ux_HPSBUX01230.nasl + scripts/gb_hp_ux_HPSBUX01105.nasl + scripts/gb_hp_ux_HPSBUX02294.nasl + scripts/gb_hp_ux_HPSBUX02316.nasl + scripts/gb_hp_ux_HPSBUX02277.nasl + scripts/gb_hp_ux_HPSBUX02407.nasl + scripts/gb_hp_ux_HPSBUX00162.nasl + scripts/gb_hp_ux_HPSBUX00253.nasl + scripts/gb_hp_ux_HPSBUX01090.nasl + scripts/gb_hp_ux_HPSBUX00197.nasl + scripts/gb_hp_ux_HPSBUX02284.nasl + scripts/gb_hp_ux_HPSBUX02306.nasl + scripts/gb_hp_ux_HPSBUX00288.nasl + scripts/gb_hp_ux_HPSBUX02375.nasl + scripts/gb_hp_ux_HPSBUX01011.nasl + scripts/gb_hp_ux_HPSBUX02183.nasl + scripts/gb_hp_ux_HPSBUX02330.nasl + scripts/gb_hp_ux_HPSBUX02205.nasl + scripts/gb_hp_ux_HPSBUX01102.nasl + scripts/gb_hp_ux_HPSBUX02313.nasl + scripts/gb_hp_ux_HPSBUX00187.nasl + scripts/gb_hp_ux_HPSBUX00209.nasl + scripts/gb_hp_ux_HPSBUX00295.nasl: + Added HP-UX Local Security Checks + 2009-05-04 Michael Meyer * scripts/webcalendar_detect.nasl scripts/jetty_34800.nasl: Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00111.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00111.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00111.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Ignite-UX HPSBUX00111 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835064); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00111"); + script_cve_id(""); + script_name(english: "HP-UX Update for Ignite-UX HPSBUX00111"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + Ignite-UX. The vulnerability could be exploited to allow remote unauthorized + access. + + Impact: + Remote unauthorized access + + Affected Software/OS: + Ignite-UX on + HP-UX B.11.00 and B.11.11 running Ignite-UX. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00899026-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Ignite-UX"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"Ignite-UX.MGMT-TOOLS", revision:"B.2.4.307", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"Ignite-UX.MGMT-TOOLS", revision:"B.2.4.307", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00129.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00129.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00129.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,193 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for MC/ServiceGuard HPSBUX00129 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835127); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00129"); + script_cve_id(""); + script_name(english: "HP-UX Update for MC/ServiceGuard HPSBUX00129"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with + MC/ServiceGuardrunning on HP-UX. The vulnerability could be exploitedlocally + to create a denial of service (DoS). + + Impact: + Local denial of service (DoS) + + Affected Software/OS: + MC/ServiceGuard on + HP-UX release B.11.00 and B.11.11, running + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00993861-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of MC/ServiceGuard"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"DLM.CM-DLM", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"DLM.CM-DLM-CMDS", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"DLM-Clust-Mon.CM-CORE", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Cluster-Monitor.CM-CORE", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"DLM-Pkg-Mgr.CM-PKG", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Package-Manager.CM-PKG", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CM-Provider-MOF.CM-MOF", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CM-Provider-MOF.CM-PROVIDER", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"ATS-CORE.ATS-RUN", patch_list:['PHSS_22540'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"DLM.CM-DLM", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"DLM.CM-DLM-CMDS", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"DLM-Clust-Mon.CM-CORE", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Cluster-Monitor.CM-CORE", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"DLM-Pkg-Mgr.CM-PKG", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Package-Manager.CM-PKG", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CM-Provider-MOF.CM-MOF", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CM-Provider-MOF.CM-PROVIDER", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"ATS-CORE.ATS-RUN", patch_list:['PHSS_22540'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00132.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00132.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00132.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,238 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for JRE and JDK HPSBUX00132 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835059); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00132"); + script_cve_id(""); + script_name(english: "HP-UX Update for JRE and JDK HPSBUX00132"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with Java 1.1 and 1.2 + applicationsrunning on HP-UX. The vulnerability could be exploitedremotely + to create an unauthorized access. + + Impact: + Remote unauthorized access. + + Affected Software/OS: + JRE and JDK on + HP-UX release B.10.20, B.10.24, B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00993897-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of JRE and JDK"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2", revision:"1.2.2.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.2.2.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3", revision:"1.3.0.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.3.0.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.04", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.04", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.04", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.04", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2", revision:"1.2.2.04", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.2.2.04", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3", revision:"1.3.0.00", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.3.0.00", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.04", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.04", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2", revision:"1.2.2.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.2.2.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3", revision:"1.3.0.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.3.0.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00133.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00133.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00133.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for ContinentalClusters HPSBUX00133 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835089); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00133"); + script_cve_id(""); + script_name(english: "HP-UX Update for ContinentalClusters HPSBUX00133"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + ContinentalClusters. The vulnerability could be exploitedremotely to create + an unauthorized access. + + Impact: + Remote unauthorized access. + + Affected Software/OS: + ContinentalClusters on + HP-UX release B.11.00 and B.11.11 running + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00993922-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of ContinentalClusters"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"ContClusters.CM-JRE", patch_list:['PHSS_22678'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"ContClusters.CM-JRE", patch_list:['PHSS_22678'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00137.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00137.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00137.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,110 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Support Tools Manager HPSBUX00137 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835038); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00137"); + script_cve_id(""); + script_name(english: "HP-UX Update for Support Tools Manager HPSBUX00137"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + Support Tools Manager. The vulnerability could be exploited to allow a local + Denial of Service (DoS). + + Impact: + Local Denial of Service (DoS) + + Affected Software/OS: + Support Tools Manager on + HP-UX B.10.20, B.11.00, B.11.11 running Support Tools Manager + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912118-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Support Tools Manager"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"Sup-Tool-Mgr", revision:"B.11.00.13.16", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"Sup-Tool-Mgr", revision:"B.10.20.18", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"Sup-Tool-Mgr", patch_list:['PHSS_23067'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00141.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00141.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00141.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,286 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for JRE HPSBUX00141 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835115); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00141"); + script_cve_id(""); + script_name(english: "HP-UX Update for JRE HPSBUX00141"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with Java 1.1 and 1.2 + applicationsrunning on HP-UX. The vulnerability could be exploitedremotely + as unauthorized command execution. + + Impact: + Remote unauthorized command execution + + Affected Software/OS: + JRE on + HP-UX releases B.10.20, B.10.24, B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00993945-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of JRE"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.05", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.05", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2", revision:"1.2.2.07", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.2.2.07", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK1.3", revision:"1.3.0.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.3.0.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.05", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.05", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2", revision:"1.2.2.07", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.2.2.07", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK1.3", revision:"1.3.0.00", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.3.0.00", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.05", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.05", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2", revision:"1.2.2.07", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.2.2.07", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK1.3", revision:"1.3.0.00", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.3.0.00", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.05", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.05", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2", revision:"1.2.2.07", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.2.2.07", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK1.3", revision:"1.3.0.00", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.3.0.00", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"JDK 1.1", revision:"1.1.8.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2", revision:"1.2.2.07", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.2.2.07", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK1.3", revision:"1.3.0.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.3.0.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00144.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00144.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00144.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,156 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for BIND HPSBUX00144 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835003); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00144"); + script_cve_id(""); + script_name(english: "HP-UX Update for BIND HPSBUX00144"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + BIND. The vulnerability could be exploitedremotely to create a denial of + service (DoS). + + Impact: + Remote denial of service (DoS) + + Affected Software/OS: + BIND on + HP-UX releases B.11.11, B.11.04, B.11.00, B.10.24, B.10.20, B.10.10, and + B.10.01 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00993980-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of BIND"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.01") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23277'], rls:"HPUX10.01")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23277'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23274'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", revision:"8.1.3", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23439'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23277'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23275'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00147.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00147.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00147.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for newgrp(1) HPSBUX00147 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835063); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00147"); + script_cve_id(""); + script_name(english: "HP-UX Update for newgrp(1) HPSBUX00147"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified in the HP-UX + newgrp(1) command. The vulnerability could be exploitedlocally to gain + increased privilege. + + Impact: + Local increased privilege. + + Affected Software/OS: + newgrp(1) on + HP-UX release B.11.11 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994012-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of newgrp(1)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CMDS-AUX", patch_list:['PHCO_23083'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00148.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00148.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00148.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,163 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for xntpd(1M) HPSBUX00148 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835070); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00148"); + script_cve_id(""); + script_name(english: "HP-UX Update for xntpd(1M) HPSBUX00148"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + xntpd(1M). The vulnerability could be exploitedremotely execute arbitrary + commands, with increased privilege. + + Impact: + Remote execution of arbitrary commands + increased privilege. + + Affected Software/OS: + xntpd(1M) on + HP-UX release B.11.11, B.11.04, B.11.00, B.10.24, B.10.20, B.10.10, B.10.01. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994050-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of xntpd(1M)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.01") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_23717'], rls:"HPUX10.01")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_23717'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_23697'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_24076'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_24077'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_23717'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_22722'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00151.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00151.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00151.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,354 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for CDE HPSBUX00151 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835112); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00151"); + script_cve_id(""); + script_name(english: "HP-UX Update for CDE HPSBUX00151"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + CDE. The vulnerability could be exploitedlocally to gain increased privilege + or create a denial of service (DoS). + + Impact: + Local increased privilege + denial of service (DoS) + + Affected Software/OS: + CDE on + HP-UX B.10.10, B.10.20, B.10.24, B.11.00, B.11.04 and B.11.11 running CDE. