[Openvas-commits] r3261 - in trunk/openvas-plugins: . scripts
scm-commit@wald.intevation.org
scm-commit at wald.intevation.org
Wed May 6 14:55:28 CEST 2009
Author: mime
Date: 2009-05-06 14:55:27 +0200 (Wed, 06 May 2009)
New Revision: 3261
Added:
trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl
trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl
trunk/openvas-plugins/scripts/nagios_detect.nasl
trunk/openvas-plugins/scripts/nagios_statd_detect.nasl
trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
Modified:
trunk/openvas-plugins/ChangeLog
trunk/openvas-plugins/scripts/axigen_34716.nasl
Log:
added new plugins
Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog 2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/ChangeLog 2009-05-06 12:55:27 UTC (rev 3261)
@@ -1,3 +1,14 @@
+2009-05-06 Michael Meyer <mime at gmx.de>
+ * scripts/nagios_detect.nasl
+ scripts/nagios_statd_detect.nasl
+ scripts/quick_easy_mail_server_34814.nasl
+ scripts/nagios_cve_2008_6373.nasl
+ scripts/nagios_cve_2008_5027.nasl:
+ Added new plugins
+
+ * scripts/axigen_34716.nasl:
+ Removed hard coded test-versions string.
+
2009-05-06 Chandrashekhar B <bchandra at secpod.com>
* scripts/ssh_authorization.nasl:
Changed to ACT_SETTINGS and also fixed the default note issue
Modified: trunk/openvas-plugins/scripts/axigen_34716.nasl
===================================================================
--- trunk/openvas-plugins/scripts/axigen_34716.nasl 2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/axigen_34716.nasl 2009-05-06 12:55:27 UTC (rev 3261)
@@ -27,7 +27,6 @@
if (description)
{
script_id(100177);
- script_cve_id("CVE-2009-1484");
script_bugtraq_id(34716);
script_version ("1.0");
@@ -75,8 +74,7 @@
if(!get_port_state(port))exit(0);
-#if(!version = get_kb_item(string("www/", port, "/axigen")))exit(0);
-version = string("7.2.2 under /");
+if(!version = get_kb_item(string("www/", port, "/axigen")))exit(0);
if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
vers = matches[1];
Added: trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl 2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl 2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Nagios Web Interface Privilege Escalation Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100189);
+ script_bugtraq_id(32156);
+ script_cve_id("CVE-2008-5027");
+ script_version ("1.0");
+
+ script_name(english:"Nagios Web Interface Privilege Escalation Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ Nagios is prone to an unspecified privilege-escalation scripting
+ vulnerability.
+
+ An attacker with low-level privileges may exploit this issue to
+ bypass authorization and cause arbitrary commands to run within the
+ context of the Nagios server. This may aid in further attacks.
+
+ Few technical details are available at this time; we will update
+ this BID as more information emerges.
+
+ The issue affects versions prior to Nagios 3.0.5.
+
+ Solution:
+ The vendor has released updates. Please see http://www.nagios.org/
+ for more information.
+
+ See also:
+ http://www.securityfocus.com/bid/32156
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check if the Version of Nagios is < 3.0.5");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"General");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("nagios_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/nagios")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_less(version: vers, test_version: "3.0.5")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl
___________________________________________________________________
Name: svn_keyword
+ ID
Added: trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl 2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl 2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Nagios External Commands and Adaptive Commands Unspecified
+# Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100188);
+ script_bugtraq_id(32611);
+ script_cve_id("CVE-2008-6373");
+ script_version ("1.0");
+
+ script_name(english:"Nagios External Commands and Adaptive Commands Unspecified Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ Nagios is prone to an unspecified vulnerability related to the CGI
+ submission of external commands and the processing of adaptive
+ commands.
+
+ Very little information is known about this issue. We will update
+ this BID as soon as more information becomes available.
+
+ The issue affects versions prior to Nagios 3.0.6.
+
+ Solution:
+ The vendor has released updates. Please see http://www.nagios.org/
+ for more information.
+
+ See also:
+ http://www.securityfocus.com/bid/32611
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check if the Version of Nagios is < 3.0.6");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"General");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("nagios_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/nagios")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+ if(version_is_less(version: vers, test_version: "3.0.6")) {
+ security_warning(port:port);
+ exit(0);
+ }
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl
___________________________________________________________________
Name: svn_keyword
+ ID
Added: trunk/openvas-plugins/scripts/nagios_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nagios_detect.nasl 2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/nagios_detect.nasl 2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Nagios Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+ Nagios, a popular open source computer system and network monitoring
+ software application is running at this Host.
+
+ See also:
+ http://nagios.org
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100186);
+ script_version ("1.0");
+
+ script_name(english:"Nagios Detection");
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Nagios");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+
+dirs = make_list("/nagios","/monitoring", cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/main.php");
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);
+
+ if( buf == NULL )continue;
+ if( egrep(pattern: '<TITLE>Nagios</TITLE>', string: buf, icase: TRUE) &&
+ egrep(pattern: 'Nagios is licensed under the GNU', string: buf, icase: TRUE) )
+ {
+
+ if(strlen(dir)>0) {
+ install = dir;
+ } else {
+ install = string("/");
+ }
+
+ vers = string("unknown");
+
+ ### try to get version.
