[Openvas-commits] r3248 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed May 6 08:04:30 CEST 2009 

Author: chandra
Date: 2009-05-06 08:04:28 +0200 (Wed, 06 May 2009)
New Revision: 3248

Added:
   trunk/openvas-plugins/scripts/gb_axigen_mail_server_detect.nasl
   trunk/openvas-plugins/scripts/gb_axigen_mail_server_xss_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_xitami_mult_format_string_vuln.nasl
   trunk/openvas-plugins/scripts/secpod_xitami_server_detect.nasl
   trunk/openvas-plugins/scripts/secpod_xpdf_detect.nasl
   trunk/openvas-plugins/scripts/secpod_xpdf_mult_vuln.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
Log:
Added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-06 04:18:55 UTC (rev 3247)
+++ trunk/openvas-plugins/ChangeLog	2009-05-06 06:04:28 UTC (rev 3248)
@@ -1,3 +1,12 @@
+2009-05-06 Chandrashekhar B <bchandra at secpod.com>
+	* scripts/gb_axigen_mail_server_xss_vuln.nasl,
+	scripts/gb_axigen_mail_server_detect.nasl,
+	scripts/secpod_xitami_server_detect.nasl,
+	scripts/secpod_xpdf_mult_vuln.nasl,
+	scripts/secpod_xitami_mult_format_string_vuln.nasl,
+	scripts/secpod_xpdf_detect.nasl:
+	Added new plugins
+
 2009-05-05 Thomas Reinke <reinke at securityspace.com>
 	* deb_1779_1.nasl deb_1780_1.nasl deb_1781_1.nasl deb_1782_1.nasl
 	deb_1784_1.nasl deb_1785_1.nasl deb_1786_1.nasl deb_1787_1.nasl

Added: trunk/openvas-plugins/scripts/gb_axigen_mail_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_axigen_mail_server_detect.nasl	2009-05-06 04:18:55 UTC (rev 3247)
+++ trunk/openvas-plugins/scripts/gb_axigen_mail_server_detect.nasl	2009-05-06 06:04:28 UTC (rev 3248)
@@ -0,0 +1,75 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_axigen_mail_server_detect.nasl 2053 2009-05-05 20:07:05Z may $
+#
+# Axigen Mail Server Version Detection
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+##############################################################################
+
+if(description)
+{
+  script_id(800603);
+  script_version("$Revision: 1.0 $");
+  script_name(english:"Axigen Mail Server Version Detection");
+  desc["english"] = "
+
+  Overview: The script detects the installed version of Axigen Mail
+  Server and sets the result in KB.
+
+  Risk factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Sets KB for the version of Axigen Mail Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Service detection");
+  script_dependencies("find_service.nes", "http_version.nasl");
+  script_require_ports("Services/www", 9000);
+  exit(0);
+}
+
+
+include("http_func.inc");
+
+axigenPort = get_http_port(default:9000);
+
+if(!axigenPort){
+  axigenPort = 9000;
+}
+
+if(!get_port_state(axigenPort)){
+  exit(0);
+}
+
+request = http_get(item:string("/"), port:axigenPort);
+rcvRes = http_send_recv(port:axigenPort, data:request);
+
+if(rcvRes != NULL && "Axigen-Webadmin" >< rcvRes)
+{
+  axigenVer = eregmatch(pattern:"AXIGEN WebAdmin ([0-9.]+)",
+                        string:rcvRes);
+
+  if(axigenVer[1] != NULL)
+  {
+    set_kb_item(name:"www/" + axigenPort + "/AxigenMailServer",
+                value:axigenVer[1]);
+  }
+}