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994219-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of CDE"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_23355'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_23355'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_23355'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_23355'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_23355'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE-TT", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-HELP", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-FONTS", patch_list:['PHSS_23797'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_24097'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN CDE.CDE-RUN", patch_list:['PHSS_24097'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_24097'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-PAM CDE.CDE-SHLIBS", patch_list:['PHSS_24097'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT CDE.CDE-DTTERM", patch_list:['PHSS_24097'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-HELP", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-FONTS", patch_list:['PHSS_24098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_23796'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_23796'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_23796'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_23796'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-PAM", patch_list:['PHSS_23796'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_23796'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_23796'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_23796'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_24087 PHSS_24091'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_24087 PHSS_24091'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00153.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00153.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00153.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,111 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for kmmodreg (1M) HPSBUX00153 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835020); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00153"); + script_cve_id(""); + script_name(english: "HP-UX Update for kmmodreg (1M) HPSBUX00153"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + the /usr/sbin/kmmodreg command. The vulnerability could be exploitedlocally + to create a denial of service (DoS) or gain increased privilege. + + Impact: + Local denial of service (DoS) + increased privilege. + + Affected Software/OS: + kmmodreg (1M) on + HP-UX B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994211-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of kmmodreg (1M)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-KRN", patch_list:['PHCO_24112'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-KRN", patch_list:['PHCO_24197'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-KRN", patch_list:['PHCO_24147'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00156.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00156.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00156.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,206 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for setrlimit(1M) HPSBUX00156 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835074); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00156"); + script_cve_id(""); + script_name(english: "HP-UX Update for setrlimit(1M) HPSBUX00156"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + setrlimit(1M), where setrlimit() may allow incorrect core files and cause a + Denial of Service (DoS). + + Impact: + Denial of Service (DoS). + + Affected Software/OS: + setrlimit(1M) on + HP 9000 Series 700/800 running HP-UX B.10.01, B.10.10, B.10.20, B.10.24, + B.10.26 and HP-UX B.11.00, B11.04 and B.11.11 running setrlimit(1M). + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00968563-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of setrlimit(1M)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.01") +{ + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_23512/PACHRDME/English]'], rls:"HPUX10.01")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_23513'], rls:"HPUX10.01")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_23477/PACHRDME/English]'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_23478/PACHRDME/English]'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_23628/PACHRDME/English]'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_24249/PACHRDME/English]'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_24250/PACHRDME/English]'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.26") +{ + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_25243/PACHRDME/English]'], rls:"HPUX10.26")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_25244/PACHRDME/English]'], rls:"HPUX10.26")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_23886/PACHRDME/English]'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_22701/PACHRDME/English]'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_22702/PACHRDME/English]'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"setrlimit(1M)", patch_list:['PHKL_23423/PACHRDME/English]'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00159.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00159.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00159.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for dlkm HPSBUX00159 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835079); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00159"); + script_cve_id(""); + script_name(english: "HP-UX Update for dlkm HPSBUX00159"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX dlkm. The + vulnerability could be exploitedlocally to create an unauthorized increase + in privilege. + + Impact: + Local unauthorized increase in privilege. + + Affected Software/OS: + dlkm on + HP-UX B.11.11 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912029-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of dlkm"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-KRN", patch_list:['PHCO_23492'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00160.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00160.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00160.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,179 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for login(1) HPSBUX00160 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835106); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00160"); + script_cve_id(""); + script_name(english: "HP-UX Update for login(1) HPSBUX00160"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + login(1). The vulnerability could be exploitedlocally to gain increased + privilege. + + Impact: + Local increased privilege. + + Affected Software/OS: + login(1) on + HP-UX release B.10.20, B.10.24, B.10.26, B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994275-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of login(1)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_24083'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHNE_24394'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-ENG-A-MAN", patch_list:['PHNE_24394'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VirtualVaultOS.VVOS-AUX-IA", patch_list:['PHNE_24394'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-INETD", patch_list:['PHNE_24394'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INET-ENG-A-MAN", patch_list:['PHNE_24394'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_24394'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.26") +{ + + if(ishpuxpkgvuln(pkg:"BLS.BLS-CORE", patch_list:['PHCO_24454'], rls:"HPUX10.26")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_24418'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_24267'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_23900'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00162.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00162.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00162.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,163 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for ftp and ftpd HPSBUX00162 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835047); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00162"); + script_cve_id("CVE-2001-07"); + script_name(english: "HP-UX Update for ftp and ftpd HPSBUX00162"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + ftp and ftpd. The vulnerability could be exploited to allow remote + unauthorized access. + + Impact: + Remote unauthorized access + + Affected Software/OS: + ftp and ftpd on + HP-UX B.10.01, B.10.10, B.10.20, B.10.24, B.11.00, B.11.04, and B.11.11 + running ftp and ftpd. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00898886-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of ftp and ftpd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.01") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23947'], rls:"HPUX10.01")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23947'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23949'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS2-RUN", patch_list:['PHNE_24394'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_24395'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_23948'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS2-RUN", patch_list:['PHNE_23950'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00163.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00163.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00163.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,150 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for rlpdaemon HPSBUX00163 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835147); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00163"); + script_cve_id("CAN-2001-0668"); + script_name(english: "HP-UX Update for rlpdaemon HPSBUX00163"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + login(1). The vulnerability could be exploitedremotely to gain unauthorized + access or increased privilege. + + Impact: + Remote unauthorized access + increased privilege. + + Affected Software/OS: + rlpdaemon on + HP-UX release B.10.01, B.10.10, B.10.20, B.11.00, B.11.11, and B.11.20. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994294-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of rlpdaemon"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.01") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_24697'], rls:"HPUX10.01")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_24698'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_24700'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_24699'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.20") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_24868'], rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_24701'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00165.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00165.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00165.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,128 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for PRM or WLM HPSBUX00165 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835024); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00165"); + script_cve_id(""); + script_name(english: "HP-UX Update for PRM or WLM HPSBUX00165"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + Process Resource Manager (PRM) or Workload Manager (WLM). The vulnerability + could be exploitedlocally to allow increased privilege. + + Impact: + Local increased privilege. + + Affected Software/OS: + PRM or WLM on + HP-UX release B.10.20, B.11.00, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994462-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of PRM or WLM"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"Proc-Resrc-Mgr.PRM-RUN", patch_list:['PHSS_24864'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"PRM-Sw-Lib.PRM-LIB", patch_list:['PHSS_24864'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"Proc-Resrc-Mgr.PRM-RUN", patch_list:['PHSS_24863'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"PRM-Sw-Lib.PRM-LIB", patch_list:['PHSS_24863'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"Proc-Resrc-Mgr.PRM-RUN", patch_list:['PHSS_24864'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"PRM-Sw-Lib.PRM-LIB", patch_list:['PHSS_24864'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00167.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00167.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00167.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,149 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for cu(1) HPSBUX00167 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835001); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00167"); + script_cve_id(""); + script_name(english: "HP-UX Update for cu(1) HPSBUX00167"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + cu(1). The vulnerability could be exploitedlocally to create a denial of + service (DoS). + + Impact: + Local denial of service (DoS) + + Affected Software/OS: + cu(1) on + HP-UX release B.10.01, B.10.10, B.10.20, B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994260-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of cu(1)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.01") +{ + + if(ishpuxpkgvuln(pkg:"SystemComm.SYSCOM", patch_list:['PHCO_22763'], rls:"HPUX10.01")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"SystemComm.SYSCOM", patch_list:['PHCO_22765'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"SystemComm.SYSCOM", patch_list:['PHCO_22766'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"SystemComm.SYSCOM", patch_list:['PHCO_23424'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"SystemComm.SYSCOM", patch_list:['PHCO_22764'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"SystemComm.SYSCOM", patch_list:['PHCO_23909'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00168.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00168.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00168.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,390 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for rpc.ttdbserverd HPSBUX00168 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835100); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00168"); + script_cve_id(""); + script_name(english: "HP-UX Update for rpc.ttdbserverd HPSBUX00168"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + rpc.ttdbserverd. The vulnerability could be exploitedremotely to gain + unauthorized access or increased privilege. + + Impact: + Remote unauthorized access + increased privilege. + + Affected Software/OS: + rpc.ttdbserverd on + HP-UX release B.10.10, B.10.20, B.10.24, B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994228-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of rpc.ttdbserverd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25136'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_25136'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25136'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_25136'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25136'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-HELP", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-FONTS", patch_list:['PHSS_25138'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-PAM", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_25419'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-HELP", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-FONTS", patch_list:['PHSS_25420'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-PAM", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_25137'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25139'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25139'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25139'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00169.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00169.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00169.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,110 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for rpcbind Software HPSBUX00169 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835134); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00169"); + script_cve_id(""); + script_name(english: "HP-UX Update for rpcbind Software HPSBUX00169"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + rpcbind, where certain RPC Portmap Requests may cause rpcbind to coredump + and cause a Denial of Service (DoS). + + Impact: + Denial of Service (DoS). + + Affected Software/OS: + rpcbind Software on + HP-UX B.11.00, B.11.04 and B.11.11 on HP9000 Series 700/800 running rpcbind. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00979921-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of rpcbind Software"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"rpcbind", patch_list:['PHNE_24034/PACHRDME/English'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"rpcbind", patch_list:['PHNE_25077/PACHRDME/English'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"rpcbind", patch_list:['PHNE_24035'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00175.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00175.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00175.