[Openvas-commits] r3261 - in trunk/openvas-plugins: . scripts

scm-commit@wald.intevation.org scm-commit at wald.intevation.org
Wed May 6 14:55:28 CEST 2009


Author: mime
Date: 2009-05-06 14:55:27 +0200 (Wed, 06 May 2009)
New Revision: 3261

Added:
   trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl
   trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl
   trunk/openvas-plugins/scripts/nagios_detect.nasl
   trunk/openvas-plugins/scripts/nagios_statd_detect.nasl
   trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
Modified:
   trunk/openvas-plugins/ChangeLog
   trunk/openvas-plugins/scripts/axigen_34716.nasl
Log:
added new plugins

Modified: trunk/openvas-plugins/ChangeLog
===================================================================
--- trunk/openvas-plugins/ChangeLog	2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/ChangeLog	2009-05-06 12:55:27 UTC (rev 3261)
@@ -1,3 +1,14 @@
+2009-05-06 Michael Meyer <mime at gmx.de>
+	* scripts/nagios_detect.nasl
+	scripts/nagios_statd_detect.nasl
+	scripts/quick_easy_mail_server_34814.nasl
+	scripts/nagios_cve_2008_6373.nasl
+	scripts/nagios_cve_2008_5027.nasl:
+	Added new plugins
+
+	* scripts/axigen_34716.nasl:
+	Removed hard coded test-versions string.
+
 2009-05-06 Chandrashekhar B <bchandra at secpod.com>
 	* scripts/ssh_authorization.nasl:
 	Changed to ACT_SETTINGS and also fixed the default note issue

Modified: trunk/openvas-plugins/scripts/axigen_34716.nasl
===================================================================
--- trunk/openvas-plugins/scripts/axigen_34716.nasl	2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/axigen_34716.nasl	2009-05-06 12:55:27 UTC (rev 3261)
@@ -27,7 +27,6 @@
 if (description)
 {
  script_id(100177);
- script_cve_id("CVE-2009-1484");
  script_bugtraq_id(34716);
  script_version ("1.0");
 
@@ -75,8 +74,7 @@
 
 if(!get_port_state(port))exit(0);
 
-#if(!version = get_kb_item(string("www/", port, "/axigen")))exit(0);
-version = string("7.2.2 under /");
+if(!version = get_kb_item(string("www/", port, "/axigen")))exit(0);
 if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
 
 vers = matches[1];

Added: trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl	2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl	2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,91 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Nagios Web Interface Privilege Escalation Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100189);
+ script_bugtraq_id(32156);
+ script_cve_id("CVE-2008-5027");
+ script_version ("1.0");
+
+ script_name(english:"Nagios Web Interface Privilege Escalation Vulnerability");
+ desc["english"] = "
+
+ Overview:
+  Nagios is prone to an unspecified privilege-escalation scripting
+  vulnerability.
+
+  An attacker with low-level privileges may exploit this issue to
+  bypass authorization and cause arbitrary commands to run within the
+  context of the Nagios server. This may aid in further attacks.
+
+  Few technical details are available at this time; we will update
+  this BID as more information emerges.
+
+  The issue affects versions prior to Nagios 3.0.5. 
+
+ Solution:
+  The vendor has released updates. Please see http://www.nagios.org/
+  for more information.
+
+ See also:
+  http://www.securityfocus.com/bid/32156
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check if the Version of Nagios is < 3.0.5");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"General");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("nagios_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/nagios")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_less(version: vers, test_version: "3.0.5")) {
+      security_warning(port:port);
+      exit(0);
+  }  
+
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/nagios_cve_2008_5027.nasl
___________________________________________________________________
Name: svn_keyword
   + ID

Added: trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl	2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl	2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,89 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Nagios External Commands and Adaptive Commands Unspecified
+# Vulnerability 
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100188);
+ script_bugtraq_id(32611);
+ script_cve_id("CVE-2008-6373");
+ script_version ("1.0");
+
+ script_name(english:"Nagios External Commands and Adaptive Commands Unspecified Vulnerability");
+ desc["english"] = "
+
+ Overview:
+  Nagios is prone to an unspecified vulnerability related to the CGI
+  submission of external commands and the processing of adaptive
+  commands.
+
+  Very little information is known about this issue. We will update
+  this BID as soon as more information becomes available.
+
+  The issue affects versions prior to Nagios 3.0.6.
+
+ Solution:
+  The vendor has released updates. Please see http://www.nagios.org/
+  for more information.
+
+ See also:
+  http://www.securityfocus.com/bid/32611
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Check if the Version of Nagios is < 3.0.6");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"General");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("nagios_detect.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("version_func.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+
+if(!version = get_kb_item(string("www/", port, "/nagios")))exit(0);
+if(!matches = eregmatch(string:version, pattern:"^(.+) under (/.*)$"))exit(0);
+
+vers = matches[1];
+
+if(!isnull(vers) && vers >!< "unknown") {
+
+  if(version_is_less(version: vers, test_version: "3.0.6")) {
+      security_warning(port:port);
+      exit(0);
+  }  
+
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/nagios_cve_2008_6373.nasl
___________________________________________________________________
Name: svn_keyword
   + ID