Added: trunk/openvas-plugins/scripts/gb_axigen_mail_server_xss_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/gb_axigen_mail_server_xss_vuln.nasl	2009-05-06 04:18:55 UTC (rev 3247)
+++ trunk/openvas-plugins/scripts/gb_axigen_mail_server_xss_vuln.nasl	2009-05-06 06:04:28 UTC (rev 3248)
@@ -0,0 +1,88 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: gb_axigen_mail_server_xss_vuln.nasl 2053 2009-05-05 17:05:29Z may $
+#
+# Axigen Mail Server Cross-Site Scripting Vulnerability
+#
+# Authors:
+# Antu Sanadi <santu at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 Intevation GmbH, http://www.intevation.net
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(800604);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2009-1484");
+  script_bugtraq_id(34716);
+  script_name(english:"Axigen Mail Server Cross-Site Scripting Vulnerability");
+  desc["english"] = "
+
+  Overview:
+  The host is running Axigen Mail Server and is prone to Cross-Site Scripting
+  Vulnerability.
+
+  Vulnerability Insight:
+  The flaw is caused due to improper sanitization of user-supplied input passed
+  within the e-mail messages.
+
+  Impact:
+  Successful exploitation will allows the attacker to steal cookie-based
+  authentication credentials by injecting HTML and script code on a affected
+  application.
+
+  Affected Software/OS:
+  Axigen Mail Server Version 6.2.2 and prior.
+
+  Fix: Upgrade to version 7.1.0 or later
+  http://www.axigen.com/mail-server/download/
+
+  References:
+  http://secunia.com/advisories/34402
+
+  CVSS Score:
+    CVSS Base Score     : 4.3 (AV:N/AC:M/Au:NR/C:N/I:P/A:N)
+    CVSS Temporal Score : 3.2
+  Risk factor : Medium";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Axigen Mail Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 Intevation GmbH");
+  script_family(english:"Web application abuses");
+  script_dependencies("gb_axigen_mail_server_detect.nasl");
+  script_require_ports("Services/www", 9000);
+  exit(0);
+}
+
+
+include("http_func.inc");
+include("version_func.inc");
+
+axigenPort = get_http_port(default:9000);
+if(!axigenPort){
+  exit(0);
+}
+
+axigenVer = get_kb_item("www/" + axigenPort + "/AxigenMailServer");
+if(axigenVer != NULL)
+{
+  if(version_is_less_equal(version:axigenVer, test_version:"6.2.2")){
+    security_warning(axigenPort);
+  }
+}