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,427 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for CDE dtspcd HPSBUX00175 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835016); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00175"); + script_cve_id(""); + script_name(english: "HP-UX Update for CDE dtspcd HPSBUX00175"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + CDE dtspcd. The vulnerability could be exploitedremotely to gain + unauthorized access, increased privilege, or execution of arbitrary code. + + Impact: + Remote unauthorized access + increased privilege + arbitrary code execution. + + Affected Software/OS: + CDE dtspcd on + HP-UX release B.10.10, B.10.20, B10.24, B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994317-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of CDE dtspcd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_25785'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_25785'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25785'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_25785'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25785'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_25785'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25785'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-HELP", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-FONTS", patch_list:['PHSS_25787'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-PAM", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_26029'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-HELP", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-FONTS", patch_list:['PHSS_26030'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-HELP-RUN", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-PAM", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MAN", patch_list:['PHSS_25786'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-ENG-A-MSG", patch_list:['PHSS_25788'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-DTTERM", patch_list:['PHSS_25788'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SCH-H-MSG", patch_list:['PHSS_25788'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SWE-I-MSG", patch_list:['PHSS_25788'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-MIN", patch_list:['PHSS_25788'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-TT", patch_list:['PHSS_25788'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_25788'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00178.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00178.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00178.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,130 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Filesystem Deadlock HPSBUX00178 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835027); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00178"); + script_cve_id(""); + script_name(english: "HP-UX Update for Filesystem Deadlock HPSBUX00178"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX filesystem + deadlock software, where a local user may exploit a filesystem weakness to + cause a Denial of Service (DoS) + + Impact: + Local Denial of Service (DoS). + + Affected Software/OS: + Filesystem Deadlock on + HP-UX B.10.20, B.10.24, B.11.00, B.11.04 and B.11.11 on HP 9000 Series + 700/800 filesystem deadlock software. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00967116-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Filesystem Deadlock"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"filesystem deadlock", patch_list:['PHKL_22932/PACHRDME/English'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"filesystem deadlock", patch_list:['PHKL_25033/PACHRDME/English'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"filesystem deadlock", patch_list:['PHKL_24517/PACHRDME/English'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"filesystem deadlock", patch_list:['PHKL_24518/PACHRDME/English'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"filesystem deadlock", patch_list:['PHKL_23335'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00179.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00179.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00179.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,136 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for running sendmail(1M) HPSBUX00179 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835160); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00179"); + script_cve_id(""); + script_name(english: "HP-UX Update for running sendmail(1M) HPSBUX00179"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + sendmail(1M). The vulnerability could be exploitedremotely to gain + unauthorized access. + + Impact: + Remote unauthorized access. + + Affected Software/OS: + running sendmail(1M) on + HP-UX release B.10.20, B.10.24, B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994295-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of running sendmail(1M)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_24419'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_26003'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_25984'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_25183'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_25184'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00180.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00180.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00180.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,96 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for WU-FTPD HPSBUX00180 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835156); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00180"); + script_cve_id("CAN-2001-0187"); + script_name(english: "HP-UX Update for WU-FTPD HPSBUX00180"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + WU-FTPD 2.6, where a remote user may execute arbitrary code on the server. + + Impact: + + + Affected Software/OS: + WU-FTPD on + HP-UX B.11.00, B.11.11 running WU-FTPD 2.6. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00906124-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of WU-FTPD"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"WUFTP-26.INETSVCS-FTP", revision:"B.11.00.01.002", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"WUFTP-26.INETSVCS-FTP", revision:"B.11.11.01.002", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00181.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00181.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00181.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for IPFilter/9000 HPSBUX00181 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835105); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00181"); + script_cve_id(""); + script_name(english: "HP-UX Update for IPFilter/9000 HPSBUX00181"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + IPFilter/9000 software, where a local user may obtain an increase in + privileges and change IPFilter's handling of packets. + + Impact: + Local increase in privileges. + + Affected Software/OS: + IPFilter/9000 on + HP-UX B.11.00 and B.11.11 running IPFilter/9000 software. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00968125-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of IPFilter/9000"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"IPFilter/9000", revision:"9000", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"IPFilter/9000", revision:"9000", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00183.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00183.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00183.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for HP-UX Pkg HPSBUX00183 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835043); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00183"); + script_cve_id(""); + script_name(english: "HP-UX Update for HP-UX Pkg HPSBUX00183"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX. The + vulnerability could be exploited by a local user to create a Denial of + Service (DoS). + + Impact: + Local Denial of Service (DoS) + + Affected Software/OS: + HP-UX Pkg on + HP-UX B.11.11 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00995127-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of HP-UX Pkg"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHKL_26233'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00187.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00187.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00187.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,158 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for JRE Bytecode Verifier HPSBUX00187 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835132); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00187"); + script_cve_id(""); + script_name(english: "HP-UX Update for JRE Bytecode Verifier HPSBUX00187"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in Java(TM) Java Runtime Environment (JRE) Bytecode Verifier + may allow remote unauthorized access. + + Impact: + Remote increased privilege. + + Affected Software/OS: + JRE Bytecode Verifier on + HP-UX B.10.20, B.11.00, B.11.11, B.11.23 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035761-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of JRE Bytecode Verifier"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.06", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.1.8.06", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.1.8.06", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.06", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.1.8.06", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.1.8.06", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.06", rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.1", revision:"1.1.8.06", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.2", revision:"1.1.8.06", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3", revision:"1.1.8.06", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00188.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00188.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00188.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,122 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for JAVA Web Start HPSBUX00188 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835048); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00188"); + script_cve_id(""); + script_name(english: "HP-UX Update for JAVA Web Start HPSBUX00188"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in Java(TM) Web Start may allow an applicationremote + unauthorized access. + + Impact: + Remote unauthorized access. + + Affected Software/OS: + JAVA Web Start on + HP-UX B.11.XX running Java Web Start. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035756-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of JAVA Web Start"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"webstart_10101", revision:"1.0.1.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"webstart_10101", revision:"1.0.1.01", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"webstart_10101", revision:"1.0.1.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"webstart_10101", revision:"1.0.1.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00191.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00191.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00191.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,110 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for passwd(1) HPSBUX00191 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835041); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00191"); + script_cve_id(""); + script_name(english: "HP-UX Update for passwd(1) HPSBUX00191"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + passwd(1). The vulnerability could be exploitedlocally to create denial of + service (DoS). + + Impact: + Local denial of service (DoS). + + Affected Software/OS: + passwd(1) on + HP-UX release B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994344-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of passwd(1)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_25527'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_26904'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_24839'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00192.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00192.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00192.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,144 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for ndd(1M) HPSBUX00192 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835032); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00192"); + script_cve_id(""); + script_name(english: "HP-UX Update for ndd(1M) HPSBUX00192"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + ndd(1M). The vulnerability could be exploitedlocally to create a denial of + service. + + Impact: + Local denial of service (DoS) + + Affected Software/OS: + ndd(1M) on + HP-UX release B.11.11 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994439-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of ndd(1M)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"Networking.NET-KRN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Networking.NET-PRG", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Networking.NET-RUN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Networking.NET-RUN-64", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Networking.NW-ENG-A-MAN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-KRN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"ProgSupport.C-INC", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Networking.NET2-KRN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Networking.NMS2-KRN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.SYS-ADMIN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00194.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00194.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00194.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,182 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for SD HPSBUX00194 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835011); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00194"); + script_cve_id(""); + script_name(english: "HP-UX Update for SD HPSBUX00194"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + Software Distributor (SD). The vulnerability could be exploitedlocally to + permit unauthorized access or to create a denial of service (DoS). + + Impact: + Local unauthorized access + denial of service (DoS) + + Affected Software/OS: + SD on + HP-UX release B.11.00, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00994461-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of SD"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-AGENT", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-CMDS", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-JPN-E-MSG", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-JPN-S-MSG", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-ENG-A-MAN", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-FAL", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-HELP", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-JPN-E-HELP", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-JPN-E-MAN", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-JPN-S-HELP", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-JPN-S-MAN", patch_list:['PHCO_25875'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-AGENT", patch_list:['PHCO_25887'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-CMDS", patch_list:['PHCO_25887'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-HELP", patch_list:['PHCO_25887'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-JPN-E-HELP", patch_list:['PHCO_25887'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SW-DIST.SD-JPN-S-HELP", patch_list:['PHCO_25887'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00197.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00197.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00197.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,269 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Apache HPSBUX00197 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835025); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00197"); + script_cve_id(""); + script_name(english: "HP-UX Update for Apache HPSBUX00197"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + Apache that may allow a remote user to cause a Denial of Service (DoS) or + elevation of privilege or execution of arbitrary code. + + Impact: + + + Affected Software/OS: + Apache on + HP-UX B.11.00, B.11.04, B.11.11, B.11.20, and B.11.23 running Apache and + OpenView Network Node Manager (NNM) 6.01, 6.1, 6.2, 6.31 and Solaris + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00904239-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Apache"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.26.05", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.39.05", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_29987'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_27639'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_27784'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPOVSIP.OVSIP", patch_list:['PHSS_27547'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.26.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.39.