Added: trunk/openvas-plugins/scripts/nagios_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nagios_detect.nasl	2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/nagios_detect.nasl	2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,113 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Nagios Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+
+ Overview:
+  Nagios, a popular open source computer system and network monitoring
+  software application is running at this Host.
+
+ See also:
+  http://nagios.org
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100186);
+ script_version ("1.0");
+
+ script_name(english:"Nagios Detection");  
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Nagios");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "http_version.nasl");
+ script_require_ports("Services/www", 80);
+ script_exclude_keys("Settings/disable_cgi_scanning");
+ exit(0);
+}
+
+include("http_func.inc");
+include("http_keepalive.inc");
+include("global_settings.inc");
+
+port = get_http_port(default:80);
+
+if(!get_port_state(port))exit(0);
+
+dirs = make_list("/nagios","/monitoring", cgi_dirs());
+
+foreach dir (dirs) {
+
+ url = string(dir, "/main.php"); 
+ req = http_get(item:url, port:port);
+ buf = http_keepalive_send_recv(port:port, data:req, bodyonly:FALSE);  
+
+ if( buf == NULL )continue;
+ if( egrep(pattern: '<TITLE>Nagios</TITLE>', string: buf, icase: TRUE) &&
+     egrep(pattern: 'Nagios is licensed under the GNU', string: buf, icase: TRUE) )
+ { 
+   
+   if(strlen(dir)>0) {
+     install = dir;
+   } else {
+     install = string("/");
+   }  
+
+    vers = string("unknown");
+
+    ### try to get version.
+    version = eregmatch(string: buf, pattern: 'Version ([0-9.]+)',icase:TRUE);
+    
+    if ( !isnull(version[1]) ) {
+       vers=version[1];
+    } 
+
+    set_kb_item(name: string("www/", port, "/nagios"), value: string(vers," under ", install ));
+
+    info = string("None\n\nNagios Version '");
+    info += string(vers);
+    info += string("' was detected on the remote host\n");
+
+    desc = ereg_replace(
+        string:desc["english"],
+        pattern:"None$",
+        replace:info
+    );    
+       
+       if(report_verbosity > 0) {
+         security_note(port:port,data:desc);
+       }
+       exit(0);
+  
+ }
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/nagios_detect.nasl
___________________________________________________________________
Name: svn_keyword
   + ID

Added: trunk/openvas-plugins/scripts/nagios_statd_detect.nasl
===================================================================
--- trunk/openvas-plugins/scripts/nagios_statd_detect.nasl	2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/nagios_statd_detect.nasl	2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,139 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Nagios-statd Daemon Detection
+#
+# Authors:
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+# need desc here to modify it later in script.
+desc["english"] = "
+ 
+ Overview:
+  Nagios-statd Daemon is running at this port. 
+
+  Nagios-statd (nagios-statd  Daemon)  is the daemon program for
+  nagios-stat.  These programs together comprise a  systems monitoring
+  tool for various platforms.  It is designed to be integrated with the
+  Nagios monitoring tool, although this is not a requirement.
+
+  Nagios-statd is the daemon that listens for connections  from
+  clients.  It  forks  off  a  new daemon for each incoming connection.
+  The forked daemon executes a series of typical UNIX  commands  and
+  returns  those commands standard output to the client.
+  
+ Solution:
+  Limit incoming traffic to this port.
+
+ Risk factor : None";
+
+if (description)
+{
+ script_id(100187);
+ script_version ("1.0");
+
+ script_name(english:"Nagios-statd Daemon Detection");  
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Checks for the presence of Nagios-statd Daemon");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"Service detection");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes");
+ script_require_ports("Services/unknown", 1040);
+ exit(0);
+}
+
+
+include("global_settings.inc");
+include("misc_func.inc");
+
+
+port = 1040;
+
+if (known_service(port:port))exit(0);
+if(!get_tcp_port_state(port))exit(0);
+
+soc = open_sock_tcp(port);
+if(!soc)exit(0);
+  
+req = string("version\r\n");
+send(socket:soc, data:req);
+while (data = recv_line(socket:soc, length:100)) {
+   ret += data;
+}    
+  
+
+if("nagios-statd" >< ret) {
+
+ vers = string("unknown");
+
+ version = eregmatch(pattern:"^nagios-statd ([0-9.]+)$", string: ret);
+ 
+ if(!isnull(version[1])) {
+  vers = version[1];
+ } 
+
+ set_kb_item(name:"nagios_statd/"+port+"/Version", value:vers);
+ register_service(port:port, ipproto:"tcp", proto:"nagios_statd");
+
+ tests = make_list("uptime","disk");
+ 
+ foreach do (tests) {
+
+   soc = open_sock_tcp(port); 
+   req = string(do, "\r\n"); 
+   send(socket:soc, data:req);
+
+   result += string(do,":\n");
+
+   while (data = recv_line(socket:soc, length:100)) {
+
+    result += data;
+
+   }
+
+   result += string("\n");
+   close(soc);
+ }
+
+ if(strlen(result)) {
+
+   info = string("None\n\nHere are a few Information from the nagios-statd daemon received by OpenVAS:\n\n");
+   info += result;
+
+   desc = ereg_replace(
+    	string:desc["english"],
+    	pattern:"None$",
+    	replace:info
+    ); 
+
+ }  
+
+  if(report_verbosity > 0) { 
+     security_note(port:port,data:desc);
+   }  
+
+  exit(0);
+
+}
+
+exit(0);