Added: trunk/openvas-plugins/scripts/secpod_xitami_mult_format_string_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xitami_mult_format_string_vuln.nasl	2009-05-06 04:18:55 UTC (rev 3247)
+++ trunk/openvas-plugins/scripts/secpod_xitami_mult_format_string_vuln.nasl	2009-05-06 06:04:28 UTC (rev 3248)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xitami_mult_format_string_vuln.nasl 1210 2009-05-05 12:39:43Z apr $
+#
+# Xitami Multiple Format String Vulnerabilities
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900548);
+  script_version("$Revision: 1.0 $");
+  script_cve_id("CVE-2008-6519", "CVE-2008-6520");
+  script_bugtraq_id(28603);
+  script_name(english:"Xitami Multiple Format String Vulnerabilities");
+  desc["english"] = "
+
+  Overview: This host has Xitami web server installed and is prone to
+  Multiple Format String Vulnerabilities.
+
+  Vulnerability Insight:
+  - Error exists while handling a format string specifiers in a Long Running
+    Web Process (LRWP) request, which triggers incorrect logging code involving
+    the sendfmt function in the SMT kernel.
+  - Error in Server Side Includes (SSI) filter when processes requests with
+    specially crafted URIs ending in .ssi, .shtm, or .shtml, which triggers
+    incorrect logging code involving the sendfmt function in the SMT kernel.
+
+  Impact:
+  Successful exploitation will allow remote attackers to execute arbitrary code
+  and can lead to application crash.
+
+  Impact Level: Application
+
+  Affected Software/OS:
+  Xitami version 2.5c2 and prior.
+
+  Fix: No solution or patch is available as on 05th May, 2009. Information
+  regarding this issue will be updated once the solution details are available.
+  For updates refer, http://www.xitami.com/
+
+  References:
+  http://www.milw0rm.com/exploits/5354
+  http://xforce.iss.net/xforce/xfdb/41644
+  http://xforce.iss.net/xforce/xfdb/41645
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 9.0
+  Risk factor: Critical";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Xitami Web Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Denial of Service");
+  script_dependencies("secpod_xitami_server_detect.nasl");
+  script_require_keys("Xitami/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+xVer = get_kb_item("Xitami/Ver");
+if(xVer == NULL){
+  exit(0);
+}
+
+if(version_is_less_equal(version:xVer, test_version:"2.5.c2")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_xitami_mult_format_string_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_xitami_server_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xitami_server_detect.nasl	2009-05-06 04:18:55 UTC (rev 3247)
+++ trunk/openvas-plugins/scripts/secpod_xitami_server_detect.nasl	2009-05-06 06:04:28 UTC (rev 3248)
@@ -0,0 +1,103 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xitami_server_detect.nasl 1210 2009-04-28 16:44:19Z apr $
+#
+# Xitami Server Version Detection
+#
+# Authors:
+# Nikita MR <rnikita at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900547);
+  script_version("Revision: 1.0 ");
+  script_name(english:"Xitami Server Version Detection");
+  desc["english"] = "
+
+  Overview : This script detects the installed version of Xitami Server
+  and saves the result in KB.
+
+  Risk factor : Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Set KB for the Version of Xitami Server");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Service detection");
+  script_dependencies("find_service.nes");
+  script_require_ports("Services/www", 80, "Services/ftp", 21);
+  exit(0);
+}
+
+
+include("ftp_func.inc");
+include("http_func.inc");
+
+wwwPort = get_http_port(default:80);
+if(!wwwPort){
+  wwwPort = 80;
+}
+
+if(!get_port_state(wwwPort)){
+  exit(0);
+}
+
+soc = open_sock_tcp(wwwPort);
+req = string("GET /\r\n\r\n");
+send(socket:soc, data:req);
+rcvRes = http_recv(socket:soc);
+close(soc);
+
+if("Xitami" >!< rcvRes){
+  exit(0);
+}
+
+xitaVer = eregmatch(pattern:"Xitami\/([0-9]\.[0-9.]+)([a-z][0-9]?)?",
+                    string:rcvRes);
+if(xitaVer == NULL)
+{
+  ftpPort = get_kb_item("Services/ftp");
+
+  if(!ftpPort){
+    ftpPort = 21;
+  }
+
+  if(!get_port_state(ftpPort)){
+    exit(0);
+  }
+
+  # Get the version from banner
+  banner = get_ftp_banner(port:ftpPort);
+  xitaVer = eregmatch(pattern:"Xitami.*([0-9]\.[0-9.]+)([a-z][0-9]?)?",
+                      string: banner);
+}
+
+if(xitaVer[1] != NULL)
+{
+  if(xitaVer[2] != NULL){
+    xVer = xitaVer[1] + "." + xitaVer[2];
+  }
+  else
+    xVer = xitaVer[1];
+}
+
+if(xVer){
+  set_kb_item(name:"Xitami/Ver", value:xVer);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_xitami_server_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_xpdf_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xpdf_detect.nasl	2009-05-06 04:18:55 UTC (rev 3247)
+++ trunk/openvas-plugins/scripts/secpod_xpdf_detect.nasl	2009-05-06 06:04:28 UTC (rev 3248)
@@ -0,0 +1,69 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xpdf_detect.nasl 1933 2009-04-27 14:10:29Z apr $
+#
+# Xpdf Version Detection
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900466);
+  script_version("$Revision: 1.0 $");
+  script_name(english:"Xpdf Version Detection");
+  desc["english"] = "
+
+  Overview: The script detects the version of Xpdf for Linux on
+  remote host and sets the result into KB.
+
+  Risk Factor: Informational";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for Linux Xpdf version");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Service detection");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+sock = ssh_login_or_reuse_connection();
+if(!sock){
+  exit(0);
+}
+
+xpdfPaths = find_file(file_name:"xpdf", file_path:"/", useregex:TRUE,
+                       regexpar:"$", sock:sock);
+foreach xpdfBin (xpdfPaths)
+{
+  xpdfVer = get_bin_version(full_prog_name:chomp(xpdfBin), sock:sock,
+                            version_argv:"-v",
+                            ver_pattern:"xpdf version ([0-9]\.[0-9]+([a-z]?))");
+  if(xpdfVer[1] != NULL)
+  {
+    set_kb_item(name:"Xpdf/Linux/Ver", value:xpdfVer[1]);
+    ssh_close_connection();
+    exit(0);
+  }
+}
+ssh_close_connection();