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.20") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.26.05", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.39.05", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_27638'], rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_27935'], rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_27783'], rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.26.05", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.39.05", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultWS.WS-CORE", patch_list:['PHSS_27371', 'PHSS_27477'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-IWS", patch_list:['PHSS_27371', 'PHSS_27477'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-CORE-CMN", patch_list:['PHSS_27371', 'PHSS_27477'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultWS.WS-CORE", patch_list:['PHSS_27361', 'PHSS_27423'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-IWS", patch_list:['PHSS_27361', 'PHSS_27423'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-CORE-CMN", patch_list:['PHSS_27361', 'PHSS_27423'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.26.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.39.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_29987'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_27639'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVPlatform.OVWWW-SRV", patch_list:['PHSS_27784'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPOVSIP.OVSIP", patch_list:['PHSS_27547'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00198.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00198.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00198.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,98 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Advanced Server/9000 for HP-UX (AS/U) RFC-Netbios HPSBUX00198 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835120); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00198"); + script_cve_id(""); + script_name(english: "HP-UX Update for Advanced Server/9000 for HP-UX (AS/U) RFC-Netbios HPSBUX00198"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + Advanced Server/9000 for HP-UX (AS/U) RFC-Netbios. The vulnerability could + be exploited remotely to create a Denial of Service (DoS). + + Impact: + Remote Denial of Service (DoS) + + Affected Software/OS: + Advanced Server/9000 for HP-UX (AS/U) RFC-Netbios on + HP-UX B.11.00, B.11.11 running Advanced Server/9000 for HP-UX (AS/U) + versions B.04.05, B.04.06, B.04.07, B.04.08, B.04.09. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00966847-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Advanced Server/9000 for HP-UX (AS/U) RFC-Netbios"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"RFC-NETBIOS.RFC-NETBIOS", patch_list:['PHNE_26988'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"RFC-NETBIOS.RFC-NETBIOS", patch_list:['PHNE_26988'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00199.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00199.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00199.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,138 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for rpc.ttdbserver HPSBUX00199 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835012); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00199"); + script_cve_id(""); + script_name(english: "HP-UX Update for rpc.ttdbserver HPSBUX00199"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + rpc.ttdbserver. The vulnerability could be exploited remotely to create a + Denial of Service(DoS) or to increase privileges. + + Impact: + Remote Denial of Service(DoS) + privilege increase + + Affected Software/OS: + rpc.ttdbserver on + HP-UX B.10.10, B.10.20, B.10.24, B.11.00, B.11.04, and B.11.11 running + rpc.ttdbserver. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00965432-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of rpc.ttdbserver"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_27427'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_28173'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_28174'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_27426'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_27428'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00202.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00202.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00202.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Bindv920 HPSBUX00202 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835028); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00202"); + script_cve_id(""); + script_name(english: "HP-UX Update for Bindv920 HPSBUX00202"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified in HP-UX with the + BINDv920.INETSVCS-BIND fileset installed. This could be remotely exploited + to cause a Denial of Service (DoS). + + Impact: + Remote Denial of Service (DoS) + + Affected Software/OS: + Bindv920 on + HP-UX B.11.11 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00957835-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Bindv920"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"BINDv920.INETSVCS-BIND", revision:"B.11.11.01.002", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00205.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00205.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00205.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for ARPA Transport HPSBUX00205 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835185); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00205"); + script_cve_id("CVE-2001-0328"); + script_name(english: "HP-UX Update for ARPA Transport HPSBUX00205"); + desc["english"] = " + + Vulnerability Insight: + TCP Initial Sequence Number (ISN) randomization specified in RFC 1948 is + available for HP-UX. + + Impact: + Advisory only. + + Affected Software/OS: + ARPA Transport on + HP-UX B.11.00, B.11.04, B.11.11 running ARPA Transport. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01336000-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of ARPA Transport"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"Networking.NET-KRN", patch_list:['PHNE_26771'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"Networking.NET-KRN", patch_list:['PHNE_26101'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"Networking.NET-KRN", patch_list:['PHNE_25644'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00206.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00206.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00206.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for ptrace(2) HPSBUX00206 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835060); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00206"); + script_cve_id(""); + script_name(english: "HP-UX Update for ptrace(2) HPSBUX00206"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in the ptrace(2) may allow local users to create a denial of + service (DoS). + + Impact: + Local denial of service (DoS) + + Affected Software/OS: + ptrace(2) on + HP-UX release B.11.00, B.11.04, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035655-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of ptrace(2)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHKL_27180'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHKL_27536'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHKL_27179'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00207.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00207.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00207.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,172 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Apache PHP HPSBUX00207 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835040); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00207"); + script_cve_id(""); + script_name(english: "HP-UX Update for Apache PHP HPSBUX00207"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + Apache PHP where a remote user may cause a Denial of Service (DoS) or gain + increased privileges or execution of arbitrary code. + + Impact: + Remote Denial of Service (DoS) or increased privileges or execution of arbitrary code. + + Affected Software/OS: + Apache PHP on + HP-UX B.11.00, B.11.11, B.11.20, B.11.22 running the ApacheStrong or + HPApache HP-UX Apache-based Web + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00943248-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Apache PHP"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.26.03", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.PHP", revision:"2.0.0.00.11", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.PHP2", revision:"2.0.0.00.11", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.26.03", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.PHP", revision:"2.0.0.00.11", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.PHP2", revision:"2.0.0.00.11", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.20") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.26.03", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.PHP", revision:"2.0.0.00.11", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.PHP2", revision:"2.0.0.00.11", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.26.03", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.PHP", revision:"2.0.0.00.11", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.PHP2", revision:"2.0.0.00.11", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00209.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00209.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00209.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,312 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for DNS and Resolver Libraries HPSBUX00209 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835151); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00209"); + script_cve_id(""); + script_name(english: "HP-UX Update for DNS and Resolver Libraries HPSBUX00209"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in HP-UX DNS and resolver libraries which may allow remote + execution of arbitrary code or creation of a denial of service (DoS). + + Impact: + Remote execution of arbitrary code or creation of a denial of service (DoS) + + Affected Software/OS: + DNS and Resolver Libraries on + HP-UX releases B.10.10, B.10.20, B.10.24 (VVOS), B.11.00, B.11.04 (VVOS), + B.11.11 and B.11.22. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00957990-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of DNS and Resolver Libraries"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_27792'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", revision:".1.1010", rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"BINDv812.INETSVCS-BIND", revision:"B.11.00.01.004", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"BINDv920.INETSVCS-BIND", revision:"B.11.00.01.001", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"bind.INETSVCS-RUN", patch_list:['PHNE_28449'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"upgrade_bind812.INETSVCS-RUN", patch_list:['PHNE_28449'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"BINDv913.INETSVCS-BIND", patch_list:['PHNE_28449'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_28449'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_27795'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_27795'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_27879'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.C-MIN", patch_list:['PHCO_27882'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_27882'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"ProgSupport.PROG-AUX", patch_list:['PHCO_27882'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"ProgSupport.PROG-MIN", patch_list:['PHCO_27882'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_29634'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_27881'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_27881'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_27792'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.C-MIN", patch_list:['PHCO_26158'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_26158'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"ProgSupport.PROG-MIN", patch_list:['PHCO_26158'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"ProgSupport.PROG-AUX", patch_list:['PHCO_26158'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS2-RUN", patch_list:['PHNE_28490'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_28299'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_28299'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"BINDv913.INETSVCS-BIND", revision:"B.11.11.01.002", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"BIND.INETSVCS-RUN", revision:"B.11.11.01.002", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"BINDv920.INETSVCS-BIND", revision:"B.11.11.01.002", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_28450'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_27796'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_27796'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00213.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00213.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00213.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,109 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for LP subsystem HPSBUX00213 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835010); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00213"); + script_cve_id(""); + script_name(english: "HP-UX Update for LP subsystem HPSBUX00213"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in the lp subsystem may allow local users to create a denial + of service (DoS). + + Impact: + Local denial of service in lp subsystem. + + Affected Software/OS: + LP subsystem on + HP-UX release B.10.20, B.11.00, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035668-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of LP subsystem"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_27132'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_27133'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"PrinterMgmt.LP-SPOOL", patch_list:['PHCO_27020'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00215.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00215.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00215.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,211 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for XDR Library HPSBUX00215 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835062); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00215"); + script_cve_id(""); + script_name(english: "HP-UX Update for XDR Library HPSBUX00215"); + desc["english"] = " + + Vulnerability Insight: + A potential vulnerability has been identified with HP-UX running XDR + libraries where an unprivileged local user may be able to gain unauthorized + access or create a denial of service (DoS). + + Impact: + Local unauthorized access + denial of service (DoS) + + Affected Software/OS: + XDR Library on + HP-UX B.10.20, B.10.24, B.10.26, B.11.00, B.11.04, B.11.11, and B.11.22 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00958066-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of XDR Library"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_28102'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_28102'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_28480'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_27882'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.26") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_28128'], rls:"HPUX10.26")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", revision:".1.64", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", revision:".1.32", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", revision:".1", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_26158'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_28138'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_28138'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-SHLIBS", revision:".1", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_28103'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_28103'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_28481'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00221.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00221.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00221.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,169 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for LDAP-UX Integration HPSBUX00221 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835013); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00221"); + script_cve_id(""); + script_name(english: "HP-UX Update for LDAP-UX Integration HPSBUX00221"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has beenidentified with HP-UX running the + LPAD-UX Integration product, where the vulnerability could beexploited + remotely to gain increased privilege. + + Impact: + Remote increased privilege + + Affected Software/OS: + LDAP-UX Integration on + HP-UX B.11.00 and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035736-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of LDAP-UX Integration"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"LdapUxClient.ADMIN-RUN", revision:"B.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.CORE-RUN", revision:"B.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.LDAP-C-SDK", revision:"B.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.LDUX-ENG-A-MAN", revision:"B.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.NATIVELDAP-RUN", revision:"B.