+ version = eregmatch(string: buf, pattern: 'Version ([0-9.]+)',icase:TRUE);
+
+ if ( !isnull(version[1]) ) {
+ vers=version[1];
+ }
+
+ set_kb_item(name: string("www/", port, "/nagios"), value: string(vers," under ", install ));
+
+ info = string("None\n\nNagios Version '");
+ info += string(vers);
+ info += string("' was detected on the remote host\n");
+
+ desc = ereg_replace(
+ string:desc["english"],
+ pattern:"None$",
+ replace:info
+ );
+
+ if(report_verbosity > 0) {
+ security_note(port:port,data:desc);
+ }
+ exit(0);
+
+ }
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/nagios_detect.nasl
___________________________________________________________________
Name: svn_keyword
+ ID
Added: trunk/openvas-plugins/scripts/nagios_statd_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nagios_statd_detect.nasl 2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/nagios_statd_detect.nasl 2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,139 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Nagios-statd Daemon Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+ Nagios-statd Daemon is running at this port.
+
+ Nagios-statd (nagios-statd Daemon) is the daemon program for
+ nagios-stat. These programs together comprise a systems monitoring
+ tool for various platforms. It is designed to be integrated with the
+ Nagios monitoring tool, although this is not a requirement.
+
+ Nagios-statd is the daemon that listens for connections from
+ clients. It forks off a new daemon for each incoming connection.
+ The forked daemon executes a series of typical UNIX commands and
+ returns those commands standard output to the client.
+
+ Solution:
+ Limit incoming traffic to this port.
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100187);
+ script_version ("1.0");
+
+ script_name(english:"Nagios-statd Daemon Detection");
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Nagios-statd Daemon");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes");
+ script_require_ports("Services/unknown", 1040);
+ exit(0);
+}
+
+
+include("global_settings.inc");
+include("misc_func.inc");
+
+
+port = 1040;
+
+if (known_service(port:port))exit(0);
+if(!get_tcp_port_state(port))exit(0);
+
+soc = open_sock_tcp(port);
+if(!soc)exit(0);
+
+req = string("version\r\n");
+send(socket:soc, data:req);
+while (data = recv_line(socket:soc, length:100)) {
+ ret += data;
+}
+
+
+if("nagios-statd" >< ret) {
+
+ vers = string("unknown");
+
+ version = eregmatch(pattern:"^nagios-statd ([0-9.]+)$", string: ret);
+
+ if(!isnull(version[1])) {
+ vers = version[1];
+ }
+
+ set_kb_item(name:"nagios_statd/"+port+"/Version", value:vers);
+ register_service(port:port, ipproto:"tcp", proto:"nagios_statd");
+
+ tests = make_list("uptime","disk");
+
+ foreach do (tests) {
+
+ soc = open_sock_tcp(port);
+ req = string(do, "\r\n");
+ send(socket:soc, data:req);
+
+ result += string(do,":\n");
+
+ while (data = recv_line(socket:soc, length:100)) {
+
+ result += data;
+
+ }
+
+ result += string("\n");
+ close(soc);
+ }
+
+ if(strlen(result)) {
+
+ info = string("None\n\nHere are a few Information from the nagios-statd daemon received by OpenVAS:\n\n");
+ info += result;
+
+ desc = ereg_replace(
+ string:desc["english"],
+ pattern:"None$",
+ replace:info
+ );
+
+ }
+
+ if(report_verbosity > 0) {
+ security_note(port:port,data:desc);
+ }
+
+ exit(0);
+
+}
+
+exit(0);
Property changes on: trunk/openvas-plugins/scripts/nagios_statd_detect.nasl
___________________________________________________________________
Name: svn_keyword
+ ID
Added: trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
===================================================================
--- trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl 2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl 2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100185);
+ script_bugtraq_id(34814);
+ script_version ("1.0");
+
+ script_name(english:"Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability");
+ desc["english"] = "
+
+ Overview:
+ Quick 'n Easy Mail Server is prone to a denial-of-service
+ vulnerability because it fails to adequately handle multiple socket
+ requests.
+
+ Attackers can exploit this issue to cause the affected application
+ to reject SMTP requests, denying service to legitimate users.
+
+ The demonstration release of Quick 'n Easy Mail Server 3.3 is
+ vulnerable; other versions may also be affected.
+
+ See also:
+ http://www.securityfocus.com/bid/34814
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Quick 'n Easy Mail Server is vulnerable to DoS");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"SMTP problems");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "smtpserver_detect.nasl");
+ script_require_ports("Services/smtp", 25);
+ exit(0);
+}
+
+include("smtp_func.inc");
+
+if ( safe_checks() ) exit(0);
+
+port = get_kb_item("Services/smtp");
+if (!port) port = 25;
+
+if (get_port_state(port))
+{
+ soctcp25 = open_sock_tcp(port);
+
+ if (soctcp25)
+ {
+ bannertxt = smtp_recv_banner(socket:soctcp25);
+
+ if(!bannertxt){
+ close(soctcp25);
+ exit(0);
+ }
+
+ if( ! ("Quick 'n Easy Mail Server" >< bannertxt)) {
+ close(soctcp25);
+ exit(0);
+ }
+
+ close(soctcp25);
+ data = string("HELO OpenVAS at openvas.org\r\n");
+
+ for(i=0; i<35; i++) {
+
+ soctcp = open_sock_tcp(port);
+ send(socket:soctcp, data:data);
+ ehlotxt = smtp_recv_line(socket:soctcp);
+
+ if(egrep(pattern:"421 Service not available", string: ehlotxt)) {
+ security_warning(port:port);
+ close(soctcp);
+ exit(0);
+ }
+ }
+ }
+}
+
+close(soctcp);
+exit(0);
+
Property changes on: trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
___________________________________________________________________
Name: svn_keyword
+ ID
More information about the Openvas-commits
mailing list