Property changes on: trunk/openvas-plugins/scripts/secpod_xpdf_detect.nasl
___________________________________________________________________
Name: svn:executable
   + *

Added: trunk/openvas-plugins/scripts/secpod_xpdf_mult_vuln.nasl
===================================================================
--- trunk/openvas-plugins/scripts/secpod_xpdf_mult_vuln.nasl	2009-05-06 04:18:55 UTC (rev 3247)
+++ trunk/openvas-plugins/scripts/secpod_xpdf_mult_vuln.nasl	2009-05-06 06:04:28 UTC (rev 3248)
@@ -0,0 +1,90 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id: secpod_xpdf_mult_vuln.nasl 1933 2009-04-27 14:21:29Z apr $
+#
+# Xpdf Multiple Vulnerabilities
+#
+# Authors:
+# Sujit Ghosal <sghosal at secpod.com>
+#
+# Copyright:
+# Copyright (c) 2009 SecPod, http://www.secpod.com
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if(description)
+{
+  script_id(900457);
+  script_version("$Revision: 1.0 $");
+  script_bugtraq_id(34568, 34791);
+  script_cve_id("CVE-2009-0195", "CVE-2009-0166", "CVE-2009-0147", "CVE-2009-0146",
+                "CVE-2009-1183", "CVE-2009-1182", "CVE-2009-1181", "CVE-2009-1179",
+                "CVE-2009-0800", "CVE-2009-1180", "CVE-2009-0799", "CVE-2009-0165");
+  script_name(english:"Xpdf Multiple Vulnerabilities");
+  desc["english"] = "
+
+  Overview: This host is installed with Xpdf for Linux and is prone to Multiple
+  Vulnerabilities.
+
+  Vulnerability Insight:
+  - Integer overflow in Xpdf JBIG2 Decoder which allows the attacker create a
+    malicious crafted PDF File and causes code execution.
+  - Flaws in Xpdf JBIG2 Decoder which causes buffer overflow, freeing of
+    arbitrary memory causing Xpdf application to crash.
+
+  Impact:
+  Successful exploitation will let the attacker craft a malicious PDF File and
+  execute arbitrary codes into the context of the affected application to cause
+  denial of service attacks, buffer overflow attacks, remote code executions etc.
+
+  Affected Software/OS:
+  Xpdf version 3.02 and prior on Linux.
+
+  Fix:
+  Apply Xpdf v3.02 pl3 patch.
+  ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.02pl3.patch
+
+  References:
+  http://secunia.com/advisories/34755
+  https://bugzilla.redhat.com/show_bug.cgi?id=495896
+  http://www.redhat.com/support/errata/RHSA-2009-0430.html
+
+  CVSS Score:
+    CVSS Base Score     : 10.0 (AV:N/AC:L/Au:NR/C:C/I:C/A:C)
+    CVSS Temporal Score : 7.4
+  Risk factor: High";
+
+  script_description(english:desc["english"]);
+  script_summary(english:"Check for the version of Xpdf");
+  script_category(ACT_GATHER_INFO);
+  script_copyright(english:"Copyright (C) 2009 SecPod");
+  script_family(english:"Buffer overflow");
+  script_dependencies("secpod_xpdf_detect.nasl");
+  script_require_keys("Xpdf/Linux/Ver");
+  exit(0);
+}
+
+
+include("version_func.inc");
+
+xpdfVer = get_kb_item("Xpdf/Linux/Ver");
+if(xpdfVer == NULL){
+  exit(0);
+}
+
+# Grep for Xpdf version 3.02 and prior
+if(version_is_less_equal(version:xpdfVer, test_version:"3.02")){
+  security_hole(0);
+}


Property changes on: trunk/openvas-plugins/scripts/secpod_xpdf_mult_vuln.nasl
___________________________________________________________________
Name: svn:executable
   + *

More information about the Openvas-commits mailing list