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.PAM-AUTHZ-RUN", revision:"B.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NisLdapServer.YPLDAP-SERVER", revision:"B.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"LdapUxClient.ADMIN-RUN", revision:"B.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.CORE-RUN", revision:"B.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.LDAP-C-SDK", revision:"B.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.LDUX-ENG-A-MAN", revision:"B.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.NATIVELDAP-RUN", revision:"B.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"LdapUxClient.PAM-AUTHZ-RUN", revision:"B.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NisLdapServer.YPLDAP-SERVER", revision:"B.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00224.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00224.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00224.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,241 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Apache HPSBUX00224 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835104); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00224"); + script_cve_id("CAN-2002-0839", "CAN-2002-0840", "CAN-2002-0843", "CAN-2002-1156"); + script_name(english: "HP-UX Update for Apache HPSBUX00224"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + Apache that may allow a user to gain increased privileges or Denial of + Service (DoS) or execution of arbitrary code. + + Impact: + Increased privileges or Denial of Service (DoS) or execution of arbitrary code. + + Affected Software/OS: + Apache on + HP-UX B.11.00, B.11.11, B.11.20 and B.11.22 running the ApacheStrong or + HPApache HP-UX Apache-based Web Servers. HP-UX B.11.04 running Virtualvault + 4.5 or HP-UX and Solaris running OV-NNM6.2. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944288-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Apache"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.27.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.43.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVNNMgr.OVNNM-RUN", patch_list:['PHSS_28705'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVNNMgr.OVRPT-RUN", patch_list:['PHSS_28705'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"VaultWS.WS-CORE", patch_list:['PHSS_28111', 'PHSS_28098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-IWS", patch_list:['PHSS_28111', 'PHSS_28098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-IWS-JK", patch_list:['PHSS_28111', 'PHSS_28098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-CORE-CMN", patch_list:['PHSS_28111', 'PHSS_28098'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultWS.WS-CORE", patch_list:['PHSS_28090', 'PHSS_28099'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-IWS", patch_list:['PHSS_28090', 'PHSS_28099'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"VaultTS.VV-CORE-CMN", patch_list:['PHSS_28090', 'PHSS_28099'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"OVNNMgr.OVNNM-RUN", patch_list:['PHSS_28704'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVNNMgr.OVRPT-RUN", patch_list:['PHSS_28704'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.27.00", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.43.00", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.20") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.27.00", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.43.00", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.27.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache", revision:"2.0.43.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVNNMgr.OVNNM-RUN", patch_list:['PHSS_28705'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVNNMgr.OVRPT-RUN", patch_list:['PHSS_28705'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00228.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00228.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00228.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,150 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for X Font Server (xfs) Software HPSBUX00228 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835159); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00228"); + script_cve_id(""); + script_name(english: "HP-UX Update for X Font Server (xfs) Software HPSBUX00228"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running X + Font Server (xfs) software, where a buffer overflowmay allow a remote user + to obtain unauthorized access or cause a Denial of Service (DoS). + + Impact: + Remote unauthorized access or Denial of Service (DoS). + + Affected Software/OS: + X Font Server (xfs) Software on + HP-UX B.10.10, B.10.20, B.10.24, B.11.00, B.11.04, B.11.11 and B.11.22 on HP + 9000 Series 700 and 800 running X Font Server (xfs) software. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00965492-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of X Font Server (xfs) Software"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"X Font Server (xfs)", patch_list:['PHSS_28469'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"X Font Server (xfs)", revision:"10.20", rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"X Font Server (xfs)", revision:"11.00", rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"X Font Server (xfs)", patch_list:['PHSS_28468'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"X Font Server (xfs)", patch_list:['PHSS_28471'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"X Font Server (xfs)", patch_list:['PHSS_28470'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00232.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00232.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00232.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,160 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for xntpd HPSBUX00232 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835161); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00232"); + script_cve_id(""); + script_name(english: "HP-UX Update for xntpd HPSBUX00232"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in HP-UX running xntpd which may allow aremote user to + create a denial of service (DoS). + + Impact: + Remote denial of service (DoS) + + Affected Software/OS: + xntpd on + HP-UX B.10.20, B.10.24, B.11.00, B.11.04, and B.11.11 using the xntpd + software. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035763-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of xntpd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_27223'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INET-ENG-A-MAN", patch_list:['PHNE_27223'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.24") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_28002'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INET-ENG-A-MAN", patch_list:['PHNE_28002'], rls:"HPUX10.24")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_27442'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INET-ENG-A-MAN", patch_list:['PHNE_27442'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_24510'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INET-ENG-A-MAN", patch_list:['PHNE_24510'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_24512'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00233.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00233.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00233.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,118 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for BIND HPSBUX00233 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835099); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00233"); + script_cve_id("CAN-2002-1219", "CAN-2002-1220", "CAN-2002-1221", "CAN-2002-0029"); + script_name(english: "HP-UX Update for BIND HPSBUX00233"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in BIND DNS resolver libraries may allow remote attackers to + execute arbitrary code with the privileges of the user running named, + typically root or to create a denial of service (DoS). + + Impact: + Execution of arbitrary code + denial of service (DoS). + + Affected Software/OS: + BIND on + HP-UX releases B.10.10, B.10.20, B.11.00, B.11.04 (VVOS), and B.11.11 + running BIND 4.9.7 or BIND-8.1.2. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00957868-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of BIND"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"BINDv812.INETSVCS-BIND", revision:"B.11.00.01.004", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_28449'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_29634'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_28450'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00237.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00237.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00237.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,151 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for sort HPSBUX00237 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835051); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00237"); + script_cve_id(""); + script_name(english: "HP-UX Update for sort HPSBUX00237"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + sort. The vulnerability could be exploited to allow remote unauthorized + access or a Denial of Service (DoS) + + Impact: + Remote unauthorized access + Denial of Service (DoS) + + Affected Software/OS: + sort on + HP9000 Series 700/800 running HP-UX HP-UX B.10.01, B.10.10, B.10.20, + B.11.04, B.11.11 only. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00965470-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of sort"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX10.01") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_28142'], rls:"HPUX10.01")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.10") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_27940'], rls:"HPUX10.10")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_27565'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_28467'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.20") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_27564'], rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_25918'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00242.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00242.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00242.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,124 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for rpc.yppasswdd HPSBUX00242 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835143); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00242"); + script_cve_id(""); + script_name(english: "HP-UX Update for rpc.yppasswdd HPSBUX00242"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + rpc.yppasswdd, where the vulnerability may be exploited remotely to create a + Denial of Service (DoS) and gain unauthorized access. + + Impact: + Remote Denial of Service (DoS) + unauthorized access + + Affected Software/OS: + rpc.yppasswdd on + HP-UX B.10.10, B.10.20, B.11.00, B.11.11, B.11.22 using rpc.yppasswdd. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00958271-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of rpc.yppasswdd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NIS-SERVER", patch_list:['PHNE_28102'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NIS-SERVER", patch_list:['PHNE_28138'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NIS-SERVER", patch_list:['PHNE_28886'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NIS-SERVER", patch_list:['PHNE_28103'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00246.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00246.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00246.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,154 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for sendmail HPSBUX00246 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835021); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00246"); + script_cve_id("CAN-2002-1337"); + script_name(english: "HP-UX Update for sendmail HPSBUX00246"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + sendmail, where the vulnerability may be exploited remotely to gain + unauthorized access and create a Denial of Service (DoS). + + Impact: + Remote unauthorized access + + Affected Software/OS: + sendmail on + HP-UX B.10.10, B.10.20, B.11.00, B.11.04, B.11.11, and B.11.22 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00958338-4 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of sendmail"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS2-RUN", patch_list:['PHNE_28409'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_28409'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"SMAIL-811.INETSVCS-SMAIL", revision:"B.11.00.01.004", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_35483'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_29526'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_28760'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"SMAIL-811.INETSVCS-SMAIL", revision:"B.11.11.01.005", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_35484'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00249.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00249.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00249.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,196 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Tomcat HPSBUX00249 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835152); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00249"); + script_cve_id("CAN-2003-0042", "CAN-2003-0043", "CAN-2003-0044"); + script_name(english: "HP-UX Update for Tomcat HPSBUX00249"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running HP + Tomcat v 3.3.1. This vulnerability may allow a remote user to gain + unauthorized access or execution of arbitrary code. + + Impact: + Remote unauthorized access or execution of arbitrary code. + + Affected Software/OS: + Tomcat on + HP-UX B.11.00, B.11.11, B.11.22 and B.11.23 running HP Tomcat version 3.3.1 + or prior versions. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00943079-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Tomcat"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.TOMCAT", revision:"3.3.1a", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.TOMCAT", revision:"A.1.0.10.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.TOMCAT2", revision:"A.1.0.10.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsTOMCAT.TOMCAT", revision:"A.1.0.10.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsTOMCAT.TOMCAT2", revision:"A.1.0.10.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.TOMCAT", revision:"3.3.1a", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.TOMCAT", revision:"A.1.0.10.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.TOMCAT2", revision:"A.1.0.10.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsTOMCAT.TOMCAT", revision:"A.1.0.10.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsTOMCAT.TOMCAT2", revision:"A.1.0.10.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.20") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.TOMCAT", revision:"3.3.1a", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.TOMCAT", revision:"3.3.1a", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.TOMCAT", revision:"A.1.0.10.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.TOMCAT2", revision:"A.1.0.10.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsTOMCAT.TOMCAT", revision:"A.1.0.10.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsTOMCAT.TOMCAT2", revision:"A.1.0.10.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00250.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00250.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00250.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,177 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Webmin HPSBUX00250 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835084); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00250"); + script_cve_id("CAN-2003-0101"); + script_name(english: "HP-UX Update for Webmin HPSBUX00250"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + Webmin. The vulnerability could be exploited to allow remote unauthorized + root access. + + Impact: + Remote unauthorized access + + Affected Software/OS: + Webmin on + HP-UX B.11.00, B.11.11, B.11.20, and B.11.22 running + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00954482-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Webmin"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.27.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.WEBMIN", revision:"A.1.0.01.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsWEBMIN.HPDOCS", revision:"A.1.0.01.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsWEBMIN.WEBMIN", revision:"A.1.0.01.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.27.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.WEBMIN", revision:"A.1.0.01.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsWEBMIN.HPDOCS", revision:"A.1.0.01.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsWEBMIN.WEBMIN", revision:"A.1.0.01.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.20") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.27.01", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong.APACHE-STRONG", revision:"1.3.27.