Property changes on: trunk/openvas-plugins/scripts/nagios_statd_detect.nasl
___________________________________________________________________
Name: svn_keyword
   + ID

Added: trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
===================================================================
--- trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl	2009-05-06 12:53:21 UTC (rev 3260)
+++ trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl	2009-05-06 12:55:27 UTC (rev 3261)
@@ -0,0 +1,107 @@
+###############################################################################
+# OpenVAS Vulnerability Test
+# $Id$
+#
+# Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability
+#
+# Authors
+# Michael Meyer
+#
+# Copyright:
+# Copyright (c) 2009 Michael Meyer
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2
+# (or any later version), as published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+###############################################################################
+
+if (description)
+{
+ script_id(100185);
+ script_bugtraq_id(34814);
+ script_version ("1.0");
+
+ script_name(english:"Quick 'n Easy Mail Server SMTP Request Remote Denial Of Service Vulnerability");
+ desc["english"] = "
+
+ Overview:
+  Quick 'n Easy Mail Server is prone to a denial-of-service
+  vulnerability because it fails to adequately handle multiple socket
+  requests.
+
+  Attackers can exploit this issue to cause the affected application
+  to reject SMTP requests, denying service to legitimate users.
+
+  The demonstration release of Quick 'n Easy Mail Server 3.3 is
+  vulnerable; other versions may also be affected. 
+
+ See also:
+  http://www.securityfocus.com/bid/34814
+
+ Risk factor : Medium";
+
+ script_description(english:desc["english"]);
+ script_summary(english:"Determine if Quick 'n Easy Mail Server is vulnerable to DoS");
+ script_category(ACT_GATHER_INFO);
+ script_family(english:"SMTP problems");
+ script_copyright(english:"This script is Copyright (C) 2009 Michael Meyer");
+ script_dependencie("find_service.nes", "smtpserver_detect.nasl");
+ script_require_ports("Services/smtp", 25);
+ exit(0);
+}
+
+include("smtp_func.inc");
+
+if ( safe_checks() ) exit(0);
+
+port = get_kb_item("Services/smtp");
+if (!port) port = 25;
+
+if (get_port_state(port))
+{
+ soctcp25 = open_sock_tcp(port);
+
+ if (soctcp25)
+ {
+  bannertxt = smtp_recv_banner(socket:soctcp25);
+
+  if(!bannertxt){
+        close(soctcp25);
+        exit(0);
+  }
+
+  if( ! ("Quick 'n Easy Mail Server" >< bannertxt)) {
+		close(soctcp25);
+		exit(0);
+  }
+
+  close(soctcp25);
+  data = string("HELO OpenVAS at openvas.org\r\n");
+
+  for(i=0; i<35; i++) {
+
+    soctcp = open_sock_tcp(port);
+    send(socket:soctcp, data:data);
+    ehlotxt = smtp_recv_line(socket:soctcp);
+    
+    if(egrep(pattern:"421 Service not available", string: ehlotxt)) {
+	security_warning(port:port);
+	close(soctcp);
+	exit(0);
+    }  
+  }  
+ }
+}
+
+close(soctcp);
+exit(0);
+


Property changes on: trunk/openvas-plugins/scripts/quick_easy_mail_server_34814.nasl
___________________________________________________________________
Name: svn_keyword
   + ID



More information about the Openvas-commits mailing list