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"HPApache.WEBMIN", revision:"A.1.0.01.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsWEBMIN.HPDOCS", revision:"A.1.0.01.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsWEBMIN.WEBMIN", revision:"A.1.0.01.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00251.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00251.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00251.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,164 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for CIFS Server (Samba) HPSBUX00251 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835069); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00251"); + script_cve_id(""); + script_name(english: "HP-UX Update for CIFS Server (Samba) HPSBUX00251"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + CIFS Server (Samba).This vulnerability may allow a remote unauthorized user + to gain root access. + + Impact: + Remote unauthorized root access + + Affected Software/OS: + CIFS Server (Samba) on + HP-UX B.11.00, B.11.11, B.11.22 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00956321-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of CIFS Server (Samba)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.01.09.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.01.09.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.01.09.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.01.09.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.01.09.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.01.09.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.01.09.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.01.09.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.01.09.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.01.09.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.01.09.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.01.09.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00252.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00252.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00252.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,198 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for RPC HPSBUX00252 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835057); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00252"); + script_cve_id(""); + script_name(english: "HP-UX Update for RPC HPSBUX00252"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + RPC. The vulnerability could be exploited to allow remote unauthorized + access or Denial of Service (DoS). + + Impact: + Remote unauthorized access + Remote Denial of Service (DoS) + + Affected Software/OS: + RPC on + HP-UX B.10.20, B.10.26, B.11.00, B.11.04, B.11.11, B.11.22 running RPC. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00951269-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of RPC"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_28982'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_28982'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_28480'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.26") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_30063'], rls:"HPUX10.26")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_30168'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_30168'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_30407'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_26158'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-SHLIBS", revision:"libc.1", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_28983'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_28983'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE-SHLIBS", patch_list:['PHCO_28481'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00253.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00253.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00253.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,154 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for sendmail HPSBUX00253 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835129); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00253"); + script_cve_id(""); + script_name(english: "HP-UX Update for sendmail HPSBUX00253"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX sendmail, + where the vulnerability may be exploited remotely to gain unauthorized + access or create a denial of service (DoS). + + Impact: + Remote unauthorized access + + Affected Software/OS: + sendmail on + HP-UX B.10.10, B.10.20, B.11.00, B.11.04, B.11.11, and B.11.22. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00958571-2 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of sendmail"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS2-RUN", patch_list:['PHNE_28409'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_28409'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"SMAIL-811.INETSVCS-SMAIL", revision:"B.11.00.01.004", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_35483'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_29526'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_28760'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"SMAIL-811.INETSVCS-SMAIL", revision:"B.11.11.01.005", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_35484'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00254.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00254.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00254.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,164 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for CIFS Server (Samba) HPSBUX00254 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835149); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00254"); + script_cve_id(""); + script_name(english: "HP-UX Update for CIFS Server (Samba) HPSBUX00254"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + CIFS Server (Samba).This vulnerability may allow a remote unauthorized user + to gain root access. + + Impact: + Remote unauthorized root access + + Affected Software/OS: + CIFS Server (Samba) on + HP-UX B.11.00, B.11.11, B.11.22 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00956530-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of CIFS Server (Samba)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.01.09.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.01.09.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.01.09.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.01.09.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.01.09.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.01.09.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.01.09.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.01.09.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-RUN", revision:"A.01.09.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-UTIL", revision:"A.01.09.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-ADMIN", revision:"A.01.09.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CIFS-Server.CIFS-LIB", revision:"A.01.09.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00255.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00255.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00255.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,147 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for ApacheStrong HPSBUX00255 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835078); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00255"); + script_cve_id("CAN-2003-0131", "CAN-2003-0147"); + script_name(english: "HP-UX Update for ApacheStrong HPSBUX00255"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + ApacheStrong, HPApache, or hpuxwsAPACHE, that may allow an information leak. + + Impact: + Information leak. + + Affected Software/OS: + ApacheStrong on + HP-UX B.11.00, B.11.11, B.11.20, B.11.22 running the following HP-UX + Apache-based Web Servers: + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944767-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of ApacheStrong"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.27.02", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE", revision:"A.1.0.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.27.02", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.20") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.27.02", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE", revision:"A.1.0.03.01", rls:"HPUX11.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"ApacheStrong", revision:"1.3.27.02", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE", revision:"A.1.0.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE", revision:"B.1.0.07.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00256.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00256.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00256.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,117 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Apache HPSBUX00256 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835131); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00256"); + script_cve_id("CAN-2003-0132"); + script_name(english: "HP-UX Update for Apache HPSBUX00256"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + Apache. The vulnerability could be exploited remotely to create a Denial of + Service (DoS). + + Impact: + Remote Denial of Service (DoS) + + Affected Software/OS: + Apache on + HP-UX B.11.00, B.11.11, and B.11.22 running the hpuxwsAPACHE HP-UX + Apache-based Web Server. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00944545-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Apache"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE", revision:"A.1.0.03.01", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE", revision:"A.1.0.03.01", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE", revision:"A.1.0.03.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"hpuxwsAPACHE", revision:"B.1.0.07.01", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00258.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00258.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00258.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,124 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for wall(1) HPSBUX00258 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835077); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00258"); + script_cve_id(""); + script_name(english: "HP-UX Update for wall(1) HPSBUX00258"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + wall(1). The vulnerability could be exploited by a local user to increase + privileges or to create a Denial of Service (DoS). + + Impact: + Local privilege increase + Denial of Service (DoS) + + Affected Software/OS: + wall(1) on + HP-UX B.10.20, B.11.00, B.11.04, and B.11.11 running wall(1). + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00955707-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of wall(1)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_28718'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_29085'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_28717'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_28719'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00262.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00262.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00262.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,102 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for uucp(1) and uusub(1) HPSBUX00262 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835122); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00262"); + script_cve_id(""); + script_name(english: "HP-UX Update for uucp(1) and uusub(1) HPSBUX00262"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in uucp(1) and uusub(1) may allow local users to increase + privilege. + + Impact: + Local increase in privilege + + Affected Software/OS: + uucp(1) and uusub(1) on + HP-UX release B.10.20, B.11.00, and B.11.11. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00957937-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of uucp(1) and uusub(1)"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"UUCP.UUCP", patch_list:['PHCO_29381'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"UUCP.UUCP-ENG-A-MAN", patch_list:['PHCO_29381'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"UUCP.UUCP", patch_list:['PHCO_29382'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00263.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00263.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00263.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,184 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for CDE HPSBUX00263 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835014); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00263"); + script_cve_id(""); + script_name(english: "HP-UX Update for CDE HPSBUX00263"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP UX, running + CDE libraries and programs could be remotely exploited to gain unauthorized + privileged access and execute arbitrary code. + + Impact: + Remote unauthorized privileged access and execution of arbitrary code. + + Affected Software/OS: + CDE on + HP-UX B.10.20, B.11.00, B.11.04, B.11.11, and B.11.22 running CDE. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00957810-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of CDE"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_28682'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_28683'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_28675'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_28675'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDEDevKit.CDE-PRG", patch_list:['PHSS_28678'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_29214'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_29214'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_29201'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_29201'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDEDevKit.CDE-PRG", patch_list:['PHSS_29202'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"CDE.CDE-SHLIBS", patch_list:['PHSS_28676'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDE.CDE-RUN", patch_list:['PHSS_28677'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"CDEDevKit.CDE-PRG", patch_list:['PHSS_28679'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00264.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00264.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00264.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,111 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for on HP9000 Series 700/800 HPSBUX00264 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835125); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00264"); + script_cve_id(""); + script_name(english: "HP-UX Update for on HP9000 Series 700/800 HPSBUX00264"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running on + HP9000 Series 700/800 where network traffic may cause programs to fail and + create a Denial of Service (DoS). + + Impact: + + + Affected Software/OS: + on HP9000 Series 700/800 on + HP-UX B.11.00, B.11.04, B.11.11 and B.11.22 running on HP9000 Series + 700/800. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00905565-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of on HP9000 Series 700/800"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHNE_28538'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHNE_29453'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHNE_28895'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00266.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00266.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00266.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,147 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for tftpd HPSBUX00266 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835054); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00266"); + script_cve_id(""); + script_name(english: "HP-UX Update for tftpd HPSBUX00266"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + tftpd. The vulnerability could be exploited to allow remote a remote denial + of service to tftpd. + + Impact: + Remote denial of service to tftpd. + + Affected Software/OS: + tftpd on + HP-UX B.11.00, B.11.04, B.11.11, B.11.22 running tftpd. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00901548-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of tftpd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_28828'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INET-ENG-A-MAN", patch_list:['PHNE_28828'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-INC", patch_list:['PHNE_28828'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS2-BOOT", patch_list:['PHNE_29130'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_30589'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INET-ENG-A-MAN", patch_list:['PHNE_30589'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-INC", patch_list:['PHNE_30589'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-BOOT", patch_list:['PHNE_32449'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00267.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00267.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00267.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,387 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Java Runtime Environment HPSBUX00267 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835136); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00267"); + script_cve_id(""); + script_name(english: "HP-UX Update for Java Runtime Environment HPSBUX00267"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified in the HP-UX Java + Runtime Environment (JRE) where the vulnerability may be remotely exploited + to create an unauthorized access. + + Impact: + Remote unauthorized access + + Affected Software/OS: + Java Runtime Environment on + Any HP-UX system running the supported HP-UX versions + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00958678-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Java Runtime Environment"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.2.X", revision:"1.2.2.15", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2.X", revision:"1.2.2.15", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.2.X", revision:"1.2.2.15", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3.X", revision:"1.3.1.08", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3.X", revision:"1.3.1.08", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.3.X", revision:"1.3.1.08", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.0", revision:"1.4.0.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.0", revision:"1.4.0.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.0", revision:"1.4.0.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.1", revision:"1.4.1.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.1", revision:"1.4.1.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.1", revision:"1.4.1.00", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.2.X", revision:"1.2.2.15", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2.X", revision:"1.2.2.15", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.2.X", revision:"1.2.2.15", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3.X", revision:"1.3.1.08", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3.X", revision:"1.3.1.08", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.3.X", revision:"1.3.1.08", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.0", revision:"1.4.0.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.0", revision:"1.4.0.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.0", revision:"1.4.0.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.1", revision:"1.4.1.00", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.1", revision:"1.4.1.00", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.1", revision:"1.4.1.00", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.2.X", revision:"1.2.2.15", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2.X", revision:"1.2.2.15", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.2.X", revision:"1.2.2.15", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3.X", revision:"1.3.1.08", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3.X", revision:"1.3.1.08", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.3.X", revision:"1.3.1.08", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.0", revision:"1.4.0.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.0", revision:"1.4.0.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.0", revision:"1.4.0.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.1", revision:"1.4.1.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.1", revision:"1.4.1.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.1", revision:"1.4.1.00", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.2.X", revision:"1.2.2.15", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2.X", revision:"1.2.2.15", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.2.X", revision:"1.2.2.15", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3.X", revision:"1.3.1.08", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3.X", revision:"1.3.1.08", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.3.X", revision:"1.3.1.08", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.0", revision:"1.4.0.04", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.0", revision:"1.4.0.04", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.0", revision:"1.4.0.04", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.1", revision:"1.4.1.00", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.1", revision:"1.4.1.00", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.1", revision:"1.4.1.00", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00268.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00268.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00268.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,315 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Java VM (J2SE) and Java Plugin HPSBUX00268 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835098); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00268"); + script_cve_id(""); + script_name(english: "HP-UX Update for Java VM (J2SE) and Java Plugin HPSBUX00268"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified in the HP-UX Java + Virtual Machine (J2SE) and the Java Plugin where the vulnerability may be + remotely exploited to create an unauthorized access. + + Impact: + Remote unauthorized access + + Affected Software/OS: + Java VM (J2SE) and Java Plugin on + HP-UX B.11.00, B.11.11, B.11.22, B.11.23 running + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00958693-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Java VM (J2SE) and Java Plugin"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.2.X", revision:"1.2.2.15", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2.X", revision:"1.2.2.15", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.2.X", revision:"1.2.2.15", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3.X", revision:"1.3.1.09", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3.X", revision:"1.3.1.09", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.3.X", revision:"1.3.1.09", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.X", revision:"1.4.0.05", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.X", revision:"1.4.0.05", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.X", revision:"1.4.0.05", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.2.X", revision:"1.2.2.15", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2.X", revision:"1.2.2.15", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.2.X", revision:"1.2.2.15", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3.X", revision:"1.3.1.09", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3.X", revision:"1.3.1.09", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.3.X", revision:"1.3.1.09", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.X", revision:"1.4.0.05", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.X", revision:"1.4.0.05", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.X", revision:"1.4.0.05", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.2.X", revision:"1.2.2.15", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2.X", revision:"1.2.2.15", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.2.X", revision:"1.2.2.15", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3.X", revision:"1.3.1.09", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3.X", revision:"1.3.1.09", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.3.X", revision:"1.3.1.09", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.X", revision:"1.4.0.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.X", revision:"1.4.0.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.X", revision:"1.4.0.05", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"JRE 1.2.X", revision:"1.2.2.15", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.2.X", revision:"1.2.2.15", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.2.X", revision:"1.2.2.15", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.3.X", revision:"1.3.1.09", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.3.X", revision:"1.3.1.09", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.3.X", revision:"1.3.1.09", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JRE 1.4.X", revision:"1.4.0.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JDK 1.4.X", revision:"1.4.0.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"JPI 1.4.X", revision:"1.4.0.05", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00271.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00271.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00271.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,268 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for HP-UX Pkg HPSBUX00271 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835090); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00271"); + script_cve_id(""); + script_name(english: "HP-UX Update for HP-UX Pkg HPSBUX00271"); + desc["english"] = " + + Vulnerability Insight: + A vulnerability in HP-UX Streams code may allow remote attackers to execute + arbitrary code with the privileges of the user running named, typically root + or to create a Denial of Service (DoS). + + Impact: + Execution of arbitrary code + denial of service (DoS) + + Affected Software/OS: + HP-UX Pkg on + HP-UX B.11.00, B.11.04 (VVOS), B.11.11 and B.11.22 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00957907-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of HP-UX Pkg"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-64SLIB", patch_list:['PHNE_27703'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-MIN", patch_list:['PHNE_27703'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS2-KRN", patch_list:['PHNE_27703'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS2-KRN", patch_list:['PHNE_27703'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-32ALIB", patch_list:['PHNE_27703'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-MIN", patch_list:['PHNE_27703'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-64ALIB", patch_list:['PHNE_27703'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-64SLIB", patch_list:['PHNE_27703'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-KRN", patch_list:['PHNE_27902'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-32ALIB", patch_list:['PHNE_27902'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-MIN", patch_list:['PHNE_27902'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-64ALIB", patch_list:['PHNE_27902'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-64SLIB", patch_list:['PHNE_27902'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS2-KRN", patch_list:['PHNE_27902'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-KRN", patch_list:['PHNE_29525'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-32ALIB", patch_list:['PHNE_29525'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-MIN", patch_list:['PHNE_29525'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-64ALIB", patch_list:['PHNE_29525'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-64SLIB", patch_list:['PHNE_29525'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS2-KRN", patch_list:['PHNE_29525'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-64SLIB", patch_list:['PHNE_27703'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS-MIN", patch_list:['PHNE_27703'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"Streams.STREAMS2-KRN", patch_list:['PHNE_27703'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS2-KRN", patch_list:['PHNE_27703'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-32ALIB", patch_list:['PHNE_27703'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-MIN", patch_list:['PHNE_27703'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-64ALIB", patch_list:['PHNE_27703'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"STREAMS-64SLIB", patch_list:['PHNE_27703'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00272.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00272.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00272.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,326 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for rpc.mountd HPSBUX00272 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835113); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00272"); + script_cve_id("CAN-1999-1225"); + script_name(english: "HP-UX Update for rpc.mountd HPSBUX00272"); + desc["english"] = " + + Vulnerability Insight: + A security vulnerability has been identified on HP-UX where error messages + returned by rpc.mountd can potentially be used togain remote unauthorzied + access. + + Impact: + Remote unauthorized access. + + Affected Software/OS: + rpc.mountd on + HP-UX B.11.00, B.11.11, and B.11.22. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00908660-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of rpc.mountd"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.CORE2-KRN", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-KRN", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-CLIENT", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-PRG", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.KEY-CORE", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-CORE", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NISPLUS-CORE", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SERVER", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NIS-CORE", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NIS-CLIENT", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NIS-SERVER", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-INETD", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64ALIB", patch_list:['PHNE_29210'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"NFS.NFS-PRG", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NIS-SERVER", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.KEY-CORE", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-KRN", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS2-CLIENT", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS2-CORE", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS2-SERVER", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NIS2-CLIENT", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NIS2-CORE", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NIS2-SERVER", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NISPLUS2-CORE", patch_list:['PHNE_29449'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"NFS.KEY-CORE", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64ALIB", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-64SLIB", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-CLIENT", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-CORE", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-PRG", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SERVER", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-SHLIBS", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NIS-SERVER", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NISPLUS-CORE", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"NFS.NFS-KRN", patch_list:['PHNE_29211'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00274.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00274.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00274.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,121 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for OpenView DCE HPSBUX00274 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835137); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00274"); + script_cve_id(""); + script_name(english: "HP-UX Update for OpenView DCE HPSBUX00274"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX OpenView + DCE. The vulnerability could be exploitedremotely to create a denial of + service (DoS). + + Impact: + Remote Denial of Service (DoS) + + Affected Software/OS: + OpenView DCE on + HP-UX B.11.00 and B.11.11 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912026-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of OpenView DCE"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OVOPC-CLT.OVOPC-SOL-CLT", patch_list:['PHSS_29645'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVOPC-CLT.OVOPC-SOL-CLT", patch_list:['PHSS_29646'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVOPC-CLT.OVOPC-LIN-CLT", patch_list:['PHSS_29626'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVOPC-CLT-ENG.OVOPC-LIN-CLT", patch_list:['PHSS_29644'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OVOPC-CLT.OVOPC-SOL-CLT", patch_list:['PHSS_29645'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"OVOPC-CLT.OVOPC-LIN-CLT", patch_list:['PHSS_29626'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00275.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00275.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00275.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,124 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Shells HPSBUX00275 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835000); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00275"); + script_cve_id("CAN-2000-1134"); + script_name(english: "HP-UX Update for Shells HPSBUX00275"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX shells, + where the vulnerability may be exploited by local users to increase + privilege or create a Denial of Service (DoS). + + Impact: + Potential local increase of privilege + denial of service (DoS). + + Affected Software/OS: + Shells on + HP-UX B.10.20, B.11.00, B.11.04, and B.11.11 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00958494-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Shells"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_27344'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_29814'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX10.20") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_27804'], rls:"HPUX10.20")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"OS-Core.UX-CORE", patch_list:['PHCO_27345', 'PHCO_27019', 'PHCO_26561'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00276.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00276.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00276.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,84 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for DCE HPSBUX00276 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835091); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00276"); + script_cve_id(""); + script_name(english: "HP-UX Update for DCE HPSBUX00276"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + DCE, where the vulnerability may be exploited remotely to create a Denial of + Service (DoS). + + Impact: + Remote Denial of Service (DoS) + + Affected Software/OS: + DCE on + HP-UX B.11.11 running DCE + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00958403-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of DCE"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"DCE-Core.DCE-CORE-SHLIB", patch_list:['PHSS_29964'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00280.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00280.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00280.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,334 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for Java VM (J2SE) or Java Secure Socket Extension (JSSE) Software HPSBUX00280 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835068); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00280"); + script_cve_id(""); + script_name(english: "HP-UX Update for Java VM (J2SE) or Java Secure Socket Extension (JSSE) Software HPSBUX00280"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX running + Java VM (J2SE) andJava Secure Socket Extension (JSSE) software, that may + resultin arbitrary code execution and an information leak. + + Impact: + Arbitrary code execution. + + Affected Software/OS: + Java VM (J2SE) or Java Secure Socket Extension (JSSE) Software on + HP-UX B.11.00, B.11.11, B.11.22 and B.11.23 running Java VM (J2SE) and + HP9000 Servers running HP-UX release B.11.00 and B.11.11, with the following + versions of + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00954663-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of Java VM (J2SE) or Java Secure Socket Extension (JSSE) Software"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"are listed in this bulletin.", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"for Servicecontrol Manager", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-AGENT", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-ENG-MAN", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-CMS", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-PORTAL", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-REPO", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-TOOLS", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"are listed in this bulletin.", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"for Servicecontrol Manager", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-AGENT", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-ENG-MAN", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-CMS", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-PORTAL", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-REPO", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-TOOLS", revision:"B.03.00.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"are listed in this bulletin.", revision:"B.03.00.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"for Servicecontrol Manager", revision:"B.03.00.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-AGENT", revision:"B.03.00.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-ENG-MAN", revision:"B.03.00.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-CMS", revision:"B.03.00.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-PORTAL", revision:"B.03.00.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-REPO", revision:"B.03.00.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-TOOLS", revision:"B.03.00.04", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"are listed in this bulletin.", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"for Servicecontrol Manager", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-AGENT", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-ENG-MAN", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-CMS", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-PORTAL", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-REPO", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-TOOLS", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"are listed in this bulletin.", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"for Servicecontrol Manager", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-AGENT", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtAgent.MX-ENG-MAN", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-CMS", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-PORTAL", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-REPO", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SysMgmtServer.MX-TOOLS", revision:"B.03.00.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00281.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00281.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00281.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,161 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for sendmail HPSBUX00281 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835117); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00281"); + script_cve_id("CAN-2003-0681"); + script_name(english: "HP-UX Update for sendmail HPSBUX00281"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has beenidentified with HP-UX running + sendmail, where the vulnerability could beexploited remotely to gain + unauthorized privileged access. + + Impact: + Remote unauthorized privileged access. + + Affected Software/OS: + sendmail on + HP-UX B.11.00, B.11.04, B.11.11, B.11.22, B.11.23 running sendmail 8.9.3 and + 8.11.1. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c01035741-4 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of sendmail"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_35483'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SMAIL-811.INETSVCS-SMAIL", revision:"B.11.00.01.005", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS2-RUN", patch_list:['PHNE_29912'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_29912'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.04") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_30224'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INET-ENG-A-MAN", patch_list:['PHNE_30224'], rls:"HPUX11.04")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS-RUN", patch_list:['PHNE_35484'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + if(ishpuxpkgvuln(pkg:"SMAIL-811.INETSVCS-SMAIL", revision:"B.11.11.01.006", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"InternetSrvcs.INETSVCS2-RUN", patch_list:['PHNE_35485'], rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00282.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00282.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00282.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,124 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for T1471AA Secure Shell HPSBUX00282 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835030); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00282"); + script_cve_id(""); + script_name(english: "HP-UX Update for T1471AA Secure Shell HPSBUX00282"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX running + T1471AA Secure Shell. The vulnerability could be exploited to allow remote + privilege increase and arbitrary code execution. + + Impact: + Remote privilege increase + arbitrary code execution + + Affected Software/OS: + T1471AA Secure Shell on + HP-UX B.11.00, B.11.11, B.11.22, B.11.23 running T1471AA Secure Shell. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00910818-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of T1471AA Secure Shell"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"Secure_Shell.SECURE_SHELL", revision:"A.03.61.002", rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"Secure_Shell.SECURE_SHELL", revision:"A.03.61.002", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"Secure_Shell.SECURE_SHELL", revision:"A.03.61.002", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"Secure_Shell.SECURE_SHELL", revision:"A.03.61.002", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00286.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00286.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00286.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,97 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for AAA Server HPSBUX00286 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835123); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00286"); + script_cve_id("CAN-2003-0543", "CAN-2003-0544", "CAN-2003-0545"); + script_name(english: "HP-UX Update for AAA Server HPSBUX00286"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX AAA + Server. The vulnerability could be exploitedremotely to create a denial of + service (DoS). + + Impact: + Remote Denial of Service (DoS) + + Affected Software/OS: + AAA Server on + HP-UX B.11.00 and B.11.11 running HP-UX AAA Server (T1428AA) + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912021-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of AAA Server"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"AAAServer", revision:"A.06.01.02.04", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"AAAServer", revision:"A.06.01.02.04", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00287.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00287.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00287.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,100 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for on HP 9000 Servers Running MySQL HPSBUX00287 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835096); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00287"); + script_cve_id(""); + script_name(english: "HP-UX Update for on HP 9000 Servers Running MySQL HPSBUX00287"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identifiedwith HP-UX on HP 9000 + Servers running MySQL with Servicecontrol Manager (SCM) 3.0. This + vulnerability may allow unauthorized access, increased privileges or + execution of arbitrary code. + + Impact: + Unauthorized access + increased privileges or execution of arbitrary code. + + Affected Software/OS: + on HP 9000 Servers Running MySQL on + HP-UX B.11.00, B.11.11 on HP 9000 Servers running MySQL 3.23.39 with + Servicecontrol Manager (SCM) 3.0. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00911995-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of on HP 9000 Servers Running MySQL"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"mysql.MYSQL", revision:"3.23.54", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"mysql.MYSQL", revision:"3.23.54", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00288.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00288.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00288.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,111 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for HP WEBM Services HPSBUX00288 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835108); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00288"); + script_cve_id("CAN-2003-0543", "CAN-2003-0544", "CAN-2003-0545"); + script_name(english: "HP-UX Update for HP WEBM Services HPSBUX00288"); + desc["english"] = " + + Vulnerability Insight: + Potential security vulnerabilities have been identified with HP-HX running + HP WEBM Services. The vulnerabilities could be exploited remotely to create + a Denial of Service (DoS). + + Impact: + Remote Denial of Service (DoS) + + Affected Software/OS: + HP WEBM Services on + HP-UX B.11.00 running HP WEBM versions prior to A.01.05.07 HP-UX B.11.11 and + B.11.23 running HP WEBM versions prior to A.02.00.02 + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00891831-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of HP WEBM Services"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"WBEMServices.WBEM-CORE", revision:"A.01.05.07", rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.23") +{ + + if(ishpuxpkgvuln(pkg:"WBEMServices.WBEM-CORE", revision:"A.02.00.02", rls:"HPUX11.23")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"WBEMServices.WBEM-CORE", revision:"A.02.00.02", rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00289.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00289.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00289.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,110 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for dtprintinfo HPSBUX00289 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835138); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00289"); + script_cve_id(""); + script_name(english: "HP-UX Update for dtprintinfo HPSBUX00289"); + desc["english"] = " + + Vulnerability Insight: + A potential security vulnerability has been identified with HP-UX + dtprintinfo. The vulnerability could be exploitedlocally to gain increased + privilege. + + Impact: + Local increased privilege. + + Affected Software/OS: + dtprintinfo on + HP-UX B.11.00, B.11.11, and B.11.22. + + Fix: Please Install the Updated Packages. + + References: + http://www11.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c00912024-1 + + Risk factor: High"; + + script_description(english:desc["english"]); + script_summary(english:"Check for the Version of dtprintinfo"); + script_category(ACT_GATHER_INFO); + script_copyright(english:"Copyright (C) 2009 Intevation GmbH"); + script_family(english:"HP-UX Local Security Checks"); + script_dependencies("gather-package-list.nasl"); + script_require_keys("ssh/login/release"); + exit(0); +} + + +include("pkg-lib-hpux.inc"); +include("revisions-lib.inc"); + +release = get_kb_item("ssh/login/release"); + +if(release == NULL){ + exit(0); +} + +if(release == "HPUX11.00") +{ + + if(ishpuxpkgvuln(pkg:"X11.X11R6-SHLIBS", patch_list:['PHSS_29367'], rls:"HPUX11.00")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.22") +{ + + if(ishpuxpkgvuln(pkg:"X11.X11R6-SHLIBS", patch_list:['PHSS_29373'], rls:"HPUX11.22")) + { + security_hole(0); + exit(0); + } + + exit(0); +} + + +if(release == "HPUX11.11") +{ + + if(ishpuxpkgvuln(pkg:"X11.X11R6-SHLIBS", patch_list:['PHSS_29371'], rls:"HPUX11.11")) + { + security_hole(0); + exit(0); + } + + exit(0); +} \ No newline at end of file Added: trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00290.nasl =================================================================== --- trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00290.nasl 2009-05-05 10:03:09 UTC (rev 3234) +++ trunk/openvas-plugins/scripts/gb_hp_ux_HPSBUX00290.nasl 2009-05-05 10:14:23 UTC (rev 3235) @@ -0,0 +1,132 @@ +############################################################################### +# OpenVAS Vulnerability Test +# +# HP-UX Update for BIND v920 HPSBUX00290 +# +# Authors: +# System Generated Check +# +# Copyright: +# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net +# +# This program is free software; you can redistribute it and/or modify +# it under the terms of the GNU General Public License version 2 +# (or any later version), as published by the Free Software Foundation. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program; if not, write to the Free Software +# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. +############################################################################### + +if(description) +{ + script_id(835007); + script_version("$Revision: 1.0 $"); + script_xref(name: "HPSBUX", value: "00290"); + script_cve_id("CAN-2003-0543", "CAN-2003-0544", "CAN-2003-0545"); + script_name(english: "HP-UX Update for BIND v920 HPSBUX00290"); + desc["english"] = " + + Vulnerability Insight: + 1. Certain ASN.1 encodings that are rejected as invalidby the parser can + trigger a bug in the deallocationof the corresponding data structure, + corrupting thestack. This can be used as a denial of serviceattack. It is + currently unknown whether this can beexploited to run malicious code. This + issue does notaffect OpenSSL 0.9.6.